140 likes | 256 Views
Daniele Quercia and Stephen Hailes CS department University College London {d.quercia,s.hailes}@cs.ucl.ac.uk. Risk Aware Decision Framework for Trusted Mobile Interactions. SECOVAL 2005. September 2005. Daniele Quercia. D. Quercia and S. Hailes.
E N D
Daniele Quercia and Stephen Hailes • CS department • University College London • {d.quercia,s.hailes}@cs.ucl.ac.uk Risk Aware Decision Framework for Trusted Mobile Interactions SECOVAL 2005 September 2005
Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Outline Mobile software concerns and solutions; Previous work on Trust Management and Expected Utility (EU); Scenario; Composing elements of the model; Analysis of the model. 2 SECOVAL 2005
Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Introduction Mobile devices need to adapt to changing context. How? They load software (sw) components from each other. Problem: Security concerns when loading sw components (e.g., viral components and components not running as expected). 3 SECOVAL 2005
Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Conventional Solution • Devices accept only digitally signed sw components. That’s acceptable as long as … … #(sw providers) is low; … globally trustworthy Certification Authority. 4 SECOVAL 2005
Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Our Proposal A device uses a local decision framework to load software components. • Such framework has desirable properties: model decision-making under uncertainty; integrate user’s risk attitudes; compute risk probabilities from trust mechanisms. 5 SECOVAL 2005
Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Related Work –Trust Management Frameworks • Marsh: computational trust concept. • Abdul-Rahmal and Hailes: use of recommendations. • Muiet al.: reputation concept. formal trust model; risk-based decision module. 6 SECOVAL 2005
Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Related Work –Expected Utility • (c) OUTCOME MATRIX (b) STATES No Rain Rain (d) Probability Function: State Probability (No Rain) (Rain) Take Umbrella No Wet No Wet (a) ACTIONS Do not take Umbrella No Wet Wet (e) Elementary Utility Function: Outcome Utility u(Wet) u(No Wet) (f) Decision Rule Max Overall Utility Function: Action Utility 7 SECOVAL 2005
Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Scenario: Secure Conference While Alice conferences on the move, her PDA guarantees secure communication across all traversed space. 1 2 3 Abstract Situation Bob Alice Semantics, Timeframe Details, Service Level Component Loader Component Supplier 8 SECOVAL 2005
Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Scenario –Expected Utility Elements • (c) OUTCOME MATRIX CS delivers C within R1 CS delivers C within R2 CS delivers C within R3 (b) STATES (d) Probability Function Carry on with limited disruptions Carry on seamles-sly Give up Take C (e) Elementary Utility Function Do not take C (a) ACTIONS Give up Give up Give up Alice interacts with GUI Alice interacts with GUI Alice interacts with GUI (f) Decision Rule Ask User 9 SECOVAL 2005
Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions (f) Decision Rule IN: - actions - nearby component suppliers. OUT: max of expected utility. • action a and component supplier h, the expected utility is outcome utility state probability 10 SECOVAL 2005
Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions (e) Elementary Utility Function value(o) o utility(o) We determine the application dimensions (e.g., absence of disruptions, spared user time, security gap) • ith dimension importance factors: • wi (user preferences); • Di(o) (function of outcome and application). Logarithmic elementary utility function (user attitudes are risk-averse). To enhance tractability, 2 order Taylor approximation 11 SECOVAL 2005
Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions (d) Probability Function h(s): component loader’s belief that a certain state s will take place when interacting with the component provider h. Component loader receives Service Level= (dp, Confidence Level (CL)) computes each state probability (for a given h): We need and : Trust and CL Uncertainty 12 SECOVAL 2005
Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Discussion Uncertainty is … …source of risks; …reduced through assurance (e.g, devices load only provable authored software) and trust (e.g., devices rely on trustworthiness assessments to make informed decisions). Assurance-based approaches are preferable, but not always possible! 13 SECOVAL 2005
Daniele Quercia D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions Conclusion We have proposed a conceptual model of decision-making for software component loading, which… …integrates trust mechanisms and risk assessment; …consider user risk attitudes. Assumptions to be relaxed: constant risk-averse preferences; normal distribution for probability function. 14 SECOVAL 2005