Trust & Reputation Management

Since their origins, trust management systems have been used in order to assist entities that have to interact with others in a system. It has been a very important tool for the decision-making process. Sometimes, the available information about the other entities is not enough for establishing a secure exchange of information, but still the interaction must take place. Trust management systems try to supply this lack of information. In the last years, due to the growth of electronic communications and transactions, reputation systems have been developed to aid trust management systems for assisting the trust decision process. 

In order to establish the trust relationship, a trust management system is usually composed of a symbolic language for representing trust and a way of measuring trust (trust metrics) that derives the trust assessment. At NICS we have mainly concentrated on designing different trust models. In particular, we designed a trust model based on graph theory where the vertices of the graph are the entities called trustor and trustee and the edges are the value that the trust function assigned to the relationship between two of the entities. We represented the resulting graphs as matrices and could then work out some features such as complexity. We also characterized the most suitable trust metrics to be used in each case, depending on its properties or the nature of the system.

Sometimes, the application case is dynamic and therefore the inclusion of time as a parameter for measuring trust is very convenient. We designed a trust model where besides trust and reliability as parameters time was also considered.  As an application case, we use the scenario of the reviewing process of a conference where a program committee has to be set up at first. When this program committee has to be updated (here’s where time comes into play) the trust values that the program chair holds about the members can change depending on how they act in the first event. Other trust models designed at NICS include delegation privileges for access control. In this case, we tackled the problem of how to distribute privileges in a network considering the trust relationships among the different actors. Trust becomes a paramount aspect when building distributed applications, and the same applies in a lower scale on modern computers. We propose the use of a trust graph that keeps record of the trust relationships of the system and helps deciding on concurrent access requests. The information encoded in the graph will be used both in order to decide on access requests and to order granted requests in terms of their associated trust level.

We also developed a scale-based trust model where the context where the interactions among users take place plays a key role. The model we proposed takes into account the semantic side of trust and not only the computational side (usually a numerical value) allowing thus the users to possess a more meaningful concept of the information they are handling.

From the reputation point of view we also investigated how in the context of federated identity management trust perception can be exported by using a federated reputation system. We propose a model for deriving trust in online services. In this context, trust is defined as the level of confidence that the service provider holds on the subject interacting with it to behave in a proper way while using the service. Thus, we derive trust by using the reputation values that those users have gained for interacting with these services.

Trust and reputation under the lens of software engineering is another area of research within NICS, which is mainly scoped within the NESSoS EU project, and which intersects with another research area: Secure Service Engineering. The first step towards the holistic inclusion of trust and reputation was the elicitation of a trust conceptual framework where we identified the underlying core concepts of most trust models, abstracting away from the particularities of concrete models.

Using the conceptual framework, we discussed how trust can be considered in the requirements, design and implementation stages. In this direction, our focus is on a development framework that allows building trust and reputation models in services and applications. More specifically, we are exploring how trust can be used to make reconfiguration decisions in self-adaptive systems.