Modeling Trust Relationships for Developing Trustworthy Information Systems

Modeling Trust Relationships for Developing Trustworthy Information Systems

Michalis Pavlidis (University of East London, London, UK), Shareeful Islam (School of Architecture, Computing and Engineering, University of East London, London, UK), Haralambos Mouratidis (University of Brighton, Brighton, UK) and Paul Kearney (Security Futures Practice, BT Innovate & Design, London, UK)
Copyright: © 2014 |Pages: 24
DOI: 10.4018/ijismd.2014010102
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Developing a trustworthy information system is a challenging task. The overall trustworthiness of an information system depends on trust relationships that are generally assumed without adequate justification. However, lack of appropriate analysis of such relationships and of appropriate justification of relevant trust assumptions might lead to systems that fail to fully achieve their functionalities. Existing literature does not provide adequate guidelines for a systematic process or an appropriate modeling language to support such trust-focused analysis. This paper fills this gap by introducing a process that allows developers to capture possible trust relationships and to reason about them. The process is supported by a modeling language based on a set of concepts relating to trust and control and a CASE tool. An illustrative example from the UK health care domain is used to demonstrate the applicability and usefulness of the approach.
Article Preview

Introduction

Information systems exist in every aspect of our life and our society is critically dependent on them. Despite this reliance, these systems are often unreliable, prone to errors, and are vulnerable to attack. We are often faced with a choice between using a valuable (or even an essential) system that is not fully trustworthy, or else forgoing the services it provides (Cofta, 2007; Islam et al., 2010a; Houmb et al., 2010). Trust, therefore, is an increasingly important issue for systems that process and manage sensitive user and organizational information. Modern Information Systems (ISs) are socio-technical systems that include large numbers of actors, both human and computational (Doherty & King, 2005; Reyes-Luna et al., 2005; Islam et al., 2011). IT elements of ISs need to interact with other humans and systems and depend on them to accomplish tasks and operations that are necessary to achieve their goals. For instance, assume a scenario, where an information system A depends on specific information from another system B and a human C to meet its key objective. In such a scenario, trust in both the human C and system B is important for the system A. System A depends on entities that may not have direct control over them. It is necessary to understand the risks involved in such dependencies, in particular various trust relationships that an information system might be part of (Pavlidis et al., 2012a; Pavlidis et al., 2012b; Zarrabi et al., 2012). However, trust is a complex notion and depends upon both technical and non-technical aspects of the social and organizational setting. When trust is used properly, it is an enabler of building collaborations among the participating actors, a necessary antecedent for cooperation (Axelrod, 1984). However, when trust is abused, it can act as a stopping block for successfully achieving a goal.

Depending on the context, the level of trust and trustworthiness of the overall system can vary (Pavlidis et al., 2012b). To establish systems trustworthiness, it is important that trust relationships between the system and other entities and trust assumptions, which are usually made during the development process, are properly identified and analyzed. Therefore it is important, in order to understand the consequences that trust relationships might have on the operation of an information system, to be able to analyze in a systematic and structured way the various trust assumptions that are usually made during the development process of information systems (Cofta et al., 2011; Cofta, 2007). By trust assumptions, we refer to the assumptions that are made by developers and/or stakeholders related to the various trust relationships that exist within the system context. There are several works in the literature that consider trust and related issues of information systems (Yu & Liu, 2001; Josang et al., 2005; Lo Presti et al., 2006; Pourshahid & Tran, 2007; Uddin & Zulckerine, 2008; Giorgini et al., 2004; Bimrah, 2009). But these works do not provide adequate guidelines that support the analysis of trust assumptions and relationships in a systematic way. Therefore, the research questions this paper is addressing are: a) how we can model trust relationships in a systematic way and b) how trust relationships influence development decisions. Analyzing trust from the early stages of the development process is critical because at this phase the possible trust relationships and assumptions are formed, and changes need to take place if the relevant trust assumptions do not hold. Early analysis enables us to identify and analyze the threats and risks in terms of the overall system trustworthiness. It also helps in a cost effective way to select appropriate control actions to address those threats and risks in proactive way.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017): Forthcoming, Available for Pre-Order
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing