Formal notions of trust and confidentiality– enabling reasoning about system security

Andreas Fuchs, Sigrid Gürgens, Carsten Rudolph

Research output: Contribution to journalArticleResearchpeer-review

Abstract

Historically, various different notions of trust can be found, each addressing particular aspects of ICT systems, e.g., trust in electronic commerce systems based on reputation and recommendation, or trust in public key infrastructures. While these notions support the understanding of trust establishment and degrees of trustworthiness in their respective application domains, they are insufficient when addressing the more general notion of trust needed when reasoning about security in ICT systems. Furthermore, their purpose is not to elaborate on the security mechanisms used to substantiate trust assumptions and thus they do not support reasoning about security in ICT systems. In this paper, a formal notion of trust is presented that expresses trust requirements from the view of different entities involved in the system and that enables to relate, in a step-by-step process, high level security requirements to those trust assumptions that cannot be further substantiated by security mechanisms, thus supporting formal reasoning about system security properties. Integrated in the Security Modeling Framework SeMF this formal definition of trust can support security engineering processes and formal validation and verification by enabling reasoning about security properties with respect to trust.

Original languageEnglish
Pages (from-to)274-291
Number of pages18
JournalJournal of Information Processing
Volume19
DOIs
Publication statusPublished - 2011
Externally publishedYes

Cite this

@article{8cc14620a6a448ffa74fd6ccd9bf3233,
title = "Formal notions of trust and confidentiality– enabling reasoning about system security",
abstract = "Historically, various different notions of trust can be found, each addressing particular aspects of ICT systems, e.g., trust in electronic commerce systems based on reputation and recommendation, or trust in public key infrastructures. While these notions support the understanding of trust establishment and degrees of trustworthiness in their respective application domains, they are insufficient when addressing the more general notion of trust needed when reasoning about security in ICT systems. Furthermore, their purpose is not to elaborate on the security mechanisms used to substantiate trust assumptions and thus they do not support reasoning about security in ICT systems. In this paper, a formal notion of trust is presented that expresses trust requirements from the view of different entities involved in the system and that enables to relate, in a step-by-step process, high level security requirements to those trust assumptions that cannot be further substantiated by security mechanisms, thus supporting formal reasoning about system security properties. Integrated in the Security Modeling Framework SeMF this formal definition of trust can support security engineering processes and formal validation and verification by enabling reasoning about security properties with respect to trust.",
author = "Andreas Fuchs and Sigrid G{\"u}rgens and Carsten Rudolph",
year = "2011",
doi = "10.2197/ipsjjip.19.274",
language = "English",
volume = "19",
pages = "274--291",
journal = "Journal of Information Processing",
issn = "0387-5806",

}

Formal notions of trust and confidentiality– enabling reasoning about system security. / Fuchs, Andreas; Gürgens, Sigrid; Rudolph, Carsten.

In: Journal of Information Processing, Vol. 19, 2011, p. 274-291.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - Formal notions of trust and confidentiality– enabling reasoning about system security

AU - Fuchs, Andreas

AU - Gürgens, Sigrid

AU - Rudolph, Carsten

PY - 2011

Y1 - 2011

N2 - Historically, various different notions of trust can be found, each addressing particular aspects of ICT systems, e.g., trust in electronic commerce systems based on reputation and recommendation, or trust in public key infrastructures. While these notions support the understanding of trust establishment and degrees of trustworthiness in their respective application domains, they are insufficient when addressing the more general notion of trust needed when reasoning about security in ICT systems. Furthermore, their purpose is not to elaborate on the security mechanisms used to substantiate trust assumptions and thus they do not support reasoning about security in ICT systems. In this paper, a formal notion of trust is presented that expresses trust requirements from the view of different entities involved in the system and that enables to relate, in a step-by-step process, high level security requirements to those trust assumptions that cannot be further substantiated by security mechanisms, thus supporting formal reasoning about system security properties. Integrated in the Security Modeling Framework SeMF this formal definition of trust can support security engineering processes and formal validation and verification by enabling reasoning about security properties with respect to trust.

AB - Historically, various different notions of trust can be found, each addressing particular aspects of ICT systems, e.g., trust in electronic commerce systems based on reputation and recommendation, or trust in public key infrastructures. While these notions support the understanding of trust establishment and degrees of trustworthiness in their respective application domains, they are insufficient when addressing the more general notion of trust needed when reasoning about security in ICT systems. Furthermore, their purpose is not to elaborate on the security mechanisms used to substantiate trust assumptions and thus they do not support reasoning about security in ICT systems. In this paper, a formal notion of trust is presented that expresses trust requirements from the view of different entities involved in the system and that enables to relate, in a step-by-step process, high level security requirements to those trust assumptions that cannot be further substantiated by security mechanisms, thus supporting formal reasoning about system security properties. Integrated in the Security Modeling Framework SeMF this formal definition of trust can support security engineering processes and formal validation and verification by enabling reasoning about security properties with respect to trust.

UR - http://www.scopus.com/inward/record.url?scp=84863886786&partnerID=8YFLogxK

U2 - 10.2197/ipsjjip.19.274

DO - 10.2197/ipsjjip.19.274

M3 - Article

VL - 19

SP - 274

EP - 291

JO - Journal of Information Processing

JF - Journal of Information Processing

SN - 0387-5806

ER -