Trust-IT - using Trust Cases to promote trust

Objectives:

To develop effective methods and tools for developing, editing and maintaining evidence based arguments (called trust cases), represented and accessed in the cyberspace and used to promote trust.

TRUST-IT in brief:

TRUST-IT conformance to ISO/IEC 15026

TRUST-IT services

Contact:

The contact for this research project is here.

Rationale:

Exchanging arguments which explicitly refer to the supporting evidence is an impotrant mechanism for promoting trust. For instance, if one can present an argument about safety of a given service and the argument is based on evidence, the user of the service gets more confidence in the service and its dependability. Such arguments can be built for different objects (e.g. IT systems and/or IT services) to justify safety, security, privacy and any other qualities expected by the users. Integrating supporting evidence in the argument makes it more convincing and less subjective. The concept of trust case refers to such evidence based arguments that are used for justification of the trustworthiness of different objects considered in their application contexts

Approach:

The research focuses on devising a methodological framework within which a (justified) confidence in the trustworthiness of an object used in a specific application context can be developed and maintained. The framework is built around the concept of the Trust Case (TC) and includes:

  • TC language - the syntax, semantics and typical design patterns of trust cases.
  • TC process - how trust cases are developed, maintained and used.
  • TC assessment – how to assess the 'compelling power' of a trust case.
  • TC visualization – how present a trust case and the results of its assessment.
  • TC system - the environment supporting the TC language and process.

The method of work is based on the following principles:

  • Developing the trust case ontology that covers the trust case structuring concepts and evidence categories.
  • Developing the trust ontology that covers different trust categories, their decomposition and relationships.
  • Identification of the main trust "drivers" and developing the TC system architecture according to their structure.
  • Developing the TC process as a collaborative role-based activity involving active participation of all relevant stakeholders.
  • Investigating security and privacy issues related to trust cases and developing adequate policies and mechhanisms to meet stakeholders' expectations w.r.t. security and privacy.
  • Investigating the role of trust case patterns, in particular in relation to standards.
  • Addressing the dynamic aspects of the trust case related to the evolution of the trusted object and its application context.
  • Providing for reasoning within the trust case to assess the overall 'compelling power' of the trust case based on local assessments of the evidence (e.g. by expert opinions), and recommendations and evaluation of inferences used inn the trust case.
  • Using XML as the integrating base for all documents maintained within the TC system.
  • Extensive use of modeling to support the meaning of the trust case and its relationship to the considered system/infrastructure and its application context.
  • Investigation of specific information assurance methods and techniques with respect to their contribution to "strengthening" the trust case.

Schedule:

  • The project started in 2001.

  • Within the period June 2002-January 2003 the research was carried out within the EU 5th Framework IST-1999-12040 DRIVE project. It concentrated on the TC language issues.

  • In 2004 the first version of a TC system was deployed. The DRIVE Trust Case has been inserted to the tool.

  • In the period 2004-2008 the research was supported by 6th FR Integrated Project PIPS (Personalized Information Platform for Health and life Services) Contract number 507019. The research was aimed at experimenting with the TC process and further development of the TC language amd development and deployment of working protorypes and application of these prototypes to analysis of safety, security and provacy properties of innovative IT services for health and lifestyle.

  • In 2006-2009 the TC system has been upgraded (to a web-based RIA system), a number of functional extensions were added and the concept of trust cases was applied to analyse safety, security and privacy issues of the wireless sensor network platform (the ANGEL platform) for e-health and home environment monitoring and to several demonstrators of this platform applicability. This research was carried out within the scope of 6th FR STREP Project ANGEL (Advanced Networked embedded platform as a Gateway to Enhance quality of Life) Contract number IST-033506.

  • From 2010 the research focuses on developing and deploying a set of services (called NOR-STA services) within which trust cases are used to support processes of standards conformance. The main idea is to use trust cases to represent conformance arguments and to derive structure of such arguments from the normative document (standard, regulation etc.). The NOR-STA services can be used not only for representing conformance arguments but (which is even more important) during the conformance achieving process, providing guidance and facilitation self-assessment. This research is carried out in the project: Support for Achieving and Assessing Conformance to NORms and STAndards (NOR-STA), within the framework Innovative Economy Program in Poland (Priority 1: Research and Development of New Technologies, Activity 1.3: Support for R&D projects realized by research institution on behalf of enterprises, Subactivity 1.3.1: Development projects,Thematic group INFO).

  • In 2010 and 2011 a number experiments are carried out in which real users apply NOR-STA services while achieving conformance to standards of their interest. The experiments provide feedback and help in identification and validation of a business model for introducing NOR-STA services to the market.

  • In 2011-2012 a major technological change of TC system is being planned together with several functional extensions which include mechanisms for cusomized argument assessment, mechanisms for managing multiple experts' opinions and mechanisms for real-time monitoring of trust cases.

Results:

The results achieved so far include:

  • Trust Cases are offered as a set of services for instantiating, editing, structuring and assessing arguments integrated with the supporting evidence. The range of evidence supported by the services covers all digital media, including images, documents, scans, movie or sound clips and so on. Trust cases and their assessment are presented in a graphic form and colouring schemes are used to present the results of argument assessment. The services are accessible in the cyberspace by means of standard Internet browsers. The services are deployed in accordance wih the SaaS (Software-as-a-Service) cloud computing model [Visit the Trust-IT demonstrator homepage].

  • Security of information entrusted to a trust case is handled on three levels:
    • Information directly included in the trust case nodes is secured in accordance with the security policy agreed between the trust case services provider and the trust case services user, which is a part of the QoS agreement,
    • Security of the information indirectly integrated with the trust case (the supporting evidence) can be ensured as abo ve (i.e. as a part of QoS agreement) or can be entirely left under control of the information owner (the trust case services user) who is responsible for choosing and implementing adequate security controls,
    • Information of extreme sensitivity can be entirely separated from the trust case and represented by metadata defined by the information owner.

  • A customizable trust case assessment mechanisms are included which provides for assessing the 'compelling power' of the trust case argument and the supporting evidence. The mechanisms include an innovative argument assessment algorithm based on Dempster-Shaffer theory of evidence and a number of spacialized algorithms provided by the users representing different domains (prosently two such mechanisms are available: for conformance assessment to a quality management standard in healthcare and for conformance assessment to a security managment standard for outsourcing). Additionsl mechanisms can be added if needed.

  • A mechanism for trust cases comparison and monitoring has been added which provides for comparing different trust cases with the same argument structure. This mechanism is dedicated to the applications where a number of different subjects is to provide trust cases related to the same objective (for instance, demonstrating fulfillment of some pre-defined set of criteria)

  • Experience from different application contexts of trust cases were collected, which includes:
    • application of trust cases to analysis of patient safety, patient privacy and information assets security in innovative personalized health and well-being services in PIPS 6th FR Integrated Project,
    • application of trust cases to analysis of patient safety, patient privacy and information assets security in a wireless sensor network platform for health and home environment monitoring services in ANGEL 6th FR STREP Project,
    • application of trust cases to analysis of patient safety and information assets security in a drug management system in hospital environment in DRIVE 5th FR Project,
    • application of trust cases to analyze safety of a technical platform for automobile automation in DECOS 6th FR Integrated Project,
    • application of trust cases to a number of internationsl standards, including ISO 27001, ISO 14971:2000, ISO 15408 (common Criteria).
    • application of trust cases to justify criteria used by HON (Health on the Net Foundation) during certifying websites related to healthcare [Link to on-line HON Trust Case]
    • application of trust cases to analyse security of a system supporting qualified electronic signature services in Poland,
    • application of trust cases to re-define a common Goal-Question-Metrics (GQM) method of defining a goal-driven measurement system into GAM - Goal-Argument-Metrics approach, where the relationship between the measurement goals and the related metrics is supported by an explicite argument,
    • application of trust cases to support processes of standards conformance achieving and assessment. This includes the experimental deployment of trust case services (called NOR-STA services) for a numenr of real users, including hospitals and businesses [Link to NOR-STA project website]

Trust-IT leaflet:

Download PDF (107 kB)

NOR-STA services leaflet:

Download PDF (714 kB)

Publications:

  1. Cyra Ł., Górski J., Support for argument structures review and assessment, Reliability Engineering and System Safety, Elsevier, Volume 96, 2011, pp. 26-37

  2. Cyra Ł., Górski J., SCF – a Framework Supporting Achieving and Assessing Conformity with Standards, Computer Standards & Interfaces, Elsevier, Volume 33 Issue 1, January, 2011,pp. 80-95

  3. J. Górski, M. Witkowicz, Testowanie w przyrostowym i ewolucyjnym cyklu życia oprogramowania, In: Software Engineering and IT systems Integration, Eds. J Górski i C. Orłowski, PWNT Gdańsk, 2010, pp. 153-160, (in Polish)

  4. Gorski J., Cyra L., Jarzebowicz A., Miler J.: Argument Strategies and Patterns of the Trust-IT Framework, Polish Journal of Environmental Studies Vol. 17, no. 4C (2008), pp. 323-329.

    Download PDF (399 kB)

  5. Gorski J., Cyra L., Jarzebowicz A., Miler J.: Representing and appraising Toulmin model arguments in trust cases, Proceedings of 8th Workshop on Computational Models of Natural Argument (CMNA 08), Patras, Greece, 21 July 2008.

    Download PDF (182 kB)

  6. Gorski J., Jarzebowicz A., Miler J.: Arguing trustworthiness of e-health services with the Trust-IT framework, Proceedings of 25th Healthcare Computing conference (HC 2008), Harrogate, UK, 21-23 April 2008.

    Download PDF (101 kB)

  7. Ł. Cyra, J. Górski, Expert Assessment of Arguments: a Method and its Experimental Evaluation, The Proceedings of the 27th International Conference on Computer Safety, Reliability and Security SAFECOMP 2008, Newcastle, UK, 2008, Springer, Lecture Notes in Computer Science, Volume 5219, Berlin/Heidelberg, 2008, pp 291-304.
  8. Download PDF (431 kB)

  9. Ł. Cyra, "A Method of Trust Case Templates to Support Standards Conformity Achievement and Assessment"(The Polish title: "Metoda szablonów dowodowych do wspomagania osiągania i oceny zgodności z wybranymi standardami”), Doctoral Dissertation, Gdansk University of Technology, Gdansk, Poland, 2008
  10. Download PDF (2.7 MB)

  11. Ł. Cyra, J. Górski, Supporting Expert Assessment of Argument Structures in Trust Cases, The Proceedings of Ninth International Probabilistic Safety Assessment and Management Conference PSAM, Hong Kong, China, 2008, pp 1-9.
  12. Download PDF (138 kB)

  13. Ł. Cyra, J. Górski, Standards Conformity Framework in Comparison with Contemporary Methods Supporting Standards Application, The Proceedings of International Conference on Dependability of Computer Systems DepCoS-RELCOMEX, Szklarska Poreba, Poland, 2008, pp 95-102.
  14. Download PDF (143 kB)

  15. Ł. Cyra, J. Górski, An Approach to Evaluation of Arguments in Trust Cases, The Proceedings of International Conference on Dependability of Computer Systems DepCoS-RELCOMEX, Szklarska Poreba, Poland, 2008, pp 103-110.

  16. J. Górski, Ł. Cyra, A. Jarzębowicz, J. Miler, Representing and Appraising Toulmin Model Arguments in Trust Cases, The Proceedings of 8th Workshop on Computational Models of Natural Argument, Patras, Greece, 2008, pp 26-30.

  17. Ł. Cyra, J. Górski, Extending GQM by Argument Structures, Springer, Lecture Notes in Computer Science, Volume 5082, Berlin/Heidelberg, Germany, 2008, pp 26-39.
  18. Download PDF (202 kB)

  19. Gorski J., Golaszewski G., Miler J., Piechowka M., Baldus H.: Trustworthiness: safety, security and privacy issues, Proceedings of 14th IEEE International Conference on Electronics, Circuits and Systems, Marrakech, Morroccoo, 11-14 December 2007, pp. 641-644.

  20. Ł. Cyra, J. Górski, Using Argument Structures to Create a Measurement Plan, Polish Journal of Environmental Studies, Volume 16 no. 5B, Poland, 2007, pp 230-234.

  21. Miler J., Cyra L., Witkowicz M., Olszewski M.: Balancing agility and discipline in a research project, In: Software engineering in progress, Proceedings of the 2nd IFIP TC2 Central and East European Conference on Software Engineering, Poznań, 10-12 October 2007.

  22. Cyra L., Miler J., Witkowicz M., Olszewski M.: Zaawansowane rozwiązania projektowe aplikacji typu Rich Internet Application, In: Software engineering in progress, Proceedings of the 9th National Conference on Software Engineering, Poznań, Poland, 2007 (in Polish).

  23. Ł. Cyra, J. Górski, Supporting Compliance with Safety Standards by Trust Case Templates, The Proceedings of European Safety and Reliability Conference ESREL 2007, Stavenger, Norway, 2007, pp 1367-1374.
  24. Download PDF (304 kB)

  25. Ł. Cyra, J. Górski, Standard Compliance Framework for Effective Requirements Communication, Polish Journal of Environmental Studies, Volume 16 no. 5B, Poland, 2007, pp 312-316.

  26. Ł. Cyra, J. Górski, Supporting Compliance with Security Standards by Trust Case Templates, The Proceedings of International Conference on Dependability of Computer Systems DepCoS RELCOMEX, Szklarska Poreba, Poland, 2007, pp 91-98.

  27. Ł. Cyra, J. Górski, Using Argument Structures to Create a Measurement Plan, Polish Journal of Environmental Studies, Volume 16 no. 5B, Poland, 2007, pp 230-234.

  28. Ł. Cyra, J. Górski, Expert Assessment of Arguments: a Method and its Experimental Evaluation, The Proceedings of the 27th International Conference on Computer Safety, Reliability and Security SAFECOMP 2008, Newcastle, UK, 2008, Springer, Lecture Notes in Computer Science, Volume 5219, Berlin/Heidelberg, 2008, pp 291-304.
  29. Download PDF (431 kB)

  30. Ł. Cyra, J. Górski, Supporting Expert Assessment of Argument Structures in Trust Cases, The Proceedings of Ninth International Probabilistic Safety Assessment and Management Conference PSAM, Hong Kong, China, 2008, pp 1-9.
  31. Download PDF (138 kB)

  32. Ł. Cyra, J. Górski, An Approach to Evaluation of Arguments in Trust Cases, The Proceedings of International Conference on Dependability of Computer Systems DepCoS-RELCOMEX, Szklarska Poreba, Poland, 2008, pp 103-110.

  33. Gorski J.: Trust-IT - a framework for trust cases, Proceedings of DSN 2007 : 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Edinburgh, UK, 25-28 June 2007, pp. 204-209.

  34. J. Górski, M. Zagórski: An approach for evaluating trust in IT infrastructures, Proceedings of DepCoS - RELCOMEX 2006 : International Conference on Dependability of Computer Systems, Szklarska-Poręba, Poland 25-27 May, 2006, pp. 92-98.

  35. Ł. Cyra, J. Górski, Common Criteria Utilisation Supported by Trust Case Templates (in Polish: Praca z normą Common Criteria wspomagana szablonami Trust Case), The Proceedings of IV Krajowa Konferencja Technologie Informacyjne, Gdansk, Poland, 2006, Zeszyty Naukowe Wydziału ETI Politechniki Gdańskiej, Gdańsk, Poland, 2006, pp 615-622.

  36. Ł. Cyra, J. Górski, BS 7799 Utilisation Supported by Trust Case Templates (in Polish: Zastosowanie szablonów Trust Case w pracy z normą BS 7799), The Proceedings of X Krajowa Konferencja Zastosowań Kryptografii ENIGMA, Warsaw, Poland, 2006, pp 303-320.

  37. J. Górski, M. Zagórski: Reasoning about trust in IT infrastructures, Proceedings (vol. 1) of ESREL 2005 (European Safety an Reliability Conference), Tri City (Gdynia-Sopot-Gdańsk), Poland, 27-30 June, 2005, pp. 689-695.

  38. Gorski J.: Collaborative approach to trustworthiness of it infrastructures, Proceedings of TEHOSS 2005 : IEEE International Conference on Technologies for Homeland Security and Safety, Gdańsk, Poland, September 28-30, 2005, pp. 137-142.

  39. Gorski J.: Trust Case - a case for trustworthiness of IT infrastructures, In: Cyberspace Security and Defense: Research Issues, J. Kowalik, J. Gorski and A. Sachenko (Eds.), NATO ARW Series, Springer-Verlag, 2005, pp. 125-142.

  40. Gorski J., Jarzebowicz A., Leszczyna R., Miler J., Olszewski M.: Trust case: justifying trust in IT solution, Proc. Safecomp Conference, Reliability Engineering and System Safety, Elsevier, vol. 89/1, 2005, pp. 33-47.
    Download PDF (310 kB)

  41. Gorski J.: How can we justify trust in software based systems? Enhanced Methods in Computer Security, Biometric and Artificial Intelligence Systems, New York: Springer, 2005, pp. 3-12.

  42. Gorski J. (ed.): Trust Case analytical framework for e-Health, PIPS Project Internal report IR3.1.a., December, 2004

  43. Gorski J.: A Framework for Analyzing Trust in IT Systems, In: Probabilistic Safety Assessment and Management, C. Spitzer, U. Schmocker and V.N. Dang (Eds.), vol 3, Sprinver-Verlag, 2004, pp. 1609-1614.

  44. J. Górski, M. Zagórski: Using Dempster-Shafer approach to support reasoning about trust in IT infrastructures, Proceedings of First Warsaw International Seminar on Intelligent Systems, Warsaw, Poland 2004, pp. 39-57.

  45. Jarzebski M.: A system supporting the creation of trust cases for information systems, M.Sc. Thesis, Dept. of Software Engineering, Gdansk University of Technology, June 2004.

  46. Gorski J., Jarzebowicz A., Leszczyna R., Miler J., Olszewski M.: An Approach to Trust Case Development, Proceedings of 22nd SAFECOMP conference, LNCS 2788, Springer-Verlag, 2003, pp. 193-206.
    Download PDF (147 kB)

  47. Gorski J., Jarzebowicz A., Leszczyna R., Miler J., Olszewski M.: Podejście obiektowe w budowie dowodu zaufania do systemów informatycznych, 1st National Conference on Information Technologies, Gdansk, Poland, May 18-21 2003 (in Polish).

  48. Gorski J. (ed.): DRIVE Project deliverable D11.1-3 - Trust Case for DRIVE, D11.1-3, version 1.1, January 2003

  49. Gorski J.: Trust in software - a matter of faith or an engineer's task?, 4th National Conference on Software Engineering (invited lecture), October 16-18 2002, Poznan-Tarnowo Podgorne, Poland, 2002 (in Polish).

  50. Gorski J.: Software risk management, Proceedings of Scientific Session on 50th anniversary of Faculty of Electronics, Telecommunications and Informatics, published by Gdansk University of Technology, pp. 65-72, 2002 (in Polish).

  51. Gorski J.: Developing a Trust Case for DRIVE, Presented to the European Workshop on Industrial Computer Systems, Technical Committee 7 (EWICS TC7), Catania, Italy, 9-10 September, 2002.

  52. Gorski J.: Developing Safety Cases for Software Intensive Systems, Proc. Conf. on Risk Analysis and Safety Management of Technical Systems, Gdansk, 25-27 June, 2001, pp. 111-120.