Page 74 - Trust in ICT 2017
P. 74
1 Trust in ICT
4) Trust Process: The process by which we arrive at trust values is termed as Trust Process. The trust
process will indicate the way in which trust values are computed and updated, essentially leading to
trust management. This can include specific trust computation algorithms and application specific
techniques for trust computation, aggregation and management. Some examples of trust processes
are described below:
• Policy Based Trust: An agent trusts another agent based on some policy or rules. For instance,
if a company is ISO 9001 certified, then we can expect a certain quality enforcement in the
products they deliver.
• Reputation Based Trust: If an agent has a record of previous interactions with another agent,
then this can act as a basis for inferring trust and this is termed as reputation based trust
process.
• Evidence Based Trust: Evidence-based trust is the process of arriving at trust values by seeking
additional confirmatory evidence for a known fact in order to validate or invalidate what is
already known.
The idea of trust process is to abstract the method of arriving at trust values and managing them. There is no
universal trust algorithm that fits all domains and applications. This abstraction will allow us to talk about
trust across domains and use application specific or domain specific trust algorithms for each class of
problems. Reputation based algorithms and entropy based algorithms are some examples of trust processes
used within sensor networks.
8.2.3 Implement an trust ontology based on trust modeling
Semantic vocabularies and semantic annotation
There should be formal means e.g. a formal semantic vocabularies, to semantically state (context)-specific
trust expectations such as “I trust to services having a good reputation and being popular” or “I trust to
services having high reputation, ensuring data confidentiality using Transport Security Layer (TSL)/ Secure
Socket Layer (SSL) protocol, but better if TSL protocol, and having authorization in means of tokens”. Security
is more relevant than reputation.
The service providers should have the same formal means to semantically state the trust guarantees (trust
characteristics) of their respective objects and services - e.g. “Communication security and data
confidentiality is ensured by encrypted TSL communication and OAuth 2.0 authorization and authentication
mechanisms (RFC 6749)”. With a common language with formal semantics, the matching between the trust
expectations and trust guarantees will likely have higher recall and precision.
Yet, there is no a semantic vocabulary suitable for annotating or describing trust expectations and guarantees
in a common, standardized way, and with sufficient expressivity. However, there are certain semantic
vocabularies and ontologies, in other domains, that can be reused. For example, W3C Semantic Sensor
Network (SSN) Ontology [72] provides concepts such as Accuracy, Detection Limit, Drift, Frequency, Latency,
Resolution, Response Time, and Sensitivity, that might be relevant in a perception of the trust towards the
sensing devices (e.g. I trust to sensors that provide the data frequently and have a good sensitivity.) Unified
Service Description Language (USDL)-Sec [73] vocabulary for describing service security aspects seems to be
suitable for describing the security guarantees, such as authorization or confidentiality, in different levels of
security details.
Then, there are trust ontologies present in the literature (e.g. [74], [75]), however, those are conceptual
models of the trust relationship. They capture notions such as trustor, trustee, trust relation, or trust typology
(reputation-based, evidence-based, policy-based), but no details for stating trust expectations and
guarantees. QoS ontologies, such is WS-QoSOnto [76], previously built for annotating quality aspects of
semantic web services can be reused to describe QoS-based trust expectations and guarantees.
The COMPOSE project [77] has developed a trust ontology (illustrated in Figure 20) and aim to integrated it
with SSN, USDL-Sec, and other ontologies relevant for the trust considerations in the IoT. Among others, the
ontology captures notions of TrustRelationship, TrustingParticipant, TrustorParticipant, Trust Criteria (trust
66