A Formal Notion of Trust – Enabling Reasoning about Security Properties

  • Andreas Fuchs
  • Sigrid Gürgens
  • Carsten Rudolph
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 321)


Historically, various different notions of trust can be found, each addressing particular aspects of ICT systems, e.g. trust in electronic commerce systems based on reputation and recommendation, or trust in public key infrastructures. While these notions support the understanding of trust establishment and degrees of trustworthiness in their respective application domains, they are insufficient for the more general notion of trust needed when reasoning about security in ICT systems. In this paper we present a formal definition of trust to be able to exactly express trust requirements from the view of different entities involved in the system and to support formal reasoning such that security requirements, security and trust mechanisms and underlying trust assumptions can be formally linked and made explicit. Integrated in our Security Modeling Framework this formal definition of trust can support security engineering processes and formal validation and verification by enabling reasoning about security properties w.r.t. trust.


Security Requirement Security Property Security Mechanism Reputation System Trusted Platform Module 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Gürgens, S., Ochsenschläger, P., Rudolph, C.: On a formal framework for security properties. International Computer Standards & Interface Journal (CSI), Special issue on formal methods, techniques and tools for secure and reliable applications 27(5), 457–466 (2005)Google Scholar
  2. 2.
    Trusted Computing Group: TCG TPM Specification 1.2 revision 103 (2006),
  3. 3.
    Muskens, J., Alonso, R., Yhang, Z., Egelink, K., Larranaga, A., Gouder, A.: Trust4All Trust Framework and Mechanisms. ITEA Trust4All (2005)Google Scholar
  4. 4.
    Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decision Support Systems 43(2), 618–644 (2007)CrossRefGoogle Scholar
  5. 5.
    McKnight, D., Chervany, N.: The Meanings of Trust. Technical report, University of Minnesota, Management Information Systems Reseach Center (1996)Google Scholar
  6. 6.
    Grandison, T., Sloman, M.: A survey of trust in internet applications. IEEE Communications Surveys and Tutorials 3(4), 2–16 (2000)CrossRefGoogle Scholar
  7. 7.
    Carbone, M., Nielsen, M., Sassone, V.: A formal model for trust in dynamic networks, pp. 54–61 (2003) RS-03-4Google Scholar
  8. 8.
    Demolombe, R.: Reasoning about trust: A formal logical framework. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 291–303. Springer, Heidelberg (2004)Google Scholar
  9. 9.
    Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM Transactions on Computer Systems 8 (1990)Google Scholar
  10. 10.
    Syverson, P., van Oorschot, P.: On unifying some cryptographic protocol logics. In: IEEE Symposium on Security and Privacy, May 1994, pp. 14–28 (1994)Google Scholar
  11. 11.
    Abadi, M., Tuttle, M.: A Semantics for a Logic of Authentication. In: Tenth Annual ACM Symposium on Principles of Distributed Computing, Montreal, Canada, August 1991, pp. 201–216 (1991)Google Scholar
  12. 12.
    Gong, L., Needham, R., Yahalom, R.: Reasoning about Belief in Cryptographic Protocols. In: Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy, pp. 234–248. IEEE Press, Los Alamitos (1990)CrossRefGoogle Scholar
  13. 13.
    Gürgens, S.: SG Logic – A formal analysis technique for authentication protocols. In: Li, M. (ed.) ALT 1997. LNCS, vol. 1316, pp. 159–176. Springer, Heidelberg (1997)Google Scholar
  14. 14.
    Eilenberg, S.: Automata, Languages and Machines. Academic Press, New York (1974)zbMATHGoogle Scholar
  15. 15.
    Mitchell, C., et al.: Trusted Computing. Institution of Engineering and Technology (2005)Google Scholar

Copyright information

© IFIP 2010

Authors and Affiliations

  • Andreas Fuchs
    • 1
  • Sigrid Gürgens
    • 1
  • Carsten Rudolph
    • 1
  1. 1.Fraunhofer Institute for Secure Information Technology SITDarmstadtGermany

Personalised recommendations