Pages from tbhpi63-2.pdf (98.61 kB)
Security enhancement with foreground trust, comfort, and ten commandments for real people
chapter
posted on 2023-06-08, 23:43 authored by Stephen Marsh, Anirban Basu, Natasha DwyerSecurity as an enabling paradigm has not succeeded half as well as we might have hoped. Systems are broken or breakable, and users (people) have something of a lack of faith, understanding, or patience with security measures that exist. Whilst secure systems and solutions are the backbone of a working interconnected system of systems, they are not people-oriented, and they are oftentimes arcane enough to have an air of ‘security theatre’ about them. We can also assume that they will continue to grow in both complexity and application if we continue as we are in our arms race. To answer what we perceive to be a problem here, we are working on the integration of socio-psychological notions of trust into computational systems where it makes sense (both human- and system-facing). This work includes the development of our Device Comfort paradigm and architecture, wherein mobile devices and nodes in infrastructures have a embedded notion of comfort that they can use to reason about their use, behaviour, and users. This notion, contextually integrated with the environment the device is in, aids in decision making with regard to, for instance, information flow, security posture, and user-oriented advice. Most importantly, the notion embeds trust reasoning and communication into the device, with which the user can be aided to un- derstand situation, risk, and actions by device, infrastructure, and themselves - which we call Foreground Trust, after Dwyer. We conjecture that comfort and foreground trust both enhance security for devices and increase the under- standing of security for the user, through use of human-comprehensible and anthropomorphic concepts. In this paper, we discuss some security problems, address the misnomer of trusted computing, and present an overview of com- fort and foreground trust. Finally, we briely present our ten commandments for trust-reasoning models such as those contained within Device Comfort, in the hope that they are of some use in security also.
History
Publication status
- Published
File Version
- Published version
Publisher
Potsdam University PressVolume
63Page range
1-7Pages
48.0Event name
Theories and Intricacies of Information Security ProblemsBook title
Theories and Intricacies of Information Security ProblemsPlace of publication
PotsdamISBN
9783869562049Series
Technische Berichte des Hasso-Plattner-Instituts für Softwaresystemtechnik an der Universität PotsdamDepartment affiliated with
- Informatics Publications
Full text available
- Yes
Peer reviewed?
- Yes
Editors
Anne, V D M Kayem, Christoph MeinelLegacy Posted Date
2015-12-11First Open Access (FOA) Date
2016-03-22First Compliant Deposit (FCD) Date
2016-03-22Usage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC