Scaling Concepts between Trust and Enforcement

Scaling Concepts between Trust and Enforcement

Andreas U. Schmidt, Andreas Leicher, Inhyok Cha
DOI: 10.4018/978-1-61520-682-7.ch002
(Individual Chapters)
No Current Special Offers


Enforcement and trust are opposite concepts in information security. This chapter reflects on the paradigm shift from traditional concepts of access control and policy enforcement toward de-centralised methods for establishing trust between loosely connected entities. By delegating parts of enforcement tasks to trusted elements dispersed in a system, the system can establish transitive trust relationships. This is the most advanced evolution of the organisational method of separation of duties within IT security. The technological basis for trust in systems – trusted computing platforms – is described on conceptual levels allowing comparison with other top-level security concepts and mapping to application domains. Important applications in modern information systems and networks are exhibited.
Chapter Preview


According to Dwyer & Cofta (2008), the socio-cognitive model of trust holds that a trustor makes a decision based on an assessment of cues of evidence about a specific situation and a trustee. A more formal definition is given by Gambretta (1988), and Jøsang, Gray & Kinateder (2003) re-cite it as follows: “trust (or, symmetrically, distrust) is a particular level of the subjective probability with which an agent will perform a particular action, both before (the trustor) can monitor such action (or independently of his capacity of ever to be able to monitor it) and in a context in which it affects (the trustor's) own action” (p. 213). Trust, as the underlying concept for each economic process needs a good understanding before it can be formalised within a specific model and applied to technology. An important requisite for trust is a risk, or having something invested, as Gambetta (1988) remarks. Castelfranchi and Falcone (1998) extend the definition of Gambretta (1988) to include the notion of competence along with predictability. In all these definitions, trust is considered as a subjective notion, that is, it is not per se linked to empirical observation of the trustees’ behaviour. Grandison and Sloman (2000) stress the aspect of contextuality of trust, meaning that the expectable actions of the trustor are conditioned by the world state in which they occur. This is also emphasised in the language of information systems by Yahalom, Klein & Beth (1993).

Complete Chapter List

Search this Book: