A Trust Monitoring Architecture for Service-Based Software



Service-based software can be misused by potentially untrustworthy service requestors while providing services. A service-based system is usually dynamic due to mutual collaboration among stakeholders to achieve goals, perform tasks and manage resources. However, it lacks the presence of a central authority to monitor the trustworthiness of service users. In this chapter, we propose a trust monitoring architecture, called TrAM (Trust Architecture for Monitoring) to monitor the trustworthiness of service users at run-time, facilitating the analysis of interactions from trust perspectives. Monitoring allows the enforcement of corrective actions that may protect the software by mitigating major unwanted incidents. The performance of the architecture has been evaluated by monitoring a prototype file-sharing grid.


Accuracy Table Access Control Model Direct Trust Recommendation Accuracy Service Session 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Gambetta D (1988) Can we trust trust? In: Trust: Making and Breaking Cooperative Relations. Chapter 13. University of Oxford: 213–237.Google Scholar
  2. [2]
    Yu B, Singh MP (2002) An evidential model of distributed reputation mechanism. In: Proc. of the 1st Intl. Joint Conf. on Autonomous Agents and multi-agent systems. Italy. ACM Press: 294–301.CrossRefGoogle Scholar
  3. [3]
    Lin C, Varadharajan V (2006) Trust based risk management for distributed system security a new approach. In: Proc. of the 1st International Conference on Availability, Reliability and Security. Vienna, Austria. IEEE CS Press: 6–13.Google Scholar
  4. [4]
    English C, Terzis S, Nixon P (2005) Towards self-protecting ubiquitous systems: monitoring trust-based interactions. In: Personal and Ubiquitous Computing 10(1). Springer: 50–54.Google Scholar
  5. [5]
    Dimmock N, Bacon J, Ingram D, Moody K (2005) Risk models for trust-based access control (TBAC). In: Proc. of the 3rd Annual Conference on Trust Management (LNCS v3477). France. Springer: 364–371.Google Scholar
  6. [6]
    Uddin MG, Zulkernine M (2008) UMLtrust: Towards developing trust-aware software. In: Proc. of the 23rd ACM Symposium on Applied Computing. Brazil. ACM Press: 831–836.Google Scholar
  7. [7]
    Uddin MG, Zulkernine M, Ahamed SI (2008) CAT: A context-aware trust model for open and dynamic systems. In: Proc. of the 23rd Annual ACM Symposium on Applied Computing. Fortaleza, Brazil. ACM Press: 2024–2029.Google Scholar
  8. [8]
    Azzedin F, Maheswaran M (2003) Trust modeling for peer-to-peer based computing systems. In: Proc. of the International Symposium on Parallel and Distributed Processing. USA. IEEE CS Press: 10pp.CrossRefGoogle Scholar
  9. [9]
    Deng Y, Wang F (2007) A heterogeneous storage grid enabled by grid service. In: ACM SIGOPS Operating Systems Review 41(1). ACM Press: 7–13.CrossRefGoogle Scholar
  10. [10]
    Bellifemine F, Caire G, Poggi A, Rimassa G (2003) Jade: A white paper. In: EXP in Search of Innovation 3(3): 14pp.Google Scholar
  11. [11]
    MySQL 5.0 Reference Manual (2008). In: MySQL Enterprise Server.Google Scholar
  12. [12]
    Jurca R, Faltings B, Binder W (2007) Reliable QoS monitoring based on client feedback. In: Proc. of the 16th Intl. Conference on World Wide Web. Canada. ACM Press: 1003–1012.CrossRefGoogle Scholar
  13. [13]
    Zhang Y, Lin K, Hsu J (2007) Accountability monitoring and reasoning in service-oriented architectures. In: Journal of Service Oriented Computing and Applications 1(1). Springer: 35–50.CrossRefGoogle Scholar
  14. [14]
    Baresi L, Ghezzi C, Guinea S (2004) Smart monitors for composed services. In: Proc. of the 2nd International Conference on Service-Oriented Computing. USA. ACM Press: 193–202.CrossRefGoogle Scholar
  15. [15]
    Skene J, Skene A, Crampton J, Emmerich W (2007) The monitorability of service-level agreements for application-service provision. In: Proc. of the 6th International Workshop on Software and Performance. Buenos Aires, Argentina. ACM Press: 3–14.CrossRefGoogle Scholar
  16. [16]
    Spanoudakis G, Mahbub K (2004) Requirements monitoring for service–based systems: towards a framework based on event calculus. In: Proc. of the 19th International Conference on Automated Software Engineering. Linz, Austria. IEEE CS Press: 379–384.CrossRefGoogle Scholar
  17. [17]
    Robinson WN (2003) Monitoring web service requirements. In: Proc. of the 11th IEEE International Conference on Requirements Engineering. Japan. IEEE CS Press: 65–74.Google Scholar
  18. [18]
    Letia T, Marginean A, Groza A (2007) Z-based agents for service-oriented computing. In: Proc. of the Service-Oriented Computing: Agents, Semantics, and Engineering (LNCS v4504). Honolulu, HI, USA. Springer: 160–174.CrossRefGoogle Scholar
  19. [19]
    Yan Y, Cordier MO, Pencole Y, Grastien A (2005) Monitoring Web service networks in a model-based approach. In: Proc. of the 3rd European Conference on Web Services. Vaxj, Sweden. IEEE CS Press: 192–203.Google Scholar
  20. [20]
    Rochford K, Coghlan B, Walsh J (2006) An agent-based approach to grid service monitoring. In: Proc. of the 5th Intl. Symposium on Parallel and Distributed Computing. Romania. IEEE CS Press: 345–351.CrossRefGoogle Scholar
  21. [21]
    Peng L, Koh M, Song J, See S (2006) Grid service monitoring for grid market framework. In: Proc. of the 14th IEEE International Conf. on Networks. Singapore. IEEE CS Press: 1–6.CrossRefGoogle Scholar
  22. [22]
    Mao H, Hunag L, Li M (2005) Service-based grid resource monitoring with common information model. In: Proc. of the IFIP International Conf on Network and Parallel Computing (LNCS v3779). Beijing, China. Springer: 80–83.Google Scholar
  23. [23]
    Sahai A, Machiraju V, Wursterl K (2001) Monitoring and controlling internet-based e-services. In: Proc. of 2nd Workshop on Internet Applications. USA. IEEE CS Press: 41–48.Google Scholar
  24. [24]
    Zhang W, Bi J, Wu J, Qin Z (2007) An approach to optimize local trust algorithm for SureMsg service. In: Proc. of the ECSIS Symposium on Bio-inspired, Learning, and Intelligent Systems for Security. Edinburgh, UK. IEEE CS Press: 51–54.CrossRefGoogle Scholar
  25. [25]
    Kamvar SD, Schlosser MT, Molina-Garcia H (2003) The eigentrust algorithm for reputation management in P2P networks. In: Proc. of the 12th International Conference on World Wide Web. Budapest, Hungary. ACM Press: 640–651.Google Scholar
  26. [26]
    Lesani M, Bagheri S (2006) Applying and inferring fuzzy trust in semantic web social networks, in Proc. of the Canadian Semantic Web. Quebec City, Canada. Springer: 23–43.CrossRefGoogle Scholar
  27. [27]
    Sherchan W, Loke S, Krishnaswamy S (2006) A fuzzy model for reasoning about reputation in web services. In: Proc. of 21st Annual ACM Symposium on Applied Computing. Dijon, France. ACM Press: 1886–1892.Google Scholar
  28. [28]
    Rajbhandari S, Contes A, Rana OF, Deora V, Wootten I (2006) Trust assessment using provenance in service oriented applications. In: Proc. of the 10th IEEE on Intl. Enterprise Distributed Object Computing Conference Workshops. Hong Kong. IEEE CS Press: 65–72.CrossRefGoogle Scholar
  29. [29]
    Etalle S, Winsborough W (2005) Integrity constraints in trust management. In: Proc. of the 10th Symposium on Access Control Models and Technologies, Sweden. ACM Press: 1–10.CrossRefGoogle Scholar
  30. [30]
    Ryutov T, Zhou L, Neuman C, Foukia N, Leithead T, Seamons K (2005) Adaptive trust negotiation and access control for grids. In: Proc. of the 6th IEEE/ACM International Workshop on Grid Computing. Washington, USA. IEEE CS Press: 55–62.CrossRefGoogle Scholar
  31. [31]
    Chakraborty S, Ray I (2006) TrustBAC: Integrating trust relationships into the RBAC model for access control in open systems. In: Proc. of the 11th ACM Symposium on Access Control Models and Technologies. California, USA. ACM Press: 49–58.Google Scholar
  32. [32]
    Dimmock N, Belokosztolszki A, Eyers D, Bacon J, Ingram D, Moody K (2004) Using trust and risk in role-based access control policies. In: Proc. of the 9th ACM Symposium on Access Control Models and Technologies, New York, USA. ACM Press: 156–162.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag US 2009

Authors and Affiliations

  1. 1.Dept. of Electrical and Computer EngineeringQueen’s UniversityKingstonCanada
  2. 2.School of ComputingQueen’s UniversityKingstonCanada

Personalised recommendations