Trustworthiness Attributes and Metrics for Engineering Trusted Internet-Based Software Systems

  • Nazila Gol MohammadiEmail author
  • Sachar Paulus
  • Mohamed Bishr
  • Andreas Metzger
  • Holger Könnecke
  • Sandro Hartenstein
  • Thorsten Weyer
  • Klaus Pohl
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 453)


Trustworthiness of Internet-based software systems, apps, services and platform is a key success factor for their use and acceptance by organizations and end-users. The notion of trustworthiness, though, is subject to individual interpretation and preference, e.g., organizations require confidence about how their business critical data is handled whereas end-users may be more concerned about usability. As one main contribution, we present an extensive list of software quality attributes that contribute to trustworthiness. Those software quality attributes have been identified by a systematic review of the research literature and by analyzing two real-world use cases. As a second contribution, we sketch an approach for systematically deriving metrics to measure the trustworthiness of software system. Our work thereby contributes to better understanding which software quality attributes should be considered and assured when engineering trustworthy Internet-based software systems.


Trust Trustworthiness Trustworthiness attributes Socio-Technical Systems Information and communication technologies Metric 



The research leading to these results has received funding from the European Union’s 7th Framework Programme FP7/2007-2013 under grant agreement 317631 (OPTET).


  1. 1.
    Pazos-Revilla, M., Siraj, A.: Tools and techniques for SSE-CMM implementation. In: 12th World Multi-Conference on Systemics, Cybernetics and Informatics, (2008)Google Scholar
  2. 2.
    Huang, L., Bai, X., Nair, S.: Developing a SSE-CMM-based security risk assessment process for patient-centered healthcare systems. In: 6th International Workshop on Software Quality, pp. 11–16. ACM, New York (2008)Google Scholar
  3. 3.
    Capability Maturity Model® Integration, Software Engineering Institute, Carnegie Mellon University Version 1.1Google Scholar
  4. 4.
    Sztompka, P.: Trust: A Sociological Theory. Cambridge University Press, Cambridge (1999)Google Scholar
  5. 5.
    Dahrendorf, R.: Reflections on the Revolution in Europe. Transaction Publishers, New Brunswick (2005)Google Scholar
  6. 6.
    Golembiewski, R., McConkie, M.: The centrality of interpersonal trust in group processes. In: Cooper, C.L. (ed.) Theories of Group Processes, pp. 131–185. Wiley, London (1975)Google Scholar
  7. 7.
    Deutsch, M.: Cooperation and trust: some theoretical notes. In: Jones, M.R. (ed.) Nebraska Symposium on Motivation, pp. 275–319. University of Nebraska Press, Lincoln (1962)Google Scholar
  8. 8.
    Shapiro, S.P.: The social control of impersonal trust. The Am. J. Sociol. 93(3), 623–658 (1987)CrossRefGoogle Scholar
  9. 9.
    Luhmann, N.: Trust and Power. Wiley, Chichester (1979)Google Scholar
  10. 10.
    Mei, H., Huang, G., Xie, T.: Internetware: a software paradigm for internet computing. Computer 45(6), 26–31 (2012)CrossRefGoogle Scholar
  11. 11.
    Sommerville, I.: Software Engineering. Perarson, London (2011)Google Scholar
  12. 12.
    OPTET Consortium: Project 317631 OPerational Trustworthiness Enabling Technologies, Annex I – Description of Work, Technical report, (2012)Google Scholar
  13. 13.
    Whitworth, B.: A Brief Introduction to Sociotechnical Systems. In: Khosrow-Pour, M. (ed.) Encyclopedia of Information Science and Technology, 2nd edn, pp. 394–400. IGI Global, CITY (2009)Google Scholar
  14. 14.
    Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)CrossRefGoogle Scholar
  15. 15.
    Li, M., Li, J., Song, H., Wu, D.: Risk management in the trustworthy software process: a novel risk and trustworthiness measurement model framework. In: 5th International Joint Conference on INC, IMS and IDC, pp. 214–219. IEEE Computer Society Press, Los Alamitos (2009)Google Scholar
  16. 16.
    ISO 15408-1, Common Criteria, 2009. Information technology – Security techniques – Evaluation criteria for IT security. Geneva, SwitzerlandGoogle Scholar
  17. 17.
    San-Martín, S., Camarero, C.: A cross-national study on online consumer perceptions, trust, and loyalty. J. Organ. Comput. Electron. Commer. 22, 64–86 (2012)Google Scholar
  18. 18.
    Chen, C., Wang, K., Liao, S., Zhang, Q., Dai, Y.: A Novel server-based application execution architecture. In: International Conference on Computational Science and Engineering, 12th IEEE International Conference on Computational Science and Engineering, pp. 678–683, IEEE Computer Society Press, Los Alamitos (2009)Google Scholar
  19. 19.
    Harris, L.C., Goode, M.M.: The four levels of loyalty and the pivotal role of trust: a study of online service dynamics. J. Retail. 80, 139–158 (2004)CrossRefGoogle Scholar
  20. 20.
    Gómez, M., Carbó, J., Benac-Earle, C.: An anticipatory trust model for open distributed systems. In: Butz, M.V., Sigaud, O., Pezzulo, G., Baldassarre, G. (eds.) ABiALS 2006. LNCS (LNAI), vol. 4520, pp. 307–324. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Yolum, P., Singh, M.P.: Engineering self-organizing referral networks for trustworthy service selection. IEEE Trans. Syst. Man Cybern. Part A Syst. Hum. 35(3), 396–407 (2005)CrossRefGoogle Scholar
  22. 22.
    Yan, Z., Goel, G.: An adaptive trust control model for a trustworthy component software platform. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Yu. (eds.) ATC 2007. LNCS, vol. 4610, pp. 226–238. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  23. 23.
    S-Cube: Quality Reference Model for SBA. Technical report, S-Cube European Network of Excellence (2008)Google Scholar
  24. 24.
    Boehm, B.W., Brown, J.R., Lipow, M.: Quantitative evaluation of software quality. In: 2nd International Conference on Software Engineering, pp. 592–605. IEEE Computer Society Press, Los Alamitos (1976)Google Scholar
  25. 25.
    Adrion, W.R., Branstad, M.A., Cherniavsky, J.C.: Validation, verification, and testing of computer software. ACM J. Comput. Surv. 14(2), 159–192 (1982)CrossRefGoogle Scholar
  26. 26.
    McCall, J.A., Richards, P.K., Walters, G.F.: Factors in Software Quality: US Department of Commerce, National Technical Information Service (1977)Google Scholar
  27. 27.
    ISO/IEC: ISO 9126-1: 2001, Software Engineering – Product quality – Part 1: Quality Model. Standard, International Organization of Standardization (2001)Google Scholar
  28. 28.
    Gol Mohammadi, N., Paulus, S., Bishr, M., Metzger, A., Koennecke, H., Hartenstein, S., Pohl, K.: An analysis of software quality attributes and their contribution to trustworthiness, In: 3rd International Conference on Cloud Computing and Services Science, Special Session on Security Governance and SLAs in Cloud Computing, (2013)Google Scholar
  29. 29.
    McKnight, D.H., Choudhury, V., Kacmar, C.: Developing and validating trust measures for e-Commerce: An integrative typology. J. Inf. Syst. Res. 13(3), 334–359 (2002)CrossRefGoogle Scholar
  30. 30.
    Patil, V., Shyamasundar, R.K.: Trust management for e-Transactions. Sadhana 30(2–3), 141–158 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  31. 31.
    Sommerville, I., Dewsbury, G.: Dependable domestic systems design: a socio-technical approach. J. Interact. Comput. 19(4), 438–456 (2007)CrossRefGoogle Scholar
  32. 32.
    Paulus, S., Mohammadi, N.G., Weyer, T.: Trustworthy software development. In: De Decker, B., Dittmann, J., Kraetzer, C., Vielhauer, C. (eds.) CMS 2013. LNCS, vol. 8099, pp. 233–247. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  33. 33.
    Basili, V.R., Rombach, H.D.: The TAME Project: Towards improvement oriented software environments. IEEE Trans. Softw. Eng. 14(6), 758–773 (1988)CrossRefGoogle Scholar
  34. 34.
    Li, M., Li, J., Song, H., Wu, D.: Risk management in the trustworthy software process: a novel risk and trustworthiness measurement model framework. In: 5th International Joint Conference on INC, IMS and IDC, pp. 214–219. IEEE Computer Society Press, Los Alamitos (2009)Google Scholar
  35. 35.
    Herrmann, D.S.: Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI. Auerbach Publications, Boca Raton (2007)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Nazila Gol Mohammadi
    • 1
    Email author
  • Sachar Paulus
    • 2
  • Mohamed Bishr
    • 1
  • Andreas Metzger
    • 1
  • Holger Könnecke
    • 2
  • Sandro Hartenstein
    • 2
  • Thorsten Weyer
    • 1
  • Klaus Pohl
    • 1
  1. 1.Paluno – The Ruhr Institute for Software TechnologyDuisburg-Essen UniversityEssenGermany
  2. 2.Department of EconomicsBrandenburg University of Applied SciencesBrandenburgGermany

Personalised recommendations