Advertisement

Design of Trusted Systems with Reusable Collaboration Models

  • Peter Herrmann
  • Prank Alexander Kraemer
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 238)

Abstract

We describe the application of our collaboration-oriented software engineering approach to the design of trust-aware systems. In this model-based technique, a specification does not describe a physical system component but the collaboration between various components which achieve system functions by cooperation. A system model is composed from these collaboration specifications. By a set of transformations, executable code can be automatically generated. As a modeling language, we use UML 2.0 collaborations and activities, for which we defined a semantics based on temporal logic. Thus, formal refinement and property proofs can be provided by applying model checkers as well. We consider our approach to be well-suited for the development of trust-based systems since the trust relations between different parties can be nicely modeled by the collaborations. This ability facilitates also a tight cooperation between trust management and software engineering experts which are both needed to create scalable trust-aware applications. The engineering approach is introduced by means of an electronic auction system executing different policies which are guided by the mutual trust of its principals. While the approach can be used for various trust models, we apply Jøsang’s Subjective Logic in the example.

Keywords

State Machine Trust Management Outgoing Edge Reputation System Trust Relation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Cheskin Research and Studio Archetype/Sapient, eCommerce Trust Study (1999).Google Scholar
  2. 2.
    A. Jøsang, A Logic for Uncertain Probabilities, International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 9, 279–311 (2001).MathSciNetGoogle Scholar
  3. 3.
    A.J.I. Jones and B.S. Firozabadi, On the Characterisation of a Trusting Agent —Aspects of a Formal Approach, in: Trust and Deception in Virtual Societies, edited by C. Castelfranchi and Y.H. Tan (Kluwer Academic Publishers, 2001), pp. 157–168.Google Scholar
  4. 4.
    R. Falcone and C. Castelfranchi, Social Trust: A Cognitive Approach, in: Trust and Deception in Virtual Societies, edited by C. Castelfranchi and Y.H. Tan (Kluwer Academic Publishers, 2001), pp. 55–90.Google Scholar
  5. 5.
    N. Mezzetti, A Socially Inspired Reputation Model, in: 1st European Workshop on Public Key Infrastructure (EuroPKI 2004), Samos, edited by S.K. Katsikas, S. Gritzalis and J. Lopez, LNCS 3093 (Springer-Verlag, 2004), pp. 191–204.Google Scholar
  6. 6.
    M. Blaze, J. Feigenbaum, and J. Lacy, Decentralized Trust Management, in: Proc. 17th Symposium on Security and Privacy, Oakland (IEEE Computer, 1996), pp. 164–173.Google Scholar
  7. 7.
    T. Grandison and M. Sloman, Specifying and Analysing Trust for Internet Applications, in: Proc. 2nd IFIP Conference on E-Commerce, E-Business & E-Government (I3E), Lisbon (Kluwer Academic, 2002), pp. 145–157.Google Scholar
  8. 8.
    A. Abdul-Rahman and S. Hailes, Supporting Trust in Virtual Communities, in: Proc. 33rd Hawaii International Conference, Volume 6., Maui, Hawaii (IEEE Computer, 2000).Google Scholar
  9. 9.
    K. Aberer and Z. Despotovic, Managing Trust in a Peer-2-Peer Information System. in: Proc. 10th International Conference on Information and Knowledge Management (CIKM’01), New York, edited by H. Paques et al. (ACM Press, 2001), pp. 310–317.Google Scholar
  10. 10.
    F. Azzedin and M. Maheswaran, A TrustBrokering System and Its Application to Resource Management in Public-Resource Grids, in: Proc. 18th International Parallel and Distributed Processing Symposium (IPDPS’04), Santa Fe (IEEE Computer, 2004).Google Scholar
  11. 11.
    L. Xiong and L. Liu, Building Trust in Decentralized Peer-to-Peer Electronic Communities, in: Proc. 5th International Conference on Electronic Commerce Research (ICECR-5), Dallas (ATSMA, 2002).Google Scholar
  12. 12.
    S.D. Kamvar, M.T., Schlosser, and H. Garcia-Molina, The EigenTrust Algorithm for Reputation Management in P2P Networks, in: Proc. 12th International World Wide Web Conference, Budapest (ACM Press, 2003).Google Scholar
  13. 13.
    D. Ingram, An Evidence Based Architecture for Efficient, Attack-Resistant Computational Trust Dissemination in Peer-to-Peer Networks, in: Proc. 3rd International Conference on Trust Management, Paris, edited by P. Herrmann et al., LNCS 3477 (Springer-Verlag, 2005), pp. 273–288.Google Scholar
  14. 14.
    P. Bonatti and P. Samarati, A Unified Framework for Regulating Access and Information Release on the Web, Journal of Computer Security 10 241–272 (2002).Google Scholar
  15. 15.
    T. Yu, M. Winslett, and K.E. Seamons, Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation, ACM Transactions on Information and System Security 6 1–42 (2003).MATHCrossRefGoogle Scholar
  16. 16.
    H. Koshutanski and F. Massacci, Interactive Access Control for Web Services, in: Proc. 19th IFIP Information Security Conference (SEC 2004), Toulouse (Kluwer Academic, 2004), pp. 151–166.Google Scholar
  17. 17.
    A.J. Lee, M. Winslett, J. Basney, and V. Welch, Traust: A Trust Negotiation Based Authorization Service, in: Proc. 4th International Conference on Trust Management, Pisa, edited by K. Stølen et al., LNCS 3986 (Springer-Verlag, 2006), pp. 458–462.Google Scholar
  18. 18.
    S. Pearson and M.C. Mont, Provision of Trusted Identity Management Using Trust Credentials, in: Proc. 4th International Conference on Trust Management, Pisa, edited by K. Stølen et al., LNCS 3986 (Springer-Verlag, 2006), pp. 267–282.Google Scholar
  19. 19.
    S. Pearson, Trusted Computing: Strengths, Weaknesses and Further Opportunities for Enhancing Privacy, in: Proc. 3rd International Conference on Trust Management, Paris, edited by P. Herrmann et al., LNCS 3477 (Springer-Verlag, 2005), pp. 305–320.Google Scholar
  20. 20.
    C.D. Jensen and P.O. Connell, Trust-Based Route Selection in Dynamic Source Routing, in: Proc. 4th International Conference on Trust Management, Pisa, edited by K. Stølen et al., LNCS 3986 (Springer-Verlag, 2006), pp. 150–163.Google Scholar
  21. 21.
    F. Kerschbaum, J. Haller, Y. Karabulut, and P. Robinson, PathTrust: A TrustBased Reputation Service for Virtual Organization Formation, in: Proc. 4th International Conference on Trust Management, Pisa, edited by K. Stølen et al., LNCS 3986 (Springer-Verlag, 2006), pp. 193–205.Google Scholar
  22. 22.
    P. Herrmann, Trust-Based Protection of Software Component Users and Designers, in: Proc. 1st International Conference on Trust Management, Heraklion, edited by P. Nixon and S. Terzis, S., LNCS 2692 (Springer-Verlag, 2003), pp. 75–90.Google Scholar
  23. 23.
    G. Lenzini, A. Tokmakoff, and J. Muskens, Managing Trustworthiness in Component-Based Embedded Systems, in: Proc. 2nd International Workshop on Security and Trust Management, Hamburg (2006).Google Scholar
  24. 24.
    D. Quercia, S. Hailes, and L. Capra, B-Trust: Bayesian Trust Framework for Pervasive Computing, in: Proc. 4th International Conference on Trust Management, Pisa, edited by K. Stølen et al., LNCS 3986 (Springer-Verlag, 2006), pp. 298–312.Google Scholar
  25. 25.
    F.A. Kraemer and P. Herrmann, Service Specification by Composition of Collaborations —An Example, in: 2nd International Workshop on Service Composition (Sercomp), Hong Kong (IEEE Computer, 2006).Google Scholar
  26. 26.
    G. Booch, J. Rumbaugh, and I. Jacobson, The Unified Modeling Language User Guide (Addison-Wesley, 1999).Google Scholar
  27. 27.
    Object Management Group, Unified Modeling Language: Superstructure (2006).Google Scholar
  28. 28.
    R.T. Sanders, H.N. Castejón, F.A. Kraemer, and R. Braek, Using UML 2.0 Collaborations for Compositional Service Specification, in: ACM / IEEE 8th International Conference on Model Driven Engineering Languages and Systems (2005).Google Scholar
  29. 29.
    J.E.Y. Rossebø and R. Bræk, Towards a Framework of Authentication and Authorization Patterns for Ensuring Availability in Service Composition, in: Proc. 1st International Conference on Availability, Reliability and Security (ARES’06) (IEEE Computer, 2006), pp. 206–215.Google Scholar
  30. 30.
    H.N. Castejón and R. Braek, A Collaboration-based Approach to Service Specification and Detection of Implied Scenarios, in: ICSE’s 5th Workshop on Scenarios and State Machines: Models, Algorithms and Tools (SCESM’06) (2006).Google Scholar
  31. 31.
    F.A. Kraemer and P. Herrmann, Transforming Collaborative Service Specifications into Efficiently Executable State Machines, to appear in:Electronic Communications of the EASST (2007).Google Scholar
  32. 32.
    F.A. Kraemer, P. Herrmann, and R. Bræk, Aligning UML 2.0 State Machines and Temporal Logic for the Efficient Execution of Services, in: Proc. 8th International Symposium on Distributed Objects and Applications (DOA), Montpellier, edited by R. Meersmann and Z. Tari, LNCS 4276 (Springer-Verlag, 2006), pp. 1613–1632.Google Scholar
  33. 33.
    L. Lamport, Specifying Systems (Addison-Wesley, 2002).Google Scholar
  34. 34.
    Y. Yu, P. Manolios, and L. Lamport, Model Checking TLA+ Specifications, in: Correct Hardware Design and Verification Methods (CHARME’ 99), edited by L. Pierre and T. Kropf, LNCS 1703, (Springer-Verlag, 1999), pp. 54–66.Google Scholar
  35. 35.
    A. Jøsang, The right type of trust for distributed systems, in: Proc. UCLA conference on New security paradigms workshops, Lake Arrowhead (ACM Press, 1996), pp. 119–131.Google Scholar
  36. 36.
    A. Jøsang, An Algebra for Assessing Trust in Certification Chains, in: Proc. Network and Distributed Systems Security Symposium (NDSS’99), edited by J. Kochmar (The Internet Society, 1999).Google Scholar
  37. 37.
    A. Jøsang and S.J. Knapskog, A Metric for Trusted Systems, in: Proc. 21st National Security Conference (NSA, 1998).Google Scholar
  38. 38.
    P. Herrmann and H. Krumm, A Framework for Modeling Transfer Protocols, Computer Networks 34, 317–337 (2000).CrossRefGoogle Scholar
  39. 39.
    R. Bræk, Unified System Modelling and Implementation, in: International Switching Symposium, Paris (1979), pp. 1180–1187.Google Scholar
  40. 40.
    R. Bræk, J. Gorman, Ø. Haugen, G. Melby, B. Møller-Pedersen, and R.T. Sanders, Quality by Construction Exemplified by TIMe —The Integrated Methodology, Telektronikk 95, 73–82 (1997).Google Scholar
  41. 41.
    Ø. Haugen and B. Møller-Pedersen, JavaFrame —Framework for Java Enabled Modelling, in: Proc. Ericsson Conference on Software Engineering, Stockholm, (Ericsson, 2000).Google Scholar
  42. 42.
    P. Herrmann, Temporal Logic-Based Specification and Verification of Trust Models, in: Proc. 4th International Conference on Trust Management, Pisa, edited by K. Stølen et al., LNCS 3986 (Springer-Verlag, 2006), pp. 105–119.Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Peter Herrmann
    • 1
  • Prank Alexander Kraemer
    • 1
  1. 1.Telematics DepartmentNorwegian University of Science and Technology (NTNU)TrondheimNorway

Personalised recommendations