Abstract
The Future Internet (FI) comprises scenarios where many heterogeneous and dynamic entities must interact to provide services (e.g., sensors, mobile devices and information systems in smart city scenarios). The dynamic conditions under which FI applications must execute call for self-adaptive software to cope with unforeseeable changes in the application environment. Models@run.time is a promising model-driven approach that supports the runtime adaptation of distributed, heterogeneous systems. Yet frameworks that accommodate this paradigm have limited support to address security concerns, hindering their usage in real scenarios. We address this challenge by enhancing models@run.time with the concepts of trust and reputation. Trust improves decision-making processes under risk and uncertainty and constitutes a distributed and flexible mechanism that does not entail heavyweight administration. This chapter introduces a trust and reputation framework that is integrated into a distributed component model that implements the models@run.time paradigm, thus allowing software components to include trust in their reasoning process. The framework is illustrated in a smart grid scenario.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blair, G., Bencomo, N., France, R.B.: Models@ run.time. Computer 42(10), 22–27 (2009)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, SP 1996, p. 164. IEEE Computer Society, Washington, DC (1996)
Chakraborty, S., Ray, I.: Trustbac: Integrating trust relationships into the rbac model for access control in open systems. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, SACMAT 2006, pp. 49–58. ACM, New York (2006)
Chu, Y.-H., Feigenbaum, J., LaMacchia, B., Resnick, P., Strauss, M.: REFEREE: Trust management for Web applications. In: Selected Papers From the Sixth International Conference on World Wide Web, pp. 953–964. Elsevier Science Publishers Ltd., Essex (1997)
Conner, W., Iyengar, A., Mikalsen, T., Rouvellou, I., Nahrstedt, K.: A trust management framework for service-oriented environments. In: Proceedings of the 18th International Conference on World Wide Web, WWW 2009, pp. 891–900. ACM, New York (2009)
Crapanzano, C., Milazzo, F., De Paola, A., Re, G.L.: Reputation Management for Distributed Service-Oriented Architectures. In: 2010 Fourth IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshop (SASOW), pp. 160–165 (2010)
Farmer, R., Glass, B.: Building Web Reputation Systems, 1st edn. Yahoo! Press, USA (2010)
Fouquet, F., Barais, O., Plouzeau, N., Jézéquel, J.-M., Morin, B., Fleurey, F.: A Dynamic Component Model for Cyber Physical Systems. In: 15th International ACM SIGSOFT Symposium on Component Based Software Engineering, Bertinoro, Italie (July 2012)
Ghezzi, C.: The fading boundary between development time and run time. In: Zavattaro, G., Schreier, U., Pautasso, C. (eds.) ECOWS, p. 11. IEEE (2011)
Grandison, T.: Trust management for internet applications. PhD thesis, University of London (July 2002)
Hanen, H., Bourcier, J.: Dependability-Driven Runtime Management of Service Oriented Architectures. In: PESOS - 4th International Workshop on Principles of Engineering Service-Oriented Systems - 2012, Zurich, Suisse (June 2012)
Herrmann, P., Krumm, H.: Trust-adapted enforcement of security policies in distributed component-structured applications. In: Proceedings of the Sixth IEEE Symposium on Computers and Communications, pp. 2–8 (2001)
Herrmann, P.: Trust-Based Protection of Software Component Users and Designers. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 75–90. Springer, Heidelberg (2003)
Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decision Support Systems 43(2), 618–644 (2007)
Jürjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
Marsh, S.: Formalising Trust as a Computational Concept. PhD thesis, University of Stirling (April 1994)
McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: Proceedings of the 15th Annual Computer Security Applications Conference, ACSAC 1999, p. 55. IEEE Computer Society, Washington, DC (1999)
Miller, K.W., Voas, J., Laplante, P.: In Trust We Trust. Computer 43, 85–87 (2010)
Mouratidis, H., Giorgini, P.: Secure Tropos: A Security-Oriented Extension of the Tropos Methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)
Moyano, F., Fernandez-Gago, C., Lopez, J.: A conceptual framework for trust models. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 93–104. Springer, Heidelberg (2012)
Moyano, F., Fernandez, C., Lopez, J.: Towards engineering trust-aware future internet systems. In: Franch, X., Soffer, P. (eds.) CAiSE Workshops 2013. LNBIP, vol. 148, pp. 490–501. Springer, Heidelberg (2013)
NESSoS. Initial version of two case studies, evaluating methodologies. Deliverable 11.3: http://www.nessos-project.eu/ (October 2012)
Pavlidis, M., Mouratidis, H., Islam, S.: Modelling Security Using Trust Based Concepts. IJSSE 3(2), 36–53 (2012)
Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed internet of things. Computer Networks 57, 2266–2279 (2013)
Schneier, B.: Attack Trees: Modeling Security Threats. Dr. Dobb’s Journal (1999)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005)
Uddin, M.G., Zulkernine, M.: Umltrust: Towards developing trust-aware software. In: Proceedings of the 2008 ACM Symposium on Applied Computing, SAC 2008, pp. 831–836. ACM, New York (2008)
van Lamsweerde, A., Letier, E.: Handling Obstacles in Goal-Oriented Requirements Engineering. IEEE Trans. Softw. Eng. 26(10), 978–1005 (2000)
Yan, Z., Prehofer, C.: Autonomic Trust Management for a Component-Based Software System. IEEE Transactions on Dependable and Secure Computing 8(6), 810–823 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Moyano, F., Fernandez-Gago, C., Baudry, B., Lopez, J. (2014). Engineering Trust-Awareness and Self-adaptability in Services and Systems. In: Heisel, M., Joosen, W., Lopez, J., Martinelli, F. (eds) Engineering Secure Future Internet Services and Systems. Lecture Notes in Computer Science, vol 8431. Springer, Cham. https://doi.org/10.1007/978-3-319-07452-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-07452-8_8
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07451-1
Online ISBN: 978-3-319-07452-8
eBook Packages: Computer ScienceComputer Science (R0)