Results 1 -
7 of
7
Compositional Refinement of Policies in UML – Exemplified for Access Control
"... The UML is the de facto standard for system specification, but offers little specialized support for the specification and analysis of policies. This paper presents Deontic STAIRS, an extension of the UML sequence diagram notation with customized constructs for pol-icy specification. The notation is ..."
Abstract
-
Cited by 2 (2 self)
- Add to MetaCart
(Show Context)
The UML is the de facto standard for system specification, but offers little specialized support for the specification and analysis of policies. This paper presents Deontic STAIRS, an extension of the UML sequence diagram notation with customized constructs for pol-icy specification. The notation is underpinned by a denotational trace semantics. We formally define what it means that a system satisfies a policy specification, and introduce a notion of policy refinement. We prove that the refinement relation is transitive and compositional, thus supporting a stepwise and modular specification process. The approach is exemplified with access control policies.
Electron Commer Res
"... Experiences from using a UML-based method for trust analysis in an industrial project on electronic procurement ..."
Abstract
- Add to MetaCart
(Show Context)
Experiences from using a UML-based method for trust analysis in an industrial project on electronic procurement
unknown title
"... cation for emerging risks, but provides no guidelines. An important risk assessment methodology like OCTAVE3 recommends reviewing risks and critical assets, but re-sponds with silence when addressing how risk assessment results should be updated. Moreover, most academic stud-ies have focused on eith ..."
Abstract
- Add to MetaCart
cation for emerging risks, but provides no guidelines. An important risk assessment methodology like OCTAVE3 recommends reviewing risks and critical assets, but re-sponds with silence when addressing how risk assessment results should be updated. Moreover, most academic stud-ies have focused on either maintenance4,5 or variants of reassessment.6,7 Matt Blaze8 coined the term trust management in 1996, calling it a systematic approach to managing security policies, credentials, and trust relationships regarding au-thorization and delegation of security-critical decisions. Trust management has since been the subject of increased attention and today provides for a diversity of approaches. We view trust management as risk management with a special focus on understanding the impact that subjective
Uncertainty, Subjectivity, Trust and Risk: How It All Fits Together
"... Abstract. Trust management involves the identification and analysis of trust relations. However, adequately managing trust requires all the relevant aspects of trust to be addressed. Moreover, which aspects to ad-dress depend on the perspective of the trust management. In this position paper we rela ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. Trust management involves the identification and analysis of trust relations. However, adequately managing trust requires all the relevant aspects of trust to be addressed. Moreover, which aspects to ad-dress depend on the perspective of the trust management. In this position paper we relate the notion of trust to the notions of uncertainty, subjec-tivity and risk, and we explain how these aspects should be addressed and reasoned about from three different perspectives.
Modeling and analysis of trust-dependent behavior to assess risk in virtual organizations
"... A virtual organization is a loosely coupled organization that is established around a common goal, such as exploiting a business opportunity or respond to an acute crisis. The lifetime of a virtual organization is typically shorter than that of a conventional organization, and its members will usual ..."
Abstract
- Add to MetaCart
A virtual organization is a loosely coupled organization that is established around a common goal, such as exploiting a business opportunity or respond to an acute crisis. The lifetime of a virtual organization is typically shorter than that of a conventional organization, and its members will usually form a heterogeneous set of organizations or individuals that have little or no experience with cooperating with each other. Therefore, in order to assess the risk (and prospect) to which a virtual organization as a whole is exposed, it is essential to understand how trust considerations influence the interaction between its members. This requires that we take the perspective of the virtual organization as a whole, rather than the perspective of a single member. Otherwise, the objective understanding of the virtual organization that is needed to perform the assessment cannot be obtained. We propose a language and a method for modeling and analysis of trust and trust-based behavior. The language allows us to capture the subjective trust considerations and decisions made by the different actors within a system or or-
