@incollection {2013, title = {POM: A Trust-based AHP-like Methodology to Solve Conflict Requirements for the IoT}, booktitle = {Collaborative Approaches for Cyber Security in Cyber-Physical Systems}, number = {Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)}, year = {2023}, month = {01/2023}, pages = {145-170}, publisher = {Springer}, organization = {Springer}, keywords = {Analytic Hierarchy Process (AHP), Internet of Things (IoT), Multi Criteria Decision Analysis (MCDA), Requirements Engineering, Trust}, issn = {1613-5113}, doi = {https://doi.org/10.1007/978-3-031-16088-2_7}, url = {https://link.springer.com/chapter/10.1007/978-3-031-16088-2_7}, author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez} } @inproceedings {1980, title = {Novel Approaches for the Development of Trusted IoT Entities}, booktitle = {37th International Conference on ICT Systems Security and Privacy Protection {\textendash} IFIP SEC 2022}, year = {2022}, month = {06/2022}, pages = {215-230}, publisher = {Springer}, organization = {Springer}, address = {Copenhagen}, keywords = {Internet of Things (IoT), SysML, System Development Life Cycle (SDLC)., Trust, UML}, issn = {1868-4238 }, doi = {https://doi.org/10.1007/978-3-031-06975-8}, url = {https://link.springer.com/content/pdf/10.1007\%2F978-3-031-06975-8_13}, author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez} } @inproceedings {1981, title = {Verification and Validation Methods for a Trust-by-Design Framework for the IoT}, booktitle = {36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec{\textquoteright}22)}, volume = {13383}, year = {2022}, month = {07/2022}, pages = {183-194}, publisher = {Springer}, organization = {Springer}, address = {Newark, NJ, USA}, keywords = {Internet of Things (IoT), SysML, System Development Life Cycle (SDLC), Trust, UML}, isbn = {978-3-031-10683-5}, doi = {https://doi.org/10.1007/978-3-031-10684-2_11}, url = {https://link.springer.com/chapter/10.1007/978-3-031-10684-2_11}, author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez} } @inproceedings {1852, title = {A Model Specification Implementation for Trust Negotiation}, booktitle = {The 14th International Conference on Network and System Security (NSS 2020)}, volume = {12570}, year = {2020}, month = {11/2020}, pages = {327-341}, publisher = {Springer}, organization = {Springer}, address = {Melbourne, Australia}, abstract = {

Trust negotiation represents a suitable approach for building trust in online environments, where the interacting entities are anonymous. It covers important criteria on security and privacy. In this work, we propose a method for implementing our model specification that handles trust negotiation. We define the structure of the trust negotiation module that is a standalone unit capable of negotiating on its own. It may be included to any software by its defined interfaces. We realise our method with a ride-sharing scenario and four trust negotiation strategies that we apply in order to validate our design and implementation. We propose a solution that is fully customisable based on different requirements. The proposal provides guidelines for developers in the process of including trust negotiation into their software.

}, keywords = {Software Development Life Cycle, Trust, Trust Negotiation}, author = {Martin Kolar and Carmen Fernandez-Gago and Javier Lopez} } @article {ferraris2020b, title = {A model-driven approach to ensure trust in the IoT}, journal = {Human-centric Computing and Information Sciences}, volume = {10}, number = {50}, year = {2020}, month = {12/2020}, publisher = {Springer}, abstract = {

The Internet of Things (IoT) is a paradigm that permits smart entities to be interconnected anywhere and anyhow. IoT opens new opportunities but also rises new issues.
In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them.
So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity.
In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy.
We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way.
Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram.
This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC.
These models will be a fundamental input for the following and final phases of the SDLC.

}, keywords = {Internet of Things (IoT), SysML, System Development Life Cycle (SDLC), Trust, UML}, issn = {2192-1962 }, doi = {10.1186/s13673-020-00257-3}, author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez} } @article {ferraris2020, title = {A Trust Model for Popular Smart Home Devices}, journal = {International Journal of Information Security}, year = {2020}, publisher = {Springer}, abstract = {

Nowadays, smart home devices like Amazon Echo and Google Home have reached mainstream popularity.
Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users{\textquoteright} name, gender, home address, calendar appointments and others.
There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers.
As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it.
Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences.
In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors.
We have evaluated how trust was built and managed from the initial set up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests).
As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues.\  In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.

}, keywords = {Internet of Things, privacy, security, Smart Home, Trust}, issn = {1615-5262}, doi = {10.1007/s10207-020-00519-2}, url = {https://link.springer.com/article/10.1007/s10207-020-00519-2}, author = {Davide Ferraris and Daniel Bastos and Carmen Fernandez-Gago and Fadi El-Moussa} } @inproceedings {1814, title = {An Analysis of Trust in Smart Home Devices}, booktitle = {The 20th World Conference on Information Security Applications: WISA-Workshop 2019}, year = {2019}, publisher = {Springer}, organization = {Springer}, address = {Jeju Island, Korea}, abstract = {

In recent times, smart home devices like Amazon Echo and Google Home have reached mainstream popularity. These devices are intrinsically intrusive, being able to access user{\textquoteright}s personal information. There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices. Improper trust assumptions and security controls can lead to unauthorized access of the devices, which can have severe consequences (i.e. safety risks). In this paper, we analysed the behaviour of smart home devices with respect to trust relationships. We set up a smart home environment to evaluate how trust is built and managed. Then, we performed a number of interaction tests with different types of users (i.e. owner, guests). As a result, we were able to assess the effectiveness of the provided security controls and identify some relevant security issues. To address them, we defined a trust model and proposed a solution based on it for securing smart home devices.

}, keywords = {Internet of Things (IoT), security, Smart Home., Trust}, author = {Davide Ferraris and Daniel Bastos and Carmen Fernandez-Gago and Fadi El-Moussa and Javier Lopez} } @article {ferraris2019, title = {TrUStAPIS: A Trust Requirements Elicitation Method for IoT}, journal = {International Journal of Information Security }, year = {2019}, month = {01/2020}, pages = {111-127}, publisher = {Springer}, abstract = {

The Internet of Things (IoT) is an environment of interconnected entities, which are identifiable, usable and controllable via the Internet. Trust is useful for a system such as the IoT as the entities involved would like to know how the other entities they have to interact with are going to perform.
When developing an IoT entity, it will be desirable to guarantee trust during its whole life cycle. Trust domain is strongly dependent on other domains such as security and privacy.
To consider these domains as a whole and to elicit the right requirements since the first phases of the System Development Life Cycle (SDLC) is a key point when developing an IoT entity.
This paper presents a requirements elicitation method focusing on trust plus other domains such as security, privacy and usability that increase the trust level of the IoT entity developed. To help the developers to elicit the requirements, we propose a JavaScript Notation Object (JSON) template containing all the key elements that must be taken into consideration.
We emphasize on the importance of the concept of traceability. This property permits to connect all the elicited requirements guaranteeing more control on the whole requirements engineering process.

}, keywords = {Internet of Things (IoT), Requirements Engineering, System Development Life Cycle (SDLC), Trust, \\ JavaScript Notation Object (JSON)}, issn = {1615-5262}, doi = {10.1007/s10207-019-00438-x}, url = {https://link.springer.com/article/10.1007\%2Fs10207-019-00438-x}, author = {Davide Ferraris and Carmen Fernandez-Gago} } @article {Ruben2017trust, title = {Modelling Privacy-Aware Trust Negotiations}, journal = {Computers \& Security}, volume = {77 }, year = {2018}, pages = {773-789}, publisher = {Elsevier}, abstract = {

Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.

}, keywords = {Goal-Oriented Modelling, Policy, privacy, Requirements Engineering, Secure Software Engineering, Trust}, issn = {0167-4048}, doi = {10.1016/j.cose.2017.09.015}, author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez} } @article {Fer_IS17, title = {Modelling Trust Dynamics in the Internet of Things}, journal = {Information Sciences}, volume = {396}, year = {2017}, pages = {72-82}, publisher = {Elsevier}, abstract = {

The Internet of Things (IoT) is a paradigm based on the interconnection of\ everyday objects. It is expected that the {\textquoteleft}things{\textquoteright} involved in the IoT paradigm\ will have to interact with each other, often in uncertain conditions. It is therefore\ of paramount importance for the success of IoT that there are mechanisms in\ place that help overcome the lack of certainty. Trust can help achieve this goal.\ In this paper, we introduce a framework that assists developers in including\ trust in IoT scenarios. This framework takes into account trust, privacy and\ identity requirements as well as other functional requirements derived from IoT\ scenarios to provide the different services that allow the inclusion of trust in the\ IoT.

}, keywords = {Dynamic Framework, Internet of Things, Trust}, issn = {0020-0255}, doi = {10.1016/j.ins.2017.02.039}, author = {Carmen Fernandez-Gago and Francisco Moyano and Javier Lopez} } @inproceedings {rios2016b, title = {Privacy-Aware Trust Negotiation}, booktitle = {12th International Workshop on Security and Trust Management (STM)}, volume = {LNCS 9871}, year = {2016}, month = {09/2016}, pages = {98-105}, publisher = {Springer}, organization = {Springer}, address = {Heraklion, Crete, Greece}, abstract = {

Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using answer set programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.

}, keywords = {Goal-Oriented Modelling, privacy, Requirements Engineering, Secure Software Engineering, Trust}, isbn = {978-3-319-46597-5}, issn = {0302-9743}, doi = {10.1007/978-3-319-46598-2 7}, url = {http://link.springer.com/chapter/10.1007/978-3-319-46598-2_7}, author = {Ruben Rios and Carmen Fernandez-Gago and Javier Lopez} } @inproceedings {moyano14smartgridsec, title = {Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements}, booktitle = {Smart Grid Security - Second International Workshop}, series = {LNCS}, volume = {8448}, year = {2014}, month = {Aug}, pages = {166-180}, publisher = {Springer}, organization = {Springer}, address = {Munich}, keywords = {model-driven engineering, problem frames, Reputation, security requirements engineering, Trust, UML4PF}, isbn = {978-3-319-10328-0}, issn = {0302-9743}, doi = {10.1007/978-3-319-10329-7_11}, author = {Francisco Moyano and Carmen Fernandez-Gago and Kristian Beckers and Maritta Heisel}, editor = {Jorge Cuellar} } @inproceedings {moyano14caise, title = {Trust-Aware Decision-Making Methodology for Cloud Sourcing}, booktitle = {26th International Conference on Advanced Information Systems Engineering (CAiSE 2014)}, series = {LCNS}, volume = {8484}, year = {2014}, month = {06/2014}, pages = {136-149}, publisher = {Springer}, organization = {Springer}, address = {Thessaloniki}, abstract = {

Cloud sourcing consists of outsourcing data, services and infrastructure to cloud providers. Even when this outsourcing model brings advantages to cloud customers, new threats also arise as sensitive data and critical IT services are beyond customers{\textquoteright} control. When an organization considers moving to the cloud, IT decision makers must select a cloud provider and must decide which parts of the organization will be outsourced and to which extent. This paper proposes a methodology that allows decision makers to evaluate their trust in cloud providers. The methodology provides a systematic way to elicit knowledge about cloud providers, quantify their trust factors and aggregate them into trust values that can assist the decision-making process. The trust model that we propose is based on trust intervals, which allow capturing uncertainty during the evaluation, and we define an operator for aggregating these trust intervals. The methodology is applied to an eHealth scenario.

}, keywords = {Cloud Computing, decision making, domain knowledge elicitation, security, Trust}, isbn = {978-3-319-07880-9}, issn = {0302-9743}, doi = {10.1007/978-3-319-07881-6}, author = {Francisco Moyano and Kristian Beckers and Carmen Fernandez-Gago}, editor = {Matthias Jarke and John Mylopoulos and Christoph Quix and Colette Rolland and Yannis Manolopoulos and Haralambos Mouratidis and Jennifer Horkoff} } @inproceedings {moyano13wisse, title = {Towards Engineering Trust-aware Future Internet Systems}, booktitle = {3rd International Workshop on Information Systems Security Engineering (WISSE 2013)}, series = {LNBIP}, volume = {148}, year = {2013}, month = {Jun 2013}, pages = {490-501}, publisher = {Springer-Verlag}, organization = {Springer-Verlag}, address = {Valencia}, abstract = {

Security must be a primary concern when engineering Future Internet (FI) systems and applications. In order to achieve secure solutions, we need to capture security requirements early in the Software Development Life Cycle (SDLC). Whereas the security community has traditionally focused on providing tools and mechanisms to capture and express hard security requirements (e.g. confidentiality), little attention has been paid to other important requirements such as trust and reputation. We argue that these soft security requirements can leverage security in open, distributed, heterogeneous systems and applications and that they must be included in an early phase as part of the development process. In this paper we propose a UML extension for specifying trust and reputation requirements, and we apply it to an eHealth case study.

}, keywords = {Reputation, Requirements Engineering, Secure Design, Trust}, isbn = {978-3-642-38489-9}, issn = {1865-1348}, doi = {10.1007/978-3-642-38490-5}, url = {http://link.springer.com/book/10.1007/978-3-642-38490-5/page/3}, author = {Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez}, editor = {Xavier Franch and Pnina Soffer} } @inproceedings {Clarke:2012, title = {Trust \& Security RTD in the Internet of Things: Opportunities for International Cooperation}, booktitle = {Proceedings of the First International Conference on Security of Internet of Things}, series = {SecurIT {\textquoteright}12}, year = {2012}, pages = {172{\textendash}178}, publisher = {ACM}, organization = {ACM}, address = {New York, NY, USA}, abstract = {

While there has been considerable progress in the research and technological development (RTD) of the Internet of Things (IoT), there is still considerable RTD required by international communities for the trust, privacy and security research challenges arising from the constitution of the IoT architectures, infrastructures, communications, devices, objects, applications and services. In this paper, we present an thorough analysis of the ongoing and future RTD work, specifically in Europe, regarding trust, privacy and security of the Internet of Things with a view towards enabling international cooperation efforts around the globe to solve these major research challenges.

}, keywords = {international cooperation (INCO), Internet of Things, privacy, research and technological development (RTD), security, Trust}, isbn = {978-1-4503-1822-8}, doi = {10.1145/2490428.2490452}, url = {http://doi.acm.org/10.1145/2490428.2490452}, author = {Clarke, James and Roman, Rodrigo and Sharma, Abhishek and Lopez, Javier and Suri, Neeraj} }