REFEREE: trust management for Web applications
Selected papers from the sixth international conference on World Wide Web
Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
Johnny 2: a user test of key continuity management with S/MIME and Outlook Express
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Using Attribute-Based Access Control to Enable Attribute-Based Messaging
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Design principles and patterns for computer systems that are simultaneously secure and usable
Design principles and patterns for computer systems that are simultaneously secure and usable
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Attribute-based, usefully secure email
Attribute-based, usefully secure email
SP 800-32. Introduction to Public Key Technology and the Federal PKI Infrastructure
SP 800-32. Introduction to Public Key Technology and the Federal PKI Infrastructure
| Hi-index | 0.00 |
Current PKI-based email systems (such as X.509 S/MIME and PGP/ MIME) potentially enable a recipient to determine a name and organizational affiliation of the sender. This information can suffice for a trust decision when the recipient already knows the sender--but how can a recipient decide whether or not trust email from a new correspondent? Current systems are not expressive enough to capture the real ways that trust flows in these sorts of scenarios. To solve this problem, we begin by applying concepts from social science research to a variety of such cases from interesting application domains; primarily, crisis management in the North American power grid. We have examined transcripts of telephone calls made between grid management personnel during the August 2003 North American blackout and extracted several different classes of trust flows from these real-world scenarios. Combining this knowledge with some design patterns from HCISEC, we develop criteria for a system that will enable humans apply these same methods of trust-building in the digital world. We then present the design and prototype of Attribute-Based, Usefully Secure Email (ABUSE)--and present experimental evaluation showing that it solves the problem.