@incollection {2013, title = {POM: A Trust-based AHP-like Methodology to Solve Conflict Requirements for the IoT}, booktitle = {Collaborative Approaches for Cyber Security in Cyber-Physical Systems}, number = {Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)}, year = {2023}, month = {01/2023}, pages = {145-170}, publisher = {Springer}, organization = {Springer}, keywords = {Analytic Hierarchy Process (AHP), Internet of Things (IoT), Multi Criteria Decision Analysis (MCDA), Requirements Engineering, Trust}, issn = {1613-5113}, doi = {https://doi.org/10.1007/978-3-031-16088-2_7}, url = {https://link.springer.com/chapter/10.1007/978-3-031-16088-2_7}, author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez} } @inproceedings {kolar2018, title = {Policy Languages and Their Suitability for Trust Negotiation}, booktitle = {32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXXII, 2018}, volume = {10980}, year = {2018}, month = {07/2018}, pages = {69-84}, publisher = {Springer, Cham}, organization = {Springer, Cham}, address = {Bergamo, Italy}, abstract = {

Entities, such as people, companies, institutions, authorities and web sites live and exist in a conjoined world. In order to live and enjoy social benefits, entities need to share knowledge, resources and to cooperate together. The cooperation brings with it many new challenges and problems, among which one is the problem of trust. This area is also important for the Computer Science. When unfamiliar entities wish to cooperate, they do not know what to expect nor whether they can trust each other. Trust negotiation solves this problem by sequential exchanging credentials between entities, which have decided to establish a trust relationship in order to reach a common goal. Entities specify their own policies that handle a disclosure of confidential information to maintain their security and privacy. Policies are defined by means of a policy language. This paper aims to identify the most suitable policy language for trust negotiation. To do so, policy languages are analysed against a set of criteria for trust negotiation that are first established.

}, isbn = {978-3-319-95728-9}, doi = {10.1007/978-3-319-95729-6_5}, url = {https://link.springer.com/chapter/10.1007/978-3-319-95729-6_5}, author = {Martin Kolar and Carmen Fernandez-Gago and Javier Lopez} } @inproceedings {rios2016b, title = {Privacy-Aware Trust Negotiation}, booktitle = {12th International Workshop on Security and Trust Management (STM)}, volume = {LNCS 9871}, year = {2016}, month = {09/2016}, pages = {98-105}, publisher = {Springer}, organization = {Springer}, address = {Heraklion, Crete, Greece}, abstract = {

Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using answer set programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.

}, keywords = {Goal-Oriented Modelling, privacy, Requirements Engineering, Secure Software Engineering, Trust}, isbn = {978-3-319-46597-5}, issn = {0302-9743}, doi = {10.1007/978-3-319-46598-2 7}, url = {http://link.springer.com/chapter/10.1007/978-3-319-46598-2_7}, author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez} } @incollection {nunez15privacy, title = {Privacy-Preserving Identity Management as a Service}, booktitle = {Accountability and Security in the Cloud}, series = {Lecture Notes in Computer Science}, volume = {8937}, year = {2015}, pages = {114-125}, publisher = {Springer International Publishing}, organization = {Springer International Publishing}, abstract = {

In this paper we tackle the problem of privacy and confidentiality in Identity Management as a Service (IDaaS). The adoption of cloud computing technologies by organizations has fostered the externalization of the identity management processes, shaping the concept of Identity Management as a Service. However, as it has happened to other cloud-based services, the cloud poses serious risks to the users, since they lose the control over their data. As part of this work, we analyze these concerns and present a model for privacy-preserving IDaaS, called BlindIdM, which is designed to provide data privacy protection through the use of cryptographic safeguards.

}, keywords = {Cloud Computing, Cryptography, Identity Management as a Service, privacy}, isbn = {978-3-319-17198-2}, doi = {10.1007/978-3-319-17199-9_5}, url = {http://dx.doi.org/10.1007/978-3-319-17199-9_5}, author = {David Nu{\~n}ez and Isaac Agudo and Javier Lopez}, editor = {Massimo Felici and Carmen Fernandez-Gago} }