Most of the existing approaches to trust management focus on the issues of assessing the trustworthiness of other entities and of establishing trust between entities. This is particularly relevant for dynamic, open and distributed systems, where the identity and intentions of other entities may be uncertain. These approaches offer methods to manage trust, and thereby to manage risk and security. The methods are, however, mostly concerned with trust management from the viewpoint of the trustor, and the issue of mitigating risks to which the trustor is exposed. This paper addresses the important, yet quite neglected, challenge of understanding the risks to which a whole system is exposed, in cases where some of the actors within the system make trust-based decisions. The paper contributes by proposing a method for the modeling and analysis of trust, as well as the identification and evaluation of the associated risks and opportunities. The analysis facilitates the capture of trust policies, the enforcement of which optimizes the trust-based decisions within the system. The method is supported by formal, UML-based languages for the modeling of trust scenarios and for trust policy specification.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
AS/NZS. Australian/New Zealand Standard, AS/NZS 4360:2004, Risk Management, 2004. 2. M. Bacharach and D. Gambetta. Trust in Signs. In K. S. Cook, editor, Trust in Society, volume II of The Russel Sage Foundation Series on Trust, pages 148-184. Russel Sage Foun-dation, 2001.
M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proceedings of the IEEE Symposium on Security and Privacy, pages 164-173, Oakland, CA, 1996.
D. Fudenberg and J. Tirole. Game Theory. MIT Press, 1991.
D. Gambetta. Can We Trust Trust? In Trust: Making and Breaking Cooperative Relations, chapter 13, pages 213-237. Department of Sociology, University of Oxford, 2000. Electronic edition.
Ø. Haugen, K. E. Husa, R. K. Runde, and K. Stølen. STAIRS towards formal design with sequence diagrams. Journal of Software and Systems Modeling, 4:355-367, 2005.
ISO/IEC. ISO/IEC 13335, Information technology - Guidelines for management of IT security, 1996-2000.
A. Jøsang, C. Keser, and T. Dimitrakos. Can We Manage Trust? In In Proceedings of the 3rd International Conference on Trust Management (iTrust), volume 3477 of LNCS, pages 93-107. Springer, 2005.
P. McNamara. Deontic Logic. In D. M. Gabbay and J. Woods, editors, Logic and the Modali-ties in the Twentieth Century, volume 7 of Handbook of the History of Logic, pages 197-288. Elsevier, 2006.
Object Management Group. Unified Modeling Language: Superstructure, version 2.1.1, 2007.
A. Refsdal, R. K. Runde, and K. Stølen. Underspecification, inherent nondeterminism and probability in sequence diagrams. In Proceedings of the 8th IFIP International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOODS), volume 4037 of LNCS, pages 138-155. Springer, 2006.
A. Refsdal and K. Stølen. Extending UML sequence diagrams to model trust-dependent be-havior with the aim to support risk analysis. In Proceedings of the 3rd International Workshop on Security and Trust Management (STM). ENTCS, to appear.
S. Ruohomaa and L. Kutvonen. Trust Management Survey. In In Proceedings of the 3rd International Conference on Trust Management (iTrust), volume 3477 of LNCS, pages 77-92. Springer, 2005.
M. Sloman. Policy Driven Management for Distributed Systems. Journal of Network and Systems Management, 2:333-360, 1994.
M. Sloman and E. Lupu. Security and Management Policy Specification. Network, IEEE, 16(2):10-19, 2002.
B. Solhaug, D. Elgesem, and K. Stølen. Why Trust is not proportional to Risk. In Proceedings of The 2nd International Conference on Availability, Reliability and Security (ARES), pages 11-18. IEEE Computer Society, 2007.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Refsdal, A., Solhaug, B., Stølen, K. (2008). A UML-based Method for the Development of Policies to Support Trust Management. In: Karabulut, Y., Mitchell, J., Herrmann, P., Jensen, C.D. (eds) Trust Management II. IFIPTM 2008. IFIP – The International Federation for Information Processing, vol 263. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-09428-1_3
Download citation
DOI: https://doi.org/10.1007/978-0-387-09428-1_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-09427-4
Online ISBN: 978-0-387-09428-1
eBook Packages: Computer ScienceComputer Science (R0)