On Designing Usable Policy Languages for Declarative Trust Aggregation

  • Michael Huth
  • Jim Huan-Pu Kuo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8533)


We argue that there will be an increasing future need for the design and implementation of declarative languages that can aggregate trust evidence and therefore inform the decision making of IT systems at run-time. We first present requirements for such languages. Then we discuss an instance of such a language, Peal  + , which extends an early prototype Peal that was researched by others in collaboration with us. Next, we formulate the intuitive semantics of Peal  + , present a simple use case of it, and evaluate to what extent Peal  +  meets our formulated requirements. In this evaluation, particular attention is given to the usability aspects of declarative languages that mean to aggregate trust evidence.


Composition Operator Policy Language Cognitive Complexity Usability Issue Reputation Score 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Blaze, M., Feigenbaum, J., Keromytis, A.D.: KeyNote: Trust management for public-key infrastructures. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols 1998. LNCS, vol. 1550, pp. 59–63. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  2. 2.
    Crampton, J., Huth, M., Morisset, C.: Policy-based access control from numerical evidence. Technical Report 2013/6, Imperial College London, Department of Computing (October 2013) ISSN 1469-4166 (Print)Google Scholar
  3. 3.
    Crampton, J., Morisset, C.: PTaCL: A language for attribute-based access control in open systems. In: Degano, P., Guttman, J.D. (eds.) Principles of Security and Trust. LNCS, vol. 7215, pp. 390–409. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  4. 4.
    Flechais, I., Riegelsberger, J., Sasse, M.A.: Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems. In: Proceedings of the 2005 Workshop on New security Paradigms, NSPW 2005, pp. 33–41. ACM, New York (2005)CrossRefGoogle Scholar
  5. 5.
    Fugard, A.J.B., Beck, E., Gärtner, M.: How Will Software Engineers of the Internet of Things Reason about Trust? In: Wichert, R., Van Laerhoven, K., Gelissen, J. (eds.) AmI 2011. CCIS, vol. 277, pp. 274–279. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. 6.
    Griesmayer, A., Morisset, C.: Automated certification of authorisation policy resistance. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 574–591. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    Huth, M., Kuo, J.H.-P.: PEALT: A reasoning tool for numerical aggregation of trust evidence. Technical Report 2013/7, Imperial College London, Department of Computing (2013) ISSN 1469-4166 (Print)Google Scholar
  8. 8.
    Huth, M., Kuo, J.H.-P.: Towards verifiable trust management for software execution - (extended abstract). In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds.) TRUST 2013. LNCS, vol. 7904, pp. 275–276. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  9. 9.
    Huth, M., Kuo, J.H.-P.: PEALT: An automated reasoning tool for numerical aggregation of trust evidence. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014 (ETAPS). LNCS, vol. 8413, pp. 109–123. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  10. 10.
    Kirlappos, I., Sasse, M.A., Harvey, N.: Why trust seals don’t work: A study of user perceptions and behavior. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 308–324. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  11. 11.
    Mui, L.: Computational Models of Trust and Reputation: Agents, Evolutionary Games, and Social Networks. PhD thesis. MIT (2002)Google Scholar
  12. 12.
    Pavlidis, N.G., Tasoulis, D.K., Adams, N.M., Hand, D.J.: Adaptive consumer credit classification. Journal of the Operational Research Society 63(12), 1645–1654 (2012)CrossRefGoogle Scholar
  13. 13.
    Riegelsberger, J., Sasse, M.A., McCarthy, J.D.: The mechanics of trust: A framework for research and design. Int. J. Hum.-Comput. Stud. 62(3), 381–422 (2005)CrossRefGoogle Scholar
  14. 14.
    Sasse, A., Kirlappos, I.: Trust, Computing, and Society, chapter Design for trusted and truthworthy services: why we must do better. Cambridge University Press (in press, 2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Michael Huth
    • 1
  • Jim Huan-Pu Kuo
    • 1
  1. 1.Department of ComputingImperial College LondonLondonUK

Personalised recommendations