IIT Home Page CNR Home Page

Security by insurance for services

It is hard to guarantee proper protection in the Service Oriented Architecture (SOA), when a client outsources a part of its business or sends private data to a services provider. Various solutions proposed so far mostly require evidences of proper protection (e.g., source code for veri cation or execution traces for monitoring), which are to be provided by the service provider itself, and thus are not fully trusted by the client.
In this paper we describe both conceptually and formally an approach for guaranteeing proper protection of outsourced data or business using cyber insurance. We discuss several variants of applications of the approach depending on the amount of involvement of di erent parties.
We provide mathematical evidences of bene ts of the approach for both client and provider and show how the parameters for the interactions should be computed.

IEEE International Workshop on Cyber Resiliency Economics , Vienna, 2016

IIT authors:

Type: Contributo in atti di convegno
Field of reference: Information Technology and Communication Systems

File: main.pdf

Activity: Metodi formali per la sicurezza di sistemi ICT