1 / 14

Risk Aware Decision Framework for Trusted Mobile Interactions

This paper presents a risk-aware decision framework for trusted mobile interactions, addressing security concerns when loading software components on mobile devices. The proposed framework integrates user risk attitudes and trust mechanisms to compute risk probabilities. The approach considers uncertainty and emphasizes assurance-based approaches while acknowledging the limitations.

kiethe
Download Presentation

Risk Aware Decision Framework for Trusted Mobile Interactions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Daniele Quercia and Stephen Hailes • CS department • University College London • {d.quercia,s.hailes}@cs.ucl.ac.uk Risk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005 September 2005

  2. Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Outline Mobile software concerns and solutions; Previous work on Trust Management and Expected Utility (EU); Scenario; Composing elements of the model; Analysis of the model. 2 SECOVAL 2005

  3. Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Introduction Mobile devices need to adapt to changing context. How? They load software (sw) components from each other. Problem: Security concerns when loading sw components (e.g., viral components and components not running as expected). 3 SECOVAL 2005

  4. Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Conventional Solution • Devices accept only digitally signed sw components. That’s acceptable as long as … … #(sw providers) is low; …  globally trustworthy Certification Authority. 4 SECOVAL 2005

  5. Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Our Proposal A device uses a local decision framework to load software components. • Such framework has desirable properties: model decision-making under uncertainty; integrate user’s risk attitudes; compute risk probabilities from trust mechanisms. 5 SECOVAL 2005

  6. Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Related Work –Trust Management Frameworks • Marsh: computational trust concept. • Abdul-Rahmal and Hailes: use of recommendations. • Muiet al.: reputation concept. formal trust model; risk-based decision module. 6 SECOVAL 2005

  7. Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Related Work –Expected Utility • (c) OUTCOME MATRIX (b) STATES No Rain Rain (d) Probability Function: State Probability (No Rain) (Rain) Take Umbrella No Wet No Wet (a) ACTIONS Do not take Umbrella No Wet Wet (e) Elementary Utility Function: Outcome Utility u(Wet) u(No Wet) (f) Decision Rule Max Overall Utility Function: Action Utility 7 SECOVAL 2005

  8. Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Scenario: Secure Conference While Alice conferences on the move, her PDA guarantees secure communication across all traversed space. 1 2 3 Abstract Situation Bob Alice Semantics, Timeframe Details, Service Level Component Loader Component Supplier 8 SECOVAL 2005

  9. Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Scenario –Expected Utility Elements • (c) OUTCOME MATRIX CS delivers C within R1 CS delivers C within R2 CS delivers C within R3 (b) STATES (d) Probability Function Carry on with limited disruptions Carry on seamles-sly Give up Take C (e) Elementary Utility Function Do not take C (a) ACTIONS Give up Give up Give up Alice interacts with GUI Alice interacts with GUI Alice interacts with GUI (f) Decision Rule Ask User 9 SECOVAL 2005

  10. Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions (f) Decision Rule IN: - actions - nearby component suppliers. OUT: max of expected utility. • action a and component supplier h, the expected utility is outcome utility state probability 10 SECOVAL 2005

  11. Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions (e) Elementary Utility Function value(o) o utility(o) We determine the application dimensions (e.g., absence of disruptions, spared user time, security gap) • ith dimension importance factors: • wi (user preferences); • Di(o) (function of outcome and application). Logarithmic elementary utility function (user attitudes are risk-averse). To enhance tractability, 2 order Taylor approximation 11 SECOVAL 2005

  12. Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions (d) Probability Function h(s): component loader’s belief that a certain state s will take place when interacting with the component provider h. Component loader receives Service Level= (dp, Confidence Level (CL)) computes each state probability (for a given h):  We need and :  Trust and  CL   Uncertainty    12 SECOVAL 2005

  13. Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Discussion Uncertainty is … …source of risks; …reduced through assurance (e.g, devices load only provable authored software) and trust (e.g., devices rely on trustworthiness assessments to make informed decisions). Assurance-based approaches are preferable, but not always possible! 13 SECOVAL 2005

  14. Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Conclusion We have proposed a conceptual model of decision-making for software component loading, which… …integrates trust mechanisms and risk assessment; …consider user risk attitudes. Assumptions to be relaxed: constant risk-averse preferences; normal distribution for probability function. 14 SECOVAL 2005

More Related