Extending UML sequence diagrams to model trust-dependent behavior with the aim to support risk analysis

UML sequence diagrams are intuitively simple and can be understood by most stakeholders, including end-users, decision makers, engineers and other parties involved in a risk analysis. Building on UML sequence diagrams and trying to maintain their intuitive simplicity, we propose a language for modeling systems where the trust considerations of actors play a major role. Trust considerations are integrated with behavioral descriptions in order to facilitate analysis of the trust considerations of the actors, as well as their resulting behavior. We claim that our language allows trust dependent behavior to be described at a level of abstraction suitable for communication between different groups of stakeholders in a risk analysis situation. Furthermore, we argue that the increased expressiveness is required to facilitate the kind of analysis necessary to properly weigh and treat trust dependent risk behavior.

[1]  Audun Jøsang Probabilistic Logic under Uncertainty , 2007, CATS.

[2]  Yannis C. Stamatiou,et al.  Experiences from using model-based risk assessment to evaluate the security of a telemedicine application , .

[3]  John Mylopoulos,et al.  Requirements Engineering Meets Trust Management: Model, Methodology, and Reasoning , 2004, iTrust.

[4]  John Mylopoulos,et al.  Requirements engineering for trust management: model, methodology, and reasoning , 2006, International Journal of Information Security.

[5]  Ketil Stølen,et al.  Specification and Refinement of Soft Real-Time Requirements Using Sequence Diagrams , 2005, FORMATS.

[6]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[7]  Ketil Stølen,et al.  Experiences from Using the CORAS Methodology to Analyze a Web Application , 2005, J. Cases Inf. Technol..

[8]  Tobias Mahler,et al.  ENFORCE Conceptual Framework , 2007 .

[9]  Alexander K. Petrenko,et al.  Electronic Notes in Theoretical Computer Science , 2009 .

[10]  Ketil Stølen,et al.  Using model-based security analysis in component-oriented system development , 2006, QoP '06.

[11]  Svein J. Knapskog,et al.  Belief-Based Risk Analysis , 2004, ACSW.

[12]  Øystein Haugen,et al.  Refining UML Interactions with Underspecification and Nondeterminism , 2005, Nord. J. Comput..

[13]  Ketil Stølen,et al.  STAIRS towards formal design with sequence diagrams , 2005, Software & Systems Modeling.

[14]  Diego Gambetta Trust : making and breaking cooperative relations , 1992 .

[15]  Claudia Keser,et al.  Can We Manage Trust? , 2005, iTrust.

[16]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[17]  Ketil Stølen,et al.  Underspecification, Inherent Nondeterminism and Probability in Sequence Diagrams , 2006, FMOODS.

[18]  Audun Jøsang,et al.  A Logic for Uncertain Probabilities , 2001, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[19]  Diego Gambetta Can We Trust Trust , 2000 .