14,137 research outputs found

    The Development Of Mutual Trust In British Workplaces Through ?Partnership?

    Get PDF
    This article examines the alleged links between 'partnership' forms ofmanaging workplace relationships in Britain, and the development ofintra-organisational 'trust'. The potential for mutually complementarylinkages between the two are clear, in theory at least: partnership,as defined here, should produce, nurture and enhance levels ofinterpersonal trust inside organisations, while in turn trust, asdefined here, legitimates and helps reinforce an organisation's'partnership'. Qualitative evidence drawn from the self-reports of keyparticipants in four partnership organisations provides considerablesupport for the claimed linkages, while also highlighting severalweaknesses, discrepancies and pitfalls inherent in the process ofpursuing trust through partnership. This research is of interest froma public policy perspective, most of all in the United Kingdom, wherepartnership is the favoured organisational model for the New Labourgovernment, most trade unions, and many employers (not to mention theEuropean Union) yet where an agreed definition of the idea has yet toemerge, and where still remarkably little is known about whatpartnership involves inside organisations. This analysis also seeks torestore the curiously neglected idea of trust to a position of centralimportance to the study of employment relations.United Kingdom;case studies;organisational change;trust;social partnership

    The Applications of Blockchain To Cybersecurity

    Get PDF
    A blockchain is a decentralized public ledger facilitating secure transactions between untrusted network nodes. It has garnered significant recognition for its pivotal role in cryptocurrency systems, where it ensures secure and decentralized transaction records. Over the past decade, blockchain has attracted considerable attention from various industries, as it holds the potential to revolutionize multiple sectors, including cybersecurity. However, this field of study is relatively new, and numerous questions remain unanswered regarding the effectiveness of blockchain in cybersecurity. This research adopted a qualitative research design to investigate the current implementations of blockchain-based security and their applicability in the current cybersecurity context. Additionally, this work explored the mechanisms employed by blockchain to uphold the security triad. Findings indicate that blockchain exhibits substantial potential in addressing existing challenges in cybersecurity, particularly those related to the Internet of Things, data integrity and ownership, and network security. Nonetheless, widespread adoption faces limitations due to technological immaturity, high-cost complexity, and regulatory hurdles. Therefore, utilizing blockchain-based solutions in cybersecurity necessitates a thorough analysis of their applicability to an organization\u27s specific needs, a clear definition of implementation goals, and careful navigation of challenges

    Continuous trust management frameworks : concept, design and characteristics

    Get PDF
    PhD ThesisA Trust Management Framework is a collection of technical components and governing rules and contracts to establish secure, confidential, and Trustworthy transactions among the Trust Stakeholders whether they are Users, Service Providers, or Legal Authorities. Despite the presence of many Trust Frameworks projects, they still fail at presenting a mature Framework that can be Trusted by all its Stakeholders. Particularly speaking, most of the current research focus on the Security aspects that may satisfy some Stakeholders but ignore other vital Trust Properties like Privacy, Legal Authority Enforcement, Practicality, and Customizability. This thesis is all about understanding and utilising the state of the art technologies of Trust Management to come up with a Trust Management Framework that could be Trusted by all its Stakeholders by providing a Continuous Data Control where the exchanged data would be handled in a Trustworthy manner before and after the data release from one party to another. For that we call it: Continuous Trust Management Framework. In this thesis, we present a literature survey where we illustrate the general picture of the current research main categorise as well as the main Trust Stakeholders, Trust Challenges, and Trust Requirements. We picked few samples representing each of the main categorise in the literature of Trust Management Frameworks for detailed comparison to understand the strengths and weaknesses of those categorise. Showing that the current Trust Management Frameworks are focusing on fulfilling most of the Trust Attributes needed by the Trust Stakeholders except for the Continuous Data Control Attribute, we argued for the vitality of our proposed generic design of the Continuous Trust Management Framework. To demonstrate our Design practicality, we present a prototype implementing its basic Stakeholders like the Users, Service Providers, Identity Provider, and Auditor on top of the OpenID Connect protocol. The sample use-case of our prototype is to protect the Users’ email addresses. That is, Users would ask for their emails not to be iii shared with third parties but some Providers would act maliciously and share these emails with third parties who would, in turn, send spam emails to the victim Users. While the prototype Auditor would be able to protect and track data before their release to the Service Providers, it would not be able to enforce the data access policy after release. We later generalise our sample use-case to cover various Mass Active Attacks on Users’ Credentials like, for example, using stolen credit cards or illegally impersonating third-party identity. To protect the Users’ Credentials after release, we introduce a set of theories and building blocks to aid our Continuous Trust Framework’s Auditor that would act as the Trust Enforcement point. These theories rely primarily on analysing the data logs recorded by our prototype prior to releasing the data. To test our theories, we present a Simulation Model of the Auditor to optimise its parameters. During some of our Simulation Stages, we assumed the availability of a Data Governance Unit, DGU, that would provide hardware roots of Trust. This DGU is to be installed in the Service Providers’ server-side to govern how they handle the Users’ data. The final simulation results include a set of different Defensive Strategies’ Flavours that could be utilized by the Auditor depending on the environment where it operates. This thesis concludes with the fact that utilising Hard Trust Measures such as DGU without effective Defensive Strategies may not provide the ultimate Trust solution. That is especially true at the bootstrapping phase where Service Providers would be reluctant to adopt a restrictive technology like our proposed DGU. Nevertheless, even in the absence of the DGU technology now, deploying the developed Defensive Strategies’ Flavours that do not rely on DGU would still provide significant improvements in terms of enforcing Trust even after data release compared to the currently widely deployed Strategy: doing nothing!Public Authority for Applied Education and Training in Kuwait, PAAET

    Trust-Based Service Selection

    Get PDF
    Service Oriented Architecture (SOA) is an architectural style that builds enterprise solutions based on services. In SOA, the lack of trust between different parties affects the adoption of such architecture. Trust is as significant a factor for successful online interactions as it is in real life communities, and consequently, it is an important factor that is used as a criterion for service selection. In the context of online services and SOA, the literature shows that the field of trust is not mature. Trust definition and the consideration of the essentials of trust aspects do not reflect the true nature of trust online. This thesis proposes a trust-based service selection solution, which requires establishing trust for services and supporting service selection based on trust. This work considers building trust for service providers besides rating services, an area that is neglected in the literature. This work follows progressive steps to arrive at a solution. First, this work develops a trust definition and identifies trust principles, which cover different aspects of trust. Next, SOA is extended to build a trust-based SOA that supports trust-based service selection. In particular, a new component, the trust mediator, which is responsible for trust establishment is added to the architecture. Accordingly, a trust mediator framework is built according to the trust definition and principles to identify its main components. Subsequently, this work identifies the trust information, or metrics, for services and service providers. Accordingly, trust models are built to evaluate trust rates for the applicable metrics, services, and service providers. Moreover, this work addresses the trust bootstrapping challenge. The proposed trust bootstrapping approach addresses different challenges in the literature such as whitewashing and cold start. This approach is implemented through experiments, evaluations, and scenarios

    The Hedgehog and the Fox: Distinguishing Public and Private Sector Approaches to Managing Risk for Internet Transactions

    Get PDF
    In his essay The Hedgehog and the Fox, Isaiah Berlin used an ancient Greek proverb comparing these animals as a metaphor to express a deep division among thinkers and writers in their understanding of the human condition. In this essay, I extend the metaphor to contrast the differing approaches to risk management taken by the public sector in the exercise of its sovereign functions and that taken by members of the private sector in the conduct of commercial transactions. In light of the differences in these basic approaches to questions of risk management, I will evaluate some widely discussed models of public key infrastructures for administering digital signature authentication systems. The basic model most commonly discussed today can easily be assimilated to the public sector model of risk management, but does not readily permit the incorporation of the most important features of private sector risk management models. As a result, I predict that before digital signature technology will gain widespread use in business technology, further significant progress will have to be made in the design of public key infrastructures. In addition, I argue that a public sector risk management model is not appropriate for new technology distributed by private actors unless there is a consensus that such an indirect subsidy is in the public interest generally, not just in the interest of certain private promoters of the technology. Furthermore, before the public sector adopts digital signature technology, political issues outside the scope of risk management policies will have to be addressed. For example, political issues such as the degree of protection to be granted to citizens\u27 privacy rights within such an infrastructure will have to be resolved before a determination can be made whether the use of such a technology is genuinely in the public interest

    Trustworthy Edge Machine Learning: A Survey

    Full text link
    The convergence of Edge Computing (EC) and Machine Learning (ML), known as Edge Machine Learning (EML), has become a highly regarded research area by utilizing distributed network resources to perform joint training and inference in a cooperative manner. However, EML faces various challenges due to resource constraints, heterogeneous network environments, and diverse service requirements of different applications, which together affect the trustworthiness of EML in the eyes of its stakeholders. This survey provides a comprehensive summary of definitions, attributes, frameworks, techniques, and solutions for trustworthy EML. Specifically, we first emphasize the importance of trustworthy EML within the context of Sixth-Generation (6G) networks. We then discuss the necessity of trustworthiness from the perspective of challenges encountered during deployment and real-world application scenarios. Subsequently, we provide a preliminary definition of trustworthy EML and explore its key attributes. Following this, we introduce fundamental frameworks and enabling technologies for trustworthy EML systems, and provide an in-depth literature review of the latest solutions to enhance trustworthiness of EML. Finally, we discuss corresponding research challenges and open issues.Comment: 27 pages, 7 figures, 10 table

    Framework for Security Transparency in Cloud Computing

    Get PDF
    The migration of sensitive data and applications from the on-premise data centre to a cloud environment increases cyber risks to users, mainly because the cloud environment is managed and maintained by a third-party. In particular, the partial surrender of sensitive data and application to a cloud environment creates numerous concerns that are related to a lack of security transparency. Security transparency involves the disclosure of information by cloud service providers about the security measures being put in place to protect assets and meet the expectations of customers. It establishes trust in service relationship between cloud service providers and customers, and without evidence of continuous transparency, trust and confidence are affected and are likely to hinder extensive usage of cloud services. Also, insufficient security transparency is considered as an added level of risk and increases the difficulty of demonstrating conformance to customer requirements and ensuring that the cloud service providers adequately implement security obligations. The research community have acknowledged the pressing need to address security transparency concerns, and although technical aspects for ensuring security and privacy have been researched widely, the focus on security transparency is still scarce. The relatively few literature mostly approach the issue of security transparency from cloud providers’ perspective, while other works have contributed feasible techniques for comparison and selection of cloud service providers using metrics such as transparency and trustworthiness. However, there is still a shortage of research that focuses on improving security transparency from cloud users’ point of view. In particular, there is still a gap in the literature that (i) dissects security transparency from the lens of conceptual knowledge up to implementation from organizational and technical perspectives and; (ii) support continuous transparency by enabling the vetting and probing of cloud service providers’ conformity to specific customer requirements. The significant growth in moving business to the cloud – due to its scalability and perceived effectiveness – underlines the dire need for research in this area. This thesis presents a framework that comprises the core conceptual elements that constitute security transparency in cloud computing. It contributes to the knowledge domain of security transparency in cloud computing by proposing the following. Firstly, the research analyses the basics of cloud security transparency by exploring the notion and foundational concepts that constitute security transparency. Secondly, it proposes a framework which integrates various concepts from requirement engineering domain and an accompanying process that could be followed to implement the framework. The framework and its process provide an essential set of conceptual ideas, activities and steps that can be followed at an organizational level to attain security transparency, which are based on the principles of industry standards and best practices. Thirdly, for ensuring continuous transparency, the thesis proposes an essential tool that supports the collection and assessment of evidence from cloud providers, including the establishment of remedial actions for redressing deficiencies in cloud provider practices. The tool serves as a supplementary component of the proposed framework that enables continuous inspection of how predefined customer requirements are being satisfied. The thesis also validates the proposed security transparency framework and tool in terms of validity, applicability, adaptability, and acceptability using two different case studies. Feedbacks are collected from stakeholders and analysed using essential criteria such as ease of use, relevance, usability, etc. The result of the analysis illustrates the validity and acceptability of both the framework and tool in enhancing security transparency in a real-world environment
    • …
    corecore