SlideShare ist ein Scribd-Unternehmen logo

Alan hartman trust measurement and management - seserv se workshop june 2012

ictseserv
ictseserv
TechnologieBusiness
1 von 18
© 2009 IBM Corporation Trust Measurement and Management Alan Hartman – IBM Haifa Research Lab 20 June 2012 Open Research Issues
© 2009 IBM Corporation Agenda  Motivation  Defining Trust  Relationship between Risk and Trust  Basic Trust Management Scenario  More Complex Scenarios 2
© 2009 IBM Corporation 3 Why measure and manage trust? Distrust and caution are the parents of security. - Benjamin Franklin The trust of the innocent is the liar’s most useful tool. - Stephen King Trust, but verify. – Ronald Reagan
© 2009 IBM Corporation Definition of trust  Trust is: An expectation about a future behaviour of another person … depending on the degree of trust and the extent of the associated risk (Kasselbaum Ph. D. Thesis in Sociology)  Trust is: A function with three parameters: –Trust(Trustee, Trustor, ActivityOutcome), whose value is the probability (degree of trust) that Trustor believes that Trustee will produce ActivityOutcome in the future 4
© 2009 IBM Corporation Relationship between trust and risk  Rational behavior: If the payoff is positive, then take the risk  Also rational: If the worst case is too awful, don’t take the risk 5  Working Hypothesis: A decision (by the Trustor) on whether to offer the Trustee the opportunity to participate in an Activity with the Trustor is based on both Trust and Risk  Payoff is: a measure of the expected utility to the Trustor associated with all possible outcomes of an activity. Payoff(Trustor, Activity) = sum over all Outcomes (Trust( Trustee, Trustor, ActivityOutcome ) * Value(Outcome))
© 2009 IBM Corporation Academic Interest in Trust  Sociology –Who trusts the Internet? –What are the factors that influence a person to trust interactions in cyberspace?  Economics –What motivates trust and cooperation? –What reputation and incentive mechanisms to promote trust?  Management –Creating and maintaining trust – as part of leadership  Computer Science –Creating trust in computing infrastructure and services 6
© 2009 IBM Corporation Basic Trust Management Scenario 7 1. Build Trust 2. Shake Trust 3. Restore Trust
© 2009 IBM Corporation Building Trust 8 Trustor A trusts Trustee B to produce Outcome C with confidence level P0
© 2009 IBM Corporation ShakingTrust An Event E occurs which causes P0 to decrease to P' which is below the threshold Pt determined by Trustee B 9
© 2009 IBM Corporation Trust Restoration  Trustee B takes mitigation action M and measures new trust level P '' 10
© 2009 IBM Corporation Basic Scenario For Trust Management 1) Initial condition: Trustor A trusts Trustee B to produce outcome C with confidence level P0 2) Either an Event E occurs which causes P0 to decrease to P' which is below the threshold Pt determined by Trustee B Or P0 < Pt in the first place 3) Loop on i: I. B takes mitigation action Mi and measures confidence level Pi (Assume Mi are ordered in decreasing order of cost effectiveness) II. Until Pi >= Pt, or no cost effective mitigation actions remain in the arsenal of B
© 2009 IBM Corporation Research Challenges for Trust Management • How to measure P for a given A, B, and C • How to determine an appropriate threshold Pt for a given A, B, C • What are appropriate mitigation actions Mi for a given A, B, C, E • How to detect and report trust breach events E • How to measure cost effectiveness of Mi • When to give up – i.e. what is the law of diminishing returns in the context of A, B, C, E, and P0, P1, P2, ...Pi
© 2009 IBM Corporation Measuring Trustworthiness of ICT Systems Quantifying Trustworthiness Using Quantifiable Properties* Dependability Security Performability 13 *University of Kansas, Resilinets Wiki
© 2009 IBM Corporation Measuring Trustworthiness of Individuals or Organizations 14 Quantifiable Properties Trustworthy actions Observed Reported by trusted source Evidence Trustworthy reputation Reputation measure Trusted reputation system Membership of trusted organization Trusted guarantor
© 2009 IBM Corporation Mutual trust scenario Alice trusts BigBank to maintain the integrity of her credit card with P=99% BigBank trusts Alice to be honest with it with Q=95% E is an unauthorized credit card transaction from Alice's account – reported to BigBank by Alice (P'=85%, Q'=75%) What actions should Alice and BigBank take to rebuild mutual trust? What is the protocol for mutual trust negotiation?
© 2009 IBM Corporation B2B trust scenario OmahaInsurance is negotiating with IBM to outsource their health insurance claims processing Trust is held between IBM and Omaha and also between Omaha and its customers Event = break in to IBM office in Bangalore Action C is contract negotiation between IBM and Omaha
© 2009 IBM Corporation Trust me, I’m a doctor 18
© 2009 IBM Corporation 19

Empfohlen

Brian pickering introduction to seserv - seserv se workshop june 2012
Brian pickering introduction to seserv - seserv se workshop june 2012Brian pickering introduction to seserv - seserv se workshop june 2012
Brian pickering introduction to seserv - seserv se workshop june 2012
ictseserv
 
Alessandro bogliolo workshop introduction - seserv se workshop june 2012
Alessandro bogliolo workshop introduction - seserv se workshop june 2012Alessandro bogliolo workshop introduction - seserv se workshop june 2012
Alessandro bogliolo workshop introduction - seserv se workshop june 2012
ictseserv
 
Stephen minton tech transformation in the age of uncertainty - seserv se wo...
Stephen minton tech transformation in the age of uncertainty - seserv se wo...Stephen minton tech transformation in the age of uncertainty - seserv se wo...
Stephen minton tech transformation in the age of uncertainty - seserv se wo...
ictseserv
 
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
ictseserv
 
Vesa terava net neutrality in europe - seserv se workshop june 2012
Vesa terava net neutrality in europe - seserv se workshop june 2012Vesa terava net neutrality in europe - seserv se workshop june 2012
Vesa terava net neutrality in europe - seserv se workshop june 2012
ictseserv
 
Trust Measurement and Management
Trust Measurement and ManagementTrust Measurement and Management
Trust Measurement and Management
Alan Hartman
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
FireEye, Inc.
 
Predicting surety claims
Predicting surety claimsPredicting surety claims
Predicting surety claims
Lee Scoggins
 

Empfohlen

Brian pickering introduction to seserv - seserv se workshop june 2012
Brian pickering introduction to seserv - seserv se workshop june 2012Brian pickering introduction to seserv - seserv se workshop june 2012
Brian pickering introduction to seserv - seserv se workshop june 2012
ictseserv
 
Alessandro bogliolo workshop introduction - seserv se workshop june 2012
Alessandro bogliolo workshop introduction - seserv se workshop june 2012Alessandro bogliolo workshop introduction - seserv se workshop june 2012
Alessandro bogliolo workshop introduction - seserv se workshop june 2012
ictseserv
 
Stephen minton tech transformation in the age of uncertainty - seserv se wo...
Stephen minton tech transformation in the age of uncertainty - seserv se wo...Stephen minton tech transformation in the age of uncertainty - seserv se wo...
Stephen minton tech transformation in the age of uncertainty - seserv se wo...
ictseserv
 
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
ictseserv
 
Vesa terava net neutrality in europe - seserv se workshop june 2012
Vesa terava net neutrality in europe - seserv se workshop june 2012Vesa terava net neutrality in europe - seserv se workshop june 2012
Vesa terava net neutrality in europe - seserv se workshop june 2012
ictseserv
 
Trust Measurement and Management
Trust Measurement and ManagementTrust Measurement and Management
Trust Measurement and Management
Alan Hartman
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
FireEye, Inc.
 
Predicting surety claims
Predicting surety claimsPredicting surety claims
Predicting surety claims
Lee Scoggins
 
Kin Insurance - InsurTech Innovation Award 2022
Kin Insurance - InsurTech Innovation Award 2022Kin Insurance - InsurTech Innovation Award 2022
Kin Insurance - InsurTech Innovation Award 2022
The Digital Insurer
 
The price of breaching the fsa principles
The price of breaching the fsa principlesThe price of breaching the fsa principles
The price of breaching the fsa principles
Compliance Consultant
 
Pricing Intellectual Proper Litigation Risk In IP Transactions
Pricing Intellectual Proper Litigation Risk In IP TransactionsPricing Intellectual Proper Litigation Risk In IP Transactions
Pricing Intellectual Proper Litigation Risk In IP Transactions
brucelb
 
The price of breaching the FSA principles
The price of breaching the FSA principlesThe price of breaching the FSA principles
The price of breaching the FSA principles
Compliance Consultant
 
IBM Banking videocast - 3/20/2013
IBM Banking videocast - 3/20/2013 IBM Banking videocast - 3/20/2013
IBM Banking videocast - 3/20/2013
Casey Lucas
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
SurfWatch Labs
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
BrianHuntMSFCPACRISC
 
Pinpoint Predictive- InsurTech Innovation Award 2022
Pinpoint Predictive- InsurTech Innovation Award 2022Pinpoint Predictive- InsurTech Innovation Award 2022
Pinpoint Predictive- InsurTech Innovation Award 2022
The Digital Insurer
 
How to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankHow to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail Bank
Thomas Lee
 
20141116_Roots of Trust IIC_Nist Version
20141116_Roots of Trust IIC_Nist Version20141116_Roots of Trust IIC_Nist Version
20141116_Roots of Trust IIC_Nist Version
Michael Mossbarger
 
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...
CBIZ, Inc.
 
Sonamine casual connect july 2011 beyond metrics - predictives
Sonamine casual connect july 2011 beyond metrics - predictivesSonamine casual connect july 2011 beyond metrics - predictives
Sonamine casual connect july 2011 beyond metrics - predictives
Sonamine
 
Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019
Pinzhang Chen 陈品璋
 
Ecommerce(2)
Ecommerce(2)Ecommerce(2)
Ecommerce(2)
ecommerce
 
The High Price Of Faking Your Pci Compliance Status
The High Price Of Faking Your Pci Compliance StatusThe High Price Of Faking Your Pci Compliance Status
The High Price Of Faking Your Pci Compliance Status
GlobalDataLock.com
 
Big Data Analytics - From Generating Big Data to Deriving Business Value
Big Data Analytics - From Generating Big Data to Deriving Business ValueBig Data Analytics - From Generating Big Data to Deriving Business Value
Big Data Analytics - From Generating Big Data to Deriving Business Value
Piyush Malik
 
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; ManagementBCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management
Andrew Styles
 
ISACA_CISM_April_2023-v1.3.pdf
ISACA_CISM_April_2023-v1.3.pdfISACA_CISM_April_2023-v1.3.pdf
ISACA_CISM_April_2023-v1.3.pdf
CCIEHOMER
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016
IBM Security
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IBM Security
 
Seserv concertation-01
Seserv concertation-01Seserv concertation-01
Seserv concertation-01
ictseserv
 
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...
ictseserv
 

Weitere ähnliche Inhalte

Ähnlich wie Alan hartman trust measurement and management - seserv se workshop june 2012

The price of breaching the fsa principles
The price of breaching the fsa principlesThe price of breaching the fsa principles
The price of breaching the fsa principles
Compliance Consultant
 
20141116_Roots of Trust IIC_Nist Version
20141116_Roots of Trust IIC_Nist Version20141116_Roots of Trust IIC_Nist Version
20141116_Roots of Trust IIC_Nist Version
Michael Mossbarger
 
Ecommerce(2)
Ecommerce(2)Ecommerce(2)
Ecommerce(2)
ecommerce
 
Big Data Analytics - From Generating Big Data to Deriving Business Value
Big Data Analytics - From Generating Big Data to Deriving Business ValueBig Data Analytics - From Generating Big Data to Deriving Business Value
Big Data Analytics - From Generating Big Data to Deriving Business Value
Piyush Malik
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016
IBM Security
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IBM Security
 

Ähnlich wie Alan hartman trust measurement and management - seserv se workshop june 2012 (20)

Kin Insurance - InsurTech Innovation Award 2022
Kin Insurance - InsurTech Innovation Award 2022Kin Insurance - InsurTech Innovation Award 2022
Kin Insurance - InsurTech Innovation Award 2022
 
The price of breaching the fsa principles
The price of breaching the fsa principlesThe price of breaching the fsa principles
The price of breaching the fsa principles
 
Pricing Intellectual Proper Litigation Risk In IP Transactions
Pricing Intellectual Proper Litigation Risk In IP TransactionsPricing Intellectual Proper Litigation Risk In IP Transactions
Pricing Intellectual Proper Litigation Risk In IP Transactions
 
The price of breaching the FSA principles
The price of breaching the FSA principlesThe price of breaching the FSA principles
The price of breaching the FSA principles
 
IBM Banking videocast - 3/20/2013
IBM Banking videocast - 3/20/2013 IBM Banking videocast - 3/20/2013
IBM Banking videocast - 3/20/2013
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
 
Pinpoint Predictive- InsurTech Innovation Award 2022
Pinpoint Predictive- InsurTech Innovation Award 2022Pinpoint Predictive- InsurTech Innovation Award 2022
Pinpoint Predictive- InsurTech Innovation Award 2022
 
How to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankHow to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail Bank
 
20141116_Roots of Trust IIC_Nist Version
20141116_Roots of Trust IIC_Nist Version20141116_Roots of Trust IIC_Nist Version
20141116_Roots of Trust IIC_Nist Version
 
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...
 
Sonamine casual connect july 2011 beyond metrics - predictives
Sonamine casual connect july 2011 beyond metrics - predictivesSonamine casual connect july 2011 beyond metrics - predictives
Sonamine casual connect july 2011 beyond metrics - predictives
 
Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019
 
Ecommerce(2)
Ecommerce(2)Ecommerce(2)
Ecommerce(2)
 
The High Price Of Faking Your Pci Compliance Status
The High Price Of Faking Your Pci Compliance StatusThe High Price Of Faking Your Pci Compliance Status
The High Price Of Faking Your Pci Compliance Status
 
Big Data Analytics - From Generating Big Data to Deriving Business Value
Big Data Analytics - From Generating Big Data to Deriving Business ValueBig Data Analytics - From Generating Big Data to Deriving Business Value
Big Data Analytics - From Generating Big Data to Deriving Business Value
 
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; ManagementBCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management
 
ISACA_CISM_April_2023-v1.3.pdf
ISACA_CISM_April_2023-v1.3.pdfISACA_CISM_April_2023-v1.3.pdf
ISACA_CISM_April_2023-v1.3.pdf
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 

Mehr von ictseserv

Seserv concertation-01
Seserv concertation-01Seserv concertation-01
Seserv concertation-01
ictseserv
 
Cooperative Database Caching within Cloud Environments
Cooperative Database Caching within Cloud EnvironmentsCooperative Database Caching within Cloud Environments
Cooperative Database Caching within Cloud Environments
ictseserv
 
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
ictseserv
 
Burkhard stiller cloiuds-fu-nems-2012
Burkhard stiller cloiuds-fu-nems-2012Burkhard stiller cloiuds-fu-nems-2012
Burkhard stiller cloiuds-fu-nems-2012
ictseserv
 
Fia aalborg-statement-iopapafi-v0.5
Fia aalborg-statement-iopapafi-v0.5Fia aalborg-statement-iopapafi-v0.5
Fia aalborg-statement-iopapafi-v0.5
ictseserv
 
Sara de freitas the gamification of everyday life - seserv se workshop june...
Sara de freitas the gamification of everyday life - seserv se workshop june...Sara de freitas the gamification of everyday life - seserv se workshop june...
Sara de freitas the gamification of everyday life - seserv se workshop june...
ictseserv
 
Javier salcedo cloud computing - seserv se workshop june 2012
Javier salcedo cloud computing - seserv se workshop june 2012Javier salcedo cloud computing - seserv se workshop june 2012
Javier salcedo cloud computing - seserv se workshop june 2012
ictseserv
 
Falk von bornstaedt networks perspectives and analysis in the future intern...
Falk von bornstaedt networks perspectives and analysis in the future intern...Falk von bornstaedt networks perspectives and analysis in the future intern...
Falk von bornstaedt networks perspectives and analysis in the future intern...
ictseserv
 
Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012
Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012
Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012
ictseserv
 
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
ictseserv
 
Fia presentatie
Fia presentatieFia presentatie
Fia presentatie
ictseserv
 
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
ictseserv
 
Seserv workshop alissa cooper - net neutrality practices
Seserv workshop alissa cooper - net neutrality practicesSeserv workshop alissa cooper - net neutrality practices
Seserv workshop alissa cooper - net neutrality practices
ictseserv
 

Mehr von ictseserv (20)

Seserv concertation-01
Seserv concertation-01Seserv concertation-01
Seserv concertation-01
 
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...
 
Cooperative Database Caching within Cloud Environments
Cooperative Database Caching within Cloud EnvironmentsCooperative Database Caching within Cloud Environments
Cooperative Database Caching within Cloud Environments
 
Aims2012
Aims2012Aims2012
Aims2012
 
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
 
Eunice2012
Eunice2012Eunice2012
Eunice2012
 
Burkhard stiller cloiuds-fu-nems-2012
Burkhard stiller cloiuds-fu-nems-2012Burkhard stiller cloiuds-fu-nems-2012
Burkhard stiller cloiuds-fu-nems-2012
 
Fia aalborg-statement-iopapafi-v0.5
Fia aalborg-statement-iopapafi-v0.5Fia aalborg-statement-iopapafi-v0.5
Fia aalborg-statement-iopapafi-v0.5
 
Sara de freitas the gamification of everyday life - seserv se workshop june...
Sara de freitas the gamification of everyday life - seserv se workshop june...Sara de freitas the gamification of everyday life - seserv se workshop june...
Sara de freitas the gamification of everyday life - seserv se workshop june...
 
Javier salcedo cloud computing - seserv se workshop june 2012
Javier salcedo cloud computing - seserv se workshop june 2012Javier salcedo cloud computing - seserv se workshop june 2012
Javier salcedo cloud computing - seserv se workshop june 2012
 
Falk von bornstaedt networks perspectives and analysis in the future intern...
Falk von bornstaedt networks perspectives and analysis in the future intern...Falk von bornstaedt networks perspectives and analysis in the future intern...
Falk von bornstaedt networks perspectives and analysis in the future intern...
 
Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012
Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012
Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012
 
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
 
Fia presentatie
Fia presentatieFia presentatie
Fia presentatie
 
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
 
Seserv workshop manos dramitinos - tussle analysis from etics project
Seserv workshop manos dramitinos - tussle analysis from etics projectSeserv workshop manos dramitinos - tussle analysis from etics project
Seserv workshop manos dramitinos - tussle analysis from etics project
 
Seserv workshop costas kalogiros - tussle analysis examples dns-tcp
Seserv workshop costas kalogiros - tussle analysis examples dns-tcpSeserv workshop costas kalogiros - tussle analysis examples dns-tcp
Seserv workshop costas kalogiros - tussle analysis examples dns-tcp
 
Seserv workshop costas courcoubetis - introduction to tussle analysis metho...
Seserv workshop costas courcoubetis - introduction to tussle analysis metho...Seserv workshop costas courcoubetis - introduction to tussle analysis metho...
Seserv workshop costas courcoubetis - introduction to tussle analysis metho...
 
Sending party network pays
Sending party network paysSending party network pays
Sending party network pays
 
Seserv workshop alissa cooper - net neutrality practices
Seserv workshop alissa cooper - net neutrality practicesSeserv workshop alissa cooper - net neutrality practices
Seserv workshop alissa cooper - net neutrality practices
 

Kürzlich hochgeladen

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 

Kürzlich hochgeladen (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Alan hartman trust measurement and management - seserv se workshop june 2012

  • 1. © 2009 IBM Corporation Trust Measurement and Management Alan Hartman – IBM Haifa Research Lab 20 June 2012 Open Research Issues
  • 2. © 2009 IBM Corporation Agenda  Motivation  Defining Trust  Relationship between Risk and Trust  Basic Trust Management Scenario  More Complex Scenarios 2
  • 3. © 2009 IBM Corporation 3 Why measure and manage trust? Distrust and caution are the parents of security. - Benjamin Franklin The trust of the innocent is the liar’s most useful tool. - Stephen King Trust, but verify. – Ronald Reagan
  • 4. © 2009 IBM Corporation Definition of trust  Trust is: An expectation about a future behaviour of another person … depending on the degree of trust and the extent of the associated risk (Kasselbaum Ph. D. Thesis in Sociology)  Trust is: A function with three parameters: –Trust(Trustee, Trustor, ActivityOutcome), whose value is the probability (degree of trust) that Trustor believes that Trustee will produce ActivityOutcome in the future 4
  • 5. © 2009 IBM Corporation Relationship between trust and risk  Rational behavior: If the payoff is positive, then take the risk  Also rational: If the worst case is too awful, don’t take the risk 5  Working Hypothesis: A decision (by the Trustor) on whether to offer the Trustee the opportunity to participate in an Activity with the Trustor is based on both Trust and Risk  Payoff is: a measure of the expected utility to the Trustor associated with all possible outcomes of an activity. Payoff(Trustor, Activity) = sum over all Outcomes (Trust( Trustee, Trustor, ActivityOutcome ) * Value(Outcome))
  • 6. © 2009 IBM Corporation Academic Interest in Trust  Sociology –Who trusts the Internet? –What are the factors that influence a person to trust interactions in cyberspace?  Economics –What motivates trust and cooperation? –What reputation and incentive mechanisms to promote trust?  Management –Creating and maintaining trust – as part of leadership  Computer Science –Creating trust in computing infrastructure and services 6
  • 7. © 2009 IBM Corporation Basic Trust Management Scenario 7 1. Build Trust 2. Shake Trust 3. Restore Trust
  • 8. © 2009 IBM Corporation Building Trust 8 Trustor A trusts Trustee B to produce Outcome C with confidence level P0
  • 9. © 2009 IBM Corporation ShakingTrust An Event E occurs which causes P0 to decrease to P' which is below the threshold Pt determined by Trustee B 9
  • 10. © 2009 IBM Corporation Trust Restoration  Trustee B takes mitigation action M and measures new trust level P '' 10
  • 11. © 2009 IBM Corporation Basic Scenario For Trust Management 1) Initial condition: Trustor A trusts Trustee B to produce outcome C with confidence level P0 2) Either an Event E occurs which causes P0 to decrease to P' which is below the threshold Pt determined by Trustee B Or P0 < Pt in the first place 3) Loop on i: I. B takes mitigation action Mi and measures confidence level Pi (Assume Mi are ordered in decreasing order of cost effectiveness) II. Until Pi >= Pt, or no cost effective mitigation actions remain in the arsenal of B
  • 12. © 2009 IBM Corporation Research Challenges for Trust Management • How to measure P for a given A, B, and C • How to determine an appropriate threshold Pt for a given A, B, C • What are appropriate mitigation actions Mi for a given A, B, C, E • How to detect and report trust breach events E • How to measure cost effectiveness of Mi • When to give up – i.e. what is the law of diminishing returns in the context of A, B, C, E, and P0, P1, P2, ...Pi
  • 13. © 2009 IBM Corporation Measuring Trustworthiness of ICT Systems Quantifying Trustworthiness Using Quantifiable Properties* Dependability Security Performability 13 *University of Kansas, Resilinets Wiki
  • 14. © 2009 IBM Corporation Measuring Trustworthiness of Individuals or Organizations 14 Quantifiable Properties Trustworthy actions Observed Reported by trusted source Evidence Trustworthy reputation Reputation measure Trusted reputation system Membership of trusted organization Trusted guarantor
  • 15. © 2009 IBM Corporation Mutual trust scenario Alice trusts BigBank to maintain the integrity of her credit card with P=99% BigBank trusts Alice to be honest with it with Q=95% E is an unauthorized credit card transaction from Alice's account – reported to BigBank by Alice (P'=85%, Q'=75%) What actions should Alice and BigBank take to rebuild mutual trust? What is the protocol for mutual trust negotiation?
  • 16. © 2009 IBM Corporation B2B trust scenario OmahaInsurance is negotiating with IBM to outsource their health insurance claims processing Trust is held between IBM and Omaha and also between Omaha and its customers Event = break in to IBM office in Bangalore Action C is contract negotiation between IBM and Omaha
  • 17. © 2009 IBM Corporation Trust me, I’m a doctor 18
  • 18. © 2009 IBM Corporation 19

Hinweis der Redaktion

  1. We want to be secure and not the dupe of liars and dissemblersTrust is essential for many aspects of society, not just business
  2. A joke in search of a punch line:What is the difference between a sociologist and a mathematician?
  3. Value = the value to the trustor of the particular OutcomePayoff = expected value to the trustor over the long term with repeated occurrences of the ActivityRationality = average case behaviourBUT if the worst case causes catastrophic consequences (with very low probability), then risk averse players will not take it, even if the expected value over the long term is positive
  4. Trying to add my input as a mathematician
  5. Dependability is that property of a computer system such that reliance can justifiably be placed on the service it delivers. It generally includes the notions of availability (ability to use a system or service) and reliability (continuous operation of a system or service), as well as integrity, maintainability, and safety. Security is the property of a system and measures taken such that it protects itself from unauthorised access or change, subject to policy. Security properties include AAA (auditability, authorisability, authenticity), confidentiality, and nonrepudiation. Security shares with dependability the properties of availability and integrity. Performability is that property of a computer system such that it delivers performance required by the service, as described by QoS (quality of service) measures.