To main content

DeSPoT: A Method for the Development and Specification of Policies for Trust Negotiation

Abstract

Information systems are ever more connected to the Internet, which gives wide opportunities for interacting with other actors, systems and resources and for exploiting the open and vast marked. This pushes the limits for security mechanisms which in general are too rigorous to fully adapt to such a dynamic and heterogeneous environment. Trust mechanisms can supplement the security mechanisms in this situation to reduce the risk by means of trusted evidences. We propose DeSPoT, a method for the development and specification of policies for trust negotiation. DeSPoT is created to be easy to use for business level experts, yet demonstrated in an industrial study to be useful for those who develop and maintain the system conducting trust negotiation within acceptable risk. Adherence to a DeSPoT policy should ensure that the target fulfills the organizational level requirements to the trust behavior, and that the target is not exposed to unacceptable risk. The paper gives an example-driven presentation of the method.

Category

Academic article

Language

English

Author(s)

  • Tormod Håvaldsrud
  • Birger Møller-Pedersen
  • Bjørnar Solhaug
  • Ketil Stølen

Affiliation

  • University of Oslo
  • SINTEF Digital / Sustainable Communication Technologies

Year

2012

Published in

Lecture Notes in Electrical Engineering

ISSN

1876-1100

Publisher

Springer

Volume

114

Page(s)

93 - 104

View this publication at Cristin