Page 74 - Trust in ICT 2017
P. 74

1                                                    Trust in ICT


            4)      Trust Process: The process by which we arrive at trust values is termed as Trust Process. The trust
                    process will indicate the way in which trust values are computed and updated, essentially leading to
                    trust management. This can include specific trust computation algorithms and application specific
                    techniques for trust computation, aggregation and management. Some examples of trust processes
                    are described below:
                    •   Policy Based Trust: An agent trusts another agent based on some policy or rules. For instance,
                        if a company is ISO 9001 certified, then we can expect a certain quality enforcement in the
                        products they deliver.
                    •   Reputation Based Trust: If an agent has a record of previous interactions with another agent,
                        then this can act as a basis for inferring trust and this is termed as reputation based trust
                        process.
                    •   Evidence Based Trust: Evidence-based trust is the process of arriving at trust values by seeking
                        additional confirmatory evidence for a known fact in order to validate or invalidate what is
                        already known.
            The idea of trust process is to abstract the method of arriving at trust values and managing them. There is no
            universal trust algorithm that fits all domains and applications. This abstraction will allow us to talk about
            trust  across  domains  and  use  application  specific  or  domain  specific  trust  algorithms  for  each  class  of
            problems. Reputation based algorithms and entropy based algorithms are some examples of trust processes
            used within sensor networks.
            8.2.3   Implement an trust ontology based on trust modeling

            Semantic vocabularies and semantic annotation

            There should be formal means e.g. a formal semantic vocabularies, to semantically state (context)-specific
            trust expectations such as “I trust to services having a good reputation and being popular” or “I trust to
            services having high reputation, ensuring data confidentiality using Transport Security Layer (TSL)/ Secure
            Socket Layer (SSL) protocol, but better if TSL protocol, and having authorization in means of tokens”. Security
            is more relevant than reputation.

            The service providers should have the same formal means to semantically state the trust guarantees (trust
            characteristics)  of  their  respective  objects  and  services  -  e.g.  “Communication  security  and  data
            confidentiality is ensured by encrypted TSL communication and OAuth 2.0 authorization and authentication
            mechanisms (RFC 6749)”.  With a common language with formal semantics, the matching between the trust
            expectations and trust guarantees will likely have higher recall and precision.
            Yet, there is no a semantic vocabulary suitable for annotating or describing trust expectations and guarantees
            in  a  common,  standardized  way,  and  with  sufficient  expressivity.  However,  there  are  certain  semantic
            vocabularies  and ontologies,  in  other  domains,  that  can  be  reused.  For example,  W3C  Semantic  Sensor
            Network (SSN) Ontology [72] provides concepts such as Accuracy, Detection Limit, Drift, Frequency, Latency,
            Resolution, Response Time, and Sensitivity, that might be relevant in a perception of the trust towards the
            sensing devices (e.g. I trust to sensors that provide the data frequently and have a good sensitivity.) Unified
            Service Description Language (USDL)-Sec [73] vocabulary for describing service security aspects seems to be
            suitable for describing the security guarantees, such as authorization or confidentiality, in different levels of
            security details.

            Then, there are trust ontologies present in the literature (e.g. [74], [75]), however, those are conceptual
            models of the trust relationship. They capture notions such as trustor, trustee, trust relation, or trust typology
            (reputation-based,  evidence-based,  policy-based),  but  no  details  for  stating  trust  expectations  and
            guarantees. QoS ontologies, such is WS-QoSOnto [76], previously built for annotating quality aspects of
            semantic web services can be reused to describe QoS-based trust expectations and guarantees.

            The COMPOSE project [77] has developed a trust ontology (illustrated in Figure 20) and aim to integrated it
            with SSN, USDL-Sec, and other ontologies relevant for the trust considerations in the IoT. Among others, the
            ontology captures notions of TrustRelationship, TrustingParticipant, TrustorParticipant, Trust Criteria (trust




            66
   69   70   71   72   73   74   75   76   77   78   79