Modeling Trust Relationships for Developing Trustworthy Information Systems

Developing a trustworthy information system is a challenging task. The overall trustworthiness of an information system depends on trust relationships that are generally assumed without adequate justification. However, lack of appropriate analysis of such relationships and of appropriate justification of relevant trust assumptions might lead to systems that fail to fully achieve their functionalities. Existing literature does not provide adequate guidelines for a systematic process or an appropriate modeling language to support such trust-focused analysis. This paper fills this gap by introducing a process that allows developers to capture possible trust relationships and to reason about them. The process is supported by a modeling language based on a set of concepts relating to trust and control and a CASE tool. An illustrative example from the UK health care domain is used to demonstrate the applicability and usefulness of the approach.

[1]  Shareeful Islam,et al.  Integrating risk management activities into requirements engineering , 2010, 2010 Fourth International Conference on Research Challenges in Information Science (RCIS).

[2]  Mohammad Zulkernine,et al.  UMLtrust: towards developing trust-aware software , 2008, SAC '08.

[3]  Bashar Nuseibeh,et al.  Security Requirements Engineering for Evolving Software Systems: A Survey , 2010, Int. J. Secur. Softw. Eng..

[4]  Anthony M. Cresswell,et al.  Information systems development as emergent socio-technical change: a practice approach , 2005, Eur. J. Inf. Syst..

[5]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.

[6]  John Mylopoulos,et al.  Requirements engineering for trust management: model, methodology, and reasoning , 2006, International Journal of Information Security.

[7]  Chia-Chu Chiang,et al.  Coordination Languages and Models for Open Distributed Systems , 2013, Int. J. Softw. Innov..

[8]  Claudia Keser,et al.  Can We Manage Trust? , 2005, iTrust.

[9]  Haralambos Mouratidis,et al.  Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..

[10]  Alireza Pourshahid,et al.  Modeling trust in e-commerce: an approach based on user requirements , 2007, ICEC.

[11]  Lin Liu,et al.  Modelling Trust for System Design Using the i* Strategic Actors Framework , 2000, Trust in Cyber-societies.

[12]  Jan Jürjens,et al.  Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec , 2010, Requirements Engineering.

[13]  Kamaljit Kaur Bimrah A framework for modelling trust during information systems development , 2009 .

[14]  Eric S. K. Yu,et al.  Towards modelling and reasoning support for early-phase requirements engineering , 1997, Proceedings of ISRE '97: 3rd IEEE International Symposium on Requirements Engineering.

[15]  Michael Leuschel,et al.  Holistic Trust Design of E-Services , 2006 .

[16]  Dickson K. W. Chiu Theoretical and Analytical Service-Focused Systems Design and Development , 2012 .

[17]  Haralambos Mouratidis,et al.  A Meta-model for Legal Compliance and Trustworthiness of Information Systems , 2012, CAiSE Workshops.

[18]  Julian R. Gallop,et al.  Execution Management for Mobile Service-Oriented Environments , 2010, Int. J. Syst. Serv. Oriented Eng..

[19]  Haralambos Mouratidis,et al.  Modelling Security Using Trust Based Concepts , 2012, Int. J. Secur. Softw. Eng..

[20]  Haralambos Mouratidis,et al.  A Language for Modelling Trust in Information Systems , 2008, ISD.

[21]  Jan Jürjens,et al.  A framework to support alignment of secure software engineering with legal regulations , 2011, Software & Systems Modeling.

[22]  Haralambos Mouratidis,et al.  Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations , 2010, REFSQ.

[23]  Neil F. Doherty,et al.  From technical to socio-technical change: tackling the human and organizational aspects of systems development projects , 2005, Eur. J. Inf. Syst..

[24]  Guido Möllering,et al.  The Trust/Control Duality , 2005 .

[25]  W. Hamilton,et al.  The Evolution of Cooperation , 1984 .

[26]  Piotr Cofta,et al.  Incorporating Social Trust into Design Practices for Secure Systems , 2010, Int. J. Dependable Trust. Inf. Syst..

[27]  Haralambos Mouratidis,et al.  Dealing with trust and control: A meta-model for trustworthy information systems development , 2012, 2012 Sixth International Conference on Research Challenges in Information Science (RCIS).

[28]  Lin Liu,et al.  A Social Ontology for Integrating Security and Software Engineering , 2009 .