Proactive Trust Assessment of Systems as Services

Jorge López, Natalia Kushik, Nina Yevtushenko

2017

Abstract

The paper is devoted to the trust assessment problem for specific types of software/hardware systems, namely Systems as Services. We assume that such systems are designed and utilized in all application domains, and therefore the aspects of trust are becoming crucial. Moreover, these systems are mainly used on-demand and are often represented by a composition of ‘smaller’ services. Thus, an effective method for estimating/assessing the trust level of a given component service (or a system as a whole) needs to be utilized. Most known methods and techniques for trust evaluation mainly rely on the passive testing and system monitoring; in this paper, we propose a novel approach for this problem taking advantage of active testing techniques. Test sequences to be applied to a system/service under test are derived based on determining the critical values of non-functional service parameters. A set of these parameters can be obtained via a static code analysis of the system/service or by addressing available experts. Machine learning techniques can be applied later on, for determining critical parameter values and thus, deriving corresponding test sequences. The paper contains an illustrative example of RESTFul web service which components are checked w.r.t. critical trust properties.

References

  1. Ardagna C.A., Asal R., Damiani E., Vu Q.H., 2015. From Security to Assurance in the Cloud: A Survey. In ACM Computing Surveys , 48(1), pp. 1-50.
  2. Blum, A., Langley, P., 1997. Selection of Relevant IFeatures and Examples in Machine Learning. In Artificial Intelligence. V. 97, I. 1-2, pp. 245-271.
  3. Kushik, N., Yevtushenko, N., Evtushenko, T., 2016. Novel machine learning technique for predicting teaching strategy effectiveness. In International Journal of Information Management, DOI: 10.1016/j.ijinfomgt.2016.02.006.
  4. López, J., Maag, S., 2015. Towards a Generic Trust Management Framework Using a Machine-LearningBased Trust Model. In IEEE Trustcom / BigDataSE / ISPA, Helsinki, pp. 1343-1348. doi: 10.1109/Trustcom.2015.528.
  5. Lee, A.J., Winslett, M., Perano, K.J., 2009. TrustBuilder2: A Reconfigurable Framework for Trust Negotiation. In the IFIP International Conference on Trust Management. pp. 176-195.
  6. Blaze, M., Feigenbaum, J., Lacy, J., 1996. Decentralized Trust Management. In the IEEE Symposium on Security and Privacy. pp. 164-173.
  7. Jim, T., 2001. SD3: A Trust Management System with Certified Evaluation. In the IEEE Symposium on Security and Privacy. pp. 106-115.
  8. Chen, I., Guo, J., 2014. Dynamic Hierarchical Trust Management of Mobile Groups and Its Application to Misbehaving Node Detection. In the IEEE International Conference on Advanced Information Networking and Applications. pp. 49-56.
  9. López, J., Maag, S., Morales, G., 2016. Behavior evaluation for trust management based on formal distributed network monitoring. In World Wide Web V. 19, I. 1, pp. 21-39.
  10. Pautasso, C., Zimmermann, O., Leymann, F., 2008. Restful web services vs. “big”78 web services: making the right architectural decision. In the 17th international conference on World Wide Web. pp. 805-814.
  11. Dabirsiaghi, A. 2016. Bypassing VBAAC with HTTP Verb Tampering: How to inadvertently allow hackers full access to your web application, Electronic resource:http://cdn2.hubspot.net/hub/315719/file1344244110-pdf/downloadfiles/Bypassing_VBAAC_with_HTTP_Verb_Tamperi ng.pdf?t=1479325184680 (seen 01/12/2016).
  12. Boser, B.E., Guyon, I.M., Vapnik, V.N., 1992. A training algorithm for optimal margin classifiers. In the Fifth Annual Workshop on Computational Learning Theory. pp.144-152.
  13. Grandison, T., Sloman, M., 2003. Trust management tools for internet applications. In Trust Management, Springer First International Conference, iTrust, Heraklion, Crete, Greece. pp. 91-107.
  14. López, J., 2015. Distributed on-line network monitoring for trust assessment. Thesis of the University of ParisSaclay, France.
Download


Paper Citation


in Harvard Style

López J., Kushik N. and Yevtushenko N. (2017). Proactive Trust Assessment of Systems as Services . In Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE, ISBN 978-989-758-250-9, pages 271-276. DOI: 10.5220/0006354502710276


in Bibtex Style

@conference{enase17,
author={Jorge López and Natalia Kushik and Nina Yevtushenko},
title={Proactive Trust Assessment of Systems as Services},
booktitle={Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,},
year={2017},
pages={271-276},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006354502710276},
isbn={978-989-758-250-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,
TI - Proactive Trust Assessment of Systems as Services
SN - 978-989-758-250-9
AU - López J.
AU - Kushik N.
AU - Yevtushenko N.
PY - 2017
SP - 271
EP - 276
DO - 10.5220/0006354502710276