Trust based risk management for distributed system security - A new approach

Ching Lin*, Vijay Varadharajan

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

19 Citations (Scopus)
4 Downloads (Pure)

Abstract

Security measures alone are not sufficient for counteracting malicious behaviors in distributed systems. The new trend is to use economical models (mainly game-theoretic models) to characterize such malicious behaviors in the security context with the aim to mitigate the risk introduced by such malicious behaviors. However, there is a general lack in the integration of risk and security and this hinders the effectiveness of these existing economical models when applied in the security context for distributed systems. Recently, utility has become an important consideration for information security. We show that the decisions by security mechanisms, such as the authorization decisions in a distributed system can have a direct impact on the utility of the underlying system. However there is little work done on utility maximization when designing secure distributed systems. To address this gap, we present in this paper a new approach through integrating risk management into security with the help of a trust model. Furthermore, we show that the proposed trust based security model with risk management can be applied to maximize the utility of the underlying distributed systems. The new model possesses a unique feature - the ability to use trust evaluation to not only "weed out" malicious entities, but also allocate appropriate access permissions to the benevolent entities according to the risk levels. Using a mobile agent system as an example, we study the properties of the proposed model through simulation and present the experimental results which confirm the mew feature of the proposal.

Original languageEnglish
Title of host publicationProceedings - First International Conference on Availability, Reliability and Security, ARES 2006
EditorsBob Werner
Place of PublicationPiscataway
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages6-13
Number of pages8
Volume2006
ISBN (Print)0769525679, 9780769525679
DOIs
Publication statusPublished - 2006
Event1st International Conference on Availability, Reliability and Security, ARES 2006 - Vienna, Austria
Duration: 20 Apr 200622 Apr 2006

Other

Other1st International Conference on Availability, Reliability and Security, ARES 2006
CountryAustria
CityVienna
Period20/04/0622/04/06

Bibliographical note

Copyright 2006 IEEE. Reprinted from Proceedings of 1st international conference on availability, reliability and security (ARES 2006). This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of Macquarie University’s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.

Fingerprint Dive into the research topics of 'Trust based risk management for distributed system security - A new approach'. Together they form a unique fingerprint.

Cite this