Human Factors in Developing Trustworthy Service-Based Systems

About This Presentation

Title:

Human Factors in Developing Trustworthy Service-Based Systems

Description:

Human Factors in Developing Trustworthy Service-Based Systems Stephen S. Yau Information Assurance Center, and School of Computing, Informatics, and Decision Systems ... – PowerPoint PPT presentation

Number of Views:90

Avg rating:3.0/5.0

Slides: 45

Provided by: Stephen798

Learn more at: https://paris.utdallas.edu

Category:

more less

Transcript and Presenter's Notes

Title: Human Factors in Developing Trustworthy Service-Based Systems

1
Human Factors in Developing Trustworthy
Service-Based Systems

Stephen S. Yau
Information Assurance Center, and
School of Computing, Informatics, and Decision
Systems Eng. Arizona State University
Tempe, Arizona USA
yau_at_asu.edu

2
Evolution of Computing Paradigms
3
Outline

Trustworthy Service-Based Systems (SBS)
Challenges of Developing Trustworthy SBS
Human Factors in Developing Trustworthy SBS
Current State of Art
An Example
Future Research

4
Service-Based Systems (SBS)

Based on service-oriented architecture (SOA)
Adopted in various application domains
E-business
Health care information systems
Homeland security
Various collaborations
Services in SBS provide standard interfaces for
accessing capabilities offered by various
providers
Services in SBS compose to form workflows
(business processes) to provide functionality not
provided by any individual service

5
Service-Based Systems (SBS) (cont.)

Many advantages of SBS, among them
Interoperation of heterogeneous systems
Rapid composition of applications (workflows)
from distributed services
Adaptation to dynamic application requirements of
users or environments (functional and QoS)

6
Trustworthy SBS

Trustworthy SBS are needed for various critical
applications due to
Over public or private networks, as well as
mobile networks more open to attacks
Interactions involving unknown entities
Dynamic and pervasive environments
Large-scale and cross-domain service
collaborations
Distributed control
Dynamic QoS expectations for multiple workflows

7
Trustworthy SBS (cont.)

Major aspects
Human
Users and collaborators
Service and infrastructure providers
Insiders and outsiders
Devices, software, and system architectures
Dynamic security policies and enforcement
Dynamic user requirements and environments
Effective techniques
Cost, usability and efficiency

8
Trustworthy SBS (cont.)

Various system technologies are needed for
developing trustworthy SBS
Security
Trust management
Situation awareness
Runtime adaptation
QoS monitoring and analysis
QoS requirement trade-off
Resource allocation

9
Challenges of Developing Trustworthy SBS

Interactions among services may have unforeseen
consequences in trust, security, QoS, and risk
Possible problems
Untrusted/malicious services
Intermediate results generated during service
interactions may reveal sensitive information
Trustworthiness of service providers,
infrastructure providers and users

10
Challenges of Developing Trustworthy SBS (cont.)

SBS has multiple QoS requirements from multiple
users for various applications
Runtime tradeoffs among expected QoS requirements
Example Mechanisms providing security protection
are often computationally intensive and require
certain sacrifice in other QoS (e.g. service
delay and throughput) with available resources
Cost, usability and efficiency

11
Challenges of Developing Trustworthy SBS (cont.)

Environments of SBS often dynamically change
Make assessing trust and risk difficult
Need situation awareness due to dynamic trust and
risk
Need adaptive enforcement of security policies
Information needed for making decisions regarding
trustworthiness usually distributed on multiple
services and organizations.
Need cooperative decision making (e.g.
delegation, policy composition with multiple
organizations, collaborative QoS management, risk
assessment, trust evaluation)
Need efficient enforcement of distributed
security policies
Need protection against various entities

12
Challenges of Developing Trustworthy SBS (cont.)

Service selection and composition
How to select most appropriate services and
compose them to satisfy both functional and QoS
requirements of various users, while ensure
overall system trustworthiness and security?
Need meaningful and quantitative metrics for
trustworthiness, security and various attributes
of overall SBS
How to rank service ranking to identify the
best services satisfying their requirements

13
What are Human Factors?

In general, a human factor is a physical,
psychological or cognitive property of an
individual or an individual in a community, which
is specific to humans and influences on
technological systems as well as their
applications.
Examples Influences, interests, relationships
(collaboration/competition), opinions
(positive/negative/neutral, support/against),
knowledge (expertise), reputation, wisdom,
physical and psychological factors (stress,
fatigue, fear, happy).

14
Why Should Human Factors Be Considered in
Developing TSBS?

Cyber systems become more powerful, and their
applications become more diverse and pervasive
Human factors are increasingly influential on the
quality and efficiency of generating the results
because
SBS getting more embedded
Applications increasingly involving multi-party
collaborations and often more pervasive
Applications must address multiple quality
aspects expected by users, such as security,
privacy, trustworthiness and performance

15
Three Levels of Human Factors

Level 1. Direct Human-and-Human Relations
Collaboration of among users of cyber systems
Level 2. Indirect Human-and-Human Relations
Service-users choose the services from service
providers through service directories
First-time collaborations among the users based
on past data
Level 3. Human in Communities
Influence among users of cyber systems
Knowledge sharing among the users of cyber
systems
Matching service-users interest with services

16
Direct Human-and-Human Relations

Challenges
How to quantify human factors in terms of the
determinants, such as workload on the human,
fatigue, learnability, attention, vigilance,
human relations, human performance, human
reliability, stress, individual differences,
aging, safety, and results of decision making.
How human factors affect humans themselves?

17
Indirect Human and Human Relations

Example
In a SBS, the providers upload their
services/applications. The users search the
service/application directory for the SBS and
select the services/applications they need.
Besides the quality of the services/applications,
each user is concerned with the trustworthiness
of the services.
Challenge How can a user choose a trustworthy
service?
Related human factors human relationships,
stress, feedback, etc

18
Human in Communities

Challenges
How do the human factors from one person affect
other persons in the community?
How do the human factors from other persons in a
community affect one person in the community?
How do the human factors from one person in a
community spread in the SBS used by the
community?

19
Human in Communities (cont.)

Example
In a SBS, it is not easy for users to find their
match services/applications. It is also difficult
for the service providers to introduce their
services/applications to possible interested
users using the SBS.
Challenge How to incorporate human factors to
match all service-users with all
services/applications automatically and
efficiently?
Related human factors influence, interests,
opinions, human relationships

20
Current State of Art

Incorporating human factors in developing cyber
systems and applications
Research has been mainly conducted by
researchers in psychology and sociology, and few
computer scientists and engineers.
Primarily focus on human-machine interactions,
human-computer interactions, situation awareness,
and human errors

21
Current State of Art (cont.)

Automated service composition based on various
formal specifications
Process calculi BPEL4WS
QoS-aware service composition in SBS
Optimizing QoS attributes of services using the
genetic algorithm during the service compositions
(G. Canfora, et al., University of Sannio,
Italy).
QoS provisioning for composed services, based on
the Service Level Agreement (SLA) contracts of
individual services (X. Gu, et al., University of
Illinois, Urbana)
Developing QoS-aware middleware for web service
composition to maximize users satisfaction
expressed in utility functions over QoS
attributes. (L. Zeng, et al., IBM)

22
Current State of Art (cont.)

Tradeoffs among security and multiple QoS in SBS
Development of a framework for quantifying the
strength of system security (M. Satyanarayanan,
et al., Carnegie Mellon University)
An adaptive model for tradeoff between service
performance and security in service-based
environments (S. Yau, et al., Arizona State
University)
A comprehensive QoS model for service-based
systems, (I. Jureta, et al., University of Namur,
Belgium)

23
Current State of Art (cont.)

Adaptive resource allocation in SBS
A multi-layered resource management framework for
dynamic resource management in enterprise
systems. (P. Lardieri, et al., Lockheed Martin
Corporation)
Decentralized online resource allocation for
dynamic web service applications (J. Stoesser,
et al., Universitat Karlsruhe, Germany).
A regression based analytical model for dynamic
resource provisioning of multi-tier applications
(Q. Zhang, et al, HP Labs)
Adaptive resource allocation for SBS (S. Yau, et
al., Arizona State University)

24
Current State of Art (cont.)

Design of SBS for QoS Monitoring and adaptation
A development methodology for adaptive
service-based software systems (S. Yau, et al,
Arizona State University)
Comprehensive QoS monitoring of Web services and
event-based SLA violation detection (Michlmayr,
et al, Vienna University of Technology, Austria)
Testing of SBS
Dynamic Reconfigurable Testing of
Service-Oriented Architecture (W. Tsai, et al,
Arizona State University)

25
Current State of Art (cont.)

Trust estimation in SBS
Flexible trust model for distributed service
infrastructure (Z. Liu, University of North
Carolina at Charlotte, S. Yau, Arizona State
University)
Trusted computing platforms in web services
(Nagarajan, et al, Macquarie University,
Australia)
Trust management for context-aware service
platforms (Neisse, et al, University of Twente,
the Netherlands)
Improving trust estimation in SBS (S. Yau and P.
Sun, Arizona State University)

SERE 2012, S. S. Yau
25
26
An Example Improving Trust Estimation in SBS

Improving trust estimation in service-based
systems by incorporating human factors as well as
QoS profiles

27
Trust Estimation in SBS

Trust management needs to be incorporated in SBSs
to estimate service providers trustworthiness so
that users can decide whether to accept the
services provided by the providers.
Limitations of existing trust estimation
approaches
Only similarity of user profiles is considered
Based on pairwise trust relationship, which
normally does not include the transitive property
in the propagation of trust among service
providers.

SERE 2012, S. S. Yau
28
An Example Improving Trust Estimation in SBS
(cont.)

Incorporating two common human factors
competition and collaboration in interpersonal
relationships, as well as QoS profiles, which
have significant effects on trust estimation in
SBS.

SERE 2012, S. S. Yau
29
Network Model to be Used in Our Approach

V a set of vertices (service providers)
E two sets of directed edges (intention of one
vertex to another)
Competing edges (dashed lines)
Collaborating edges (solid lines)
Wedge the weighting factor of an edge, which
indicates the weight of competition or
collaboration.
In the range of 0, 1

SERE 2012, S. S. Yau
29
30
Definition of a Transaction

A transaction in an SBS consists of three phases
Request phase a user of a SBS requires services.
Selection phase the requester chooses services
from the service providers of the SBS with trust
values exceeding an acceptable threshold
specified by the user.
Feedback phase the requester gives feedback to
the SBS on the quality of the services used.

SERE 2012, S. S. Yau
30
31
Definition of a Transaction (cont.)

Information recorded in a transaction
Which service providers selected by a service
user
QoS profiles of all the selected services.
Record all aspects of quality of each service
required by user
Two types
Claimed QoS profiles provided by the service
providers along with their services when
publishing the services.
Feedback QoS profiles provided by the service
user in the feedback phase after using the
services.

SERE 2012, S. S. Yau
31
32
Definition of a QoS Profile

A QoS profile of a service in a transaction is a
vector with n elements, each of which represents
a quantifiable aspect of the service, important
for trust estimation.
Consider three aspects Accuracy, delay and
throughput
Claimed QoS profile
Provided by service providers
Denoted by cProfile ltcQ1, cQ2, , cQngt
Feedback QoS profile
Provided by service users
Denoted by fProfile ltfQ1, fQ2, , fQngt

SERE 2012, S. S. Yau
32
33
Improving Trust Estimation in SBS

Initialization
Initialize the trust values of all service
providers of the SBS based on historic
transactions using QoS profiles, collaboration
and competition.
Utilization
Update the trust values of the service providers
in current transaction using QoS profile.
Update the trust values of all the other service
providers using competition and collaboration.

SERE 2012, S. S. Yau
33
34
Improving Trust Estimation in SBS (cont.)
Trust Values (Initialization)
Existing Trust Estimation
3
Trust System Adaptor
Estimated Trust Values
Original Trust Values
Trust Dissemination
4
Estimated Trust Values
Estimated Trust Values
Trust refinement module calculates the trust
values of service providers based on QoS
profiles, competition and collaboration.
Trust Refinement Module
Profile evaluation module processes the
transactions to extract the QoS profiles.
Service-Based System
QoS Profiles
2
Transactions (Utilization)
1
Profile Evaluation Module
Log(s)
Log Transactions (Initialization)
1
SERE 2012, S. S. Yau
34
35
Improving Trust Estimation in SBS (cont.)
Trust Values (Initialization)
Existing Trust Estimation
3
Trust System Adaptor
5
6
Original Trust Values
Estimated Trust Values
7
Trust Dissemination
4
Estimated Trust Values
Estimated Trust Values
Trust Refinement Module
The estimated trust values are dis-seminated to
service providers in SBS
Service-Based System
QoS Profiles
2
Transactions (Utilization)
1
Profile Evaluation Module
Log(s)
Log Transactions (Initialization)
1
SERE 2012, S. S. Yau
35
36
Effect of QoS Profile on Trust Estimation

If the feedback QoS profiles of a selected
service is better than its corresponding claimed
QoS profiles, then the service user can decide
the service provider is more trustworthy, and
consequently increase the estimated trust value
of the service provider.
Otherwise, decrease the estimated trust value of
the service provider.

SERE 2012, S. S. Yau
36
37
Comparison of Claimed and Feedback QoS Profiles

For a given service, ith signed normalized aspect
difference (snadi) is the signed normalized
difference between the ith aspects of its
feedback QoS profile and its claimed QoS profile.
Sign of snadi is decided by the system
administrator, e.g.
cQi is better than fQi, positive
cQi is worse than fQi, negative
snadi is given by

where di_max and di_min are the maximal and
minimal differences of the ith aspect among all
transactions
SERE 2012, S. S. Yau
37
38
Comparison of Claimed and Feedback QoS Profiles
(cont.)

Compare cProfile and fProfile
M is the overall score of the comparison.
where w1, , wn are user-assigned weights for
various aspects in QoS profile

SERE 2012, S. S. Yau
38
39
Improvement of Trust Estimation Using QoS Profiles

If M is positive, then the feedback QoS profile
is better than the claimed QoS profile
otherwise, the feedback QoS profile is worse than
the claimed QoS profile.
Improvement of the trust estimation using QoS
profiles.
T(u) is improved estimated trust value of
service provider u
T(u) is original estimated trust value of service
provider u
? is the parameter for adjusting the effect of M
By default, ? 0.85.

SERE 2012, S. S. Yau
39
40
Improvement of Trust Estimation Using QoS
Profiles (cont.)

Rule 1. Competition relationship increases the
trust values of the participants in the
competition group.
Competition limits free-ride
The more time one spends, the more one is likely
to trust the people in this group.
Rule 2. Collaboration relationship increases
trust.
When two persons collaborate with each other,
they tend to solve problems together and this
process can help to build trust between them.
Rule 3. Transitive property of trust.
Whenever one service providers trust value
changes, the trust values of his/her neighbors
will also change accordingly.
The trust value of a service provider is
uniformly propagated to all the other service
providers he intends to compete or collaborate
with.

SERE 2012, S. S. Yau
40
41
Improvement of Trust Estimation Using QoS
Profiles (cont.)

Rules 1 and 2 show the positive correlation
between trust and competition or collaboration.
Rule 3 defines how the trust values should be
propagated among the whole network of SBS.
The propagation of the trust values of service
providers is similar to PageRank (a webpage
reputation estimation approach).
The more people who intend to compete or
collaborate with a service provider, the more
trustful the service provider is.

SERE 2012, S. S. Yau
41
42
Expertise Needed to Incorporate Human Factors in
Developing TSBS

Services and cloud computing
Software and systems engineering
Networking, including mobile ad hoc networks,
intelligent devices, and social networks
Information assurance and security
Cognitive science
Psychology
Business
Culture

43
Future Research to Incorporate Human Factors in
Developing TSBS

Develop meaningful metrics to quantify human
factors and QoS aspects of SBS, including trust,
security and others useful for developing TSBS
Develop a general framework with necessary
techniques and tools to effectively incorporate a
variety of relevant human factors in developing
TSBS
Validation