Risk Aware Decision Framework for Risk Aware Decision Framework for Trusted Mobile InteractionsTrusted Mobile Interactions

September 2005

Daniele Quercia and Stephen HailesCS departmentUniversity College London{d.quercia,s.hailes}@cs.ucl.ac.uk

SECOVAL 2005

Daniele Quercia

SECOVAL 2005

D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions

22

OutlineMobile software concerns and

solutions;

Previous work on Trust Management and Expected Utility (EU);

Scenario;

Composing elements of the model;

Analysis of the model.

Daniele Quercia

33

Introduction

Mobile devices need to adapt to changing context.

How? They load software (sw) components from each other.

D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions

SECOVAL 2005

Problem: Security concerns when loading sw components (e.g., viral components and components not running as expected).

Daniele Quercia

44

Conventional Solution

Devices accept only digitally signed sw components. That’s acceptable as long as …

… #(sw providers) is low; … globally trustworthy Certification Authority.

D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions

SECOVAL 2005

Daniele Quercia

55

Our Proposal

A device uses a local decision framework to load software components.

D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions

SECOVAL 2005

model decision-making under uncertainty;

integrate user’s risk attitudes;

compute risk probabilities from trust mechanisms.

Such framework has desirable properties:

Daniele Quercia

66

Related Work – Trust Management Frameworks Marsh: computational trust concept.

Abdul-Rahmal and Hailes: use of recommendations.

Mui et al.: reputation concept.

D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions

SECOVAL 2005

formal trust model;

risk-based decision module.

Daniele Quercia

77

Related Work – Expected UtilityD. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions

SECOVAL 2005

(a)

AC

TIO

NS

(b) STATES No Rain

Tak

e U

mbr

ella

Do

not

take

U

mbr

ella

(c) OUTCOME MATRIX

Rain

No Wet

No Wet

No Wet

Wet

(f) Decision Rule Max Overall Utility Function:

Action Utility

(d) Probability Function: State Probability (No Rain) (Rain)

(e) Elementary Utility Function:

Outcome Utilityu(Wet)

u(No Wet)

Daniele Quercia

88

Scenario: Secure Conference While Alice conferences on the move, her PDA guarantees secure communication across all traversed space.

D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions

SECOVAL 2005

Abstract Situation

1 2 3

Component Loader

Component Supplier

Semantics, Timeframe

Details, Service Level

BobAlice

Daniele Quercia

99

Scenario – Expected Utility Elements

D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions

SECOVAL 2005

(a)

AC

TIO

NS

(b) STATESCS

delivers C within R1

Tak

e C

Do

not

take

C

(c) OUTCOME MATRIX

CS delivers C within R2

CS delivers C within R3

Ask

Use

r

Carry on seamles-

sly

Carry on with

limited disruptions

Give up

Give up Give upGive up

Alice interacts with GUI

Alice interacts with GUI

Alice interacts with GUI

(f) Decision Rule

(d) Probability Function

(e) Elementary Utility Function

Daniele Quercia

1010

D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions

SECOVAL 2005

(f) Decision Rule

IN: - actions - nearby component suppliers.

OUT: max of expected utility.

action a and component supplier h, the expected utility is

outcome utility

Take CDo not take C

Ask User

state probability

Daniele Quercia

1111

D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions

SECOVAL 2005

(e) Elementary Utility Function o value(o) utility(o)

Logarithmic elementary utility function (user attitudes are risk-averse). To enhance tractability, 2 order Taylor approximation

We determine the application dimensions (e.g., absence of disruptions, spared user time, security gap)

ith dimension importance factors: • wi (user preferences);• Di(o) (function of outcome and application).

Daniele Quercia

1212

D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions

SECOVAL 2005

(d) Probability Function

h(s): component loader’s belief that a certain state s will take place when interacting with the component provider h.

Component loader receives Service Level= (dp, Confidence Level (CL)) computes each state probability (for a given h):

We need and : Trust and CL Uncertainty

CS delivers C within R1

CS delivers C within R2

CS delivers C within R3

Daniele Quercia

1313

Discussion Uncertainty is ……source of risks;…reduced through assurance (e.g, devices load only provable authored software) and trust (e.g., devices rely on trustworthiness assessments to make informed decisions).

Assurance-based approaches are preferable, but not always possible!

D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions

SECOVAL 2005

Daniele Quercia

1414

Conclusion We have proposed a conceptual model of decision-making for software component loading, which…

…integrates trust mechanisms and risk assessment;…consider user risk attitudes.

Assumptions to be relaxed:constant risk-averse preferences;normal distribution for probability function.

D. Quercia and S. Hailes Risk Aware Decision Framework for Trusted Mobile Interactions

SECOVAL 2005