Unraveling trust management in cybersecurity: insights from a systematic literature review

Abstract

This paper presents the findings of a systematic literature review aimed at elucidating the key anchors, strategies, methods, and techniques pertinent to trust management (TM) in cybersecurity. Drawing upon a meticulous analysis of 106 scholarly papers published between 2001 and 2024, the review offers a comprehensive overview of TM in cybersecurity practices in diverse cyber contexts. The study identifies seven foundational anchors crucial for effective TM frameworks: authentication, authorization, access control, privacy protection, monitoring and auditing, encryption and cryptography, risk management, and iterative and interactive trust processes. Additionally, ten overarching strategies emerge from the synthesis of literature, encompassing identity and access management, role-based access control, least privilege principle, digital certificates or public key infrastructure, security policies and procedures, encryption and data protection, continuous monitoring and risk assessment, vendor and third-party risk management, compliance management and continuous collaboration. Furthermore, the review delineates several methods instrumental in TM processes, and various techniques augmenting these methods were also identified, ranging from trust scoring algorithms and trust aggregation mechanisms to trust reasoning engines and trust-aware routing protocols. The synthesis of literature not only elucidates the multifaceted nature of TM in cybersecurity presented in a framework but also underscores the evolving strategies and technologies employed to establish and maintain trust in dynamic digital ecosystems. By providing a comprehensive overview of anchors, strategies, methods, and techniques in TM in cybersecurity. This review offers valuable insights for practitioners, researchers, and policymakers engaged in enhancing trustworthiness and resilience in contemporary cyber environments.