Research‎ > ‎Publications‎ > ‎

Security Enhancement with Foreground Trust, Comfort, and Ten Commandments for Real People

Stephen Marsh, Anirban Basu and Natasha Dwyer

In: Theories and Intricacies of Information Security Problems. Hasso-Plattner Instituts fur Softwaresystemtechnick and der Universitat Potsdam, Technische Berite Nr 63.

Year: 2013.

Abstract: Security as an enabling paradigm has not succeeded half as well as we might have hoped. Systems are broken or breakable, and users (people) have something of a lack of faith, understanding, or patience with security measures that exist. Whilst secure systems and solutions are the backbone of a working interconnected system of systems, they are not people-oriented, and they are oftentimes arcane enough to have an air of ‘security theatre’ about them. We can also assume that they will continue to grow in both complexity and application if we continue as we are in our arms race.
To answer what we perceive to be a problem here, we are working on the integration of socio-psychological notions of trust into computational systems where it makes sense (both human- and system-facing). This work includes the development of our Device Comfort paradigm and architecture, wherein mobile devices and nodes in infrastructures have a embedded notion of comfort that they can use to reason about their use, behaviour, and users. This notion, contextually integrated with the environment the device is in, aids in decision making with regard to, for instance, information flow, security posture, and user-oriented advice. Most importantly, the notion embeds trust reasoning and communication into the device, with which the user can be aided to un- derstand situation, risk, and actions by device, infrastructure, and themselves - which we call Foreground Trust, after Dwyer. We conjecture that comfort and foreground trust both enhance security for devices and increase the under- standing of security for the user, through use of human-comprehensible and anthropomorphic concepts. In this paper, we discuss some security problems, address the misnomer of trusted computing, and present an overview of com- fort and foreground trust. Finally, we briely present our ten commandments for trust-reasoning models such as those contained within Device Comfort, in the hope that they are of some use in security also.

Fulltext: PDF.