Proactive Trust Assessment of Systems as Services

The paper is devoted to the trust assessment problem for specific types of software/hardware systems, namely Systems as Services. We assume that such systems are designed and utilized in all application domains, and therefore the aspects of trust are becoming crucial. Moreover, these systems are mainly used on-demand and are often represented by a composition of ‘smaller’ services. Thus, an effective method for estimating/assessing the trust level of a given component service (or a system as a whole) needs to be utilized. Most known methods and techniques for trust evaluation mainly rely on the passive testing and system monitoring; in this paper, we propose a novel approach for this problem taking advantage of active testing techniques. Test sequences to be applied to a system/service under test are derived based on determining the critical values of non-functional service parameters. A set of these parameters can be obtained via a static code analysis of the system/service or by addressing available experts. Machine learning techniques can be applied later on, for determining critical parameter values and thus, deriving corresponding test sequences. The paper contains an illustrative example of RESTFul web service which components are checked w.r.t. critical trust properties.

[1]  Ernesto Damiani,et al.  From Security to Assurance in the Cloud , 2015, ACM Comput. Surv..

[2]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[3]  Cesare Pautasso,et al.  Restful web services vs. "big"' web services: making the right architectural decision , 2008, WWW.

[4]  Marianne Winslett,et al.  TrustBuilder2: A Reconfigurable Framework for Trust Negotiation , 2009, IFIPTM.

[5]  Jorge López Distributed on-line network monitoring for trust assessment. (Monitorage en-ligne et distribué de réseaux pour l'évaluation de la confiance) , 2015 .

[6]  Trevor Jim,et al.  SD3: a trust management system with certified evaluation , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[7]  Jorge López,et al.  Behavior evaluation for trust management based on formal distributed network monitoring , 2015, World Wide Web.

[8]  Pat Langley,et al.  Selection of Relevant Features and Examples in Machine Learning , 1997, Artif. Intell..

[9]  Stephane Maag,et al.  Towards a Generic Trust Management Framework Using a Machine-Learning-Based Trust Model , 2015, TrustCom 2015.

[10]  Tyrone Grandison,et al.  Trust Management Tools , 2007 .

[11]  Morris Sloman,et al.  Trust Management Tools for Internet Applications , 2003, iTrust.

[12]  Bernhard E. Boser,et al.  A training algorithm for optimal margin classifiers , 1992, COLT '92.

[13]  Jia Guo,et al.  Dynamic Hierarchical Trust Management of Mobile Groups and Its Application to Misbehaving Node Detection , 2014, 2014 IEEE 28th International Conference on Advanced Information Networking and Applications.