Robustness verification of soft security systems

Abstract

Soft security is a new generation of security methods that, unlike traditional ones such as encryption and access control (known as hard security), uses social-based control to secure a system. Like any other security method, soft security methods should be evaluated and verified against attacks before they are used; however, despite the increasing attractiveness and applications of these methods, their assessment and evaluation techniques are still in the early stages of the research. The concept of attack in the soft security methods is carried out not by breaking the rules and penetrating the system, but by following a hypocritical and misleading behavior that ultimately leads to the system deception and bypassing its security mechanism. Currently, the most important method for robustness evaluation of soft security is simulation that is not capable of providing a proof of system security. The research works which proposed a verification method for soft security systems are limited. In this paper, the challenges of the robustness verification of soft security systems are investigated, and a formal method for quantitative verification of these systems is proposed. The proposed method also introduces a robustness measure based on the worst possible attack against the system. Moreover, it is capable of finding new attacks against a system. The application of the proposed method is represented using some trust systems case studies.