{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,1]],"date-time":"2025-03-01T05:36:06Z","timestamp":1740807366762,"version":"3.38.0"},"publisher-location":"Berlin, Heidelberg","reference-count":47,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642174988"},{"type":"electronic","value":"9783642174995"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-17499-5_7","type":"book-chapter","created":{"date-parts":[[2010,12,7]],"date-time":"2010-12-07T13:12:47Z","timestamp":1291727567000},"page":"154-186","source":"Crossref","is-referenced-by-count":1,"title":["Trust-Based Security Level Evaluation Using Bayesian Belief Networks"],"prefix":"10.1007","author":[{"given":"Siv Hilde","family":"Houmb","sequence":"first","affiliation":[]},{"given":"Indrakshi","family":"Ray","sequence":"additional","affiliation":[]},{"given":"Indrajit","family":"Ray","sequence":"additional","affiliation":[]},{"given":"Sudip","family":"Chakraborty","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"7_CR1","unstructured":"International Organization for Standardization (ISO\/IEC): ISO 15408:2007 Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 2, CCMB-2007-09-001, CCMB-2007-09-002 and CCMB-2007-09-003 (2007)"},{"key":"7_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"329","DOI":"10.1007\/BFb0055873","volume-title":"Computer Security \u2013 ESORICS 98","author":"A. J\u00f8sang","year":"1998","unstructured":"J\u00f8sang, A.: A Subjective Metric of Authentication. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol.\u00a01485, pp. 329\u2013344. Springer, Heidelberg (1998)"},{"key":"7_CR3","unstructured":"J\u00f8sang, A.: An Algebra for Assessing Trust in Certification Chains. In: Proceedings of the 1999 Network and Distributed Systems Security Symposium (1999)"},{"key":"7_CR4","unstructured":"Cohen, M.S., Parasuraman, R., Freeman, J.T.: Trust in Decision Aids: A Model and a Training Strategy. Technical Report USAATCOM TR 97-D-4, Cognitive Technologies Inc. (1997)"},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Yahalom, R., Klein, B., Beth, T.: Trust Relationship in Secure Systems: A Distributed Authentication Perspective. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 150\u2013164 (1993)","DOI":"10.1109\/RISP.1993.287635"},{"issue":"1","key":"7_CR6","first-page":"45","volume":"7","author":"R. Yahalom","year":"1994","unstructured":"Yahalom, R., Klein, B., Beth, T.: Trust-based Navigation in Distributed Systems. Computing Systems\u00a07(1), 45\u201373 (1994)","journal-title":"Computing Systems"},{"key":"7_CR7","series-title":"Lecture Notes in Computer Science","first-page":"3","volume-title":"Computer Security - ESORICS 94","author":"T. Beth","year":"1994","unstructured":"Beth, T., Borcherding, M., Klein, B.: Valuation of Trust in Open Networks. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol.\u00a0875, pp. 3\u201318. Springer, Heidelberg (1994)"},{"key":"7_CR8","doi-asserted-by":"crossref","unstructured":"Xiong, L., Liu, L.: A Reputation-Based Trust Model For Peer-To-Peer Ecommerce Communities. In: Proceedings of the IEEE Conference on E-Commerce, pp. 275\u2013284 (2003)","DOI":"10.1145\/779928.779972"},{"key":"7_CR9","doi-asserted-by":"crossref","unstructured":"Abdul-Rahman, A., Hailes, S.: Supporting Trust in Virtual Communities. In: Proceedings of the 33rd Annual Hawaii International Conference on System Sciences, pp. 4\u20137 (2000)","DOI":"10.1109\/HICSS.2000.926814"},{"issue":"1","key":"7_CR10","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1145\/77648.77649","volume":"8","author":"M. Burrows","year":"1990","unstructured":"Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM Transactions on Computer Systems\u00a08(1), 18\u201336 (1990)","journal-title":"ACM Transactions on Computer Systems"},{"key":"7_CR11","first-page":"157","volume-title":"Trust and Deception in Virtual Societies","author":"A.J.I. Jones","year":"2000","unstructured":"Jones, A.J.I., Firozabadi, B.S.: On the Characterization of a Trusting Agent \u2013 Aspects of a Formal Approach. In: Trust and Deception in Virtual Societies, pp. 157\u2013168. Kluwer Academic Publishers, Dordrecht (2000)"},{"key":"7_CR12","doi-asserted-by":"crossref","unstructured":"Jajodia, S., Samarati, P., Subrahmanian, V.: A Logical Language for Expressing Authorizations. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 31\u201342 (1997)","DOI":"10.1109\/SECPRI.1997.601312"},{"key":"7_CR13","first-page":"1","volume-title":"Trust and Deception in Virtual Societies","author":"M. Bacharach","year":"2000","unstructured":"Bacharach, M., Gambetta, D.: Trust as Type Identification. In: Trust and Deception in Virtual Societies, pp. 1\u201326. Kluwer Academic Publishers, Dordrecht (2000)"},{"issue":"6","key":"7_CR14","doi-asserted-by":"publisher","first-page":"479","DOI":"10.1016\/S0167-4048(01)00605-8","volume":"20","author":"S. Purser","year":"2001","unstructured":"Purser, S.: A Simple Graphical Tool For Modelling Trust. Computers & Security\u00a020(6), 479\u2013484 (2001)","journal-title":"Computers & Security"},{"key":"7_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1007\/978-3-540-30108-0_16","volume-title":"Computer Security \u2013 ESORICS 2004","author":"I. Ray","year":"2004","unstructured":"Ray, I., Chakraborty, S.: A Vector Model of Trust for Developing Trustworthy Systems. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol.\u00a03193, pp. 260\u2013275. Springer, Heidelberg (2004)"},{"issue":"1","key":"7_CR16","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/s10844-007-0049-9","volume":"32","author":"I. Ray","year":"2009","unstructured":"Ray, I., Ray, I., Chakraborty, S.: An Interoperable Context Sensitive Model of Trust. Journal of Intelligent Information Systems\u00a032(1), 75\u2013104 (2009)","journal-title":"Journal of Intelligent Information Systems"},{"key":"7_CR17","doi-asserted-by":"crossref","unstructured":"Sun, Y.L., Yang, Y.: Trust Establishment in Distributed Networks: Analysis and Modeling. In: Proceedings of the IEEE International Conference on Communications (ICC 2007), pp. 1266\u20131273 (2007)","DOI":"10.1109\/ICC.2007.214"},{"key":"7_CR18","doi-asserted-by":"crossref","first-page":"211","DOI":"10.3233\/JCS-1993-22-308","volume":"2","author":"B. Littlewood","year":"1993","unstructured":"Littlewood, B., Brocklehurst, S., Fenton, N., Mellor, P., Page, S., Wright, D., Dobson, J., McDermid, J., Gollmann, D.: Towards Operational Measures of Computer Security. Journal of Computer Security\u00a02, 211\u2013229 (1993)","journal-title":"Journal of Computer Security"},{"issue":"25","key":"7_CR19","doi-asserted-by":"publisher","first-page":"633","DOI":"10.1109\/32.815323","volume":"5","author":"R. Ortalo","year":"1999","unstructured":"Ortalo, R., Deswarte, Y.: Experiments with Quantitative Evaluation Tools for Monitoring Operational Security. IEEE Transaction on Software Engineering\u00a05(25), 633\u2013650 (1999)","journal-title":"IEEE Transaction on Software Engineering"},{"key":"7_CR20","doi-asserted-by":"crossref","unstructured":"Madan, B.B., Popstojanova, K.G., Vaidyanathan, K., Trivedi, K.S.: Modeling and Quantification of Security Attributes of Software Systems. In: Proceedings of the International Conference on Dependable Systems and Networks, pp. 505\u2013514 (2002)","DOI":"10.1109\/DSN.2002.1028941"},{"issue":"25","key":"7_CR21","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1109\/32.588541","volume":"4","author":"E. Jonsson","year":"1997","unstructured":"Jonsson, E., Olovsson, T.: A Quantitative Model of the Security Intrusion Process based on Attacker Behavior. IEEE Transaction on Software Engineering\u00a04(25), 235\u2013246 (1997)","journal-title":"IEEE Transaction on Software Engineering"},{"key":"7_CR22","doi-asserted-by":"crossref","unstructured":"Houmb, S.H., Georg, G., France, R., Bieman, J., J\u00fcrjens, J.: Cost-Benefit Trade-Off Analysis using BBN for Aspect-Oriented Risk-Driven Development. In: Proceedings of 10th IEEE International Conference on Engineering of Complex Computer Systems, pp. 195\u2013204 (2005)","DOI":"10.1109\/ICECCS.2005.30"},{"key":"7_CR23","unstructured":"Houmb, S.H.: Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD) Framework. PhD thesis, Norwegian University of Science and Technology, Trondheim (2007)"},{"key":"7_CR24","unstructured":"International Organization for Standardization (ISO\/IEC): ISO\/IEC 27002:2005 Information Technology \u2013 Security Techniques \u2013 Code of Practice for Information Security Management (2000)"},{"key":"7_CR25","unstructured":"International Organization for Standardization (ISO\/IEC): ISO\/IEC TR 13335:2004 Information Technology \u2013 Guidelines for Management of IT Security (2001)"},{"key":"7_CR26","unstructured":"Australian\/New Zealand Standards and International Organization for Standardization: AS\/NZS ISO 31000:2009, Risk management - Principles and guidelines (2004)"},{"key":"7_CR27","unstructured":"Department of Defence: Trusted Computer System Evaluation Criteria, DoD 5200.28-STD, Supersedes, CSC-STD-00l-83, dtd l5 Aug 83, Library No. S225,7ll (1985)"},{"key":"7_CR28","unstructured":"Department of Trade and Industry, London: Information Technology Security Evaluation Criteria (1991), http:\/\/www.itsec.gov.uk\/ or http:\/\/nsi.org\/Library\/Compsec\/eurooran.txt"},{"key":"7_CR29","doi-asserted-by":"crossref","DOI":"10.1093\/oso\/9780195064650.001.0001","volume-title":"Experts in Uncertainty: Opinion and Subjective Probability in Science","author":"R.M. Cooke","year":"1991","unstructured":"Cooke, R.M.: Experts in Uncertainty: Opinion and Subjective Probability in Science. Oxford University Press, Oxford (1991)"},{"issue":"3","key":"7_CR30","doi-asserted-by":"crossref","first-page":"295","DOI":"10.1093\/oxfordjournals.rpd.a033151","volume":"90","author":"L.H.J. Goossens","year":"2000","unstructured":"Goossens, L.H.J., Harper, F.T., Kraan, B.C.P., Meacutetivier, H.: Expert Judgement for a Probabilistic Accident Consequence Uncertainty Analysis. Radiation Protection and Dosimetry\u00a090(3), 295\u2013303 (2000)","journal-title":"Radiation Protection and Dosimetry"},{"key":"7_CR31","volume-title":"Probabilistic Networks and Expert Systems","author":"R.G. Cowell","year":"1999","unstructured":"Cowell, R.G., Dawid, A.P., Lauritzen, S.L., Spiegelhalter, D.J.: Probabilistic Networks and Expert Systems. Springer, Heidelberg (1999)"},{"key":"7_CR32","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4757-3502-4","volume-title":"Bayesian Networks and Decision Graphs","author":"F.V. Jensen","year":"2001","unstructured":"Jensen, F.V.: Bayesian Networks and Decision Graphs. Springer, Heidelberg (2001)"},{"key":"7_CR33","volume-title":"Learning Bayesian Networks","author":"R.E. Neapolitan","year":"2004","unstructured":"Neapolitan, R.E.: Learning Bayesian Networks. Prentice Hall, Englewood Cliffs (2004)"},{"key":"7_CR34","volume-title":"Probabilistic Reasoning in Intelligent Systems: Network for Plausible Inference","author":"J. Pearl","year":"1988","unstructured":"Pearl, J.: Probabilistic Reasoning in Intelligent Systems: Network for Plausible Inference. Morgan Kaufmann, San Francisco (1988)"},{"key":"7_CR35","unstructured":"Hugin Expert A\/S, Alborg, Denmark: HUGIN Decision Support Tool (2004), http:\/\/www.hugin.dk"},{"key":"7_CR36","volume-title":"Causation, Prediction, and Search","author":"P. Spirtes","year":"2000","unstructured":"Spirtes, P., Glymour, C., Scheines, R.: Causation, Prediction, and Search. MIT Press, Cambridge (2000)"},{"key":"7_CR37","unstructured":"EU Project EP-27046-ACTIVE: EP-27046-ACTIVE, Final Prototype and User Manual, D4.2.2, Ver. 2.0, 2001-02-22 (2001)"},{"key":"7_CR38","unstructured":"\u00d8stvang, M.E.: The Honeynet Project, Phase 1: Installing and Tuning Honeyd using LIDS, Project assignment, Norwegian University of Science and Technology (2003)"},{"key":"7_CR39","unstructured":"Lin, S., Chiueh, T.: A Survey on Solutions to Distributed Denial of Service Attacks. Technical report RPE TR-201, Department of Computer Science, Stony Brook University (2006)"},{"key":"7_CR40","unstructured":"Karig, D., Lee, R.: Remote Denial of Service Attacks and Countermeasures. Technical report CE-L2001-002, Department of Electrical Engineering, Princeton University (2001)"},{"key":"7_CR41","unstructured":"Barkley, A., Liu, S., Gia, Q., Dingfield, M., Gokhale, Y.: A Testbed for Study of Distributed Denial of Service Attacks (WA 2.4). In: Proceedings of the IEEE Workshop on Information Assurance and Security, pp. 218\u2013223 (2000)"},{"key":"7_CR42","unstructured":"Bernstein, D.J.: SYN Cookies, http:\/\/cryptosyncookies.html (accessed November 2006)"},{"key":"7_CR43","doi-asserted-by":"crossref","unstructured":"Yang, Y., Feng, Q., Sun, Y.L., Dai, Y.: RepTrap: A Novel Attack on Feedback-based Reputation Systems. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (2008)","DOI":"10.1145\/1460877.1460888"},{"key":"7_CR44","doi-asserted-by":"crossref","unstructured":"Feng, Q., Sun, Y.L., Liu, L., Dai, Y.: Voting Systems with Trust Mechanisms in Cyberspace: Vulnerabilities and Defenses. IEEE Transactions on Knowledge and Data Engineering (2010) (to appear)","DOI":"10.1109\/TKDE.2009.214"},{"key":"7_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1007\/11755593_11","volume-title":"Trust Management","author":"S.H. Houmb","year":"2006","unstructured":"Houmb, S.H., Ray, I., Ray, I.: Estimating the Relative Trustworthiness of Information Sources in Security Solution Evaluation. In: St\u00f8len, K., Winsborough, W.H., Martinelli, F., Massacci, F. (eds.) iTrust 2006. LNCS, vol.\u00a03986, pp. 135\u2013149. Springer, Heidelberg (2006)"},{"key":"7_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1007\/978-3-642-13739-6_16","volume-title":"Data and Applications Security and Privacy XXIV","author":"S.H. Houmb","year":"2010","unstructured":"Houmb, S.H., Chakraborty, S., Ray, I., Ray, I.: Using Trust-Based Information Aggregation for Predicting Security Level of Systems. In: Foresti, S., Jajodia, S. (eds.) Data and Applications Security and Privacy XXIV. LNCS, vol.\u00a06166, pp. 241\u2013256. Springer, Heidelberg (2010)"},{"key":"7_CR47","doi-asserted-by":"crossref","unstructured":"Franqueira, V.N.L., Houmb, S.H., Daneva, M.: Using Real Option Thinking to Improve Decision Making in Security Investment. In: Proceedings of the 5th International Symposium on Information Security (2010) (to appear)","DOI":"10.1007\/978-3-642-16934-2_46"}],"container-title":["Lecture Notes in Computer Science","Transactions on Computational Science X"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-17499-5_7.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,28]],"date-time":"2025-02-28T14:50:19Z","timestamp":1740754219000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-17499-5_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642174988","9783642174995"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-17499-5_7","relation":{},"ISSN":["0302-9743","1866-4741"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1866-4741"}],"subject":[],"published":{"date-parts":[[2010]]}}}