Trust based risk management for distributed system security - A new approach

Ching Lin; Vijay Varadharajan

doi:10.1109/ARES.2006.139

Trust based risk management for distributed system security - A new approach

Ching Lin^*, Vijay Varadharajan

^*Corresponding author for this work

Department of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution

19 Citations (Scopus)

4 Downloads (Pure)

Abstract

Security measures alone are not sufficient for counteracting malicious behaviors in distributed systems. The new trend is to use economical models (mainly game-theoretic models) to characterize such malicious behaviors in the security context with the aim to mitigate the risk introduced by such malicious behaviors. However, there is a general lack in the integration of risk and security and this hinders the effectiveness of these existing economical models when applied in the security context for distributed systems. Recently, utility has become an important consideration for information security. We show that the decisions by security mechanisms, such as the authorization decisions in a distributed system can have a direct impact on the utility of the underlying system. However there is little work done on utility maximization when designing secure distributed systems. To address this gap, we present in this paper a new approach through integrating risk management into security with the help of a trust model. Furthermore, we show that the proposed trust based security model with risk management can be applied to maximize the utility of the underlying distributed systems. The new model possesses a unique feature - the ability to use trust evaluation to not only "weed out" malicious entities, but also allocate appropriate access permissions to the benevolent entities according to the risk levels. Using a mobile agent system as an example, we study the properties of the proposed model through simulation and present the experimental results which confirm the mew feature of the proposal.

Original language	English
Title of host publication	Proceedings - First International Conference on Availability, Reliability and Security, ARES 2006
Editors	Bob Werner
Place of Publication	Piscataway
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	6-13
Number of pages	8
Volume	2006
ISBN (Print)	0769525679, 9780769525679
DOIs	https://doi.org/10.1109/ARES.2006.139
Publication status	Published - 2006
Event	1st International Conference on Availability, Reliability and Security, ARES 2006 - Vienna, Austria Duration: 20 Apr 2006 → 22 Apr 2006

Other

Other	1st International Conference on Availability, Reliability and Security, ARES 2006
Country	Austria
City	Vienna
Period	20/04/06 → 22/04/06

Bibliographical note

Copyright 2006 IEEE. Reprinted from Proceedings of 1st international conference on availability, reliability and security (ARES 2006). This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of Macquarie Universityâ€™s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.

Access to Document

10.1109/ARES.2006.139

Publisher version (open access).pdfFinal published version, 301 KB

Link to publication in Scopus

Fingerprint Dive into the research topics of 'Trust based risk management for distributed system security - A new approach'. Together they form a unique fingerprint.

Cite this

Lin, C., & Varadharajan, V. (2006). Trust based risk management for distributed system security - A new approach. In B. Werner (Ed.), Proceedings - First International Conference on Availability, Reliability and Security, ARES 2006 (Vol. 2006, pp. 6-13). [1625288] Piscataway: Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/ARES.2006.139

@inproceedings{da3408ff80974302bc01509c6fe668fe,

title = "Trust based risk management for distributed system security - A new approach",

abstract = "Security measures alone are not sufficient for counteracting malicious behaviors in distributed systems. The new trend is to use economical models (mainly game-theoretic models) to characterize such malicious behaviors in the security context with the aim to mitigate the risk introduced by such malicious behaviors. However, there is a general lack in the integration of risk and security and this hinders the effectiveness of these existing economical models when applied in the security context for distributed systems. Recently, utility has become an important consideration for information security. We show that the decisions by security mechanisms, such as the authorization decisions in a distributed system can have a direct impact on the utility of the underlying system. However there is little work done on utility maximization when designing secure distributed systems. To address this gap, we present in this paper a new approach through integrating risk management into security with the help of a trust model. Furthermore, we show that the proposed trust based security model with risk management can be applied to maximize the utility of the underlying distributed systems. The new model possesses a unique feature - the ability to use trust evaluation to not only {"}weed out{"} malicious entities, but also allocate appropriate access permissions to the benevolent entities according to the risk levels. Using a mobile agent system as an example, we study the properties of the proposed model through simulation and present the experimental results which confirm the mew feature of the proposal.",

author = "Ching Lin and Vijay Varadharajan",

note = "Copyright 2006 IEEE. Reprinted from Proceedings of 1st international conference on availability, reliability and security (ARES 2006). This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of Macquarie University{\^a}€™s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.",

year = "2006",

doi = "10.1109/ARES.2006.139",

language = "English",

isbn = "0769525679",

volume = "2006",

pages = "6--13",

editor = "Bob Werner",

booktitle = "Proceedings - First International Conference on Availability, Reliability and Security, ARES 2006",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

address = "United States",

}

Lin, C & Varadharajan, V 2006, Trust based risk management for distributed system security - A new approach. in B Werner (ed.), Proceedings - First International Conference on Availability, Reliability and Security, ARES 2006. vol. 2006, 1625288, Institute of Electrical and Electronics Engineers (IEEE), Piscataway, pp. 6-13, 1st International Conference on Availability, Reliability and Security, ARES 2006, Vienna, Austria, 20/04/06. https://doi.org/10.1109/ARES.2006.139

Trust based risk management for distributed system security - A new approach. / Lin, Ching; Varadharajan, Vijay.

Proceedings - First International Conference on Availability, Reliability and Security, ARES 2006. ed. / Bob Werner. Vol. 2006 Piscataway : Institute of Electrical and Electronics Engineers (IEEE), 2006. p. 6-13 1625288.

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution

TY - GEN

T1 - Trust based risk management for distributed system security - A new approach

AU - Lin, Ching

AU - Varadharajan, Vijay

N1 - Copyright 2006 IEEE. Reprinted from Proceedings of 1st international conference on availability, reliability and security (ARES 2006). This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of Macquarie Universityâ€™s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.

PY - 2006

Y1 - 2006

N2 - Security measures alone are not sufficient for counteracting malicious behaviors in distributed systems. The new trend is to use economical models (mainly game-theoretic models) to characterize such malicious behaviors in the security context with the aim to mitigate the risk introduced by such malicious behaviors. However, there is a general lack in the integration of risk and security and this hinders the effectiveness of these existing economical models when applied in the security context for distributed systems. Recently, utility has become an important consideration for information security. We show that the decisions by security mechanisms, such as the authorization decisions in a distributed system can have a direct impact on the utility of the underlying system. However there is little work done on utility maximization when designing secure distributed systems. To address this gap, we present in this paper a new approach through integrating risk management into security with the help of a trust model. Furthermore, we show that the proposed trust based security model with risk management can be applied to maximize the utility of the underlying distributed systems. The new model possesses a unique feature - the ability to use trust evaluation to not only "weed out" malicious entities, but also allocate appropriate access permissions to the benevolent entities according to the risk levels. Using a mobile agent system as an example, we study the properties of the proposed model through simulation and present the experimental results which confirm the mew feature of the proposal.

AB - Security measures alone are not sufficient for counteracting malicious behaviors in distributed systems. The new trend is to use economical models (mainly game-theoretic models) to characterize such malicious behaviors in the security context with the aim to mitigate the risk introduced by such malicious behaviors. However, there is a general lack in the integration of risk and security and this hinders the effectiveness of these existing economical models when applied in the security context for distributed systems. Recently, utility has become an important consideration for information security. We show that the decisions by security mechanisms, such as the authorization decisions in a distributed system can have a direct impact on the utility of the underlying system. However there is little work done on utility maximization when designing secure distributed systems. To address this gap, we present in this paper a new approach through integrating risk management into security with the help of a trust model. Furthermore, we show that the proposed trust based security model with risk management can be applied to maximize the utility of the underlying distributed systems. The new model possesses a unique feature - the ability to use trust evaluation to not only "weed out" malicious entities, but also allocate appropriate access permissions to the benevolent entities according to the risk levels. Using a mobile agent system as an example, we study the properties of the proposed model through simulation and present the experimental results which confirm the mew feature of the proposal.

UR - http://www.scopus.com/inward/record.url?scp=33750952887&partnerID=8YFLogxK

U2 - 10.1109/ARES.2006.139

DO - 10.1109/ARES.2006.139

M3 - Conference proceeding contribution

SN - 0769525679

SN - 9780769525679

VL - 2006

SP - 6

EP - 13

BT - Proceedings - First International Conference on Availability, Reliability and Security, ARES 2006

A2 - Werner, Bob

PB - Institute of Electrical and Electronics Engineers (IEEE)

CY - Piscataway

ER -