The MUSES system includes a Real-Time Trust and Risk Analysis Engine (RT2AE) that aims at combining both the trust in requesting users and the trust in their current computing environments to decide whether or not the request should be granted.
As risk is the other side of the trust coin, MUSES must complement that trust information with risk information and report the risks the user would undertake if accessing the corporate information system in the current computing environment.
MUSES risk and trust metrics clearly go beyond traditional IT risk management methodologies because they not only take into account the threats and their negative outcomes but also the opportunities and their benefits. In addition, decisions are not fixed in advance. They can be computed in real-time and may lead to different decisions depending on the context.
Another improvement in MUSES risk management is that the risk communication may also contain a list of possible risk treatments that may be carried out rather than just trying to access the asset in the current risky context. Yet there is an option to let the user finally deciding accessing the asset at her own risk knowing that her trust value may be decreased in the future if found liable of the security incident having compromised the asset.
As depicted in the figure below, we have created an agent-based simulator to test our MUSES opportunity-enabled risk management metrics. For example, a user who has to wait around one hour at an airport and needs to access corporate data in order to work and not lose her/his paid time is simulated. The simulated granting/deny decisions are made given the chosen risk policy that may give more or less optimal cost/benefit results.
In future work, the user trust value may be increased when the benefits of an opportunity have been attained. Its decrease or increase may also be weighed by the value of the costs of the security incident or of the gained benefits of the taken opportunity. Other context aspects reported in the security incident may also be considered,such as the location where the security incident happened or the Wi-Fi used, in order to decrease the trustworthiness in other aspects of the incriminated computing environment than just the used device.
Research in computational trust management has been carried out since 2005 by the University of Geneva Augmented Human Trust research group that is in charge of the MUSES RT2AE.