PICS: Internet access controls without censorship
Communications of the ACM
Referee: trust management for Web applications
World Wide Web Journal - Special issue: Web security: a matter of trust
The coras approach for model-based risk management applied to e-commerce domain
Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security: Advanced Communications and Multimedia Security
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Using trust and risk in role-based access control policies
Proceedings of the ninth ACM symposium on Access control models and technologies
UMLintr: A UML Profile for Specifying Intrusions
ECBS '06 Proceedings of the 13th Annual IEEE International Symposium and Workshop on Engineering of Computer Based Systems
Analyzing trust in technology strategies
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Specifying legal risk scenarios using the CORAS threat modelling language
iTrust'05 Proceedings of the Third international conference on Trust Management
ATM: an automatic trust monitoring algorithm for service software
Proceedings of the 2009 ACM symposium on Applied Computing
Unified modeling of attacks, vulnerabilities and security activities
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Practitioner's challenges in designing trust into online systems
Journal of Theoretical and Applied Electronic Commerce Research
| Hi-index | 0.00 |
As users in software systems depend on each other for achieving goals, performing tasks, and utilizing resources, the trust relationships in the systems need to be considered to identify the opportunities and vulnerabilities these relationships bring. However, the problem with specifying a trust relationship is that there is no precise and a priori criteria to be satisfied. The main objective of this work is towards incorporating trust from the very beginning of a software development process. A framework is presented for specifying trust scenarios using an extension of Unified Modeling Language (UML) called UMLtrust (UML for trust scenarios). A trust scenario combines interested parties based on a context and thus helps in building a trust relationship. Suitable trust rules can be generated from the trust scenarios to monitor the trustworthiness of specific trust relationships. In this way, we can avoid conflicting, ambiguous, and redundant trust requirements in a software development life cycle (SDLC). The applicability of the approach has been illustrated using examples from file sharing applications.