SlideShare une entreprise Scribd logo

Alan hartman trust measurement and management - seserv se workshop june 2012

ictseserv
ictseserv
TechnologieBusiness
1  sur  18
© 2009 IBM Corporation Trust Measurement and Management Alan Hartman – IBM Haifa Research Lab 20 June 2012 Open Research Issues
© 2009 IBM Corporation Agenda  Motivation  Defining Trust  Relationship between Risk and Trust  Basic Trust Management Scenario  More Complex Scenarios 2
© 2009 IBM Corporation 3 Why measure and manage trust? Distrust and caution are the parents of security. - Benjamin Franklin The trust of the innocent is the liar’s most useful tool. - Stephen King Trust, but verify. – Ronald Reagan
© 2009 IBM Corporation Definition of trust  Trust is: An expectation about a future behaviour of another person … depending on the degree of trust and the extent of the associated risk (Kasselbaum Ph. D. Thesis in Sociology)  Trust is: A function with three parameters: –Trust(Trustee, Trustor, ActivityOutcome), whose value is the probability (degree of trust) that Trustor believes that Trustee will produce ActivityOutcome in the future 4
© 2009 IBM Corporation Relationship between trust and risk  Rational behavior: If the payoff is positive, then take the risk  Also rational: If the worst case is too awful, don’t take the risk 5  Working Hypothesis: A decision (by the Trustor) on whether to offer the Trustee the opportunity to participate in an Activity with the Trustor is based on both Trust and Risk  Payoff is: a measure of the expected utility to the Trustor associated with all possible outcomes of an activity. Payoff(Trustor, Activity) = sum over all Outcomes (Trust( Trustee, Trustor, ActivityOutcome ) * Value(Outcome))
© 2009 IBM Corporation Academic Interest in Trust  Sociology –Who trusts the Internet? –What are the factors that influence a person to trust interactions in cyberspace?  Economics –What motivates trust and cooperation? –What reputation and incentive mechanisms to promote trust?  Management –Creating and maintaining trust – as part of leadership  Computer Science –Creating trust in computing infrastructure and services 6
© 2009 IBM Corporation Basic Trust Management Scenario 7 1. Build Trust 2. Shake Trust 3. Restore Trust
© 2009 IBM Corporation Building Trust 8 Trustor A trusts Trustee B to produce Outcome C with confidence level P0
© 2009 IBM Corporation ShakingTrust An Event E occurs which causes P0 to decrease to P' which is below the threshold Pt determined by Trustee B 9
© 2009 IBM Corporation Trust Restoration  Trustee B takes mitigation action M and measures new trust level P '' 10
© 2009 IBM Corporation Basic Scenario For Trust Management 1) Initial condition: Trustor A trusts Trustee B to produce outcome C with confidence level P0 2) Either an Event E occurs which causes P0 to decrease to P' which is below the threshold Pt determined by Trustee B Or P0 < Pt in the first place 3) Loop on i: I. B takes mitigation action Mi and measures confidence level Pi (Assume Mi are ordered in decreasing order of cost effectiveness) II. Until Pi >= Pt, or no cost effective mitigation actions remain in the arsenal of B
© 2009 IBM Corporation Research Challenges for Trust Management • How to measure P for a given A, B, and C • How to determine an appropriate threshold Pt for a given A, B, C • What are appropriate mitigation actions Mi for a given A, B, C, E • How to detect and report trust breach events E • How to measure cost effectiveness of Mi • When to give up – i.e. what is the law of diminishing returns in the context of A, B, C, E, and P0, P1, P2, ...Pi
© 2009 IBM Corporation Measuring Trustworthiness of ICT Systems Quantifying Trustworthiness Using Quantifiable Properties* Dependability Security Performability 13 *University of Kansas, Resilinets Wiki
© 2009 IBM Corporation Measuring Trustworthiness of Individuals or Organizations 14 Quantifiable Properties Trustworthy actions Observed Reported by trusted source Evidence Trustworthy reputation Reputation measure Trusted reputation system Membership of trusted organization Trusted guarantor
© 2009 IBM Corporation Mutual trust scenario Alice trusts BigBank to maintain the integrity of her credit card with P=99% BigBank trusts Alice to be honest with it with Q=95% E is an unauthorized credit card transaction from Alice's account – reported to BigBank by Alice (P'=85%, Q'=75%) What actions should Alice and BigBank take to rebuild mutual trust? What is the protocol for mutual trust negotiation?
© 2009 IBM Corporation B2B trust scenario OmahaInsurance is negotiating with IBM to outsource their health insurance claims processing Trust is held between IBM and Omaha and also between Omaha and its customers Event = break in to IBM office in Bangalore Action C is contract negotiation between IBM and Omaha
© 2009 IBM Corporation Trust me, I’m a doctor 18
© 2009 IBM Corporation 19

Recommandé

Brian pickering introduction to seserv - seserv se workshop june 2012
Brian pickering introduction to seserv - seserv se workshop june 2012Brian pickering introduction to seserv - seserv se workshop june 2012
Brian pickering introduction to seserv - seserv se workshop june 2012ictseserv
 
Alessandro bogliolo workshop introduction - seserv se workshop june 2012
Alessandro bogliolo workshop introduction - seserv se workshop june 2012Alessandro bogliolo workshop introduction - seserv se workshop june 2012
Alessandro bogliolo workshop introduction - seserv se workshop june 2012ictseserv
 
Stephen minton tech transformation in the age of uncertainty - seserv se wo...
Stephen minton tech transformation in the age of uncertainty - seserv se wo...Stephen minton tech transformation in the age of uncertainty - seserv se wo...
Stephen minton tech transformation in the age of uncertainty - seserv se wo...ictseserv
 
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...ictseserv
 
Vesa terava net neutrality in europe - seserv se workshop june 2012
Vesa terava net neutrality in europe - seserv se workshop june 2012Vesa terava net neutrality in europe - seserv se workshop june 2012
Vesa terava net neutrality in europe - seserv se workshop june 2012ictseserv
 
Trust Measurement and Management
Trust Measurement and ManagementTrust Measurement and Management
Trust Measurement and ManagementAlan Hartman
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Predicting surety claims
Predicting surety claimsPredicting surety claims
Predicting surety claimsLee Scoggins
 

Recommandé

Brian pickering introduction to seserv - seserv se workshop june 2012
Brian pickering introduction to seserv - seserv se workshop june 2012Brian pickering introduction to seserv - seserv se workshop june 2012
Brian pickering introduction to seserv - seserv se workshop june 2012ictseserv
 
Alessandro bogliolo workshop introduction - seserv se workshop june 2012
Alessandro bogliolo workshop introduction - seserv se workshop june 2012Alessandro bogliolo workshop introduction - seserv se workshop june 2012
Alessandro bogliolo workshop introduction - seserv se workshop june 2012ictseserv
 
Stephen minton tech transformation in the age of uncertainty - seserv se wo...
Stephen minton tech transformation in the age of uncertainty - seserv se wo...Stephen minton tech transformation in the age of uncertainty - seserv se wo...
Stephen minton tech transformation in the age of uncertainty - seserv se wo...ictseserv
 
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...
Aleksandra kuczerawy privacy issues in future internet - seserv se workshop...ictseserv
 
Vesa terava net neutrality in europe - seserv se workshop june 2012
Vesa terava net neutrality in europe - seserv se workshop june 2012Vesa terava net neutrality in europe - seserv se workshop june 2012
Vesa terava net neutrality in europe - seserv se workshop june 2012ictseserv
 
Trust Measurement and Management
Trust Measurement and ManagementTrust Measurement and Management
Trust Measurement and ManagementAlan Hartman
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Predicting surety claims
Predicting surety claimsPredicting surety claims
Predicting surety claimsLee Scoggins
 
Kin Insurance - InsurTech Innovation Award 2022
Kin Insurance - InsurTech Innovation Award 2022Kin Insurance - InsurTech Innovation Award 2022
Kin Insurance - InsurTech Innovation Award 2022The Digital Insurer
 
The price of breaching the fsa principles
The price of breaching the fsa principlesThe price of breaching the fsa principles
The price of breaching the fsa principlesCompliance Consultant
 
Pricing Intellectual Proper Litigation Risk In IP Transactions
Pricing Intellectual Proper Litigation Risk In IP TransactionsPricing Intellectual Proper Litigation Risk In IP Transactions
Pricing Intellectual Proper Litigation Risk In IP Transactionsbrucelb
 
The price of breaching the FSA principles
The price of breaching the FSA principlesThe price of breaching the FSA principles
The price of breaching the FSA principlesCompliance Consultant
 
IBM Banking videocast - 3/20/2013
IBM Banking videocast - 3/20/2013 IBM Banking videocast - 3/20/2013
IBM Banking videocast - 3/20/2013 Casey Lucas
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Pinpoint Predictive- InsurTech Innovation Award 2022
Pinpoint Predictive- InsurTech Innovation Award 2022Pinpoint Predictive- InsurTech Innovation Award 2022
Pinpoint Predictive- InsurTech Innovation Award 2022The Digital Insurer
 
How to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankHow to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankThomas Lee
 
20141116_Roots of Trust IIC_Nist Version
20141116_Roots of Trust IIC_Nist Version20141116_Roots of Trust IIC_Nist Version
20141116_Roots of Trust IIC_Nist VersionMichael Mossbarger
 
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...CBIZ, Inc.
 
Sonamine casual connect july 2011 beyond metrics - predictives
Sonamine casual connect july 2011 beyond metrics - predictivesSonamine casual connect july 2011 beyond metrics - predictives
Sonamine casual connect july 2011 beyond metrics - predictivesSonamine
 
Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Pinzhang Chen 陈品璋
 
Ecommerce(2)
Ecommerce(2)Ecommerce(2)
Ecommerce(2)ecommerce
 
The High Price Of Faking Your Pci Compliance Status
The High Price Of Faking Your Pci Compliance StatusThe High Price Of Faking Your Pci Compliance Status
The High Price Of Faking Your Pci Compliance StatusGlobalDataLock.com
 
Big Data Analytics - From Generating Big Data to Deriving Business Value
Big Data Analytics - From Generating Big Data to Deriving Business ValueBig Data Analytics - From Generating Big Data to Deriving Business Value
Big Data Analytics - From Generating Big Data to Deriving Business ValuePiyush Malik
 
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; ManagementBCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; ManagementAndrew Styles
 
ISACA_CISM_April_2023-v1.3.pdf
ISACA_CISM_April_2023-v1.3.pdfISACA_CISM_April_2023-v1.3.pdf
ISACA_CISM_April_2023-v1.3.pdfCCIEHOMER
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 
Seserv concertation-01
Seserv concertation-01Seserv concertation-01
Seserv concertation-01ictseserv
 
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...ictseserv
 

Contenu connexe

Similaire à Alan hartman trust measurement and management - seserv se workshop june 2012

Kin Insurance - InsurTech Innovation Award 2022
Kin Insurance - InsurTech Innovation Award 2022Kin Insurance - InsurTech Innovation Award 2022
Kin Insurance - InsurTech Innovation Award 2022The Digital Insurer
 
The price of breaching the fsa principles
The price of breaching the fsa principlesThe price of breaching the fsa principles
The price of breaching the fsa principlesCompliance Consultant
 
Pricing Intellectual Proper Litigation Risk In IP Transactions
Pricing Intellectual Proper Litigation Risk In IP TransactionsPricing Intellectual Proper Litigation Risk In IP Transactions
Pricing Intellectual Proper Litigation Risk In IP Transactionsbrucelb
 
The price of breaching the FSA principles
The price of breaching the FSA principlesThe price of breaching the FSA principles
The price of breaching the FSA principlesCompliance Consultant
 
IBM Banking videocast - 3/20/2013
IBM Banking videocast - 3/20/2013 IBM Banking videocast - 3/20/2013
IBM Banking videocast - 3/20/2013 Casey Lucas
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Pinpoint Predictive- InsurTech Innovation Award 2022
Pinpoint Predictive- InsurTech Innovation Award 2022Pinpoint Predictive- InsurTech Innovation Award 2022
Pinpoint Predictive- InsurTech Innovation Award 2022The Digital Insurer
 
How to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankHow to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankThomas Lee
 
20141116_Roots of Trust IIC_Nist Version
20141116_Roots of Trust IIC_Nist Version20141116_Roots of Trust IIC_Nist Version
20141116_Roots of Trust IIC_Nist VersionMichael Mossbarger
 
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...CBIZ, Inc.
 
Sonamine casual connect july 2011 beyond metrics - predictives
Sonamine casual connect july 2011 beyond metrics - predictivesSonamine casual connect july 2011 beyond metrics - predictives
Sonamine casual connect july 2011 beyond metrics - predictivesSonamine
 
Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Pinzhang Chen 陈品璋
 
Ecommerce(2)
Ecommerce(2)Ecommerce(2)
Ecommerce(2)ecommerce
 
The High Price Of Faking Your Pci Compliance Status
The High Price Of Faking Your Pci Compliance StatusThe High Price Of Faking Your Pci Compliance Status
The High Price Of Faking Your Pci Compliance StatusGlobalDataLock.com
 
Big Data Analytics - From Generating Big Data to Deriving Business Value
Big Data Analytics - From Generating Big Data to Deriving Business ValueBig Data Analytics - From Generating Big Data to Deriving Business Value
Big Data Analytics - From Generating Big Data to Deriving Business ValuePiyush Malik
 
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; ManagementBCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; ManagementAndrew Styles
 
ISACA_CISM_April_2023-v1.3.pdf
ISACA_CISM_April_2023-v1.3.pdfISACA_CISM_April_2023-v1.3.pdf
ISACA_CISM_April_2023-v1.3.pdfCCIEHOMER
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016IBM Security
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 

Similaire à Alan hartman trust measurement and management - seserv se workshop june 2012 (20)

Kin Insurance - InsurTech Innovation Award 2022
Kin Insurance - InsurTech Innovation Award 2022Kin Insurance - InsurTech Innovation Award 2022
Kin Insurance - InsurTech Innovation Award 2022
 
The price of breaching the fsa principles
The price of breaching the fsa principlesThe price of breaching the fsa principles
The price of breaching the fsa principles
 
Pricing Intellectual Proper Litigation Risk In IP Transactions
Pricing Intellectual Proper Litigation Risk In IP TransactionsPricing Intellectual Proper Litigation Risk In IP Transactions
Pricing Intellectual Proper Litigation Risk In IP Transactions
 
The price of breaching the FSA principles
The price of breaching the FSA principlesThe price of breaching the FSA principles
The price of breaching the FSA principles
 
IBM Banking videocast - 3/20/2013
IBM Banking videocast - 3/20/2013 IBM Banking videocast - 3/20/2013
IBM Banking videocast - 3/20/2013
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
 
Pinpoint Predictive- InsurTech Innovation Award 2022
Pinpoint Predictive- InsurTech Innovation Award 2022Pinpoint Predictive- InsurTech Innovation Award 2022
Pinpoint Predictive- InsurTech Innovation Award 2022
 
How to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankHow to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail Bank
 
20141116_Roots of Trust IIC_Nist Version
20141116_Roots of Trust IIC_Nist Version20141116_Roots of Trust IIC_Nist Version
20141116_Roots of Trust IIC_Nist Version
 
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...
Security, Data Breach & The Bottome Line: A Forecast For Manufacturers & Dist...
 
Sonamine casual connect july 2011 beyond metrics - predictives
Sonamine casual connect july 2011 beyond metrics - predictivesSonamine casual connect july 2011 beyond metrics - predictives
Sonamine casual connect july 2011 beyond metrics - predictives
 
Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019
 
Ecommerce(2)
Ecommerce(2)Ecommerce(2)
Ecommerce(2)
 
The High Price Of Faking Your Pci Compliance Status
The High Price Of Faking Your Pci Compliance StatusThe High Price Of Faking Your Pci Compliance Status
The High Price Of Faking Your Pci Compliance Status
 
Big Data Analytics - From Generating Big Data to Deriving Business Value
Big Data Analytics - From Generating Big Data to Deriving Business ValueBig Data Analytics - From Generating Big Data to Deriving Business Value
Big Data Analytics - From Generating Big Data to Deriving Business Value
 
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; ManagementBCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management
BCM Training Part 1 - Introduction To BCM - Business Risk &amp; Management
 
ISACA_CISM_April_2023-v1.3.pdf
ISACA_CISM_April_2023-v1.3.pdfISACA_CISM_April_2023-v1.3.pdf
ISACA_CISM_April_2023-v1.3.pdf
 
Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016Recent ECB/ EBA regulations how they will impact European banks in 2016
Recent ECB/ EBA regulations how they will impact European banks in 2016
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 

Plus de ictseserv

Seserv concertation-01
Seserv concertation-01Seserv concertation-01
Seserv concertation-01ictseserv
 
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...ictseserv
 
Cooperative Database Caching within Cloud Environments
Cooperative Database Caching within Cloud EnvironmentsCooperative Database Caching within Cloud Environments
Cooperative Database Caching within Cloud Environmentsictseserv
 
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)ictseserv
 
Burkhard stiller cloiuds-fu-nems-2012
Burkhard stiller cloiuds-fu-nems-2012Burkhard stiller cloiuds-fu-nems-2012
Burkhard stiller cloiuds-fu-nems-2012ictseserv
 
Fia aalborg-statement-iopapafi-v0.5
Fia aalborg-statement-iopapafi-v0.5Fia aalborg-statement-iopapafi-v0.5
Fia aalborg-statement-iopapafi-v0.5ictseserv
 
Sara de freitas the gamification of everyday life - seserv se workshop june...
Sara de freitas the gamification of everyday life - seserv se workshop june...Sara de freitas the gamification of everyday life - seserv se workshop june...
Sara de freitas the gamification of everyday life - seserv se workshop june...ictseserv
 
Javier salcedo cloud computing - seserv se workshop june 2012
Javier salcedo cloud computing - seserv se workshop june 2012Javier salcedo cloud computing - seserv se workshop june 2012
Javier salcedo cloud computing - seserv se workshop june 2012ictseserv
 
Falk von bornstaedt networks perspectives and analysis in the future intern...
Falk von bornstaedt networks perspectives and analysis in the future intern...Falk von bornstaedt networks perspectives and analysis in the future intern...
Falk von bornstaedt networks perspectives and analysis in the future intern...ictseserv
 
Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012
Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012
Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012ictseserv
 
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)ictseserv
 
Fia presentatie
Fia presentatieFia presentatie
Fia presentatieictseserv
 
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)ictseserv
 
Seserv workshop manos dramitinos - tussle analysis from etics project
Seserv workshop manos dramitinos - tussle analysis from etics projectSeserv workshop manos dramitinos - tussle analysis from etics project
Seserv workshop manos dramitinos - tussle analysis from etics projectictseserv
 
Seserv workshop costas kalogiros - tussle analysis examples dns-tcp
Seserv workshop costas kalogiros - tussle analysis examples dns-tcpSeserv workshop costas kalogiros - tussle analysis examples dns-tcp
Seserv workshop costas kalogiros - tussle analysis examples dns-tcpictseserv
 
Seserv workshop costas courcoubetis - introduction to tussle analysis metho...
Seserv workshop costas courcoubetis - introduction to tussle analysis metho...Seserv workshop costas courcoubetis - introduction to tussle analysis metho...
Seserv workshop costas courcoubetis - introduction to tussle analysis metho...ictseserv
 
Sending party network pays
Sending party network paysSending party network pays
Sending party network paysictseserv
 
Seserv workshop alissa cooper - net neutrality practices
Seserv workshop alissa cooper - net neutrality practicesSeserv workshop alissa cooper - net neutrality practices
Seserv workshop alissa cooper - net neutrality practicesictseserv
 

Plus de ictseserv (20)

Seserv concertation-01
Seserv concertation-01Seserv concertation-01
Seserv concertation-01
 
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...
Socioeconomic Tussles Analysis of the ETICS Approach for Providing QoS-enable...
 
Cooperative Database Caching within Cloud Environments
Cooperative Database Caching within Cloud EnvironmentsCooperative Database Caching within Cloud Environments
Cooperative Database Caching within Cloud Environments
 
Aims2012
Aims2012Aims2012
Aims2012
 
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
 
Eunice2012
Eunice2012Eunice2012
Eunice2012
 
Burkhard stiller cloiuds-fu-nems-2012
Burkhard stiller cloiuds-fu-nems-2012Burkhard stiller cloiuds-fu-nems-2012
Burkhard stiller cloiuds-fu-nems-2012
 
Fia aalborg-statement-iopapafi-v0.5
Fia aalborg-statement-iopapafi-v0.5Fia aalborg-statement-iopapafi-v0.5
Fia aalborg-statement-iopapafi-v0.5
 
Sara de freitas the gamification of everyday life - seserv se workshop june...
Sara de freitas the gamification of everyday life - seserv se workshop june...Sara de freitas the gamification of everyday life - seserv se workshop june...
Sara de freitas the gamification of everyday life - seserv se workshop june...
 
Javier salcedo cloud computing - seserv se workshop june 2012
Javier salcedo cloud computing - seserv se workshop june 2012Javier salcedo cloud computing - seserv se workshop june 2012
Javier salcedo cloud computing - seserv se workshop june 2012
 
Falk von bornstaedt networks perspectives and analysis in the future intern...
Falk von bornstaedt networks perspectives and analysis in the future intern...Falk von bornstaedt networks perspectives and analysis in the future intern...
Falk von bornstaedt networks perspectives and analysis in the future intern...
 
Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012
Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012
Andrea Glorioso: No Disconnect Strategy - SESERV Workshop, June 2012
 
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
 
Fia presentatie
Fia presentatieFia presentatie
Fia presentatie
 
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
Socio-Economic Aware Design of Future Network Technology (Y.FNsocioeconomic)
 
Seserv workshop manos dramitinos - tussle analysis from etics project
Seserv workshop manos dramitinos - tussle analysis from etics projectSeserv workshop manos dramitinos - tussle analysis from etics project
Seserv workshop manos dramitinos - tussle analysis from etics project
 
Seserv workshop costas kalogiros - tussle analysis examples dns-tcp
Seserv workshop costas kalogiros - tussle analysis examples dns-tcpSeserv workshop costas kalogiros - tussle analysis examples dns-tcp
Seserv workshop costas kalogiros - tussle analysis examples dns-tcp
 
Seserv workshop costas courcoubetis - introduction to tussle analysis metho...
Seserv workshop costas courcoubetis - introduction to tussle analysis metho...Seserv workshop costas courcoubetis - introduction to tussle analysis metho...
Seserv workshop costas courcoubetis - introduction to tussle analysis metho...
 
Sending party network pays
Sending party network paysSending party network pays
Sending party network pays
 
Seserv workshop alissa cooper - net neutrality practices
Seserv workshop alissa cooper - net neutrality practicesSeserv workshop alissa cooper - net neutrality practices
Seserv workshop alissa cooper - net neutrality practices
 

Dernier

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Dernier (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Alan hartman trust measurement and management - seserv se workshop june 2012

  • 1. © 2009 IBM Corporation Trust Measurement and Management Alan Hartman – IBM Haifa Research Lab 20 June 2012 Open Research Issues
  • 2. © 2009 IBM Corporation Agenda  Motivation  Defining Trust  Relationship between Risk and Trust  Basic Trust Management Scenario  More Complex Scenarios 2
  • 3. © 2009 IBM Corporation 3 Why measure and manage trust? Distrust and caution are the parents of security. - Benjamin Franklin The trust of the innocent is the liar’s most useful tool. - Stephen King Trust, but verify. – Ronald Reagan
  • 4. © 2009 IBM Corporation Definition of trust  Trust is: An expectation about a future behaviour of another person … depending on the degree of trust and the extent of the associated risk (Kasselbaum Ph. D. Thesis in Sociology)  Trust is: A function with three parameters: –Trust(Trustee, Trustor, ActivityOutcome), whose value is the probability (degree of trust) that Trustor believes that Trustee will produce ActivityOutcome in the future 4
  • 5. © 2009 IBM Corporation Relationship between trust and risk  Rational behavior: If the payoff is positive, then take the risk  Also rational: If the worst case is too awful, don’t take the risk 5  Working Hypothesis: A decision (by the Trustor) on whether to offer the Trustee the opportunity to participate in an Activity with the Trustor is based on both Trust and Risk  Payoff is: a measure of the expected utility to the Trustor associated with all possible outcomes of an activity. Payoff(Trustor, Activity) = sum over all Outcomes (Trust( Trustee, Trustor, ActivityOutcome ) * Value(Outcome))
  • 6. © 2009 IBM Corporation Academic Interest in Trust  Sociology –Who trusts the Internet? –What are the factors that influence a person to trust interactions in cyberspace?  Economics –What motivates trust and cooperation? –What reputation and incentive mechanisms to promote trust?  Management –Creating and maintaining trust – as part of leadership  Computer Science –Creating trust in computing infrastructure and services 6
  • 7. © 2009 IBM Corporation Basic Trust Management Scenario 7 1. Build Trust 2. Shake Trust 3. Restore Trust
  • 8. © 2009 IBM Corporation Building Trust 8 Trustor A trusts Trustee B to produce Outcome C with confidence level P0
  • 9. © 2009 IBM Corporation ShakingTrust An Event E occurs which causes P0 to decrease to P' which is below the threshold Pt determined by Trustee B 9
  • 10. © 2009 IBM Corporation Trust Restoration  Trustee B takes mitigation action M and measures new trust level P '' 10
  • 11. © 2009 IBM Corporation Basic Scenario For Trust Management 1) Initial condition: Trustor A trusts Trustee B to produce outcome C with confidence level P0 2) Either an Event E occurs which causes P0 to decrease to P' which is below the threshold Pt determined by Trustee B Or P0 < Pt in the first place 3) Loop on i: I. B takes mitigation action Mi and measures confidence level Pi (Assume Mi are ordered in decreasing order of cost effectiveness) II. Until Pi >= Pt, or no cost effective mitigation actions remain in the arsenal of B
  • 12. © 2009 IBM Corporation Research Challenges for Trust Management • How to measure P for a given A, B, and C • How to determine an appropriate threshold Pt for a given A, B, C • What are appropriate mitigation actions Mi for a given A, B, C, E • How to detect and report trust breach events E • How to measure cost effectiveness of Mi • When to give up – i.e. what is the law of diminishing returns in the context of A, B, C, E, and P0, P1, P2, ...Pi
  • 13. © 2009 IBM Corporation Measuring Trustworthiness of ICT Systems Quantifying Trustworthiness Using Quantifiable Properties* Dependability Security Performability 13 *University of Kansas, Resilinets Wiki
  • 14. © 2009 IBM Corporation Measuring Trustworthiness of Individuals or Organizations 14 Quantifiable Properties Trustworthy actions Observed Reported by trusted source Evidence Trustworthy reputation Reputation measure Trusted reputation system Membership of trusted organization Trusted guarantor
  • 15. © 2009 IBM Corporation Mutual trust scenario Alice trusts BigBank to maintain the integrity of her credit card with P=99% BigBank trusts Alice to be honest with it with Q=95% E is an unauthorized credit card transaction from Alice's account – reported to BigBank by Alice (P'=85%, Q'=75%) What actions should Alice and BigBank take to rebuild mutual trust? What is the protocol for mutual trust negotiation?
  • 16. © 2009 IBM Corporation B2B trust scenario OmahaInsurance is negotiating with IBM to outsource their health insurance claims processing Trust is held between IBM and Omaha and also between Omaha and its customers Event = break in to IBM office in Bangalore Action C is contract negotiation between IBM and Omaha
  • 17. © 2009 IBM Corporation Trust me, I’m a doctor 18
  • 18. © 2009 IBM Corporation 19

Notes de l'éditeur

  1. We want to be secure and not the dupe of liars and dissemblersTrust is essential for many aspects of society, not just business
  2. A joke in search of a punch line:What is the difference between a sociologist and a mathematician?
  3. Value = the value to the trustor of the particular OutcomePayoff = expected value to the trustor over the long term with repeated occurrences of the ActivityRationality = average case behaviourBUT if the worst case causes catastrophic consequences (with very low probability), then risk averse players will not take it, even if the expected value over the long term is positive
  4. Trying to add my input as a mathematician
  5. Dependability is that property of a computer system such that reliance can justifiably be placed on the service it delivers. It generally includes the notions of availability (ability to use a system or service) and reliability (continuous operation of a system or service), as well as integrity, maintainability, and safety. Security is the property of a system and measures taken such that it protects itself from unauthorised access or change, subject to policy. Security properties include AAA (auditability, authorisability, authenticity), confidentiality, and nonrepudiation. Security shares with dependability the properties of availability and integrity. Performability is that property of a computer system such that it delivers performance required by the service, as described by QoS (quality of service) measures.