Human Factors in Developing Trustworthy Service-Based Systems - PowerPoint PPT Presentation

1 / 44
About This Presentation
Title:

Human Factors in Developing Trustworthy Service-Based Systems

Description:

Human Factors in Developing Trustworthy Service-Based Systems Stephen S. Yau Information Assurance Center, and School of Computing, Informatics, and Decision Systems ... – PowerPoint PPT presentation

Number of Views:100
Avg rating:3.0/5.0
Slides: 45
Provided by: Stephen798
Category:

less

Transcript and Presenter's Notes

Title: Human Factors in Developing Trustworthy Service-Based Systems


1
Human Factors in Developing Trustworthy
Service-Based Systems
  • Stephen S. Yau
  • Information Assurance Center, and
  • School of Computing, Informatics, and Decision
    Systems Eng. Arizona State University
  • Tempe, Arizona USA
  • yau_at_asu.edu

2
Evolution of Computing Paradigms
3
Outline
  • Trustworthy Service-Based Systems (SBS)
  • Challenges of Developing Trustworthy SBS
  • Human Factors in Developing Trustworthy SBS
  • Current State of Art
  • An Example
  • Future Research

4
Service-Based Systems (SBS)
  • Based on service-oriented architecture (SOA)
  • Adopted in various application domains
  • E-business
  • Health care information systems
  • Homeland security
  • Various collaborations
  • Services in SBS provide standard interfaces for
    accessing capabilities offered by various
    providers
  • Services in SBS compose to form workflows
    (business processes) to provide functionality not
    provided by any individual service

5
Service-Based Systems (SBS) (cont.)
  • Many advantages of SBS, among them
  • Interoperation of heterogeneous systems
  • Rapid composition of applications (workflows)
    from distributed services
  • Adaptation to dynamic application requirements of
    users or environments (functional and QoS)

6
Trustworthy SBS
  • Trustworthy SBS are needed for various critical
    applications due to
  • Over public or private networks, as well as
    mobile networks more open to attacks
  • Interactions involving unknown entities
  • Dynamic and pervasive environments
  • Large-scale and cross-domain service
    collaborations
  • Distributed control
  • Dynamic QoS expectations for multiple workflows

7
Trustworthy SBS (cont.)
  • Major aspects
  • Human
  • Users and collaborators
  • Service and infrastructure providers
  • Insiders and outsiders
  • Devices, software, and system architectures
  • Dynamic security policies and enforcement
  • Dynamic user requirements and environments
  • Effective techniques
  • Cost, usability and efficiency

8
Trustworthy SBS (cont.)
  • Various system technologies are needed for
    developing trustworthy SBS
  • Security
  • Trust management
  • Situation awareness
  • Runtime adaptation
  • QoS monitoring and analysis
  • QoS requirement trade-off
  • Resource allocation

9
Challenges of Developing Trustworthy SBS
  • Interactions among services may have unforeseen
    consequences in trust, security, QoS, and risk
  • Possible problems
  • Untrusted/malicious services
  • Intermediate results generated during service
    interactions may reveal sensitive information
  • Trustworthiness of service providers,
    infrastructure providers and users

10
Challenges of Developing Trustworthy SBS (cont.)
  • SBS has multiple QoS requirements from multiple
    users for various applications
  • Runtime tradeoffs among expected QoS requirements
  • Example Mechanisms providing security protection
    are often computationally intensive and require
    certain sacrifice in other QoS (e.g. service
    delay and throughput) with available resources
  • Cost, usability and efficiency

11
Challenges of Developing Trustworthy SBS (cont.)
  • Environments of SBS often dynamically change
  • Make assessing trust and risk difficult
  • Need situation awareness due to dynamic trust and
    risk
  • Need adaptive enforcement of security policies
  • Information needed for making decisions regarding
    trustworthiness usually distributed on multiple
    services and organizations.
  • Need cooperative decision making (e.g.
    delegation, policy composition with multiple
    organizations, collaborative QoS management, risk
    assessment, trust evaluation)
  • Need efficient enforcement of distributed
    security policies
  • Need protection against various entities

12
Challenges of Developing Trustworthy SBS (cont.)
  • Service selection and composition
  • How to select most appropriate services and
    compose them to satisfy both functional and QoS
    requirements of various users, while ensure
    overall system trustworthiness and security?
  • Need meaningful and quantitative metrics for
    trustworthiness, security and various attributes
    of overall SBS
  • How to rank service ranking to identify the
    best services satisfying their requirements

13
What are Human Factors?
  • In general, a human factor is a physical,
    psychological or cognitive property of an
    individual or an individual in a community, which
    is specific to humans and influences on
    technological systems as well as their
    applications.
  • Examples Influences, interests, relationships
    (collaboration/competition), opinions
    (positive/negative/neutral, support/against),
    knowledge (expertise), reputation, wisdom,
    physical and psychological factors (stress,
    fatigue, fear, happy).

14
Why Should Human Factors Be Considered in
Developing TSBS?
  • Cyber systems become more powerful, and their
    applications become more diverse and pervasive
  • Human factors are increasingly influential on the
    quality and efficiency of generating the results
    because
  • SBS getting more embedded
  • Applications increasingly involving multi-party
    collaborations and often more pervasive
  • Applications must address multiple quality
    aspects expected by users, such as security,
    privacy, trustworthiness and performance

15
Three Levels of Human Factors
  • Level 1. Direct Human-and-Human Relations
  • Collaboration of among users of cyber systems
  • Level 2. Indirect Human-and-Human Relations
  • Service-users choose the services from service
    providers through service directories
  • First-time collaborations among the users based
    on past data
  • Level 3. Human in Communities
  • Influence among users of cyber systems
  • Knowledge sharing among the users of cyber
    systems
  • Matching service-users interest with services

16
Direct Human-and-Human Relations
  • Challenges
  • How to quantify human factors in terms of the
    determinants, such as workload on the human,
    fatigue, learnability, attention, vigilance,
    human relations, human performance, human
    reliability, stress, individual differences,
    aging, safety, and results of decision making.
  • How human factors affect humans themselves?

17
Indirect Human and Human Relations
  • Example
  • In a SBS, the providers upload their
    services/applications. The users search the
    service/application directory for the SBS and
    select the services/applications they need.
    Besides the quality of the services/applications,
    each user is concerned with the trustworthiness
    of the services.
  • Challenge How can a user choose a trustworthy
    service?
  • Related human factors human relationships,
    stress, feedback, etc

18
Human in Communities
  • Challenges
  • How do the human factors from one person affect
    other persons in the community?
  • How do the human factors from other persons in a
    community affect one person in the community?
  • How do the human factors from one person in a
    community spread in the SBS used by the
    community?

19
Human in Communities (cont.)
  • Example
  • In a SBS, it is not easy for users to find their
    match services/applications. It is also difficult
    for the service providers to introduce their
    services/applications to possible interested
    users using the SBS.
  • Challenge How to incorporate human factors to
    match all service-users with all
    services/applications automatically and
    efficiently?
  • Related human factors influence, interests,
    opinions, human relationships

20
Current State of Art
  • Incorporating human factors in developing cyber
    systems and applications
  • Research has been mainly conducted by
    researchers in psychology and sociology, and few
    computer scientists and engineers.
  • Primarily focus on human-machine interactions,
    human-computer interactions, situation awareness,
    and human errors

21
Current State of Art (cont.)
  • Automated service composition based on various
    formal specifications
  • Process calculi BPEL4WS
  • QoS-aware service composition in SBS
  • Optimizing QoS attributes of services using the
    genetic algorithm during the service compositions
    (G. Canfora, et al., University of Sannio,
    Italy).
  • QoS provisioning for composed services, based on
    the Service Level Agreement (SLA) contracts of
    individual services (X. Gu, et al., University of
    Illinois, Urbana)
  • Developing QoS-aware middleware for web service
    composition to maximize users satisfaction
    expressed in utility functions over QoS
    attributes. (L. Zeng, et al., IBM)

22
Current State of Art (cont.)
  • Tradeoffs among security and multiple QoS in SBS
  • Development of a framework for quantifying the
    strength of system security (M. Satyanarayanan,
    et al., Carnegie Mellon University)
  • An adaptive model for tradeoff between service
    performance and security in service-based
    environments (S. Yau, et al., Arizona State
    University)
  • A comprehensive QoS model for service-based
    systems, (I. Jureta, et al., University of Namur,
    Belgium)

23
Current State of Art (cont.)
  • Adaptive resource allocation in SBS
  • A multi-layered resource management framework for
    dynamic resource management in enterprise
    systems. (P. Lardieri, et al., Lockheed Martin
    Corporation)
  • Decentralized online resource allocation for
    dynamic web service applications (J. Stoesser,
    et al., Universitat Karlsruhe, Germany).
  • A regression based analytical model for dynamic
    resource provisioning of multi-tier applications
    (Q. Zhang, et al, HP Labs)
  • Adaptive resource allocation for SBS (S. Yau, et
    al., Arizona State University)

24
Current State of Art (cont.)
  • Design of SBS for QoS Monitoring and adaptation
  • A development methodology for adaptive
    service-based software systems (S. Yau, et al,
    Arizona State University)
  • Comprehensive QoS monitoring of Web services and
    event-based SLA violation detection (Michlmayr,
    et al, Vienna University of Technology, Austria)
  • Testing of SBS
  • Dynamic Reconfigurable Testing of
    Service-Oriented Architecture (W. Tsai, et al,
    Arizona State University)

25
Current State of Art (cont.)
  • Trust estimation in SBS
  • Flexible trust model for distributed service
    infrastructure (Z. Liu, University of North
    Carolina at Charlotte, S. Yau, Arizona State
    University)
  • Trusted computing platforms in web services
    (Nagarajan, et al, Macquarie University,
    Australia)
  • Trust management for context-aware service
    platforms (Neisse, et al, University of Twente,
    the Netherlands)
  • Improving trust estimation in SBS (S. Yau and P.
    Sun, Arizona State University)

SERE 2012, S. S. Yau
25
26
An Example Improving Trust Estimation in SBS
  • Improving trust estimation in service-based
    systems by incorporating human factors as well as
    QoS profiles

27
Trust Estimation in SBS
  • Trust management needs to be incorporated in SBSs
    to estimate service providers trustworthiness so
    that users can decide whether to accept the
    services provided by the providers.
  • Limitations of existing trust estimation
    approaches
  • Only similarity of user profiles is considered
  • Based on pairwise trust relationship, which
    normally does not include the transitive property
    in the propagation of trust among service
    providers.

SERE 2012, S. S. Yau
28
An Example Improving Trust Estimation in SBS
(cont.)
  • Incorporating two common human factors
    competition and collaboration in interpersonal
    relationships, as well as QoS profiles, which
    have significant effects on trust estimation in
    SBS.

SERE 2012, S. S. Yau
29
Network Model to be Used in Our Approach
  • V a set of vertices (service providers)
  • E two sets of directed edges (intention of one
    vertex to another)
  • Competing edges (dashed lines)
  • Collaborating edges (solid lines)
  • Wedge the weighting factor of an edge, which
    indicates the weight of competition or
    collaboration.
  • In the range of 0, 1

SERE 2012, S. S. Yau
29
30
Definition of a Transaction
  • A transaction in an SBS consists of three phases
  • Request phase a user of a SBS requires services.
  • Selection phase the requester chooses services
    from the service providers of the SBS with trust
    values exceeding an acceptable threshold
    specified by the user.
  • Feedback phase the requester gives feedback to
    the SBS on the quality of the services used.

SERE 2012, S. S. Yau
30
31
Definition of a Transaction (cont.)
  • Information recorded in a transaction
  • Which service providers selected by a service
    user
  • QoS profiles of all the selected services.
  • Record all aspects of quality of each service
    required by user
  • Two types
  • Claimed QoS profiles provided by the service
    providers along with their services when
    publishing the services.
  • Feedback QoS profiles provided by the service
    user in the feedback phase after using the
    services.

SERE 2012, S. S. Yau
31
32
Definition of a QoS Profile
  • A QoS profile of a service in a transaction is a
    vector with n elements, each of which represents
    a quantifiable aspect of the service, important
    for trust estimation.
  • Consider three aspects Accuracy, delay and
    throughput
  • Claimed QoS profile
  • Provided by service providers
  • Denoted by cProfile ltcQ1, cQ2, , cQngt
  • Feedback QoS profile
  • Provided by service users
  • Denoted by fProfile ltfQ1, fQ2, , fQngt

SERE 2012, S. S. Yau
32
33
Improving Trust Estimation in SBS
  • Initialization
  • Initialize the trust values of all service
    providers of the SBS based on historic
    transactions using QoS profiles, collaboration
    and competition.
  • Utilization
  • Update the trust values of the service providers
    in current transaction using QoS profile.
  • Update the trust values of all the other service
    providers using competition and collaboration.

SERE 2012, S. S. Yau
33
34
Improving Trust Estimation in SBS (cont.)
Trust Values (Initialization)
Existing Trust Estimation
3
Trust System Adaptor
Estimated Trust Values
Original Trust Values
Trust Dissemination
4
Estimated Trust Values
Estimated Trust Values
Trust refinement module calculates the trust
values of service providers based on QoS
profiles, competition and collaboration.
Trust Refinement Module
Profile evaluation module processes the
transactions to extract the QoS profiles.
Service-Based System
QoS Profiles
2
Transactions (Utilization)
1
Profile Evaluation Module
Log(s)
Log Transactions (Initialization)
1
SERE 2012, S. S. Yau
34
35
Improving Trust Estimation in SBS (cont.)
Trust Values (Initialization)
Existing Trust Estimation
3
Trust System Adaptor
5
6
Original Trust Values
Estimated Trust Values
7
Trust Dissemination
4
Estimated Trust Values
Estimated Trust Values
Trust Refinement Module
The estimated trust values are dis-seminated to
service providers in SBS
Service-Based System
QoS Profiles
2
Transactions (Utilization)
1
Profile Evaluation Module
Log(s)
Log Transactions (Initialization)
1
SERE 2012, S. S. Yau
35
36
Effect of QoS Profile on Trust Estimation
  • If the feedback QoS profiles of a selected
    service is better than its corresponding claimed
    QoS profiles, then the service user can decide
    the service provider is more trustworthy, and
    consequently increase the estimated trust value
    of the service provider.
  • Otherwise, decrease the estimated trust value of
    the service provider.

SERE 2012, S. S. Yau
36
37
Comparison of Claimed and Feedback QoS Profiles
  • For a given service, ith signed normalized aspect
    difference (snadi) is the signed normalized
    difference between the ith aspects of its
    feedback QoS profile and its claimed QoS profile.
  • Sign of snadi is decided by the system
    administrator, e.g.
  • cQi is better than fQi, positive
  • cQi is worse than fQi, negative
  • snadi is given by

where di_max and di_min are the maximal and
minimal differences of the ith aspect among all
transactions
SERE 2012, S. S. Yau
37
38
Comparison of Claimed and Feedback QoS Profiles
(cont.)
  • Compare cProfile and fProfile
  • M is the overall score of the comparison.
  • where w1, , wn are user-assigned weights for
    various aspects in QoS profile

SERE 2012, S. S. Yau
38
39
Improvement of Trust Estimation Using QoS Profiles
  • If M is positive, then the feedback QoS profile
    is better than the claimed QoS profile
    otherwise, the feedback QoS profile is worse than
    the claimed QoS profile.
  • Improvement of the trust estimation using QoS
    profiles.
  • T(u) is improved estimated trust value of
    service provider u
  • T(u) is original estimated trust value of service
    provider u
  • ? is the parameter for adjusting the effect of M
  • By default, ? 0.85.

SERE 2012, S. S. Yau
39
40
Improvement of Trust Estimation Using QoS
Profiles (cont.)
  • Rule 1. Competition relationship increases the
    trust values of the participants in the
    competition group.
  • Competition limits free-ride
  • The more time one spends, the more one is likely
    to trust the people in this group.
  • Rule 2. Collaboration relationship increases
    trust.
  • When two persons collaborate with each other,
    they tend to solve problems together and this
    process can help to build trust between them.
  • Rule 3. Transitive property of trust.
  • Whenever one service providers trust value
    changes, the trust values of his/her neighbors
    will also change accordingly.
  • The trust value of a service provider is
    uniformly propagated to all the other service
    providers he intends to compete or collaborate
    with.

SERE 2012, S. S. Yau
40
41
Improvement of Trust Estimation Using QoS
Profiles (cont.)
  • Rules 1 and 2 show the positive correlation
    between trust and competition or collaboration.
  • Rule 3 defines how the trust values should be
    propagated among the whole network of SBS.
  • The propagation of the trust values of service
    providers is similar to PageRank (a webpage
    reputation estimation approach).
  • The more people who intend to compete or
    collaborate with a service provider, the more
    trustful the service provider is.

SERE 2012, S. S. Yau
41
42
Expertise Needed to Incorporate Human Factors in
Developing TSBS
  • Services and cloud computing
  • Software and systems engineering
  • Networking, including mobile ad hoc networks,
    intelligent devices, and social networks
  • Information assurance and security
  • Cognitive science
  • Psychology
  • Business
  • Culture

43
Future Research to Incorporate Human Factors in
Developing TSBS
  • Develop meaningful metrics to quantify human
    factors and QoS aspects of SBS, including trust,
    security and others useful for developing TSBS
  • Develop a general framework with necessary
    techniques and tools to effectively incorporate a
    variety of relevant human factors in developing
    TSBS
  • Validation

44
  • Thank you
Write a Comment
User Comments (0)
About PowerShow.com