Trust Negotiation FrameworkGuidance for Developers

  1. Kolar, Martin
Dirigida por:
  1. Javier López Muñoz Director/a
  2. María del Carmen Fernández Gago Director/a

Universidad de defensa: Universidad de Málaga

Fecha de defensa: 20 de junio de 2022

Tribunal:
  1. María Cristina Alcaraz Tello Presidente/a
  2. Félix Gómez Mármol Secretario
  3. Joaquín García Alfaro Vocal

Tipo: Tesis

Teseo: 727214 DIALNET lock_openRIUMA editor

Resumen

Trust negotiation represents a suitable approach for building trust between entities. Unlike traditional approaches, trust negotiation does not require a previous experience with an entity. This is especially useful for online environments, in which entities are anonymous and their attributes are unknown. Trust negotiation covers many research areas and may need to address various requirements, such as security and privacy. In this thesis, we propose a general trust negotiation framework that facilitates establishing a trust relationship between two entities. The framework supports diverse trust negotiation scenarios and is applicable for a wide range of use cases. We follow the Software Development Life Cycle that divides a development process of the framework into particular phases. Developers are guided through this process step by step and are enabled to create their own trust negotiation models based on their requirements. Our intention is that developers were able to include trust negotiation into their software in a clear and proper way. We begin with an identification and analysis of criteria that we consider to be desired for trust negotiation. The criteria are classified based on their importance. We also analyse a set of potentially suitable policy languages for trust negotiation and match their attributes against the identified criteria. We aim to determine the most suitable language that supports most of the criteria. Then, we propose a UML-based specification for modelling trust negotiation. Its design is modular and flexible in order to provide a wide range of features and configurations that are customisable by a developer. Based on the specification, we propose a trust negotiation module that is a software component capable of performing automated trust negotiation on behalf of entities. The module is a self-contained unit that encapsulates all the needed functionality for trust negotiation and connects to other modules by defined interfaces. Finally, we define a trust negotiation ride-sharing scenario in order to validate our proposal. Based on it, we specify four use cases that are deployed in computing devices. The devices are interconnected by a local wireless network and carry out trust negotiation autonomously. Each use case utilises a different negotiation strategy. We analyse the strategies in terms of their efficiency for building trust and preserving privacy. To conclude, we created a general trust negotiation framework that facilitates the development of trust negotiation models. We proposed an approach with a set of methodologies for integrating trust negotiation into a software product. Although there are trust negotiation models reviewed in the literature and commercially available on the market, we found that there is missing a complex guidance for software engineers and developers that want to create their own implementation. Therefore, they have to carry out the whole process of development on their own, which is time-consuming and costly. Also, such a process requires high experience in the field of trust that the developers may not have.