by Gabriele Lenzini, Santtu Toivonen and Ilkka Uusitalo

Conducted as part of the EU-ITEA Trust4All project, which aims to enhance dependability in networked and component-based systems, VTT Technical Research Centre of Finland and Dutch Telematica Instituut began investigating trustworthiness evaluation in ubiquitous environments. So far, the research has concerned context-aware trust and trust evaluation with indirect information.

Trust is an increasingly important phenomenon to grasp and support in open environments, such as where networked devices operate. A common scenario sees a Trustor, the subject of trust, search for a Trustee, the object of trust. The Trustor's trustworthiness evaluation directed to the Trustee should be facilitated. Semi-automatic trustworthiness evaluation is of special relevance in embedded systems as well as in the semantic web, or in the ubiquitous environments, where the Trustors and Trustees can be computer programmes in addition to human beings. To perform an appropriate evaluation, Trustors request various information characterising Trustees. Typical solutions ask for users' trust credentials, often expressed in terms of user profile, reputation, and recommendations. The difference between reputation and recommendation here is that reputation is based on the experiences of the Trustor, whereas recommendations are communicated experiences of others.

Contextual data, that is information considered relevant to the interaction between a Trustor and a Trustee, including the environment in which this interaction occurs, can influence the result of the trust establishment. For example, acting in a safe environment can affect the trust that an application has in a component. Context-awareness has been recognised in many research areas of information technology, such as information filtering and retrieval, service provisioning and communication. However, the relationship between context and trust has not received very much attention, apart from some occasional work. This is unfortunate, since such relationship can easily be recognised and its existence justified.

In the first phase of our research, we contextualise trust-evaluation by considering individual context attributes and assign them with values influencing the trustworthiness evaluation process. Depending on the importance of a given context attribute, determined by what we call a trust purpose, weights can be assigned to amplify or weaken the respective attribute's influence on the overall trust. For example, the Trustee's location can have significant importance when deciding if to grant access to the local wireless network. A policy can be introduced so that nobody (regardless of possessing the network key or not) is allowed to use it if residing outside the company boundaries. We apply the notion of context also to reputations and recommendations. When dealing with reputations and recommendations, contextual data can be used to emphasise other experiences that have taken place under "similar enough" conditions to those in which the Trustor currently finds himself. Here "similarity" between contexts can be computed, for example based on reasoning or on context ontologies, and expressed as minimal contextual distance.

The above-mentioned trust evaluation works on the assumption that reputation data and recommendations are directly available to the Trustor. In the second phase of our research, we extended the adaptability of context-aware trustworthiness evaluation by considering scenarios where this direct information is not necessarily available to the Trustor. In such cases, we highlight three sub-cases to be studied. First, the Trustee's behaviour in other contexts may be unknown. Secondly, the Trustee's behaviour in the current context may be unknown, for example due to absence of knowledge referring to the current context. Thirdly, reliable recommenders and/or recommendations about the Trustee might not be available or they could refer to the Trustee acting in different context. We address each of these cases with separate proposals, all of which are based on similarities between the entities - Trustor, Trustee, recommender and other entities connected to each other by a (social) network - or contexts attached to the entities. For example, the lack of direct information about a new scientific conference does not stop the Trustor inferring trustworthiness by considering the reputation of the conference chair and favourable recommendations about the programme committee members and the conference proceedings publisher.

Trust4All is a two-year EU-ITEA project. Trust4All aims to enhance dependability and trustworthiness of networked and component-based embedded systems. Trust4All project partners come from industry, research institutes, and academia: CWI, Océ -Technologies, Philips Research (the project coordinator), Telematica Instituut, Univ. Eindhoven (TU/e), Univ. Leiden (the Netherlands); Nokia, Solid Information Technologies, VTT (Finland); ESI, FAGOR, IKERLAN-Electrónica, Robotiker, Visual Tools (Spain).

Links:
Telematica Instituut: http://www.telin.nl/
VTT: http://www.vtt.fi
EU-ITEA project Trust4All: http://www.win.tue.nl/trust4all/

Please contact:
Gabriele Lenzini, Telematica Instituut, The Netherlands
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Santtu Toivonen, VTT Technical Research Centre of Finland
E-mail: sainttu.toivonen@vtt.fi

Next issue: January 2025
Special theme:
Large-Scale Data Analytics
Call for the next issue
Get the latest issue to your desktop
RSS Feed