by Costas Kalogiros, Vasilis Tountopoulos, Sotiris Ioannidis, Sebastien Keller and Pascal Bisson

OPTET introduces a trustworthiness-by-design methodology for the development of socio-technical systems. It defines a unified model of trust and trustworthiness to describe the processes of such systems, and delivers a set of generic enablers on trustworthiness that will complement large-scale ICT platforms and contribute to achieve better trust distribution.

OPTET, an EU-funded project under the 7th Framework Programme, adopts a unique approach designed to cover all relevant trust aspects of a software development and operation life cycle. The project has developed a unified cross-disciplinary model of trust and trustworthiness, which is used to represent and quantify the trust of all stakeholders and the trustworthiness of socio-technical systems.

The multidisciplinary project team, consisting of social scientists, economists, legal experts and computer scientists, has been motivated by the eroding nature of trust in the Internet and in Internet-based applications to work on a European level and deliver research strength results, through both methods and tools to reverse this erosion and substantially increase the trust and confidence in future internet systems, applications and services. The work identifies processes to manage the trustworthiness of these systems with respect to user concerns, and develops technologies to facilitate evidence-based trustworthiness management.

Figure 1: The Optet Lifecycle.
Figure 1: The Optet Lifecycle.

OPTET plans to cover the whole life cycle of trustworthy ICT systems (from requirements right through to production, via the stages of implementation, validation and integration), with a multi-disciplinary approach and by taking into account the drivers of stakeholders’ trust. Thus, it defines its own engineering-based development approach, which describes different phases for the trust and trustworthiness attributes lifecycle in a custom software development methodology [1]. This OPTET lifecycle identifies additional activities to the typical development lifecycle processes and verifies that trust and trustworthiness are adequately addressed, both at design time, deployment time and runtime. The OPTET lifecycle evolves in the following phases.

The Design Phase involves the development of a Trustworthy by design process (TWbyD) in the form of a handbook, listing the potential capability patterns that can be used to follow a trustworthiness approach in the development of Future Internet applications. In this phase, OPTET envisions the depiction of the domain knowledge, in which experts in a specific socio-technical domain can introduce the trust and trustworthiness concepts and build a Design Time Trustworthiness Model (DTTM). The latter governs the interactions between system actors and their associated abstract assets in this specific domain of knowledge. Furthermore, the model is enriched with the corresponding threats that impact the trustworthiness of the involved system assets, and the respective controls for mitigating the risks related to these threats.

The Design Phase concludes with the calculation of the Trustworthiness Profile (TW profile), including the expected end-to-end trustworthiness value of the socio-technical system following a candidate topology of systems assets. This profile is based on metrics, describing the defined trustworthiness attributes of the model, and the end-to-end formation of the system workflow.

In the Development Phase, OPTET addresses the implementation and verification steps. It exploits the capability patterns, the DTTM and the available TW profiles of the Design Phase to drive the development of secure software for trustworthy socio-technical systems and applications. This phase includes static and dynamic verification steps for measuring trustworthiness evidences, based on the associated trust and trustworthiness attributes [2].

The Certification Phase defines a relevant certification process, which results in the Digital Trustworthiness Certification (DTWC), characterizing the system development under certification. This DTWC depicts the compilation of the trustworthiness attributes as they have been expressed in the Design Phase, and their compliance to the selected TW profile.

During the Distribution and Deployment Phase, the certified system is announced to a TW Software Marketplace, along with the DTWC and is ready to be instantiated for runtime use. At this point, a service provider can decide on the exact deployment configuration in the selected deployment platform, according to the end-to-end trustworthiness of system asset compositions.

Finally, the Maintenance Phase uses the provisions of the DTWC to properly monitor the normal operation of the running trustworthy application and/or socio-technical system. Thus, this phase takes advantage of the dynamics of the execution environment to verify that provisions of the DTWC are met at runtime. When specific offerings of the DTWC are not adequately addressed, this phase activates trust and trustworthiness management procedures to derive alternative controls [3].

Future steps include the evaluation of the OPTET methodologies and enabling technologies by means of two business use-cases, namely Ambient Assisted Living (AAL) and Cyber Crisis Management (CCM). The evaluation approach will follow an iterative mode, which will allow initial models and prototype tools to be empirically evaluated and, if necessary, adjusted to the specific requirements of stakeholders’ requirements, thus contributing to the success of the OPTET mechanisms.


[1] S. Paulus, N. G. Mohammadi,
T. Weyer: "Trustworthy software development", in proc. of the 14th IFIP CMS 2013 Conference Berlin, Springer, pp. 233-247.
[2] Z. Zhioua, S. Short, Y. Roudier: "Static Code Analysis for Software Security Verification: Problems and Approaches", in proc. of the 38th IEEE COMPSAC Workshop, 2014, pp.102-109.
[3]C. Kalogiros et al.: "Profit-maximizing trustworthiness level of composite systems", in ¨proc. of the 17th Conference HCI 2015, Los Angeles, USA.

Please contact:
Sebastien Keller
Thales Group, France
Tel: +33 1 69 41 60 16
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Next issue: January 2018
Special theme:
Quantum Computing
Call for the next issue

Image ERCIM News 102 epub
This issue in ePub format

Get the latest issue to your desktop
RSS Feed