By Topic

Trust based risk management for distributed system security - a new approach

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Ching Lin ; Dept. of Comput., Macquarie Univ., North Ryde, NSW, Australia ; Varadharajan, V.

Security measures alone are not sufficient for counteracting malicious behaviors in distributed systems. The new trend is to use economical models (mainly game-theoretic models) to characterize such malicious behaviors in the security context with the aim to mitigate the risk introduced by such malicious behaviors. However, there is a general lack in the integration of risk and security and this hinders the effectiveness of these existing economical models when applied in the security context for distributed systems. Recently, utility has become an important consideration for information security. We show that the decisions by security mechanisms, such as the authorization decisions in a distributed system can have a direct impact on the utility of the underlying system. However there is little work done on utility maximization when designing secure distributed systems. To address this gap, we present in this paper a new approach through integrating risk management into security with the help of a trust model. Furthermore, we show that the proposed trust based security model with risk management can be applied to maximize the utility of the underlying distributed systems. The new model possesses a unique feature - the ability to use trust evaluation to not only "weed out" malicious entities, but also allocate appropriate access permissions to the benevolent entities according to the risk levels. Using a mobile agent system as an example, we study the properties of the proposed model through simulation and present the experimental results which confirm the mew feature of the proposal.

Published in:

Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on

Date of Conference:

20-22 April 2006