Modelling Privacy-Aware Trust Negotiations

TitleModelling Privacy-Aware Trust Negotiations
Publication TypeJournal Article
Year of PublicationIn Press
AuthorsR. Rios, C. Fernandez-Gago, and J. Lopez
JournalComputers & Security
PublisherElsevier
ISSN Number0167-4048
KeywordsGoal-Oriented Modelling, Policy, privacy, Requirements Engineering, Secure Software Engineering, Trust
Abstract

Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.

DOI10.1016/j.cose.2017.09.015
Citation KeyRuben2017trust
Paper File: 
https://www.nics.uma.es/sites/default/files/papers/Ruben2017trust.pdf

Supported by