IIT Home Page CNR Home Page

Security by insurance for services

It is hard to guarantee proper protection in the Service Oriented Architecture (SOA), when a client outsources a part of its business or sends private data to a services provider. Various solutions proposed so far mostly require evidences of proper protection (e.g., source code for verification or execution traces for monitoring), which are to be provided by the service provider itself, and thus are not fully trusted by the client. In this paper we describe both conceptually and formally an approach for guaranteeing proper protection of outsourced data or business using cyber insurance. We discuss several variants of applications of the approach depending on the degree of involvement of different parties. We provide mathematical evidences of benefits of the approach for both client and provider and show how the parameters for the interactions should be computed.

1st International Workshop on Cyber Resilience Economics, Wien, 2016

Autori IIT:

Tipo: Contributo in atti di convegno
Area di disciplina: Computer Science & Engineering

File: YAUT-16-CRE.pdf

Attività: Architetture, protocolli e meccanismi di sicurezza per sistemi e servizi distribuiti