Cited By
View all- Vilela JGoncalves EHolanda ACastro JFigueiredo B(2016)A retrospective analysis of SAC requirementsACM SIGAPP Applied Computing Review10.1145/2993231.299323416:2(26-41)Online publication date: 29-Aug-2016
Engineering trust- and reputation-based security controls for future internet systems
Authors: 
Kristian Beckers, Maritta Heisel paluno, Francisco Moyano, Carmen Fernandez-GagoAuthors Info & Claims
Pages 1344 - 1349
Abstract
Reputation as a decision criteria for whom to trust has been successfully adopted by a few internet-based businesses such as ebay or Amazon. Moreover, trust evaluation is becoming of increasing importance for future internet systems such as smart grids, because these contain potentially millions of users, their data, and a huge number of subsystems. The resulting scale and complexity makes them ideal candidates for trust and reputation based security controls, but currently engineering methodologies are missing that provide structured step-by-step instructions on how to design such controls. We contribute such a methodology including tool support that helps (i) to elicit trust relationships, (ii) to reason about how to construct trust and reputation engines for these and finally (iii) to specify consequent security controls. The methodology is based on formal OCL-expressions that provide (semi-)automatic support analysing UML models with regard to trust and reputation information.
References
[1]
A. Alebrahim, S. Faßbender, M. Heisel, and R. Meis. Problem-based requirements interaction analysis. In Proceedings of ReFSQ, volume 8396 of LNCS, pages 200--215. Springer, 2014.
[2]
A. Alebrahim and M. Heisel. Supporting quality-driven design decisions by modeling variability. In Proceedings of the QoSA Conference, QoSA '12, pages 43--48. ACM, 2012.
[3]
K. Beckers, I. Côté, D. Hatebur, S. Faßbender, and M. Heisel. Common Criteria CompliAnt Software Development (CC-CASD). In Proceedings of SAC, pages 937--943. ACM, 2013.
[4]
K. Beckers, S. Faßbender, M. Heisel, and R. Meis. A problem-based approach for computer aided privacy threat identification. In APF 2012, volume 8319 of LNCS, pages 1--16. Springer, 2014.
[5]
K. Beckers, T. Frese, D. Hatebur, and M. Heisel. A Structured and Model-Based Hazard Analysis and Risk Assessment Method for Automotive Systems. In Proceedings of ISSRE, pages 238--247. IEEE, 2013.
[6]
K. Beckers, D. Hatebur, and M. Heisel. Supporting common criteria security analysis with problem frames. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 5(1):37--63, 2014.
[7]
BSI. Protection Profile for the Gateway of a Smart Metering System (Gateway PP). Version 01.01.01(final draft), Bundesamt für Sicherheit in der Informationstechnik (BSI) - Federal Office for Information Security Germany, 2011.
[8]
I. Côté. A Systematic Approach to Software Evolution. Deutscher Wissenschafts-Verlag (DWV), 2012.
[9]
I. Côté, D. Hatebur, M. Heisel, and H. Schmidt. UML4PF -- a tool for problem-oriented requirements analysis. In Proceedings of RE, pages 349--350. IEEE, 2011.
[10]
S. Faßbender, M. Heisel, and R. Meis. Functional requirements under security pressure. In Proceedings of the ICSOFT Conference. INSTICC, SciTePress, 2014.
[11]
D. Hatebur. Pattern and Component-based Development of Dependable Systems. Deutscher Wissenschafts-Verlag (DWV), September 2012.
[12]
ISO/IEC. Common Criteria for Information Technology Security Evaluation. ISO/IEC 15408, International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), 2009.
[13]
M. Jackson. Problem Frames. Analyzing and structuring software development problems. Addison-Wesley, 2001.
[14]
Kirtland, Alex and Schiff, Aaron. On A Scale of 1 to 5: Understanding Risk Improves Rating and Reputation Systems, 2008.
[15]
F. Massacci, J. Mylopoulos, and N. Zannone. Security requirements engineering: The si* modeling language and the secure tropos methodology. In AIIS, volume 265 of SCI, pages 147--174. Springer, 2010.
[16]
F. Moyano, C. Fernandez-Gago, K. Beckers, and M. Heisel. Enhancing problem frames with trust and reputation for analyzing smart grid security requirements. In Proceedings SmartGridSec, LNCS 8448, pages 166--180. Springer, 2014.
[17]
F. Moyano, C. Fernandez-Gago, and J. Lopez. A conceptual framework for trust models. In Proceedings of TrustBus 2012, volume 7449 of LNCS, pages 93--104, Springer, 2012.
[18]
F. Moyano, C. Fernandez-Gago, and J. Lopez. Towards engineering trust-aware future internet systems. In Proceedings of WISSE, volume 148 of LNBIP, pages 490--501, Springer, 2013.
[19]
L. Rasmusson and S. Jansson. Simulated social control for secure internet commerce. In Proceedings of NSPW, pages 18--25, ACM, 1996.
[20]
R. Roman, J. Zhou, and J. Lopez. On the features and challenges of security and privacy in distributed internet of things. Computer Networks, 57:2266--2279, July 2013.
[21]
M. G. Uddin and M. Zulkernine. Umltrust: Towards developing trust-aware software. In Proceedings of SAC, pages 831--836, ACM, 2008. ACM.
[22]
UML Revision Task Force. OMG Object Constraint Language: Reference, February 2010.
[23]
A. van Lamsweerde. Requirements Engineering: From System Goals to UML Models to Software Specifications. John Wiley & Sons, 1st edition, 2009.
Index Terms
- Engineering trust- and reputation-based security controls for future internet systems
Recommendations
The Role of Reputation on Trust and Loyalty: A Cross-Cultural Analysis of Tablet E-Tailing
The purpose of this article is to empirically examine the role of online retailer's website reputation on tablet commerce and to compare the trust arbitration between reputation and loyalty in two cultures-Finland and Nigeria. Data was collected from ...
Assessing Trust and Intention to Continue Using Internet Banking Through Security Dimension Impact: A Partial Least Squares Analysis
Internet banking is gaining popularity in Malaysia due to its convenience which is achieved by unique business interactions between banking institutions and customers via websites and mobile applications. Based on the past studies, this article ...
Customer trust in internet banking systems: an empirical study of Thailand
CHINZ '03: Proceedings of the 4th Annual Conference of the ACM Special Interest Group on Computer-Human InteractionInternet banking is one of many specific Internet applications which has a lot of potential customers. However, at the moment, the lower number of Internet banking customers than was predicted may be the result of customers' lack of trust in Internet ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
April 2015
2418 pages
ISBN:9781450331968
DOI:10.1145/2695664
- Conference Chairs:
- Roger L. Wainwright,
- Juan Manuel Corchado,
- Program Chairs:
- Alessio Bechini,
- Jiman Hong
Copyright © 2015 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 13 April 2015
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Spanish Ministry of Education through the National F.P.U. Program
- Junta de Andalucia
- Ministry of Innovation, Science, Research and Technology of the German State of North Rhine-Westphalia and EFRE
- Spanish Ministry of Economy through the project PERSIST
Conference
SAC 2015
Sponsor:
Acceptance Rates
SAC '15 Paper Acceptance Rate 291 of 1,211 submissions, 24%;
Overall Acceptance Rate 1,650 of 6,669 submissions, 25%
Upcoming Conference
SAC '25
- Sponsor:
- sigapp
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 126Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)1
Reflects downloads up to 31 Dec 2024
Other Metrics
Citations
Cited By
View all- Vilela JGoncalves EHolanda ACastro JFigueiredo B(2016)A retrospective analysis of SAC requirementsACM SIGAPP Applied Computing Review10.1145/2993231.299323416:2(26-41)Online publication date: 29-Aug-2016
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in