This project is lead by Dr. Jean-Marc Seigneur as part of its main field of research, which is online e-reputation and computational trust management based on the human notion of trust.Data security and privacy are of fundamental importance to organizations, where they are defined and managed via Security Policies.
Most security incidents are caused by organisation insiders, either by their lack of knowledge or inadequate or malicious behaviour.Nowadays, information is highly distributed amongst corporate servers, the cloud and multiple personal devices like PDAs, tablets and smart phones. These are not only information holders but also user interfaces to access corporate information.Besides, the Bring Your Own Device (BYOD) practice is becoming more common in large organisations, posing new security threats and blurring the limits between corporate and personal use. In this situation enforcement of Security Policies is increasingly difficult, as any strategy with a chance to succeed must take into account several changing factors: information delocalisation, access from heterogeneous devices and mixing of personal and professional activities. Besides, any mechanism or control must be user friendly and provide non-intrusive, clear feedback on the risk being incurred at any time.
MUSES will provide a device independent, user-centric and self-adaptive corporate security system, able to cope with the concept of seamless working experience on different devices, in which a user may start a session on a device and location and follow up the process on different devices and locations, without corporate digital asset loss. Metrics of usability, context risk evaluation, user current trust situation and device exposure level will be defined and several guidelines for design of secure applications, company policies and context-based security requirements will be produced. A real-time trust and risk analysis engine will also be developed with security mechanisms hard to compromise once installed on the target platforms.