Engineering Trust-Awareness and Self-adaptability in Services and Systems [chapter]

Francisco Moyano, Carmen Fernandez-Gago, Benoit Baudry, Javier Lopez
2014 Lecture Notes in Computer Science  
The Future Internet (FI) comprises scenarios where many heterogeneous and dynamic entities must interact to provide services (e.g., sensors, mobile devices and information systems in smart city scenarios). The dynamic conditions under which FI applications must execute call for self-adaptive software to cope with unforeseeable changes in the application environment. Models@run.time is a promising modeldriven approach that supports the runtime adaptation of distributed, heterogeneous systems.
more » ... frameworks that accommodate this paradigm have limited support to address security concerns, hindering their usage in real scenarios. We address this challenge by enhancing mod-els@run.time with the concepts of trust and reputation. Trust improves decision-making processes under risk and uncertainty and constitutes a distributed and flexible mechanism that does not entail heavyweight administration. This chapter introduces a trust and reputation framework that is integrated into a distributed component model that implements the models@run.time paradigm, thus allowing software components to include trust in their reasoning process. The framework is illustrated in a smart grid scenario. 1 Introduction: The Need for Trust and Self-Adaptability The Future Internet (FI) scenarios are bringing two important changes in the Information and Communication Technology (ICT) world. On the one hand, the uprising of the service-oriented vision enables the on-the-fly improvement of the features offered to users. Applications become more dynamic, which calls for rapid adaptation strategies in order to meet new requirements or respond to environmental changes. On the other hand, the coming of age of the Internet of Things (IoT) entails that sensors and actuators are embedded in physical and daily life objects, which are linked in networks and can produce a vast amount of data that flow to services. This seamless integration between the physical and the virtual worlds brings new challenges in terms of dynamicity, since both services and systems as a whole must adapt to dynamic changes in hardware, firmware and software, including the unpredictable arrival or disappearance of devices and software components. Figure 1 illustrates this situation. The aforementioned changes blur boundaries between design and runtime [9] as they prevent designers from envisioning all possible circumstances that might appear during the execution of an application. The widespread adoption of FI systems requires addressing three main concerns: complexity, dynamicity and security. As for complexity, the software engineering community has proposed several approaches framed within the model-driven engineering paradigm, where high-level abstractions of systems are created and refined until reaching a final running system. These abstractions allow reasoning about system properties and functionality without the need to understand every tiny detail. As part of the model-driven engineering approaches, models@run.time [1] is gaining relevance. It consists of keeping an abstract representation of a running system. This representation is always synchronized with the system, in such a way that when the former is changed, the latter adapts itself to match the new configuration. This fosters complexity reduction as well as allowing dynamicity reasoning, enabling the building of self-adaptive systems: a running system can be changed either manually by designers or automatically by adaptation rules that are executed upon environmental changes. The complexity, dynamicity and distributed nature of FI systems call for new security approaches that do not require heavyweight administration and that can evolve automatically as a result of system dynamics. Addressing security in these systems requires that trust relationships among users, components, and system environments are not taken for granted; they must be explicitly declared, monitored and changed according to the system evolution. The security community has focused on developing methods and frameworks for traditional security requirements, that is: confidentiality, integrity, and availability. Authorization has also been a relevant field of study and some approaches like Role-Based Access Control (RBAC) are nowadays a standard in industry. However, the new conditions of the FI precludes the use of this approach and call for new flexible and dynamic ways of managing security, in general, and access control in particular [25] . In this chapter, we discuss the design and implementation of a trust and reputation development framework, together with its integration into a platform for self-adaptive, distributed component-based systems. This framework aims to help designers and developers in building highly dynamic, self-adaptive and trust-aware systems, enhancing the models@run.time paradigm with the inclusion of trust and reputation notions. The structure of the chapter is the following. Section 2 reviews how the software engineering community has traditionally approached trust, specially during the initial phases of the Software Development Life Cycle (SDLC). A conceptual framework and some foundations of trust and reputation are discussed in Section 3. Models@run.time and Kevoree, a component-based development plat-
doi:10.1007/978-3-319-07452-8_8 fatcat:rcx3jiphgnbbfbh5fkl7tszdu4