Abstract | The growth of the Internet has been accompanied by a proliferation of e-services. The increasing attacks on these services by malicious individuals have highlighted the need for security. The security requirements of an e-service may be specified by the service provider in a security policy. However, a service consumer may have security preferences that are not reflected in this policy. In order for service providers to reach a wider market, a way of personalizing a security policy to a particular consumer is needed. We introduce the concept of security personalization, derive the content of an e-service security policy suitable for personalization, and describe four approaches for such personalization, including the design and use of a context-aware security policy agent (CASPA) that personalizes an e-service security policy to the needs of the consumer on-the-fly. We further give recommendations on applying the personalization approaches based on their advantages and disadvantages. |
---|