Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/41270' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/41270' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Security by insurance for services | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

Security by insurance for services

It is hard to guarantee proper protection in the Service Oriented Architecture (SOA), when a client outsources a part of its business or sends private data to a services provider. Various solutions proposed so far mostly require evidences of proper protection (e.g., source code for veri cation or execution traces for monitoring), which are to be provided by the service provider itself, and thus are not fully trusted by the client.
In this paper we describe both conceptually and formally an approach for guaranteeing proper protection of outsourced data or business using cyber insurance. We discuss several variants of applications of the approach depending on the amount of involvement of di erent parties.
We provide mathematical evidences of bene ts of the approach for both client and provider and show how the parameters for the interactions should be computed.


IEEE International Workshop on Cyber Resiliency Economics , Vienna, 2016

Autori IIT:

Tipo: Contributo in atti di convegno
Area di disciplina: Information Technology and Communication Systems

File: main.pdf

Attività: Metodi formali per la sicurezza di sistemi ICT