A UML-based Method for the Development of Policies to Support Trust Management

Most of the existing approaches to trust management focus on the issues of assessing the trustworthiness of other entities and of establishing trust between en- tities. This is particularly relevant for dynamic, open and distributed systems, where the identity and intentions of other entities may be uncertain. These approaches of- fer methods to manage trust, and thereby to manage risk and security. The methods are, however, mostly concerned with trust management from the viewpoint of the trustor, and the issue of mitigating risks to which the trustor is exposed. This paper addresses the important, yet quite neglected, challenge of understanding the risks to which a whole system is exposed, in cases where some of the actors within the system make trust-based decisions. The paper contributes by proposing a method for the modeling and analysis of trust, as well as the identification and evaluation of the associated risks and opportunities. The analysis facilitates the capture of trust policies, the enforcement of which optimizes the trust-based decisions within the system. The method is supported by formal, UML-based languages for the model- ing of trust scenarios and for trust policy specification.

[1]  Emil C. Lupu,et al.  Security and management policy specification , 2002, IEEE Netw..

[2]  Morris Sloman,et al.  Policy driven management for distributed systems , 1994, Journal of Network and Systems Management.

[3]  Ketil Stølen,et al.  STAIRS towards formal design with sequence diagrams , 2005, Software & Systems Modeling.

[4]  Paul McNamara,et al.  Deontic logic , 2006, Logic and the Modalities in the Twentieth Century.

[5]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[6]  Diego Gambetta Can We Trust Trust , 2000 .

[7]  C. Badcock,et al.  Trust : making and breaking cooperative relations , 1989 .

[8]  Claudia Keser,et al.  Can We Manage Trust? , 2005, iTrust.

[9]  Ketil Stølen,et al.  Underspecification, Inherent Nondeterminism and Probability in Sequence Diagrams , 2006, FMOODS.

[10]  M. Bacharach,et al.  Trust in signs. , 2001 .

[11]  Lea Kutvonen,et al.  Trust Management Survey , 2005, iTrust.

[12]  B. Solhaug,et al.  Why Trust is not Proportional to Risk , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[13]  Ketil Stølen,et al.  Extending UML sequence diagrams to model trust-dependent behavior with the aim to support risk analysis , 2008, Sci. Comput. Program..