Alcalde, Baptiste ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Dubois, E.
Mauw, Sjouke ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Mayer, N.
Radomirovic, Sasa ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
External co-authors :
yes
Language :
English
Title :
Towards a Decision Model Based on Trust and Security Risk Management
Publication date :
2009
Event name :
Proc. 7th Australasian Information Security Conference - AISC'09
Event place :
Wellington, New Zealand
Event date :
January 20-23 2009
Main work title :
Proc. 7th Australasian Information Security Conference - AISC'09
Publisher :
Australian Computer Society
Collection name :
Conferences in Research and Practice in Information Technology (CRPIT) 98
Agudo, I., Lopez, J. and Montenegro, J. A. (2005), A representation model of trust relationships with delegation extensions, in P. Herrmann et al., ed., 'Trust Management, Third International Conference, iTrust 2005', Vol. 3477 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Paris, France, pp. 116-130.
Brændeland, G. and Stølen, K. (2004), Using risk analysis to assess user trust, in C. J. et al., ed., 'Trust Management, Second International Conference, iTrust 2004', Vol. 2995 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Oxford, UK, pp. 146-160.
Carbone, M., Nielsen, M. and Sassone, V. (2003), A formal model for trust in dynamic networks, in A. Cerone and P. Lindsay, eds, 'Proceedings of Int. Conf. on Software Engineering and Formal Methods, SEFM 2003', IEEE Computer Society, Brisbane, Australia, pp. 54-61.
Corritore, C. L., Kracher, B. and Wiedenbeck, S. (2003), 'On-line trust: concepts, evolving themes, a model', International Journal Human-Computer Studies 58(6), 737-758.
Cvrcek, D. and Moody, K. (2005), Combining trust and risk to reduce the cost of attacks, in P. H. et al., ed., 'Trust Management, Third International Conference, iTrust 2005', Vol. 3477 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Paris, France, pp. 372-383.
Dimmock, N., Bacon, J., Ingram, D. and Moody, K. (2005), Risk models for trust-based access control (tbac), in P. Herrmann et al., ed., 'Trust Management, Third International Conference, iTrust 2005', Vol. 3477 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Paris, France, pp. 364-371.
English, C., Terzis, S. and Wagealla, W. (2004), En-gineering trust based collaborations in a global computing environment, in C.D. Jensen et al., ed., 'Trust Management, Second International Conference, iTrust 2004', Vol. 2995 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Oxford, UK, pp. 120-134.
Essin, D. J. (1997), Patterns of trust and policy, in 'NSPW '97: Proceedings of the 1997 workshop on New security paradigms', ACM, New York, NY, USA, pp. 38-47.
Gambetta, D., ed. (1988), Trust: Making and breaking cooperative relations, Department of Sociology, University of Oxford.
Grabner-Kräauter, S. and Kaluscha, E. A. (2003), 'Empirical research in on-line trust: a review and critical as-sessment', International Journal on Human-Computer Studies 58(6), 783-812.
Gray, E., Seigneur, J.-M., Chen, Y. and Jensen, C. (2003), Trust propagation in small worlds, in P. Nixon and S. Terzis, eds, 'Trust Management, First International Conference, iTrust 2003', Vol. 2692 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Heraklion, Crete, Greece, pp. 239-254.
Hassell, L. (2005), A®ect and trust, in P. Herrmann et al., ed., 'Trust Management, Third International Conference, iTrust 2005', Vol. 3477 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Paris, France, pp. 131-145.
Hofstede, G. J., Jonker, C. M., Meijer, S. and Verwaart, T. (2006), Modelling trade and trust across cultures, in Ketil Stølen et al., ed., 'Trust Management, 4th International Conference, iTrust 2006', Vol. 3986 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Pisa, Italy, pp. 120-135.
ISO, International Organisation for Standardisation (2005), ISO/IEC 27001: Information technology-Security techniques-Information security management systems-Requirements, International Organisation for Standardisation, Geneva, Switzerland.
Jøsang, A., Hird, S. and Faccer, E. (2003), Simulating the e®ect of reputation systems on e-markets, in P. Nixon and S. Terzis, eds, 'Trust Management, First International Conference, iTrust 2003', Vol. 2692 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Heraklion, Crete, Greece, pp. 179-194.
Jøsang, A., Ismail, R. and Boyd, C. (2007), A survey of trust and reputation systems for online service provision, in 'Decision Support Systems', Vol. 43/2, Elsevier Science B.V., pp. 618-644.
Jøsang, A., Keser, C., and Dimitrakos, T. (2005), Can we manage trust, in P. Herrmann et al., ed., 'Trust Management, Third International Conference, iTrust 2005', Vol. 3477 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Paris, France, pp. 93-107.
Jøsang, A. and Lo Presti, S. (2004), Analysing the rela-tionship between risk and trust, in C.D. Jensen et al., ed., 'Trust Management, Second International Conference, iTrust 2004', Vol. 2995 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Ox-ford, UK, pp. 135-145.
Jøsang, A., Marsh, S. and Pope, S. (2006), Exploring dif-ferent types of trust propagation, in Ketil Stølen et al., ed., 'Trust Management, 4th International Conference, iTrust 2006', Vol. 3986 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Pisa, Italy, pp. 179-192.
Kamvar, S. D., Schlosser, M. T. and Garcia-Molina, H. (2003), The eigentrust algorithm for reputation management in p2p networks, in 'Proceedings of the 12th international conference on World Wide Web (WWW'03)', ACM press, New York, NY, USA, pp. 640-651.
Kinateder, M. and Rothermel, K. (2003), Architecture and algorithms for a distributed reputation system, in P. Nixon and S. Terzis, eds, 'Trust Management, First International Conference, iTrust 2003', Vol. 2692 of Lec-ture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Heraklion, Crete, Greece, pp. 1-16.
Klein, G. A. and Zsambok, C. E., eds (1996), Naturalistic Decision Making, Lawrence Erlbaum Associates.
Krukow, K., Nielsen, M. and Sassone, V. (2005), A framework for concrete reputation-systems with appli-cations to history-based access control, in '12th ACM Conference on Computer and Communication Security CCS'05', ACM press, Alexandria, VA, U.S.A., pp. 260-269.
Liu, J. and Issarny, V. (2004), Enhanced reputation mechanism for mobile ad hoc networks, in C.D. Jensen et al., ed., 'Trust Management, Second International Conference, iTrust 2004', Vol. 2995 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Oxford, UK, pp. 48-62.
Marsh, S. (1994), Optimism and pessimism in trust, in J. Ramirez, ed., 'Proceedings of the Ibero-American Conference on Artificial Intellingence (IBERAMIA94/CNAISE'94)', McGraw-Hill, Caracas, Venezuela.
Matulevičius, R., Mayer, N. and Heymans, P. (2008), Alignment of misuse cases with security risk management, in 'Proc. 3rd Int. Conf. on Availability, Security and Reliability (ARES '08), Symposium on Require-ments Engineering for Information Security (SREIS '08)', IEEE Computer Society, pp. 1397-1404.
Matulevičius, R., Mayer, N., Mouratidis, H., Dubois, E., Heymans, P. and Genon, N. (2008), Adapting secure tropos for security risk management during early phases of the information systems development, in 'Proc. 20th Int. Conf. on Advanced Information Systems Engineer-ing (CAiSE '08)', Springer.
Mayer, N., Heymans, P. and Matulevicius, R. (2007), Design of a modelling language for information system security risk managemen, in '1st Int. Conf. on Re-search Challenges in Information Science (RCIS 2007)', Ouarzazate, Morocco.
Nielsen, M. and Krukow, K. (2004), On the formal mod-elling of trust in reputation-based systems, in H. Mau-rer et al., ed., 'Theory is Forever', Vol. 3113 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, pp. 192-204.
Resnick, P., Kuwabara, K., Zeckhauser, R. and Friedman, E. (2000), 'Reputation systems', Communication of the ACM 43(12), 45-48.
Riegelsberger, J., Sasse, M. A. and McCarthy, J. D. (2005), 'The mechanics of trust: A framework for research and design', International Journal on Human-Computer Studies 62(3), 381-422.
Ruohomaa, S. and Kutvonen, L. (2005), Trust man-agement survey, in P. Herrmann et al., ed., 'Trust Management, Third International Conference, iTrust 2005', Vol. 3477 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Paris, France, pp. 77-92.
Seigneur, J.-M., Gray, A. and Jensen, C. D. (2005), Trust transfer: Encouraging self-recommendations without sybil attack, in P. Herrmann et al., ed., 'Trust Management, Third International Conference, iTrust 2005', Vol. 3477 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Paris, France, pp. 321-337.
Shmatikov, V. and Talcott, C. (2005), 'Reputation-based trust management', Journal of Computer Security 13(1), 167-190.
Simon, H. A. (1947 (4th ed. 1997)), Administrative Behavior: A Study of Decision-Making Processes in Administrative Organizations, The Free Press.
Traupman, J. and Wilensky, R. (2006), Robust reputations for peer-to-peer marketplaces, in Ketil Stølen et al., ed., 'Trust Management, 4th International Conference, iTrust 2006', Vol. 3986 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Pisa, Italy, pp. 382-396.
Vasalou, A. and Pitt, J. (2005), Reinventing forgiveness: A formal investigation of moral facilitation, in P. Her-rmann et al., ed., 'Trust Management, Third Interna-tional Conference, iTrust 2005', Vol. 3477 of Lecture Notes in Computer Science, Springer-Verlag Berlin Hei-delberg, Paris, France, pp. 146-160.
Viljanen, L. (2005), Towards an ontology of trust, in 'Trust, Privacy and Security in Digital Business', Vol. 3592 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, pp. 175-184.
Zak, P. J., Borja, K., Kurzban, R. and Matzner, W. T. (2005), 'The neuroeconomics of distrust: Physiologic and behavioral di®erences between men and women', American Economic Review 95(2), 360-363.
Zak, P. J., Kurzban, R. and Matzner, W. T. (2004), The neurobiology of trust, in 'Annals of the New York Academy of Sciences', Vol. 1032, pp. 224-227.
Zak, P. J., Kurzban, R. and Matzner, W. T. (2005), Oxytocin is associated with human trustworthiness, in 'Hormones and Behavior', Vol. 48, pp. 522-527.
Ziegler, C.-N. and Lausen, G. (2004), Analyzing correlations between trust and user similarity in online communities, in C.D. Jensen et al., ed., 'Trust Management, Second International Conference, iTrust 2004', Vol. 2995 of Lecture Notes in Computer Science, Springer-Verlag Berlin Heidelberg, Oxford, UK, pp. 251-265.