analysis of trust-based approaches for web service selection

Introduction State of the art Discussion Conclusions

Analysis of Trust-Based Approaches for WebService Selection

Nicola Dragoni Nicola Miotto Davide Papini

Department of Informatics and Mathematical Modelling Technical University of Denmark

NODES 2011 - 5th Nordic Workshop on Dependability and Security28 June 2011

Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 1 / 35


Outline1 Introduction

Service Oriented Computing2 State of the art

Classification3 Discussion

Pluses & MinusesDirect ExperienceTTPHybridAutomated Trust Negotiation

Questions & IssuesSoft trust VS Hard trust

4 ConclusionsSoft trust + Hard trustSteps



Introduction



Service Oriented Computing

The SOC vision

Service oriented architecture to improve code reuse andintegrationWeb Services: the bricksBrought to its full potential: automatic discovery and compositionof web services



Service Oriented Computing

VTA Scenario

Alice has to develop a Virtual Tourism AgencyDevelopment by service composition:

flight bookingcar rentaccommodation bookinge-payment

Several flight booking services found...

WS TrustworthinessWhich one can be trusted?



State of the art



Classification

Classes

Figure: Current approaches for trust provisioning



Classification

Centralized vs Distributed

CentralizedTrust score owned and provided by a central authority.Can’t be good for everyoneSingle point of failurehard to maintain (great scalability demand in SOA)not fitting to a large open system such as SOA.

DistributedTrust score computed with the help of other peers in the systemSpecific issues for each kind of system



Pluses & Minuses

Pluses & Minuses of currentapproaches



Pluses & Minuses

Direct Experience

DefinitionA service consumer trusts a service because of his good pastexperience with the service.

+ User fitting score → the trust score (derived by the user) isperfectly fitting with his needs- Blind execution → The consumer has to unconditionally trust theweb service in order to use/evaluate it.

SOA = open system where everyone can publish its(malicious) code

- Otherwise he has to unconditionally distrust and discard it (evenif it was actually good)



Pluses & Minuses

Main issues

Unconditional Trust/Distrust: the user is constrained to a “take itor leave it” approach for some services.



Pluses & Minuses

TTP - Social

DefinitionThe trust score of a service/provider is community-driven.

3 classes:Reputation: A service consumer trusts a service because of hisgood reputation → reputation derived from direct experience ofthe members of the communityRecommendation: A service consumer trusts a service becauseof some recommendations obtained by a trusted authority →recommendation score mined from knowledge of user,community and dominium.Referrals: A service consumer trusts a service because of somereferrals obtained from trusted software agents → rating likely tobe honest.



Pluses & Minuses

TTP - Social

Shared features:+ Pre-use trust score → there are chances to obtain a trust scorebefore using a WS- Community Dependent- New WS Ramp-up



Pluses & Minuses

Main issues

Unconditional Trust/Distrust: the user is constrained to a “take itor leave it” approach for some services.

New WS Ramp-up: how to evaluate a brand new Web Servicejoining the network?Community dependency: a community based trust evaluationalways relies on the quality of the community itself. How tobootstrap a good community?



Pluses & Minuses

Main issues

Unconditional Trust/Distrust: the user is constrained to a “take itor leave it” approach for some services.New WS Ramp-up: how to evaluate a brand new Web Servicejoining the network?

Community dependency: a community based trust evaluationalways relies on the quality of the community itself. How tobootstrap a good community?



Pluses & Minuses

Main issues

Unconditional Trust/Distrust: the user is constrained to a “take itor leave it” approach for some services.New WS Ramp-up: how to evaluate a brand new Web Servicejoining the network?Community dependency: a community based trust evaluationalways relies on the quality of the community itself. How tobootstrap a good community?



Pluses & Minuses

TTP - Social

Specific features:Reputation

- most of the suggested approaches are centralized



Pluses & Minuses

Main issues

Unconditional Trust/Distrust: the user is constrained to a “take itor leave it” approach for some services.New WS Ramp-up: how to evaluate a brand new Web Servicejoining the network?Community dependency: a community based trust evaluationalways relies on the quality of the community itself. How tobootstrap a good community?

Centralized: single point of failure, hard to maintain, black boxcomputed trust, not fitting to a large open system such as SOA.



Pluses & Minuses

Main issues

Unconditional Trust/Distrust: the user is constrained to a “take itor leave it” approach for some services.New WS Ramp-up: how to evaluate a brand new Web Servicejoining the network?Community dependency: a community based trust evaluationalways relies on the quality of the community itself. How tobootstrap a good community?Centralized: single point of failure, hard to maintain, black boxcomputed trust, not fitting to a large open system such as SOA.



Pluses & Minuses

TTP - Social


- most of the suggested approaches are centralizedRecommendation

+ trust score fitting to the user profile and behaviour;- either the user has to disclose (maybe) sensitiveinformations or new user ramp-up issue;- most of the approaches are centralized;



Pluses & Minuses

Main Issues

Unconditional Trust/Distrust: the user is constrained to a “take itor leave it” approach for some services.New WS Ramp-up: how to evaluate a brand new Web Servicejoining the network?Community dependency: a community based trust evaluationalways relies on the quality of the community itself. How tobootstrap a good community?Centralized: single point of failure, hard to maintain, black boxcomputed trust, not fitting to a large open system such as SOA.

New User Ramp-up: the user, in certain approaches, needs along interaction with the system in order to be “known” and receivefitting suggestions.



Pluses & Minuses

Main Issues

Unconditional Trust/Distrust: the user is constrained to a “take itor leave it” approach for some services.New WS Ramp-up: how to evaluate a brand new Web Servicejoining the network?Community dependency: a community based trust evaluationalways relies on the quality of the community itself. How tobootstrap a good community?Centralized: single point of failure, hard to maintain, black boxcomputed trust, not fitting to a large open system such as SOA.New User Ramp-up: the user, in certain approaches, needs along interaction with the system in order to be “known” and receivefitting suggestions.



Pluses & Minuses

TTP - Social


- most of the suggested approaches are centralizedRecommendation

+ trust score fitting to the user profile and behaviour;- either the user has to disclose (maybe) sensitiveinformations or new user ramp-up issue;- most of the approaches are centralized;

Referrals+ rates coming from trusted peers;



Pluses & Minuses

TTP - Matchmaker

MatchmakerA service consumer trusts a service because a trusted(central/distributed) matchmaker states that the service’s policymatches the consumer’s ones.

+ Pre-use trust score+ User-fitting suggestions+ Liar-recognition provided by some studies



Pluses & Minuses

TTP - Matchmaker

- Hard to setup → Both consumer and provider need to register tomatchmaker- Those ones based on a Centralized architecture suffer of all thedrawbacks of centralized systems → Both provider and consumerhas to disclose their policies to a central authority- Those based on a Distributed architecture demand the consumerto trust an agent instead of a service (problem moved, not solved)



Pluses & Minuses

Main issues

Unconditional Trust/Distrust: the user is constrained to a “take itor leave it” approach for some services.New WS Ramp-up: how to evaluate a brand new Web Servicejoining the network?Community dependency: a community based trust evaluationalways relies on the quality of the community itself. How tobootstrap a good community?Centralized: single point of failure, hard to maintain, black boxcomputed trust, not fitting to a large open system such as SOA.New User Ramp-up: the user, in certain approaches, needs along interaction with the system in order to be “known” and receivefitting suggestions.

Hard Setup: an approach can be good but really difficult to installin the real world, making it less incisive.



Pluses & Minuses

Main issues

Unconditional Trust/Distrust: the user is constrained to a “take itor leave it” approach for some services.New WS Ramp-up: how to evaluate a brand new Web Servicejoining the network?Community dependency: a community based trust evaluationalways relies on the quality of the community itself. How tobootstrap a good community?Centralized: single point of failure, hard to maintain, black boxcomputed trust, not fitting to a large open system such as SOA.New User Ramp-up: the user, in certain approaches, needs along interaction with the system in order to be “known” and receivefitting suggestions.Hard Setup: an approach can be good but really difficult to installin the real world, making it less incisive.



Pluses & Minuses

Hybrid - Socio Cognitive

Socio-CognitiveThe degree of trust is a function of the subjective certainty of thepertinent beliefs. Therefore, A service consumer trusts a servicebecause of some of its subjective beliefs.

Multi-Agent System where sources of subjective beliefs are directexperience, reputation, categorization, reasoning

+ Accurate trust computation+ User-fitting suggestions- it inherits all the shortcomings deriving from the adopted beliefsource- agents has to be conforming to a model to communicate → hardto setup



Pluses & Minuses

Hybrid - Trust & Reputation

Trust & ReputationA system providing for a trustworthiness score employingmethodologies based on both reputation and trust, in order to improvesome weaknesses of the constituent methodologies.

+ some methodologies provide liars recognition+ pre-use trust score+ some sort of result can be obtained even with poor communityor brand new service- effectiveness still tightly connected to community quality and webservices “age”- centralized



Pluses & Minuses

Hybrid - Direct experience & Reputation

Direct Experience & ReputationThe trust towards a service is evaluated by means of the user directexperience combined with the service reputation.

Trust based on agent direct experience or other agent directexperience (reputation)

+ issues of constituent models mitigated- new web service ramp-up issue- community dependent



Pluses & Minuses

Automated Trust Negotiation

Credential-Based TrustA service consumer and a service provider mutually trust each otherbecause the access control policy of the requested service iscompliant with the access control policy of the service consumer.

MUTUAL TRUST between service consumer and provider+ user defined policies bring to a user fitting trust score+ trust can ALWAYS be computed- hard to setup- no standard protocol or language defined- current studies not fully “web service aware”

WS treated as a single operationTrust “Keep alive” not supported



Questions & Issues

Questions & Issues



Questions & Issues

Questions

1 How does the trust score fit the user needs?

2 Does the provider/consumer have to disclose any sensitiveinformations?

3 Can the user know how the trust is calculated?4 How does the community influence the trust score?5 Does the user has to unconditionally trust/distrust certain

services?6 What is the trustworthiness of a brand new WS?7 How hard is the trust provisioning infrastructure to setup and

maintain?



Questions & Issues

Questions

1 How does the trust score fit the user needs?2 Does the provider/consumer have to disclose any sensitive

informations?

3 Can the user know how the trust is calculated?4 How does the community influence the trust score?5 Does the user has to unconditionally trust/distrust certain


maintain?



Questions & Issues

Questions


informations?3 Can the user know how the trust is calculated?

4 How does the community influence the trust score?5 Does the user has to unconditionally trust/distrust certain


maintain?



Questions & Issues

Questions


informations?3 Can the user know how the trust is calculated?4 How does the community influence the trust score?

5 Does the user has to unconditionally trust/distrust certainservices?

6 What is the trustworthiness of a brand new WS?7 How hard is the trust provisioning infrastructure to setup and

maintain?



Questions & Issues

Questions


informations?3 Can the user know how the trust is calculated?4 How does the community influence the trust score?5 Does the user has to unconditionally trust/distrust certain

services?

6 What is the trustworthiness of a brand new WS?7 How hard is the trust provisioning infrastructure to setup and

maintain?



Questions & Issues

Questions



services?6 What is the trustworthiness of a brand new WS?

7 How hard is the trust provisioning infrastructure to setup andmaintain?



Questions & Issues

Questions




maintain?



Questions & Issues

Main issues

Unconditional Trust/Distrust: the user is constrained to a “take itor leave it” approach for some services.New WS Ramp-up: how to evaluate a brand new Web Servicejoining the network?Community dependency: a community based trust evaluationalways relies on the quality of the community itself. How tobootstrap a good community?Centralized: single point of failure, hard to maintain, black boxcomputed trust, not fitting to a large open system such as SOA.New User Ramp-up: the user, in certain approaches, needs along interaction with the system in order to be “known” and receivefitting suggestions.Hard Setup: an approach can be good but really difficult to installin the real world, making it less incisive.



Soft trust VS Hard trust





Soft Trust

Participants in a market collaborate each other in sharinginformations on other participants or services.Malicious user can be identified and consequently put asideThe vast majority of the analyzed approaches (communitydependent) are based on “Soft trust”Main issue: if someone does not take the risk of invoking anunknown service for the first time, then no one will be able todecide about the trustworthiness of the service before itsinvocation




Hard Trust

Trustworthiness of a WS could be derived just from the anon-functional contractSemantic of a WS is taken into account (i.e. security behaviour)Not dependent on the “social control philosophy”Main issue: no fault-recognition provided, i.e. anyone can providefake/wrong contract/policies



Conclusions



Soft trust + Hard trust

Soft trust + Hard trust

Hybrid system turned to be generally improving constituent methods:Hard trust + Soft trust =

ALWAYS possible to obtain a trust value for discovered WebServicesMalicious users/services bypassing the trust system are put asidefrom the community



Steps

Steps

1 define what “trust” and “trustworthiness” mean → two terms arestill confused to date

2 combine hard trust and soft trust methodologies in a unifiedframework

3 adapt them to a Service Oriented Computing environment

Alice will be finally able to safely choose where to book a flightwhen she needs it.


analysis of trust-based approaches for web service selection

Technology

dtutrustbased approaches

ws trustworthinesswhich

ws selection28

service composition

trust provisioningnicola

preuse trust score

conclusions soft trust

hard trust stepsnicola