Visible to the public Trust and Trustworthiness, 2014

SoS Newsletter- Advanced Book Block

SoS Logo

Trust and Trustworthiness, 2014


Trust is created in information security through cryptography to assure the identity of external parties.  The works cited here look at methods to measure trustworthiness.  All were presented in 2014.


Lifeng Wang; Zhengping Wu, "A Trustworthiness Evaluation Framework in Cloud Computing for Service Selection," Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International Conference on, pp. 101, 106, 15-18 Dec. 2014. doi: 10.1109/CloudCom.2014.107
Abstract: Cloud computing provides many benefits for individuals and enterprises by offering a range of computing services. The service dynamism, elasticity, economy and choices are too attractive to ignore. At the meantime, cloud computing has opened up a new frontier of challenges by introducing trust scenario. The Trustworthiness Evaluation of cloud Services is a paramount concern. In this paper, we present a framework to quantitatively measure and rank the trustworthiness of cloud services. In particular, we address the fundamental understanding of trustworthiness, quantitative trustworthiness metrics, unified scale of trust factors, trust factors categorization, trust coordinate and multi-criteria analysis for trustworthiness decision making. Our comprehensive framework of trustworthiness evaluation contains five basic building blocks. The preprocessing block query and calculate the existent trustworthiness record. Then the trust factors are collected, if there was no match record found. The trust factor management block categorize the trust factors and convert them by using unified scale. The trust factor processing block is for weighting and positioning of trust factors. The trustworthiness decision making block provide calculation of cloud service trustworthiness, and the results are recorded in our trustworthiness record block. The proposed trustworthiness measurement framework is employed in several experiments by using existing trust dataset. The analysis based on the experiment result indicates our trustworthiness evaluation is accurate and flexible.
Keywords: cloud computing; trusted computing; block query preprocessing; cloud computing; computing service selection; multicriteria analysis; quantitative trustworthiness metrics; service choice; service dynamism; service economy; service elasticity; trust coordinate; trust factors; trust factors categorization; trust factors scale; trustworthiness decision making; trustworthiness evaluation framework; trustworthiness measure; trustworthiness ranking; trustworthiness record; Accuracy; Cloud computing; Decision making; Measurement; Ontologies; Peer-to-peer computing; Radio frequency; cloud service selection; cloud service trustworthiness; multi-criteria analysis; trust coordinate; trust metrics; trustworthiness evaluation (ID#: 15-5358)


Lifeng Wang; Zhengping Wu, "Evaluation Of E-Commerce System Trustworthiness Using Multi-Criteria Analysis," Computational Intelligence in Multi-Criteria Decision-Making (MCDM), 2014 IEEE Symposium on, pp. 86, 93, 9-12 Dec. 2014. doi: 10.1109/MCDM.2014.7007192
Abstract: Trustworthiness is a very critical element and should be treated as an important reference when customers try to select proper e-commerce systems. Trustworthiness evaluation requires the management of a wide variety of information types, parameters and uncertainties. Multi-criteria decision analysis (MCDA) has been regarded as a suitable set of methods to perform trustworthiness evaluations as a result of its flexibility and the possibility. For making trustworthiness measurement simple and standardized, this paper proposes a novel trustworthiness measurement model based on multi-criteria decision analysis. Recently, a lot of great efforts have been carried out to develop decision making for evaluation of trustworthiness and reputation. However, these research works still stay on the stage of theoretical research. This paper proposes and implements a trustworthiness measurement model using multi-criteria decision making approach for e-commerce systems. Firstly, this paper recognizes trust factors of e-commerce systems and distributes the factors in our designed multi-dimensional trust space and trust trustworthiness measurement model. All relevant factors are filtered, categorized and quantified. Then, our designed multi-criteria analysis mechanism can deal with the trust factors and analyze their trust features from different perspectives. Finally, the evaluated trustworthiness result is provided. Meanwhile, we also have a knowledge learning based approach to improve the accuracy of the result. At the end of this paper, we have conducted several experiments to validate our designed trustworthiness measurement by involving real world data. Our evaluated trustworthiness result and real world data are matched very well.
Keywords: decision theory; electronic commerce; learning (artificial intelligence);trusted computing; MCDA; e-commerce system; knowledge learning based approach; multicriteria decision analysis; multidimensional trust space; trust factors; trust features; trustworthiness evaluation; trustworthiness measurement model; Analytical models; Decision making; Extraterrestrial measurements; History; Peer-to-peer computing; Social network services; Vectors; measurement; multi-criteria analysis; trust model; trust space; trustworthiness (ID#: 15-5359)


Lifeng Wang; Zhengping Wu, "A Novel Trustworthiness Measurement Model for Cloud Service," Utility and Cloud Computing (UCC), 2014 IEEE/ACM 7th International Conference on, pp. 928, 933, 8-11 Dec. 2014. doi: 10.1109/UCC.2014.151
Abstract: Recent surveys show that there is enormous increase of organizations intending to adopt cloud, but one of their major obstructions is the trustworthiness evaluation of cloud service candidates. Performing evaluations of cloud service candidates is expensive and time consuming, especially with the breadth of services available today. In this situation, this paper proposes a novel trustworthiness measurement model to evaluate cloud service trustworthiness. By using the proposed trustworthiness measurement model, we first recognize and categorize trust factors in group of shared factors and unique factors. After special treatment of unique factors, all the trust factors in two groups are located in our designed trust dimension by different weighting and positioning approach. Then all the trust factors are converted to trust vectors, these various trust vectors of the services are considered by the designed multi-criteria analysis mechanism which can help us to analyze trust features from different perspectives and provide a comprehensive trustworthiness evaluation. In case the measurement result is inconsistent with user preference, we also provide an adjustment approach based on knowledge learning to enhance the accuracy of measurement result. At the end of this paper, our designed trustworthiness measurement model is validated by several experiments. The experiments are designed based upon real world dataset and the results indicate the accuracy of our measurement can be guaranteed.
Keywords: cloud computing; trusted computing; cloud service; knowledge learning; multicriteria analysis mechanism; positioning approach; trust dimension; trust factors; trust features; trust vectors; trustworthiness evaluation; trustworthiness measurement model; weighting approach; Accuracy; Cloud computing; Data models; Educational institutions; Ontologies; Peer-to-peer computing; Vectors; cloud service; multi-criteria analysis; trust dimension; trust vector; trustworthiness measurement (ID#: 15-5360)


Shabut, A.M.; Dahal, K.; Awan, I., "Friendship Based Trust Model to Secure Routing Protocols in Mobile Ad Hoc Networks," Future Internet of Things and Cloud (FiCloud), 2014 International Conference on, pp. 280, 287, 27-29 Aug. 2014. doi: 10.1109/FiCloud.2014.51
Abstract: Trust management in mobile ad hoc networks (MANETs) has become a significant issue in securing routing protocols to choose reliable and trusted paths. Trust is used to cope with defection problems of nodes and stimulate them to cooperate. However, trust is a highly complex concept because of the subjective nature of trustworthiness, and has several social properties, due to its social origins. In this paper, a friendship-based trust model is proposed for MANETs to secure routing protocol from source to destination, in which multiple social degrees of friendships are introduced to represent the degree of nodes' trustworthiness. The model considers the behaviour of nodes as a human pattern to reflect the complexity of trust subjectivity and different views. More importantly, the model considers the dynamic differentiation of friendship degree over time, and utilises both direct and indirect friendship-based trust information. The model overcomes the limitation of neglecting the social behaviours of nodes when evaluating trustworthiness. The empirical analysis shows the greater robustness and accuracy of the trust model in a dynamic MANET environment.
Keywords: mobile ad hoc networks; routing protocols; telecommunication network management; dynamic MANET environment; dynamic differentiation; friendship based trust model; human pattern; indirect friendship-based trust information; mobile ad hoc networks; node trustworthiness; secure routing protocol; social behaviours; trust management; trust subjectivity; trusted paths; Ad hoc networks; Analytical models; Computational modeling; Measurement; Mobile computing; Routing protocols; Mobile ad hoc networks; friendship degrees; social analysis; trust; trust management (ID#: 15-5361)


Mingdong Tang; Yu Xu; Jianxun Liu; Zibin Zheng; Xiaoqing Liu, "Combining Global and Local Trust for Service Recommendation," Web Services (ICWS), 2014 IEEE International Conference on, pp.305,312, June 27 2014-July 2 2014. doi: 10.1109/ICWS.2014.52
Abstract: Recommending trusted services to users is of paramount value in service-oriented environments. Reputation has been widely used to measure the trustworthiness of services, and various reputation models for service recommendation have been proposed. Reputation is basically a global trust score obtained by aggregating trust from a community of users, which could be conflicting with an individual's personal opinion on the service. Evaluating a service's trustworthiness locally based on the evaluating user's own or his/her friends' experiences is sometimes more accurate. However, local trust assessment may fail to work when no trust path from an evaluating user to a target service exists. This paper proposes a hybrid trust-aware service recommendation method for service-oriented environment with social networks via combining global trust and local trust evaluation. A global trust metric and a local trust metric are firstly presented, and then a strategy for combining them to predict the final trust of service is proposed. To evaluate the proposed method's performance, we conducted several simulations based on a synthesized dataset. The simulation results show that our proposed method outperforms the other methods in service recommendation.
Keywords: Web services; service-oriented architecture; social networking (online);trusted computing; global trust; hybrid trust-aware service recommendation method; local trust assessment; service trustworthiness; service-oriented environments; social networks; trusted services; Communities; Computer science; Educational institutions; Measurement; Reliability; Social network services; Vectors; reputation; service recommendation; service-oriented environment; social networks; trust (ID#: 15-5362)


Pranata, I.; Skinner, G., "A Security Extension For Securing The Feedback & Rating Values In TIDE Framework," Information, Communication Technology and System (ICTS), 2014 International Conference on, pp. 227, 232, 24-24 Sept. 2014. doi: 10.1109/ICTS.2014.7010588
Abstract: In today's online environment, ratings and trust are paramount to the validity of transactions. Many consider the trustworthiness of an online entity prior to engaging in a transaction or collaboration activity. To derive entity's trustworthiness, feedbacks and ratings about this entity must first be collected electronically from other entities (i.e. raters) in the environment. As with any electronic transmission, security always becomes a crucial issue. The tampered feedback and rating values would result in an invalid measurement of an entity's trustworthiness. Thus, this issue needs to be addressed to ensure the accuracy of the trustworthiness computation. In this paper, we propose a security extension to our TIDE (Trust In Digital Environment) framework. This security extension upholds the integrity of feedback and ratings value during its electronic transmissions. The inclusivity of this method further maintains the accuracy of TIDE trustworthiness computation. In addition, this security extension can be universally applied in other trust and reputation systems.
Keywords: trusted computing; TIDE trustworthiness computation; electronic transmission; online entity; reputation systems; security extension; trust in digital environment framework; Authentication; Computational modeling; Educational institutions; Public key; Servers; Tides; Digital Environments; Security; Trust Model; Web of Trust (ID#: 15-5363)


Samuvelraj, G.; Nalini, N., "A Survey Of Self Organizing Trust Method To Avoid Malicious Peers From Peer To Peer Network," Green Computing Communication and Electrical Engineering (ICGCCEE), 2014 International Conference on, pp. 1, 4, 6-8 March 2014. doi: 10.1109/ICGCCEE.2014.6921379
Abstract: Networks are subject to attacks from malicious sources. Sending the data securely over the network is one of the most tedious processes. A peer-to-peer (P2P) network is a type of decentralized and distributed network architecture in which individual nodes in the network act as both servers and clients of resources. Peer to peer systems are incredibly flexible and can be used for wide range of functions and also a Peer to peer (P2P) system prone to malicious attacks. To provide a security over peer to peer system the self-organizing trust model has been proposed. Here the trustworthiness of the peers has been calculated based on past interactions and recommendations. The interactions and recommendations are evaluated based on importance, recentness, and satisfaction parameters. By this the good peers were able to form trust relationship in their proximity and avoids the malicious peers.
Keywords: client-server systems; computer network security; fault tolerant computing; peer-to-peer computing; recommender systems; trusted computing;P2P network; client-server resources; decentralized network architecture; distributed network architecture; malicious attacks; malicious peers; malicious sources; peer to peer network; peer to peer systems; peer trustworthiness; satisfaction parameters;self organizing trust method; self-organizing trust model; Computer science; History; Measurement; Organizing; Peer-to-peer computing; Security; Servers; Metrics; Network Security; Peer to Peer; SORT (ID#: 15-5364)


Garakani, M.R.; Jalali, M., "A Trust Prediction Approach By Using Collaborative Filtering And Computing Similarity In Social Networks," Technology, Communication and Knowledge (ICTCK), 2014 International Congress on, pp. 1, 4, 26-27 Nov. 2014. doi: 10.1109/ICTCK.2014.7033535
Abstract: Along with the increasing popularity of social web sites, users rely more on the trustworthiness information for many online activities among users. However, such social network data often suffers from severe data sparsity and aren't able to provide users with enough information. Therefore, trust prediction has emerged as an important topic in social network research. Nowadays, trust prediction is not calculated with high accuracy. Collaborative filtering approach has become more applicable and is almost used in recommendation systems. In this approach, it is tried tha-tusers' rating of certain areas to be gathered and the similarity of users or items are measured, the most suitable and nearest item of user's preference will be realized and recommended. By using this concept and the most innovative and available approach to measure similarity is recommended to the target user. Then the trusted user is found. The results demonstrate that the recommended approach significantly improves the accuracy of trust prediction in social networks.
Keywords: collaborative filtering; recommender systems; social networking (online); trusted computing; collaborative filtering; computing similarity; data sparsity; item similarity; online activities; recommendation systems; social Web sites; social networks; trust prediction approach; trustworthiness information; user preference; user similarity; Accuracy; Collaboration; Computational modeling; Educational institutions; Filtering; Measurement; Social network services; collaborative filtering; similarity; social networks; trust; trust prediction (ID#: 15-5365)


Guibing Guo; Jie Zhang; Thalmann, D.; Yorke-Smith, N., "ETAF: An Extended Trust Antecedents Framework For Trust Prediction," Advances in Social Networks Analysis and Mining (ASONAM), 2014 IEEE/ACM International Conference on, pp. 540, 547, 17-20 Aug. 2014. doi: 10.1109/ASONAM.2014.6921639
Abstract: Trust is one source of information that has been widely adopted to personalize online services for users, such as in product recommendations. However, trust information is usually very sparse or unavailable for most online systems. To narrow this gap, we propose a principled approach that predicts implicit trust from users' interactions, by extending a well-known trust antecedents framework. Specifically, we consider both local and global trustworthiness of target users, and form a personalized trust metric by further taking into account the active user's propensity to trust. Experimental results on two real-world datasets show that our approach works better than contemporary counterparts in terms of trust ranking performance when direct user interactions are limited.
Keywords: security of data; user interfaces; ETAF; active user propensity; direct user interactions; extended trust antecedents framework; global trustworthiness; local trustworthiness; personalized trust metric; product recommendations; real-world datasets; trust prediction; trust ranking performance; Computational modeling; Conferences; Educational institutions; Equations; Measurement; Social network services; Support vector machines; Trust prediction; trust antecedents framework; user interactions; user ratings (ID#: 15-5366)


Pandit, C.M.; Ladhe, S.A., "Secure Routing Protocol in MANET using TAC," Networks & Soft Computing (ICNSC), 2014 First International Conference on, pp.107,112, 19-20 Aug. 2014. doi: 10.1109/CNSC.2014.6906693
Abstract: MANET is the self-organized and distributed system with no central administration and requires no infrastructure. Due to this, the MANET is used in emergency services and during natural calamities. Nodes have to co-operate with each other for routing packets. Security is the major challenge for these networks. The compromised node can adversely affect the quality and reliability of data. To improve the security of the MANET, it is essential to evaluate the trustworthiness of nodes. In this paper, we have used the scheme that evaluates the trusted communication path with the help of Trust Allocation Certificate TAC. TAC declares the degree of trustworthiness of particular node. TAC can be used to detect the spoofed ID, trust falsified and packet dropping behavior of nodes.
Keywords: mobile ad hoc networks; routing protocols; telecommunication network reliability; telecommunication security; MANET; TAC; distributed system; malicious node; mobile ad hoc networks; packet dropping behavior; secure routing protocol; self-organized system; trust allocation certificate; trusted communication path; Measurement; Mobile ad hoc networks; Reliability; Routing; Routing protocols; Security; Adhoc Routing; MANET; Malicious Node; NS2 (ID#: 15-5367)


Paverd, A.; Martin, A.; Brown, I., "Privacy-Enhanced Bi-Directional Communication In The Smart Grid Using Trusted Computing," Smart Grid Communications (SmartGridComm), 2014 IEEE International Conference on, pp. 872, 877, 3-6 Nov. 2014.  doi: 10.1109/SmartGridComm.2014.7007758
Abstract: Although privacy concerns in smart metering have been widely studied, relatively little attention has been given to privacy in bi-directional communication between consumers and service providers. Full bi-directional communication is necessary for incentive-based demand response (DR) protocols, such as demand bidding, in which consumers bid to reduce their energy consumption. However, this can reveal private information about consumers. Existing proposals for privacy-enhancing protocols do not support bi-directional communication. To address this challenge, we present a privacy-enhancing communication architecture that incorporates all three major information flows (network monitoring, billing and bi-directional DR) using a combination of spatial and temporal aggregation and differential privacy. The key element of our architecture is the Trustworthy Remote Entity (TRE), a node that is singularly trusted by mutually distrusting entities. The TRE differs from a trusted third party in that it uses Trusted Computing approaches and techniques to provide a technical foundation for its trustworthiness. A automated formal analysis of our communication architecture shows that it achieves its security and privacy objectives with respect to a previously-defined adversary model. This is therefore the first application of privacy-enhancing techniques to bi-directional smart grid communication between mutually distrusting agents.
Keywords: data privacy; energy consumption; incentive schemes; invoicing; power engineering computing; power system measurement; protocols; smart meters; smart power grids; trusted computing; TRE; automated formal analysis; bidirectional DR information flow; billing information flow; differential privacy; energy consumption reduction; incentive-based demand response protocol; network monitoring information flow; privacy-enhanced bidirectional smart grid communication architecture; privacy-enhancing protocol; smart metering; spatial aggregation; temporal aggregation; trusted computing; trustworthy remote entity; Bidirectional control; Computer architecture; Monitoring; Privacy; Protocols; Security; Smart grids (ID#: 15-5368)


Asmare, E.; McCann, J.A., "Lightweight Sensing Uncertainty Metric—Incorporating Accuracy and Trust," Sensors Journal, IEEE, vol. 14, no. 12, pp. 4264, 4272, Dec. 2014. doi: 10.1109/JSEN.2014.2354594
Abstract: The future will involve millions of networked sensors whose sole purpose is to gather data about various phenomena so that it can be used in making informed decisions. However, each measurement performed by a sensor has an associated uncertainty in its value, which if not accounted for properly, could potentially derail the decision process. Computing and embedding the associated uncertainties with data are, therefore, crucial to providing reliable information for sensor-based applications. In this paper, we present a novel unified framework for computing uncertainty based on accuracy and trust. We present algorithms for computing accuracy and trustworthiness and also propose an approach for propagating uncertainties. We evaluate our approach functionally by applying it to data sets collected from past deployments and demonstrate its benefits for in-network processing as well as fault detection.
Keywords: lightweight structures; measurement uncertainty; sensors; accuracy; data sets; lightweight sensing uncertainty metric; trust; unified framework; Accuracy; Measurement uncertainty; Sensors; Standards; Systematics; Temperature measurement; Uncertainty; Accuracy; sensing uncertainty; trust (ID#: 15-5369)


Vaidyanathan, K.; Das, B.P.; Sumbul, E.; Renzhi Liu; Pileggi, L., "Building Trusted Ics Using Split Fabrication," Hardware-Oriented Security and Trust (HOST), 2014 IEEE International Symposium on,  pp. 1, 6, 6-7 May 2014. doi: 10.1109/HST.2014.6855559
Abstract: Due to escalating manufacturing costs the latest and most advanced semiconductor technologies are often available at off-shore foundries. Utilizing these facilities significantly limits the trustworthiness of the corresponding integrated circuits for mission critical applications. We address this challenge of cost-effective and trustworthy CMOS manufacturing for advanced technologies using split fabrication. Split fabrication, the process of splitting an IC into an untrusted and trusted component, enables the designer to exploit the most advanced semiconductor manufacturing capabilities available offshore without disclosing critical IP or system design intent. We show that split fabrication after the Metal1 layer is secure and has negligible performance and area overhead compared to complete IC manufacturing in the off-shore foundry. Measurements from split fabricated 130nm testchips demonstrate the feasibility and efficacy of the proposed approach.
Keywords: CMOS integrated circuits; design for testability; foundries; integrated circuit manufacture;Metal1 layer; area overhead; integrated circuit manufacturing; mission critical integrated circuits; offshore foundries; size 130 nm; split fabrication; test chips; trustworthy CMOS manufacturing; Decision support systems; Hardware design languages; IP networks; Random access memory; Security; System-on-chip; Circuit obfuscation; Design for trust; Hardware security; Split fabrication (ID#: 15-5370)


Yier Jin; Sullivan, D., "Real-Time Trust Evaluation In Integrated Circuits," Design, Automation and Test in Europe Conference and Exhibition (DATE), 2014, pp. 1, 6, 24-28 March 2014. doi: 10.7873/DATE.2014.104
Abstract: The use of side-channel measurements and fingerprinting, in conjunction with statistical analysis, has proven to be the most effective method for accurately detecting hardware Trojans in fabricated integrated circuits. However, these post-fabrication trust evaluation methods overlook the capabilities of advanced design skills that attackers can use in designing sophisticated Trojans. To this end, we have designed a Trojan using power-gating techniques and demonstrate that it can be masked from advanced side-channel fingerprinting detection while dormant. We then propose a real-time trust evaluation framework that continuously monitors the on-board global power consumption to monitor chip trustworthiness. The measurements obtained corroborate our frameworks effectiveness for detecting Trojans. Finally, the results presented are experimentally verified by performing measurements on fabricated Trojan-free and Trojan-infected variants of a reconfigurable linear feedback shift register (LFSR) array.
Keywords: integrated circuits; invasive software; shift registers; statistical analysis; LFSR array; Trojan-free variants; Trojan-infected variants; advanced design skills; chip trustworthiness; hardware Trojan detection; integrated circuits; on-board global power consumption; post-fabrication trust evaluation methods; power-gating techniques; real-time trust evaluation framework; reconfigurable linear feedback shift register array; side-channel fingerprinting detection; side-channel measurements; Erbium; Hardware; Power demand; Power measurement; Semiconductor device measurement; Testing; Trojan horses (ID#: 15-5371)


Sharifi, M.; Manaf, A.A.; Memariani, A.; Movahednejad, H.; Dastjerdi, A.V., "Consensus-Based Service Selection Using Crowdsourcing Under Fuzzy Preferences of Users," Services Computing (SCC), 2014 IEEE International Conference on, pp. 17, 26, June 27 2014-July 2 2014. doi: 10.1109/SCC.2014.12
Abstract: Different evaluator entities, either human agents (e.g., experts) or software agents (e.g., monitoring services), are involved in the assessment of QoS parameters of candidate services, which leads to diversity in service assessments. This diversity makes the service selection a challenging task, especially when numerous qualities of service criteria and range of providers are considered. To address this problem, this study first presents a consensus-based service assessment methodology that utilizes consensus theory to evaluate the service behavior for single QoS criteria using the power of crowdsourcing. To this end, trust level metrics are introduced to measure the strength of a consensus based on the trustworthiness levels of crowd members. The peers converged to the most trustworthy evaluation. Next, the fuzzy inference engine was used to aggregate each obtained assessed QoS value based on user preferences because we address multiple QoS criteria in real life scenarios. The proposed approach was tested and illustrated via two case studies that prove its applicability.
Keywords: Web services; behavioural sciences computing; fuzzy reasoning; fuzzy set theory; trusted computing; QoS criteria; QoS parameters; QoS value; Web service; candidate services; consensus theory; consensus-based service assessment methodology; consensus-based service selection; crowd members; crowdsourcing; evaluator entities; fuzzy inference engine; fuzzy preferences; human agents; service assessments; service behavior; service criteria; trust level metrics; trustworthiness levels; trustworthy evaluation; user preferences; Convergence; Engines; Fuzzy logic; Measurement; Monitoring; Peer-to-peer computing; Quality of service; Consensus; Fuzzy aggregation; Service selection; Trust; Web service (ID#: 15-5372)


Yi Ying Ng; Hucheng Zhou; Zhiyuan Ji; Huan Luo; Yuan Dong, "Which Android App Store Can Be Trusted in China?," Computer Software and Applications Conference (COMPSAC), 2014 IEEE 38th Annual, pp. 509, 518, 21-25 July 2014. doi: 10.1109/COMPSAC.2014.95
Abstract: China has the world's largest Android population with 270 million active users. However, Google Play is only accessible by about 30% of them, and third-party app stores are thus used by 70% of them for daily Android apps (applications) discovery. The trustworthiness of Android app stores in China is still an open question. In this paper, we present a comprehensive study on the trustworthy level of top popular Android app stores in China, by discovering the identicalness and content differences between the APK files hosted in the app stores and the corresponding official APK files. First, we have selected 25 top apps that have the highest installations in China and have the corresponding official ones downloaded from their official websites as oracle, and have collected total 506 APK files across 21 top popular app stores (20 top third party stores as well as Google Play). Afterwards, APK identical checking and APK difference analysis are conducted against the corresponding official versions. Next, assessment is applied to rank the severity of APK files. All the apps are classified into 3 severity levels, ranging from safe (identical and higher level), warning (lower version or modifications on resource related files) to critical (modifications on permission file and/or application codes). Finally, the severity levels contribute to the final trustworthy ranking score of the 21 stores. The study indicates that about only 26.09% of level APK files are safe, 37.74% of them are at warning level, and 36.17% of them are surprisingly at critical level. We have also found out that 10 (about 2%) APK files are modified and resigned by unknown third-parties. In addition, the average trustworthy ranking score (47.37 over 100) has also highlighted that the trustworthy level of the Android app stores in China is relatively low. In conclusion, we suggest Android users to download APK files from its corresponding official websites or use the highest ranked third-party app stores, and we appeal app stores to ensure all hosting APK files are trustworthy enough to provide a "safe-to-download" environment.
Keywords: Android (operating system); security of data; APK files; Android App Store; Android app stores; China; Google Play; safe-to-download environment; third-party app stores; Androids; Distance measurement; Google; Humanoid robots; Libraries; Mobile communication; Smart phones; APK; Android; app store; severity ranking; trustworthy (ID#: 15-5373)


Almanea, M.I.M., "Cloud Advisor - A Framework towards Assessing the Trustworthiness and Transparency of Cloud Providers," Utility and Cloud Computing (UCC), 2014 IEEE/ACM 7th International Conference on, pp. 1018, 1019, 8-11 Dec. 2014. doi: 10.1109/UCC.2014.168
Abstract: We propose a Cloud Advisor framework that couples two salient features: trustworthiness and transparency measurement. It provides a mechanism to measure trustworthiness based on the history of the cloud provider taking into account evidence support and to measure transparency based on the Cloud Controls Matrix (CCM) framework. The selection process is based on a set of assurance requirements that if are met by the cloud provider or if it has been considered in a tool it could bring assurance and confidence to cloud customers.
Keywords: cloud computing; matrix algebra; trusted computing; CCM framework; assurance requirement; cloud advisor; cloud controls matrix framework; cloud customer; cloud provider; selection process; transparency measurement; trustworthiness measurement; Cloud computing; Conferences; Educational institutions; History; Monitoring; Privacy; Security; assurance requirements ;cloud computing; cloud providers; framework; measurement ;transparency; trustworthiness (ID#: 15-5374)


Yu Bai; Gang Yin; Huaimin Wang, "Multi-dimensions of Developer Trustworthiness Assessment in OSS Community," Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, pp. 75, 81, 24-26 Sept. 2014. doi: 10.1109/TrustCom.2014.14
Abstract: With the prosperity of the Open Source Software, various software communities are formed and they attract huge amounts of developers to participate in distributed software development. For such software development paradigm, how to evaluate the skills of the developers comprehensively and automatically is critical. However, most of the existing researches assess the developers based on the Implementation aspects, such as the artifacts they created or edited. They ignore the developers' contributions in Social collaboration aspects, such as answering questions, giving advices, making comments or creating social connections. In this paper, we propose a novel model which evaluate the individuals' skills from both Implementation and Social collaboration aspects. Our model defines four metrics from multi-dimensions, including collaboration index, technical skill, community influence and development contribution. We carry out experiments on a real-world online software community. The results show that our approach can make more comprehensive measurement than the previous work.
Keywords: groupware; public domain software; security of data; social aspects of automation; software metrics; trusted computing; OSS community; collaboration index; community influence; developer trustworthiness assessment; development contribution; distributed software development; open source software; question answering; real-world online software community; social collaboration aspects; technical skill; Collaboration; Communities; Educational institutions; Equations; Indexes; Mathematical model; Software; Developer assessment; OSS community; multi-Dimensions contribution; trustworthiness (ID#: 15-5375)


Singal, H.; Kohli, S., "Conceptual Model For Obfuscated TRUST Induced From Web Analytics Data For Content-Driven Websites," Advances in Computing, Communications and Informatics (ICACCI, 2014 International Conference on, pp. 2781, 2785, 24-27 Sept. 2014. doi: 10.1109/ICACCI.2014.6968622
Abstract: Besides e-commerce, infobahn has become an imperative mediocre to provide significant content on services such as academics, medical, legal, relationships, meteorological, general knowledge, etc. to users in a judicious manner. To fascinate additional users to various content providers on the Web, it is essential to build a relationship of trust with them by meritoriously achieving online content optimization by estimating content items' attractiveness and relevance to users' interests. But more than building, the long term sustenance of TRUST is necessary to bind users with the website forever. The perseverance of the present study is to contribute in the effective measurement of TRUST evolved and maintained for Web mediated Information Exchange (W-MIE) or content websites over a long run.
Keywords: Internet; Web sites; data analysis; data integrity; TRUST; W-MIE; Web analytics data; Web mediated information exchange; content-driven Web sites; online content optimization; Analytical models; Computational modeling; Data models; Time measurement; Usability; Web sites; Content-driven websites; TRUST; Trustworthiness; Web mediated Information Exchange (WMIE) (ID#: 15-5376)


Almanea, M.I.M., "A Survey and Evaluation of the Existing Tools that Support Adoption of Cloud Computing and Selection of Trustworthy and Transparent Cloud Providers," Intelligent Networking and Collaborative Systems (INCoS), 2014 International Conference on, pp. 628, 634, 10-12 Sept. 2014. doi: 10.1109/INCoS.2014.42
Abstract: In spite of the benefits that could flow from its adoption, cloud computing brings new challenges associated with potential lack of transparency, trust, and loss of controls. With a growing number of cloud service providers, potential customers will require methods for selecting trustworthy and appropriate providers. We discuss existing tools, methods and frameworks that promote the adoption of cloud computing models, and the selection of trustworthy cloud service providers. We propose a set of customer's assurance requirements as a basis for comparative evaluation, and is applied to several popular tools (CSA STAR, CloudTrust Protocol, C.A.RE and Cloud Provider Transparency Scorecard). We describe a questionnaire-based survey in which respondents evaluate the extent to which these tools have been used, and assess their usefulness. The majority of respondents agreed on the importance of using the tools to assist migration to the cloud and, although most respondents have not used the tools, those who have used them reported them helpful. It has been noticed that there might be a relationship between a tool's compliance to the proposed requirements and the popularity of using these tools, and these results should encourage cloud providers to address customers' assurance requirements.
Keywords: cloud computing; trusted computing; cloud computing; cloud migration; cloud service providers; customers assurance requirements; questionnaire-based survey; transparent cloud providers; trustworthy cloud providers; Certification; Cloud computing; Measurement; Monitoring; Protocols; Security; Standards; cloud computing; cloud service provider; measurement; selection; transparency; trustworthiness (ID#: 15-5377)


Wenhe Li; Tie Bao; Lu Han; Shufen Liu; Chen Qu, "Evidence-Driven Quality Evaluation Model Of Collaboration Software Trustworthiness," Computer Supported Cooperative Work in Design (CSCWD), Proceedings of the 2014 IEEE 18th International Conference on, pp. 65, 70, 21-23 May 2014. doi: 10.1109/CSCWD.2014.6846818
Abstract: Establishment of quality evaluation model of trustworthiness plays an important role in quality analysis for collaboration software. Therefore, this paper researches the quality evaluation model and proposes a method of establishing the quality level model based on practical evidence. This method is mainly carried out as follows: The trustworthiness evidence model is established through collecting the practical evidence in the systems development life cycle. Then the measurement method and the value range are analyzed and the trustworthiness level model is established to provide the evaluation criterion to the evaluation of software trustworthiness. The quality level model based on the practical evidence is able to ensure the practical operability of the evaluation of trustworthiness and to lower down the work complexity.
Keywords: groupware; software quality; trusted computing; collaboration software trustworthiness; evidence-driven quality evaluation model; measurement method; quality analysis; quality level model; systems development life cycle; trustworthiness evidence model; trustworthiness level model; value range; Analytical models; Collaboration; Data models; Libraries; Software; Software algorithms; Software measurement; collaboration software; practical evidence; quality evaluation; trustworthiness level model (ID#: 15-5378)


Di Cerbo, F.; Kaluvuri, S.P.; Motte, F.; Nasser, B.; Chen, W.X.; Short, S., "Towards a Linked Data Vocabulary for the Certification of Software Properties," Signal-Image Technology and Internet-Based Systems (SITIS), 2014 Tenth International Conference on, pp. 721, 727, 23-27 Nov. 2014. doi: 10.1109/SITIS.2014.29
Abstract: In order to cater for a growing user base that requires varied functionalities and owns multiple devices, software providers are using cloud solutions as the preferred technical means. In fact, all major operating systems come with a tight integration to cloud services. Software solutions that have such integration with cloud services should disclose (transparency) this to the consumer. Furthermore, with mounting concerns over the security of software, consumers are demanding assurance over the software being used. Software certification can address both issues: security and transparency of software, thereby providing comprehensive assurance to consumers. However current software certifications are tailored for human consumption and represented in natural language, a major issue that hinders automated reasoning to be performed on them. Focused research efforts in the past few years have resulted in a Digital Certification concept, a machine process able representation of certifications, that can cater to different software provisioning models. We extend the notion of a Digital Certification by using the Linked Data vocabulary to express general characteristics of software systems that benefits from existing and future knowledge from the Linked Data community. This greatly increases the usability of such Digital Certifications and has a wider impact on the Software certification landscape.
Keywords: certification; cloud computing; natural language processing; operating systems (computers);security of data; software engineering; certification representation; cloud solutions; digital certification concept; digital certifications; linked data community; linked data vocabulary; natural language; operating systems; software property certification; software provisioning models; software security; software transparency; Context; Measurement; Security; Software systems; Time factors; Vocabulary; assurance; certification; digital certificate; linked data; security; trust; trustworthiness (ID#: 15-5379)


Valente, J.; Barreto, C.; Cardenas, A.A., "Cyber-Physical Systems Attestation," Distributed Computing in Sensor Systems (DCOSS), 2014 IEEE International Conference on, pp. 354, 357, 26-28 May 2014. doi: 10.1109/DCOSS.2014.61
Abstract: Cyber-Physical Systems (CPS) are monitored and controlled by a wide variety of sensors and controllers. However, it has been repeatedly demonstrated that most of the devices interacting with the physical world (sensors and controllers) are extremely fragile to security incidents. One particular technology that can help us improve the trustworthiness of these devices is software attestation. While software attestation can help a verifier check the integrity of devices, it still has several drawbacks that have limited their application in the field, like establishing an authenticated channel, the inability to provide continuous attestation, and the need to modify devices to implement the attestation procedure. To overcome these limitations, we propose CPS-attestation as an attestation technique for control systems to attest their state to an external verifier. CPS-attestation enables a verifier to continuously monitor the dynamics of the control system over time and detect whether a component is not behaving as expected or if it is driving the system to an unsafe state. Our goal in this position paper is to initiate the discussion on the suitability of applying attestation techniques to control systems and the associated research challenges.
Keywords: control engineering computing; formal verification; trusted computing; CPS-attestation technique; control system dynamics; controllers; cyber-physical systems; device trustworthiness; security incidents; sensors; software attestation procedure; Control systems; Current measurement; Hardware; Monitoring; Security; Software; Software measurement; Software attestation; critical infrastructure protection; cyber-physical systems (ID#: 15-5380)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.