TRUST & REPUTATION MANAGEMENT
Since their origins, trust management systems have been used in order to assist entities that have to interact with others in a system. It has been a very important tool for the decision-making process. Sometimes, the available information about the other entities is not enough for establishing a secure exchange of information, but still the interaction must take place. Trust management systems try to supply this lack of information. In the last years, due to the growth of electronic communications and transactions, reputation systems have been developed to aid trust management systems for assisting the trust decision process.
In order to establish the trust relationship, a trust management system is usually composed of a symbolic language for representing trust and a way of measuring trust (trust metrics) that derives the trust assessment.
The research carried out at NICS in this topic has followed different approaches.
At the first stages we mainly concentrated on designing different trust models for different applications. We characterized the most suitable trust metrics to be used in each case, depending on its properties or the nature of the system and designed a trust model based on graph theory [1]. Sometimes, the application case is dynamic and therefore the inclusion of time as a parameter for measuring trust is very convenient. We designed a trust model where besides trust and reliability as parameters time was also considered [2]. Other trust models designed at NICS included delegation privileges for access control. In this case, we tackled the problem of how to distribute privileges in a network considering the trust relationships among the different actors. We propose the use of a trust graph that keeps record of the trust relationships of the system and helps deciding on concurrent access requests. The information encoded in the graph will be used both in order to decide on access requests and to order granted requests in terms of their associated trust level [3], [4]. We also developed a scale-based trust model where the context where the interactions among users take place plays a key role. The model we proposed takes into account the semantic side of trust and not only the computational side (usually a numerical value) allowing thus the users to possess a more meaningful concept of the information they are handling.
Previous research lines
From the reputation point of view we also investigated how in the context of federated identity management trust perception can be exported by using a federated reputation system. We propose a model for deriving trust in online services. In this context, trust is defined as the level of confidence that the service provider holds on the subject interacting with it to behave in a proper way while using the service. Thus, we derive trust by using the reputation values that those users have gained for interacting with these services [5].
Then, our research considered the inclusion of trust and reputation management since the beginning of the development of software services by following the Software Development LifeCycle (SDLC). This work was carried out mainly within the scope of the NESSoS EU project, and which intersects with another research area: Secure Service Engineering. The first step towards the holistic inclusion of trust and reputation was the elicitation of a trust conceptual framework where we identified the underlying core concepts of most trust models, abstracting away from the particularities of concrete models [6].
Using the conceptual framework, our focus is on a development framework that allows building trust and reputation models in services and applications. We have thus designed different components that include trust and reputation for each of the different phases of the SDLC. More specifically, we are exploring how trust can be used to make reconfiguration decisions in self-adaptive systems. For the requirements phase we have considered different ways to elicit them by designing an extension of UML [7], using extensions of SI* [8], patterns [9], [10]. A very related requirement to trust is privacy. We have considered these relationship in the following works [11], [12]. These two last works considered a specific case of trust models which are negotiation models. Other works for these type of models considered also the languages needed in order to include them into the SDLC [13] and [14].
The development framework that we have proposed is based on the so-called models@run.time. We called our approach trust@run.time [15]. This framework integrates trust and reputation into a distributed component-model that implements the models@run.time paradigm, thus allowing the system to include trust in their reasoning process.
As the growth of the IoT paradigm is a fact and this paradigm is being largely used, lately, we have developed a framework for the inclusion of trust and reputation to the design and development of IoT scenarios [16]. In order to realise this framework we have to develop each of the layers that it is composed of [17], [18], [19], [20], [21]. Part of this work have been carried out in the scope of the projects NeCS and PRECISE.
In particular, we are considering the applications of IoT for smart home scenarios [22]. In order to achieve this task, we have published a survey on IoT trust model frameworks [23]. The survey emphasizes the importance of considering trust throughout the System Development Life Cycle (SDLC) for IoT entities. It offers an analysis of various frameworks developed to incorporate trust into IoT, classifying them based on critical parameters such as context, trust characteristics and trust related properties (i.e., security, privacy, identity). This classification highlights significant gaps and proposes potential solutions, offering a roadmap for developing comprehensive frameworks that effectively implement trust in IoT.
Furthermore, the challenge of trust interoperability in the IoT has been addressed in [24]. In the heterogeneous IoT paradigm, entities often establish collaborations with others, necessitating a shared understanding of trust despite differing trust models. This paper proposes an interoperability framework designed to bridge the gap between diverse trust models in IoT scenarios. By enabling entities to process trust information from other entities with differing trust systems, the framework fosters seamless trust establishment and management. This approach ensures that trust relationships can be established and maintained even in highly diverse IoT environments, supporting more robust interconnections and collaborative operations. These latest works have been part of the results of the collaboration project with Huawei Technologies [Trust IoT].
Finally, in [25], we investigated the application of trust in dynamic routing through the development of the DrATC (Dynamic Routing Algorithm Based on Trust Characteristics). This algorithm leverages various trust attributes—such as direct and indirect experiences, transitivity, directionality, and context dependence—to identify the most trusted path in a network. By tailoring the routing protocol to selectively include these attributes, DrATC adapts dynamically to varying network conditions and requirements. For example, it can prioritize direct trust for simple scenarios or incorporate both direct and indirect trust for more complex scenarios. Additionally, it explores alternative routes based on trust metrics to ensure sensitive data is routed through the most secure paths. Experimental results validate the algorithm’s efficacy in enhancing the reliability and security of data transmission, demonstrating the critical role of adaptability and context in trust-based routing decisions.
This latest research underscores the necessity of integrating trust into the IoT ecosystem and provides new tools and frameworks to address trust challenges, paving the way for secure and reliable IoT deployments.
References
- Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez (2008): A Model for Trust Metrics Analysis. In: 5th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’08), pp. 28-37, Springer Springer, 2008, ISSN: 0302-9743 (Print) 1611-3349 (Online).
- Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez (2008): An Evolutionary Trust and Distrust Model. In: 4th Workshop on Security and Trust Management (STM’08), pp. 3-12, Elsevier Elsevier, Trondheim, Norway, 2008, ISSN: 1571-0661.
- Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez (2008): Delegating Privileges over Finite Resources: A Quota Based Delegation Approach. In: 5th International Workshop on Formal Aspects in Security and Trust (FAST’08), pp. 302-315, Springer Springer, Malaga (Spain), 2008, ISSN: 0302-9743 (Print) 1611-3349 (Online).
- Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez (2010): A Scale Based Trust Model for Multi-Context Environments. In: Computers and Mathematics with Applications, vol. 60, pp. 209-216, 2010, ISSN: 0898-1221.
- Isaac Agudo and Carmen Fernandez-Gago and Javier Lopez (2009): A Multidimensional Reputation Scheme for Identity Federations. In: Sixth European Workshop on Public Key Services, Applications and Infrastructures (EuroPKI’09), pp. 225-238, Springer Springer, 2009, ISSN: 0302-9743 (Print) 1611-3349 (Online).
- Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez (2012): A Conceptual Framework for Trust Models. In: Fischer-Hübner, Simone; Katsikas, Sokratis K.; Quirchmayr, Gerald (Ed.): 9th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2012), pp. 93-104, Springer Verlag Springer Verlag, Vienna, 2012, ISSN: 0302-9743.
- Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez (2013): Towards Engineering Trust-aware Future Internet Systems. In: Franch, Xavier; Soffer, Pnina (Ed.): 3rd International Workshop on Information Systems Security Engineering (WISSE 2013), pp. 490-501, Springer-Verlag Springer-Verlag, Valencia, 2013, ISSN: 1865-1348.
- Federica Paci and Carmen Fernandez-Gago and Francisco Moyano (2013): Detecting Insider Threats: a Trust-Aware Framework. In: 8th International Conference on Availability, Reliability and Security, pp. 121-130, IEEE IEEE, Regensburg, Germany, 2013, ISBN: 978-0-7695-5008-4.
- Francisco Moyano and Carmen Fernandez-Gago and Kristian Beckers and Maritta Heisel (2015): Engineering Trust- and Reputation-based Security Controls for Future Internet Systems. In: The 30th ACM/SIGAPP Symposium On Applied Computing (SAC 2015), pp. 1344-1349, Salamanca, Spain, 2015, ISBN: 978-1-4503-3196-8.
- Francisco Moyano and Carmen Fernandez-Gago and Kristian Beckers and Maritta Heisel (2014): Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements. In: Cuellar, Jorge (Ed.): Smart Grid Security – Second International Workshop, pp. 166-180, Springer Springer, Munich, 2014, ISSN: 0302-9743.
- Ruben Rios and Carmen Fernandez-Gago and Javier Lopez (2016): Privacy-Aware Trust Negotiation. In: 12th International Workshop on Security and Trust Management (STM), pp. 98-105, Springer Springer, Heraklion, Crete, Greece, 2016, ISSN: 0302-9743.
- Ruben Rios and Carmen Fernandez-Gago and Javier Lopez (2018): Modelling Privacy-Aware Trust Negotiations. In: Computers & Security, vol. 77, pp. 773-789, 2018, ISSN: 0167-4048.
- Martin Kolar and Carmen Fernandez-Gago and Javier Lopez (2019): A Model Specification for the Design of Trust Negotiations. In: Computers & Security, vol. 84, pp. 288-300, 2019, ISSN: 0167-4048.
- Martin Kolar and Carmen Fernandez-Gago and Javier Lopez (2018): Policy Languages and Their Suitability for Trust Negotiation. In: 32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXXII, 2018, pp. 69-84, Springer, Cham Springer, Cham, Bergamo, Italy, 2018, ISBN: 978-3-319-95728-9.
- Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez (2016): A Model-driven Approach for Engineering Trust and Reputation into Software Services. In: Journal of Network and Computer Applications, vol. 69, pp. 134-151, 2016, ISSN: 1084-8045.
- Carmen Fernandez-Gago and Francisco Moyano and Javier Lopez (2017): Modelling Trust Dynamics in the Internet of Things. In: Information Sciences, vol. 396, pp. 72-82, 2017, ISSN: 0020-0255.
- Davide Ferraris and Carmen Fernandez-Gago (2019): TrUStAPIS: A Trust Requirements Elicitation Method for IoT. In: International Journal of Information Security, pp. 111-127, 2019, ISSN: 1615-5262.
- Davide Ferraris and Daniel Bastos and Carmen Fernandez-Gago and Fadi El-Moussa and Javier Lopez (2019): An Analysis of Trust in Smart Home Devices. In: The 20th World Conference on Information Security Applications: WISA-Workshop 2019, Springer Springer, Jeju Island, Korea, 2019.
- Davide Ferraris and Carmen Fernandez-Gago and Joshua Daniel and Javier Lopez (2019): A Segregated Architecture for a Trust-based Network of Internet of Things. In: IEEE Consumer Communications & Networking Conference 2019, IEEE IEEE, Las Vegas (USA), 2019.
- Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez (2018): A Trust-by-Design Framework for the Internet of Things. In: 2018 9th IFIP International Conference on New Technologies Mobility and Security (NTMS), IEEE IEEE, Paris, 2018, ISSN: 2157-4960.
- Davide Ferraris and Daniel Bastos and Carmen Fernandez-Gago and Fadi El-Moussa (2020): A Trust Model for Popular Smart Home Devices. In: International Journal of Information Security, 2020, ISSN: 1615-5262.
- Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez (2022): Verification and Validation Methods for a Trust-by-Design Framework for the IoT. In: 36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec’22), pp. 183-194, Springer Springer, Newark, NJ, USA, 2022, ISBN: 978-3-031-10683-5.
- Davide Ferraris and Carmen Fernandez-Gago and Rodrigo Roman and Javier Lopez (2023): A Survey on IoT Trust Model Frameworks. In: The Journal of Supercomputing, vol. 80, pp. 8259–8296, 2023.
- Carmen Fernandez-Gago and Davide Ferraris and Rodrigo Roman and Javier Lopez (2024): Trust interoperability in the Internet of Things. In: Internet of Things, vol. 26, 2024.
- Davide Ferraris and Lorenzo Monti (2024): DrATC: Dynamic routing Algorithm based on Trust Characteristics. In: The 20th International Workshop on Security and Trust Management (STM 2024), Springer, Bydgoszcz, Poland, Forthcoming.