Transactional risk-based decision making system in e-business interactions

The credit crunch and economic crisis have demonstrated the need to properly understand, characterize and assimilate risk in business activities. Failure to do this has resulted in serious consequences to the users involved. So the analysis and management of risk is one of the important pre-requisites to ensure a successful outcome in a business activity in any domain. In this paper we propose an approach by which an interaction initiating user in the domain of e-business ascertains beforehand the level of transactional risk in the successful completion of its business activity and utilizes it to determine on an interaction. The proposed model considers the different sub-categories and characteristics of transactional risk and ascertains in numeric and semantic terms the different levels and severities of its occurrence. It then utilizes the determined analysis of transactional risk to recommend on an informed interaction-based decision to the interaction initiating user

Arguing Security: A Framework for Analyzing Security Requirements

When considering the security of a system, the analyst must simultaneously work with two types of properties: those that can be shown to be true, and those that must be argued as being true. The first consists of properties that can be demonstrated conclusively, such as the type of encryption in use or the existence of an authentication scheme. The second consists of things that cannot be so demonstrated but must be considered true for a system to be secure, such as the trustworthiness of a public key infrastructure or the willingness of people to keep their passwords secure. The choices represented by the second case are called trust assumptions, and the analyst should supply arguments explaining why the trust assumptions are valid. This thesis presents three novel contributions: a framework for security requirements elicitation and analysis, based upon the construction of a context for the system; an explicit place and role for trust assumptions in security requirements; and structured satisfaction arguments to validate that a system can satisfy the security requirements. The system context is described using a problem-centered notation, then is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument is in two parts: a formal argument that the system can meet its security requirements, and structured informal arguments supporting the assumptions exposed during argument construction. If one cannot construct a convincing argument, designers are asked to provide design information to resolve the problems and another pass is made through the framework to verify that the proposed solution satisfies the requirements. Alternatively, stakeholders are asked to modify the goals for the system so that the problems can be resolved or avoided. The contributions are evaluated by using the framework to do a security requirements analysis within an air traffic control technology evaluation project

A Fuzzy-Based Inference Mechanism of Trust for Improved Social Recommenders

This paper presents a stochastic model based on Monte Carlo simulation techniques for measuring the performance of recommenders. A general procedure to assess the accuracy of recommendation predictions is presented and implemented in a typical case study where input parameters are treated as random values and recommender errors are estimated using sensitive analysis. The results obtained are presented and a new perspective to the evaluation and assessment of recommender systems is discussed

Evaluation and Assessment of Recommenders Using Monte Carlo Simulation

There have been various definitions, representations and derivations of trust in the context of recommender systems. This article presents a recommender predictive model based on collaborative filtering techniques that incorporate a fuzzy-driven quantifier, which includes two upmost relevant social phenomena parameters to address the vagueness inherent in the assessment of trust in social networks relationships. An experimental evaluation procedure utilizing a case study is conducted to analyze the overall predictive accuracy. These results show that the proposed methodology improves the performance of classical recommender approaches. Possible extensions are then outlined

Detecting and reacting to changes in reputation flows

Proceeding volume: IFIP AICT 358/2011Peer reviewe

Secure Routing Protocols Comparison Analysis Between RNBR, SAA, A-UPK

The advent of wireless communications and the development of mobile devices have made great strides in the development of roaming communications. The MANET mobile network was developed with the ability for mobile devices to quickly self-configure and extend wireless coverage without infrastructure support. Security is one of the most important areas of research and plays a vital role in determining the success of personal and commercial telephone systems.Therefore, this study focuses on systematically examining MANET security and accountability issues and analyzing the performance of solutions proposed by three different design approaches to security systems.First, it provides an approach for identifying trusted nodes employing the proposed RNBR method for secure routing.it provides a Self-Assured Assessment (SAA) method to estimate node stability. Its main goal is to contribute to a self-assessment-based reliability assessment mechanism that provides a reliable and reliable pathway.it provides a new authentication method to prevent forgery attacks. It supports authentication mechanisms to prevent RF attacks and ensure secure routing development.The main Objective of this paper is compare to packet delivery Ratio ,Control Overhead, Packet Drop Ratio in different secure RNBR,SAA,A-UPK Routing Protocols in MANETS

Robust Trust Establishment in Decentralized Networks

The advancement in networking technologies creates new opportunities for computer users to communicate and interact with one another. Very often, these interacting parties are strangers. A relevant concern for a user is whether to trust the other party in an interaction, especially if there are risks associated with the interaction. Reputation systems are proposed as a method to establish trust among strangers. In a reputation system, a user who exhibits good behavior continuously can build a good reputation. On the other hand, a user who exhibits malicious behavior will have a poor reputation. Trust can then be established based on the reputation ratings of a user. While many research efforts have demonstrated the effectiveness of reputation systems in various situations, the security of reputation systems is not well understood within the research community. In the context of trust establishment, the goal of an adversary is to gain trust. An adversary can appear to be trustworthy within a reputation system if the adversary has a good reputation. Unfortunately, there are plenty of methods that an adversary can use to achieve a good reputation. To make things worse, there may be ways for an attacker to gain an advantage that may not be known yet. As a result, understanding an adversary is a challenging problem. The difficulty of this problem can be witnessed by how researchers attempt to prove the security of their reputation systems. Most prove security by using simulations to demonstrate that their solutions are resilient to specific attacks. Unfortunately, they do not justify their choices of the attack scenarios, and more importantly, they do not demonstrate that their choices are sufficient to claim that their solutions are secure. In this dissertation, I focus on addressing the security of reputation systems in a decentralized Peer-to-Peer (P2P) network. To understand the problem, I define an abstract model for trust establishment. The model consists of several layers. Each layer corresponds to a component of trust establishment. This model serves as a common point of reference for defining security. The model can also be used as a framework for designing and implementing trust establishment methods. The modular design of the model can also allow existing methods to inter-operate. To address the security issues, I first provide the definition of security for trust establishment. Security is defined as a measure of robustness. Using this definition, I provide analytical techniques for examining the robustness of trust establishment methods. In particular, I show that in general, most reputation systems are not robust. The analytical results lead to a better understanding of the capabilities of the adversaries. Based on this understanding, I design a solution that improves the robustness of reputation systems by using accountability. The purpose of accountability is to encourage peers to behave responsibly as well as to provide disincentive for malicious behavior. The effectiveness of the solution is validated by using simulations. While simulations are commonly used by other research efforts to validate their trust establishment methods, their choices of simulation scenarios seem to be chosen in an ad hoc manner. In fact, many of these works do not justify their choices of simulation scenarios, and neither do they show that their choices are adequate. In this dissertation, the simulation scenarios are chosen based on the capabilities of the adversaries. The simulation results show that under certain conditions, accountability can improve the robustness of reputation systems

Ontology-Based Support for Security Requirements Specification Process

The security requirements specification (SRS) is an integral aspect of the development of secured information systems and entails the formal documentation of the security needs of a system in a correct and consistent way. However, in many cases there is lack of sufficiently experienced security experts or security requirements (SR) engineer within an organization, which limits the quality of SR that are specified. This paper presents an approach that leverages ontologies and requirements boilerplates in order to alleviate the effect of lack of highly experienced personnel for SRS. It also offers a credible starting point for the SRS process. A preliminary evaluation of the tool prototype – ReqSec tool - was used to demonstrate the approach and to confirm its usability to support the SRS process. The tool helps to reduce the amount of effort required, stimulate discovery of latent security threats, and enables the specification of good quality SR

Probabilistic assessment of financial risk in e-business associations

Business activities are a result of carefully formed associations between different users in order to achieve certain pre-decided outcomes. Decision-making in such associations is an important step and transactional risk analysis is one of the integral processes that facilitates this step. This paper presents an approach that determines the negative consequences (termed as financial risk) of forming e-business associations. Unlike other approaches, our model captures the different types of events and their uncertainties to determine the financial risk by using the convolution operator and expressing it as a probabilistic measure rather than as a crisp financial value. Such representation makes sense as the financial risk may be determined at a point of time in future where nothing is certain. Depending upon the complexity of the problem, we explain the different ways of using the convolution operator to determine the financial risk. The simulation result shows a better representation and understanding of the financial risk that will provide important inputs to the transactional risk analysis and the decision-making process