Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/45627' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/45627' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Security by insurance for services | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

Security by insurance for services

It is hard to guarantee proper protection in the Service Oriented Architecture (SOA), when a client outsources a part of its business or sends private data to a services provider. Various solutions proposed so far mostly require evidences of proper protection (e.g., source code for verification or execution traces for monitoring), which are to be provided by the service provider itself, and thus are not fully trusted by the client. In this paper we describe both conceptually and formally an approach for guaranteeing proper protection of outsourced data or business using cyber insurance. We discuss several variants of applications of the approach depending on the degree of involvement of different parties. We provide mathematical evidences of benefits of the approach for both client and provider and show how the parameters for the interactions should be computed.

1st International Workshop on Cyber Resilience Economics, Wien, 2016

Autori IIT:

Tipo: Contributo in atti di convegno
Area di disciplina: Computer Science & Engineering

File: YAUT-16-CRE.pdf

Attività: Architetture, protocolli e meccanismi di sicurezza per sistemi e servizi distribuiti