Scroll Top

TRUST & REPUTATION MANAGEMENT

Since their origins, trust management systems have been used in order to assist entities that have to interact with others in a system. It has been a very important tool for the decision-making process. Sometimes, the available information about the other entities is not enough for establishing a secure exchange of information, but still the interaction must take place. Trust management systems try to supply this lack of information. In the last years, due to the growth of electronic communications and transactions, reputation systems have been developed to aid trust management systems for assisting the trust decision process. 

In order to establish the trust relationship, a trust management system is usually composed of a symbolic language for representing trust and a way of measuring trust (trust metrics) that derives the trust assessment.

The research carried out at NICS in this topic has followed different approaches.

Research lines

At the first stages we mainly concentrated on designing different trust models for different applications. We characterized the most suitable trust metrics to be used in each case, depending on its properties or the nature of the system and designed a trust model based on graph theory  [1]. Sometimes, the application case is dynamic and therefore the inclusion of time as a parameter for measuring trust is very convenient. We designed a trust model where besides trust and reliability as parameters time was also considered [2]. Other trust models designed at NICS included delegation privileges for access control. In this case, we tackled the problem of how to distribute privileges in a network considering the trust relationships among the different actors. We propose the use of a trust graph that keeps record of the trust relationships of the system and helps deciding on concurrent access requests. The information encoded in the graph will be used both in order to decide on access requests and to order granted requests in terms of their associated trust level [3], [4]. We also developed a scale-based trust model where the context where the interactions among users take place plays a key role. The model we proposed takes into account the semantic side of trust and not only the computational side (usually a numerical value) allowing thus the users to possess a more meaningful concept of the information they are handling.

From the reputation point of view we also investigated how in the context of federated identity management trust perception can be exported by using a federated reputation system. We propose a model for deriving trust in online services. In this context, trust is defined as the level of confidence that the service provider holds on the subject interacting with it to behave in a proper way while using the service. Thus, we derive trust by using the reputation values that those users have gained for interacting with these services [5].

Then, our research considered the inclusion of trust and reputation management since the beginning of the development of software services by following the Software Development LifeCycle (SDLC). This work was carried out mainly within the scope of the NESSoS EU project, and which intersects with another research area: Secure Service Engineering. The first step towards the holistic inclusion of trust and reputation was the elicitation of a trust conceptual framework where we identified the underlying core concepts of most trust models, abstracting away from the particularities of concrete models [6].

Using the conceptual framework, our focus is on a development framework that allows building trust and reputation models in services and applications. We have thus designed different components that include trust and reputation for each of the different phases of the SDLC.  More specifically, we are exploring how trust can be used to make reconfiguration decisions in self-adaptive systems. For the requirements phase we have considered different ways to elicit them by designing an extension of UML [7], using extensions of SI* [8], patterns [9], [10]. A very related requirement  to trust is privacy. We have considered these relationship in the following works [11], [12]. These two last works considered a specific case of trust models which are negotiation models. Other works for these type of models considered also the languages needed in order to include them into the SDLC [13] and [14].

The development framework that we have proposed is based on the so-called models@run.time. We called our approach trust@run.time [15]. This framework integrates trust and reputation into a distributed component-model that implements the models@run.time paradigm, thus allowing the system to include trust in their reasoning process.

As the growth of the IoT paradigm is a fact and this paradigm is being largely used, lately, we have developed a framework for the inclusion of trust and reputation to the design and development of IoT scenarios [16]. In order to realise this framwork we have to develop each of the layers that it is composed of [17], [18], [19], [20], [21]. Part of this work have been carried out in the scope of the projects NeCS  and PRECISE

In particular, we are considering the applications of IoT for smart home scenarios [22]

References

  1. Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez (2008): A Model for Trust Metrics Analysis. In: 5th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’08), pp. 28-37, Springer Springer, 2008, ISSN: 0302-9743 (Print) 1611-3349 (Online).
  2. Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez (2008): An Evolutionary Trust and Distrust Model. In: 4th Workshop on Security and Trust Management (STM’08), pp. 3-12, Elsevier Elsevier, Trondheim, Norway, 2008, ISSN: 1571-0661.
  3. Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez (2008): Delegating Privileges over Finite Resources: A Quota Based Delegation Approach. In: 5th International Workshop on Formal Aspects in Security and Trust (FAST’08), pp. 302-315, Springer Springer, Malaga (Spain), 2008, ISSN: 0302-9743 (Print) 1611-3349 (Online).
  4. Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez (2010): A Scale Based Trust Model for Multi-Context Environments. In: Computers and Mathematics with Applications, vol. 60, pp. 209-216, 2010, ISSN: 0898-1221.
  5. Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez (2009): A Multidimensional Reputation Scheme for Identity Federations. In: Sixth European Workshop on Public Key Services, Applications and Infrastructures (EuroPKI’09), pp. 225-238, Springer Springer, 2009, ISSN: 0302-9743 (Print) 1611-3349 (Online).
  6. Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez (2012): A Conceptual Framework for Trust Models. In: Fischer-Hübner, Simone; Katsikas, Sokratis K.; Quirchmayr, Gerald (Ed.): 9th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2012), pp. 93-104, Springer Verlag Springer Verlag, Vienna, 2012, ISSN: 0302-9743.
  7. Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez (2013): Towards Engineering Trust-aware Future Internet Systems. In: Franch, Xavier; Soffer, Pnina (Ed.): 3rd International Workshop on Information Systems Security Engineering (WISSE 2013), pp. 490-501, Springer-Verlag Springer-Verlag, Valencia, 2013, ISSN: 1865-1348.
  8. Federica Paci and Carmen Fernandez-Gago and Francisco Moyano (2013): Detecting Insider Threats: a Trust-Aware Framework. In: 8th International Conference on Availability, Reliability and Security, pp. 121-130, IEEE IEEE, Regensburg, Germany, 2013, ISBN: 978-0-7695-5008-4.
  9. Francisco Moyano and Carmen Fernandez-Gago and Kristian Beckers and Maritta Heisel (2015): Engineering Trust- and Reputation-based Security Controls for Future Internet Systems. In: The 30th ACM/SIGAPP Symposium On Applied Computing (SAC 2015), pp. 1344-1349, Salamanca, Spain, 2015, ISBN: 978-1-4503-3196-8.
  10. Francisco Moyano and Carmen Fernandez-Gago and Kristian Beckers and Maritta Heisel (2014): Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements. In: Cuellar, Jorge (Ed.): Smart Grid Security – Second International Workshop, pp. 166-180, Springer Springer, Munich, 2014, ISSN: 0302-9743.
  11. Ruben Rios and Carmen Fernandez-Gago and Javier Lopez (2016): Privacy-Aware Trust Negotiation. In: 12th International Workshop on Security and Trust Management (STM), pp. 98-105, Springer Springer, Heraklion, Crete, Greece, 2016, ISSN: 0302-9743.
  12. Ruben Rios and Carmen Fernandez-Gago and Javier Lopez (2018): Modelling Privacy-Aware Trust Negotiations. In: Computers & Security, vol. 77, pp. 773-789, 2018, ISSN: 0167-4048.
  13. Martin Kolar and Carmen Fernandez-Gago and Javier Lopez (2019): A Model Specification for the Design of Trust Negotiations. In: Computers & Security, vol. 84, pp. 288-300, 2019, ISSN: 0167-4048.
  14. Martin Kolar and Carmen Fernandez-Gago and Javier Lopez (2018): Policy Languages and Their Suitability for Trust Negotiation. In: 32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXXII, 2018, pp. 69-84, Springer, Cham Springer, Cham, Bergamo, Italy, 2018, ISBN: 978-3-319-95728-9.
  15. Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez (2016): A Model-driven Approach for Engineering Trust and Reputation into Software Services. In: Journal of Network and Computer Applications, vol. 69, pp. 134-151, 2016, ISSN: 1084-8045.
  16. Carmen Fernandez-Gago and Francisco Moyano and Javier Lopez (2017): Modelling Trust Dynamics in the Internet of Things. In: Information Sciences, vol. 396, pp. 72-82, 2017, ISSN: 0020-0255.
  17. Davide Ferraris and Carmen Fernandez-Gago (2019): TrUStAPIS: A Trust Requirements Elicitation Method for IoT. In: International Journal of Information Security, pp. 111-127, 2019, ISSN: 1615-5262.
  18. Davide Ferraris and Daniel Bastos and Carmen Fernandez-Gago and Fadi El-Moussa and Javier Lopez (2019): An Analysis of Trust in Smart Home Devices. In: The 20th World Conference on Information Security Applications: WISA-Workshop 2019, Springer Springer, Jeju Island, Korea, 2019.
  19. Davide Ferraris and Carmen Fernandez-Gago and Joshua Daniel and Javier Lopez (2019): A Segregated Architecture for a Trust-based Network of Internet of Things. In: IEEE Consumer Communications & Networking Conference 2019, IEEE IEEE, Las Vegas (USA), 2019.
  20. Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez (2018): A Trust-by-Design Framework for the Internet of Things. In: 2018 9th IFIP International Conference on New Technologies Mobility and Security (NTMS), IEEE IEEE, Paris, 2018, ISSN: 2157-4960.
  21. Davide Ferraris and Daniel Bastos and Carmen Fernandez-Gago and Fadi El-Moussa (2020): A Trust Model for Popular Smart Home Devices. In: International Journal of Information Security, 2020, ISSN: 1615-5262.
  22. Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez (2022): Verification and Validation Methods for a Trust-by-Design Framework for the IoT. In: 36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’22), pp. 183-194, Springer Springer, Newark, NJ, USA, 2022, ISBN: 978-3-031-10683-5.