Security models for trusting network appliances

A significant characteristic of pervasive computing is the need for secure interactions between highly mobile entities and the services in their environment. Moreover,these decentralised systems are also characterised by partial views over the state of the global environment, implying that we cannot guarantee verification of the properties of the mobile entity entering an unfamiliar domain. Secure in this context encompasses both the need for cryptographic security and the need for trust, on the part of both parties, that the interaction is functioning as expected. In this paper we make a broad assumption that trust and cryptographic security can be considered as orthogonal concerns (i.e. cryptographic measures do not ensure transmission of correct information). We assume the existence of reliable encryption techniques and focus on the characteristics of a model that supports the management of the trust relationships between two devices during ad-hoc interactions

Local and Global Trust Based on the Concept of Promises

We use the notion of a promise to define local trust between agents possessing autonomous decision-making. An agent is trustworthy if it is expected that it will keep a promise. This definition satisfies most commonplace meanings of trust. Reputation is then an estimation of this expectation value that is passed on from agent to agent. Our definition distinguishes types of trust, for different behaviours, and decouples the concept of agent reliability from the behaviour on which the judgement is based. We show, however, that trust is fundamentally heuristic, as it provides insufficient information for agents to make a rational judgement. A global trustworthiness, or community trust can be defined by a proportional, self-consistent voting process, as a weighted eigenvector-centrality function of the promise theoretical graph

Privacy, security, and trust issues in smart environments

Recent advances in networking, handheld computing and sensor technologies have driven forward research towards the realisation of Mark Weiser's dream of calm and ubiquitous computing (variously called pervasive computing, ambient computing, active spaces, the disappearing computer or context-aware computing). In turn, this has led to the emergence of smart environments as one significant facet of research in this domain. A smart environment, or space, is a region of the real world that is extensively equipped with sensors, actuators and computing components [1]. In effect the smart space becomes a part of a larger information system: with all actions within the space potentially affecting the underlying computer applications, which may themselves affect the space through the actuators. Such smart environments have tremendous potential within many application areas to improve the utility of a space. Consider the potential offered by a smart environment that prolongs the time an elderly or infirm person can live an independent life or the potential offered by a smart environment that supports vicarious learning

Health Research Access to Personal Confidential Data in England and Wales: Assessing any gap in public attitude between preferable and acceptable models of consent

England and Wales are moving toward a model of ‘opt out’ for use of personal confidential data in health research. Existing research does not make clear how acceptable this move is to the public. While people are typically supportive of health research, when asked to describe the ideal level of control there is a marked lack of consensus over the preferred model of consent (e.g. explicit consent, opt out etc.). This study sought to investigate a relatively unexplored difference between the consent model that people prefer and that which they are willing to accept. It also sought to explore any reasons for such acceptance. A mixed methods approach was used to gather data, incorporating a structured questionnaire and in-depth focus group discussions led by an external facilitator. The sampling strategy was designed to recruit people with different involvement in the NHS but typically with experience of NHS services. Three separate focus groups were carried out over three consecutive days. The central finding is that people are typically willing to accept models of consent other than that which they would prefer. Such acceptance is typically conditional upon a number of factors, including: security and confidentiality, no inappropriate commercialisation or detrimental use, transparency, independent overview, the ability to object to any processing considered to be inappropriate or particularly sensitive. This study suggests that most people would find research use without the possibility of objection to be unacceptable. However, the study also suggests that people who would prefer to be asked explicitly before data were used for purposes beyond direct care may be willing to accept an opt out model of consent if the reasons for not seeking explicit consent are accessible to them and they trust that data is only going to be used under conditions, and with safeguards, that they would consider to be acceptable even if not preferable

Web Service Trust: Towards A Dynamic Assessment Framework

Trust in software services is a key prerequisite for the success and wide adoption of services-oriented computing (SOC) in an open Internet world. However, trust is poorly assessed by existing methods and technologies, especially in dynamically composed and deployed SOC systems. In this paper, we discuss current methods for assessing trust in service-oriented computing and identify gaps of current platforms, in particular with regards to runtime trust assessment. To address these gaps, we propose a model of runtime trust assessment of software services and introduce a framework for realizing the model. A key characteristic of our approach is the support that it offers for customizable assessment of trust based on evidence collected during the operation of software services and its ability to combine this evidence with subjective assessments coming from service clients

Summary care record early adopter programme: an independent evaluation by University College London.

Benefits The main potential benefit of the SCR is considered to be in emergency and unscheduled care settings, especially for people who are unconscious, confused, unsure of their medical details, or unable to communicate effectively in English. Other benefits may include improved efficiency of care and avoidance of hospital admission, but it is too early for potential benefits to be verified or quantified. Progress As of end April 2008, the SCR of 153,188 patients in the first two Early Adopter sites (Bolton and Bury) had been created. A total of 614,052 patients in four Early Adopter sites had been sent a letter informing them of the programme and their choices for opting out of having a SCR. Staff attitudes and usage The evaluation found that many NHS staff in Early Adopter sites (which had been selected partly for their keenness to innovate in ICT) were enthusiastic about the SCR and keen to see it up and running, but a significant minority of GPs had chosen not to participate in the programme and others had deferred participation until data quality improvement work was completed. Whilst 80 per cent of patients interviewed were either positive about the idea of having a SCR or ?did not mind?, others were strongly opposed ?on principle?. Staff who had attempted to use the SCR when caring for patients felt that the current version was technically immature (describing it as ?clunky? and ?complicated?), and were looking forward to a more definitive version of the technology. A comparable technology (the Emergency Care Summary) introduced in Scotland two years ago is now working well, and over a million records have been accessed in emergency and out-of-hours care. Patient attitudes and awareness Having a SCR is optional (people may opt out if they wish, though fewer than one per cent of people in Early Adopter sites have done so) and technical security is said to be high via a system of password protection and strict access controls. Nevertheless, the evaluation showed that recent stories about data loss by government and NHS organisations had raised concerns amongst both staff and patients that human fallibility could potentially jeopardise the operational security of the system. Despite an extensive information programme to inform the public in Early Adopter sites about the SCR, many patients interviewed by the UCL team were not aware of the programme at all. This raises important questions about the ethics of an ?implied consent? model for creating the SCR. The evaluation recommended that the developers of the SCR should consider a model in which the patient is asked for ?consent to view? whenever a member of staff wishes to access their record. Not a single patient interviewed in the evaluation was confident that the SCR would be 100 per cent secure, but they were philosophical about the risks of security breaches. Typically, people said that the potential benefit of a doctor having access to key medical details in an emergency outweighed the small but real risk of data loss due to human or technical error. Even patients whose medical record contained potentially sensitive data such as mental health problems, HIV or drug use were often (though not always) keen to have a SCR and generally trusted NHS staff to treat sensitive data appropriately. However, they and many other NHS patients wanted to be able to control which staff members were allowed to access their record at the point of care. Some doctors, nurses and receptionists, it seems, are trusted to view a person?s SCR, whereas others are not, and this is a decision which patients would like to make in real time

SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators

Although Cloud Computing promises to lower IT costs and increase users' productivity in everyday life, the unattractive aspect of this new technology is that the user no longer owns all the devices which process personal data. To lower scepticism, the project SensorCloud investigates techniques to understand and compensate these adoption barriers in a scenario consisting of cloud applications that utilize sensors and actuators placed in private places. This work provides an interdisciplinary overview of the social and technical core research challenges for the trustworthy integration of sensor and actuator devices with the Cloud Computing paradigm. Most importantly, these challenges include i) ease of development, ii) security and privacy, and iii) social dimensions of a cloud-based system which integrates into private life. When these challenges are tackled in the development of future cloud systems, the attractiveness of new use cases in a sensor-enabled world will considerably be increased for users who currently do not trust the Cloud.Comment: 14 pages, 3 figures, published as technical report of the Department of Computer Science of RWTH Aachen Universit