Skip to main content
SpringerLink
Log in

Estimating the Relative Trustworthiness of Information Sources in Security Solution Evaluation

  • Conference paper
Trust Management (iTrust 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3986))

Included in the following conference series:

Abstract

When evaluating alternative security solutions, such as security mechanism, security protocols etc., “hard” data or information is rarely available, and one have to relay on the opinions of domain experts. Log-files from IDS, Firewalls and honeypots might also be used. However, such source are most often only used in an “penetrate and patch” strategy, meaning that system administrators, security experts or similar surveillance the network and initiate appropriate reactions to the actions observed. Such sources refers to real-time information, but might also be used in a more preventive manner by combining it with the opinions provided by the domain experts. To appropriately combine the information from such various sources the notion of trust is used. Trust represents the degree to which a particular information source can be trusted to provide accurate and correct information, and is measured as information source relative trustworthiness. In this paper we show how to assign this relative trustworthiness using two trust variables; (1) knowledge level and (2) level of expertise.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Australian/New Zealand Standards. AS/NZS 4360:2004 Risk Management (2004)

    Google Scholar 

  2. Australian/New Zealand Standards. HB 436:2004 Risk Management Guidelines – Companion to AS/NZS 4360:2004 (2004)

    Google Scholar 

  3. Beth, T., Borcherding, M., Klein, B.: Valuation of trust in open networks. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875. Springer, Heidelberg (1994)

    Google Scholar 

  4. Branchaud, M., Flinn, S.: xTrust: A Scalable Trust Management Infrastructure. In: Proceedings of the Second Annual Conference on Privacy, Security and Trust (PST 2004), October 14-15, pp. 207–218 (2004)

    Google Scholar 

  5. CERT Advisory CA-1995-01. IP Spoofing Attacks and Hijacked Terminal Connections, CERT Coordination Centre (September 1997), http://www.cert.org/advisories/CA-1995-01.html

  6. CERT Advisory CA-1996-21. TCP SYN flooding and IP spoofing attacks, CERT Coordination Centre (November 2000), http://www.cert.org/advisories/CA-1996-21.html

  7. ISO 15408:1999 Common Criteria for Information Technology Security Evaluation. Version 2.1, CCIMB–99–031, CCIMB-99-032, CCIMB-99-033 (August 1999)

    Google Scholar 

  8. Cooke, R.M., Slijkhuis, K.A.: Expert Judgment in the Uncertainty Analysis of Dike Ring Failure Frequency. Case Studies in Reliability and Maintenance, 331–350 (2003)

    Google Scholar 

  9. Cooke, R.M.: Experts in Uncertainty: Opinion and Subjective Probability in Science. Oxford University Press, Oxford (1991)

    Google Scholar 

  10. EU Project EP-27046-ACTIVE. EP-27046-ACTIVE, Final Prototype and User Manual, D4.2.2, Ver. 2.0, 2001-02-22 (2001)

    Google Scholar 

  11. Goossens, L.H.J., Harper, F.T., Kraan, B.C.P., Metivier, H.: Expert Judgement for a Probabilistic Accident Consequence Uncertainty Analysis. Radiation Protection and Dosimetry 90(3), 295–303 (2000)

    Article  Google Scholar 

  12. Houmb, S.H., Georg, G., France, R., Bieman, J., Jürjens, J.: Cost-Benefit Trade-Off Analysis using BBN for Aspect-Oriented Risk-Driven Development. In: Proceedings of Tenth IEEE International Conference on Engineering of Complex Computer Systems (ICECCS 2005), Shanghai, China, pp. 195–204 (June 2005)

    Google Scholar 

  13. Houmb, S.H., Johnsen, O.A., Stalhane, T.: Combining Disparate Information Sources when Quantifying Security Risks. In: 1st Symposium on Risk Management and Cyber-Informatics (RMCI 2004) (July 2004)

    Google Scholar 

  14. Østvang, M.E.: The honeynet project, Phase 1: Installing and tuning Honeyd using LIDS, Project assignment, Norwegian University of Science and Technology (2003)

    Google Scholar 

  15. Ray, I., Chakraborty, S.: A Vector Model of Trust for Developing Trustworthy Systems. In: Samarati, P., et al. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 260–275. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  16. Spitzner, L.: Honeypot – tracking hackers. Addison-Wesley, Reading (2003)

    Google Scholar 

  17. The Honeynet Project. The web page for The Honeynet Project (accessed November 27, 2005), http://www.honeynet.org/

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Norwegian University of Science and Technology, Sem Sælands Vei 7-9, NO-7491, Trondheim, Norway

    Siv Hilde Houmb

  2. Computer Science Department, Colorado State University, 601 S. Howes Street, Fort Collins, CO, 80523-1873, USA

    Indrakshi Ray & Indrajit Ray

Authors
  1. Siv Hilde Houmb
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Indrakshi Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Indrajit Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Oslo, Norway

    Ketil Stølen

  2. Department of Computer Science, University of Texas, San Antonio, USA

    William H. Winsborough

  3. IIT CNR, Pisa, via Moruzzi, 1, 56125, Pisa, Italy

    Fabio Martinelli

  4. University of Trento, Povo, (Trento), Italy

    Fabio Massacci

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Houmb, S.H., Ray, I., Ray, I. (2006). Estimating the Relative Trustworthiness of Information Sources in Security Solution Evaluation. In: Stølen, K., Winsborough, W.H., Martinelli, F., Massacci, F. (eds) Trust Management. iTrust 2006. Lecture Notes in Computer Science, vol 3986. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11755593_11

Download citation

  • DOI: https://doi.org/10.1007/11755593_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34295-3

  • Online ISBN: 978-3-540-34297-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation