32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXXII, 2018, vol. 10980, Springer, Cham, pp. 69-84, 07/2018. DOI
Entities, such as people, companies, institutions, authorities and web sites live and exist in a conjoined world. In order to live and enjoy social benefits, entities need to share knowledge, resources and to cooperate together. The cooperation brings with it many new challenges and problems, among which one is the problem of trust. This area is also important for the Computer Science. When unfamiliar entities wish to cooperate, they do not know what to expect nor whether they can trust each other. Trust negotiation solves this problem by sequential exchanging credentials between entities, which have decided to establish a trust relationship in order to reach a common goal. Entities specify their own policies that handle a disclosure of confidential information to maintain their security and privacy. Policies are defined by means of a policy language. This paper aims to identify the most suitable policy language for trust negotiation. To do so, policy languages are analysed against a set of criteria for trust negotiation that are first established.
The 14th International Conference on Network and System Security (NSS 2020), vol. 12570, Springer, pp. 327-341, 11/2020.
Trust negotiation represents a suitable approach for building trust in online environments, where the interacting entities are anonymous. It covers important criteria on security and privacy. In this work, we propose a method for implementing our model specification that handles trust negotiation. We define the structure of the trust negotiation module that is a standalone unit capable of negotiating on its own. It may be included to any software by its defined interfaces. We realise our method with a ride-sharing scenario and four trust negotiation strategies that we apply in order to validate our design and implementation. We propose a solution that is fully customisable based on different requirements. The proposal provides guidelines for developers in the process of including trust negotiation into their software.
Computers & Security, vol. 84, issue July 2019, Elsevier, pp. 288-300, 04/2019. DOI (I.F.: 3.579)
Trust negotiation is a type of trust management model for establishing trust between entities by a mutual exchange of credentials. This approach was designed for online environments, where the attributes of users, such as skills, habits, behaviour and experience are unknown. Required criteria of trust negotiation must be supported by a trust negotiation model in order to provide a functional, adequately robust and efficient application. Such criteria were identified previously. In this paper we are presenting a model specification using a UML-based notation for the design of trust negotiation. This specification will become a part of the Software Development Life Cycle, which will provide developers a strong tool for incorporating trust and trust-related issues into the software they create. The specification defines components and their layout for the provision of the essential functionality of trust negotiation on one side as well as optional, additional features on the other side. The extra features make trust negotiation more robust, applicable for more scenarios and may provide a privacy protection functionality.
|"Trust, Privacy and Security in Digital Business, 7th International Conference, TrustBus 2010, Bilbao, Spain, August 30-31, 2010. Proceedings",
TrustBus, vol. 6264, Springer, 2010. DOI
|"International Workshop on Security and Trust Management 2018",
International Workshop on Security and Trust Management, LNCS, vol. 11091, Springer International Publishing, 09/2018. DOI
|"Trust, Privacy and Security in Digital Business: Second International Conference, TrustBus 2005, Copenhagen, Denmark, August 22-26, 2005, Proceedings",
TrustBus, vol. 3592, Springer, 2005.
International Journal of Computer Systems, Science & Engineering, vol. 20, no. 6, CRL Publishing, 2005. (I.F.: 0.119)
An important aspect of e-business is the area of e-commerce. According to recent surveys, one of the most severe restraining factors for the proliferation of e-commerce, as measured by the gap between predicted market value and actual development is the (lack of) security measures required to assure both businesses and customers that their business relationship and transactions will be carried out in privacy, correctly, and timely. A large number of individuals are not willing to engage in e-commerce (or are only participating at a reduced level) simply because they do not trust the e-commerce sites and the underlying information and communication technologies to be secure enough. This paper first considers privacy and security requirements for e-commerce applications; it then discusses methods and technologies that can be used to fulfil these requirements.
|"Procedings of the 10th European Workshop on Public Key Infrastructures, Services and Applications",
10th European Workshop on Public Key Infrastructures, Services and Applications, LNCS, vol. 8341, Springer, 2014. DOI
10th Panhellenic Conference in Informatics (PCI’05), LNCS 3746, Springer, pp. 548-558, November, 2005.
An important aspect of e-business is the area of e-commerce. One of the most severe restraining factors for the proliferation of e-commerce, is the lack of trust between customers and sellers, consumer privacy concerns and the lack of security measures required to assure both businesses and customers that their business relationship and transactions will be carried out in privacy, correctly, and timely. This paper considers trust privacy and security issues in e-commerce applications and discusses methods and technologies that can be used to fulfil the pertinent requirements.
|"Trust and Privacy in Digital Business, First International Conference, TrustBus 2004, Zaragoza, Spain, August 30 - September 1, 2004, Proceedings",
TrustBus, vol. 3184, Springer, 2004.
|"Information Security, 9th International Conference, ISC 2006, Samos Island, Greece, August 30 - September 2, 2006, Proceedings",
ISC, vol. 4176, Springer, 2006.
|"Public Key Infrastructure, First European PKIWorkshop: Research and Applications, EuroPKI 2004, Samos Island, Greece, June 25-26, 2004, Proceedings",
EuroPKI, vol. 3093, Springer, 2004.