Upload
dale-ward
View
217
Download
1
Embed Size (px)
Citation preview
Human Factors in Developing Trustworthy Service-Based Systems
Stephen S. YauInformation Assurance Center, and
School of Computing, Informatics, and Decision Systems Eng. Arizona State University
Tempe, Arizona USA
Evolution of Computing Paradigms
Main Frame Computer
Personal Computer
Object Oriented
Computing
Grid Computing
Service Computing
Cloud Computing
1950s Early 1970s
Early 1980s
Mid 1990s
2001 2005
Internet and LAN(Distributed Computing)
Virtualization Technology
Wireless Technology
2SERE 2012, S. S. Yau
Outline
Trustworthy Service-Based Systems (SBS)
Challenges of Developing Trustworthy SBS
Human Factors in Developing Trustworthy SBS
Current State of Art An Example Future Research
3SERE 2012, S. S. Yau
Service-Based Systems (SBS) Based on service-oriented architecture (SOA) Adopted in various application domains
E-business Health care information systems Homeland security Various collaborations …
Services in SBS provide standard interfaces for accessing capabilities offered by various providers
Services in SBS compose to form workflows (business processes) to provide functionality not provided by any individual service
4SERE 2012, S. S. Yau
Service-Based Systems (SBS) (cont.)
Many advantages of SBS, among them Interoperation of heterogeneous
systems Rapid composition of applications
(workflows) from distributed services Adaptation to dynamic application
requirements of users or environments (functional and QoS)
5SERE 2012, S. S. Yau
Trustworthy SBS Trustworthy SBS are needed for various
critical applications due to Over public or private networks, as well as mobile
networks – more open to attacks Interactions involving unknown entities Dynamic and pervasive environments Large-scale and cross-domain service
collaborations Distributed control Dynamic QoS expectations for multiple workflows
6SERE 2012, S. S. Yau
Trustworthy SBS (cont.)
Major aspects Human
Users and collaborators Service and infrastructure providers Insiders and outsiders
Devices, software, and system architectures Dynamic security policies and enforcement Dynamic user requirements and environments Effective techniques Cost, usability and efficiency
7SERE 2012, S. S. Yau
Trustworthy SBS (cont.)
Various system technologies are needed for developing trustworthy SBS Security Trust management Situation awareness Runtime adaptation
QoS monitoring and analysis QoS requirement trade-off Resource allocation
SERceE 2012, S. S. Yau 8
Interactions among services may have unforeseen consequences in trust, security, QoS, and risk Possible problems:
Untrusted/malicious services Intermediate results generated during service
interactions may reveal sensitive information Trustworthiness of service providers,
infrastructure providers and users
9
Challenges of Developing Trustworthy SBS
SERE 2012, S. S. Yau
Challenges of Developing Trustworthy SBS (cont.)
SBS has multiple QoS requirements from multiple users for various applications
Runtime tradeoffs among expected QoS
requirements Example: Mechanisms providing security
protection are often computationally intensive and
require certain sacrifice in other QoS (e.g. service
delay and throughput) with available resources
Cost, usability and efficiency10SERE 2012, S. S. Yau
Challenges of Developing Trustworthy SBS (cont.)
Environments of SBS often dynamically change Make assessing trust and risk difficult Need situation awareness due to dynamic trust and risk Need adaptive enforcement of security policies
Information needed for making decisions regarding trustworthiness usually distributed on multiple services and organizations. Need cooperative decision making (e.g. delegation, policy
composition with multiple organizations, collaborative QoS management, risk assessment, trust evaluation)
Need efficient enforcement of distributed security policies Need protection against various entities
11SERE 2012, S. S. Yau
Challenges of Developing Trustworthy SBS (cont.)
Service selection and composition How to select most appropriate services and
compose them to satisfy both functional and QoS requirements of various users, while ensure overall system trustworthiness and security?
Need meaningful and quantitative metrics for trustworthiness, security and various attributes of overall SBS
How to rank service ranking to identify the “best” services satisfying their requirements
12SERE 2012, S. S. Yau
What are Human Factors? In general, a human factor is a physical,
psychological or cognitive property of an individual or an individual in a community, which is specific to humans and influences on technological systems as well as their applications.
Examples: Influences, interests, relationships (collaboration/competition), opinions (positive/negative/neutral, support/against), knowledge (expertise), reputation, wisdom, physical and psychological factors (stress, fatigue, fear, happy).
13SERE 2012, S. S. Yau
Why Should Human Factors Be Considered in Developing TSBS?
Cyber systems become more powerful, and their applications become more diverse and pervasive
Human factors are increasingly influential on the quality and efficiency of generating the results because SBS getting more embedded Applications increasingly involving multi-party
collaborations and often more pervasive Applications must address multiple quality aspects
expected by users, such as security, privacy, trustworthiness and performance
14y SERE 2012, S. S. Yau
Three Levels of Human Factors Level 1. Direct Human-and-Human Relations
Collaboration of among users of cyber systems Level 2. Indirect Human-and-Human Relations
Service-users choose the services from service providers through service directories
First-time collaborations among the users based on past data
Level 3. Human in Communities Influence among users of cyber systems Knowledge sharing among the users of cyber systems Matching service-users’ interest with services
15SERE 2012, S. S. Yau
Direct Human-and-Human Relations
Challenges: How to quantify human factors in terms of
the determinants, such as workload on the human, fatigue, learnability, attention, vigilance, human relations, human performance, human reliability, stress, individual differences, aging, safety, and results of decision making.
How human factors affect humans themselves?
16SERE 2012, S. S. Yau
Indirect Human and Human Relations
Example: In a SBS, the providers upload their
services/applications. The users search the service/application directory for the SBS and select the services/applications they need. Besides the quality of the services/applications, each user is concerned with the trustworthiness of the services.
Challenge: How can a user choose a trustworthy service?
Related human factors: human relationships, stress, feedback, etc
17SERE 2012, S. S. Yau
Human in Communities
Challenges: How do the human factors from one person affect
other persons in the community? How do the human factors from other persons in a
community affect one person in the community? How do the human factors from one person in a
community spread in the SBS used by the community?
…
18SERE 2012, S. S. Yau
Human in Communities (cont.)
Example: In a SBS, it is not easy for users to find their match
services/applications. It is also difficult for the service providers to introduce their services/applications to possible interested users using the SBS.
Challenge: How to incorporate human factors to match all service-users with all services/applications automatically and efficiently?
Related human factors: influence, interests, opinions, human relationships …
19SERE 2012, S. S. Yau
Current State of Art
Incorporating human factors in developing cyber systems and applications Research has been mainly conducted by
researchers in psychology and sociology, and few computer scientists and engineers.
Primarily focus on human-machine interactions, human-computer interactions, situation awareness, and human errors
20SERE 2012, S. S. Yau
Current State of Art (cont.)
Automated service composition based on various formal specifications
Process calculi; BPEL4WS QoS-aware service composition in SBS
Optimizing QoS attributes of services using the genetic algorithm during the service compositions (G. Canfora, et al., University of Sannio, Italy).
QoS provisioning for composed services, based on the Service Level Agreement (SLA) contracts of individual services (X. Gu, et al., University of Illinois, Urbana)
Developing QoS-aware middleware for web service composition to maximize users’ satisfaction expressed in utility functions over QoS attributes. (L. Zeng, et al., IBM)
Current State of Art (cont.)
Tradeoffs among security and multiple QoS in SBS Development of a framework for quantifying the strength of
system security (M. Satyanarayanan, et al., Carnegie Mellon University)
An adaptive model for tradeoff between service performance and security in service-based environments (S. Yau, et al., Arizona State University)
A comprehensive QoS model for service-based systems, (I. Jureta, et al., University of Namur, Belgium)
22SERE 2012, S. S. Yau
Current State of Art (cont.)
Adaptive resource allocation in SBS A multi-layered resource management framework for
dynamic resource management in enterprise systems. (P. Lardieri, et al., Lockheed Martin Corporation)
Decentralized online resource allocation for dynamic web service applications (J. Stoesser, et al., Universitat Karlsruhe, Germany).
A regression based analytical model for dynamic resource provisioning of multi-tier applications (Q. Zhang, et al, HP Labs)
Adaptive resource allocation for SBS (S. Yau, et al., Arizona State University)
23SERE 2012, S. S. Yau
Current State of Art (cont.)
Design of SBS for QoS Monitoring and adaptation A development methodology for adaptive service-based
software systems (S. Yau, et al, Arizona State University) Comprehensive QoS monitoring of Web services and event-
based SLA violation detection (Michlmayr, et al, Vienna University of Technology, Austria)
Testing of SBS Dynamic Reconfigurable Testing of Service-Oriented
Architecture (W. Tsai, et al, Arizona State University)
24SERE 2012, S. S. Yau
Current State of Art (cont.)
Trust estimation in SBS Flexible trust model for distributed service
infrastructure (Z. Liu, University of North Carolina at Charlotte, S. Yau, Arizona State University)
Trusted computing platforms in web services (Nagarajan, et al, Macquarie University, Australia)
Trust management for context-aware service platforms (Neisse, et al, University of Twente, the Netherlands)
Improving trust estimation in SBS (S. Yau and P. Sun, Arizona State University)
25SERE 2012, S. S. Yau
An Example: Improving Trust Estimation in SBS
Improving trust estimation in service-based systems by incorporating human factors as well as QoS profiles
26SERE 2012, S. S. Yau
Trust Estimation in SBS Trust management needs to be incorporated in
SBSs to estimate service providers’ trustworthiness so that users can decide whether to accept the services provided by the providers.
Limitations of existing trust estimation approaches: Only similarity of user profiles is considered Based on pairwise trust relationship, which normally
does not include the transitive property in the propagation of trust among service providers.
SERE 2012, S. S. Yau
An Example: Improving Trust Estimation in SBS (cont.)
Incorporating two common human factors: competition and collaboration in interpersonal relationships, as well as QoS profiles, which have significant effects on trust estimation in SBS.
SERE 2012, S. S. Yau
Network Model to be Used in Our Approach
V: a set of vertices (service providers)
E: two sets of directed edges (intention of one vertex to another) Competing edges (dashed lines) Collaborating edges (solid lines)
Wedge: the weighting factor of an edge, which indicates the weight of competition or collaboration. In the range of [0, 1]
29SERE 2012, S. S. Yau
Definition of a Transaction
A transaction in an SBS consists of three phases: Request phase: a user of a SBS requires services. Selection phase: the requester chooses services from
the service providers of the SBS with trust values exceeding an acceptable threshold specified by the user.
Feedback phase: the requester gives feedback to the SBS on the quality of the services used.
30SERE 2012, S. S. Yau
Definition of a Transaction (cont.)
Information recorded in a transaction: Which service providers selected by a service user QoS profiles of all the selected services.
Record all aspects of quality of each service required by user
Two types: Claimed QoS profiles: provided by the service providers
along with their services when publishing the services. Feedback QoS profiles: provided by the service user in the
feedback phase after using the services.
31SERE 2012, S. S. Yau
Definition of a QoS Profile A QoS profile of a service in a transaction is a vector
with n elements, each of which represents a quantifiable aspect of the service, important for trust estimation. Consider three aspects: Accuracy, delay and throughput
Claimed QoS profile: Provided by service providers Denoted by cProfile = <cQ1, cQ2, …, cQn>
Feedback QoS profile: Provided by service users Denoted by fProfile = <fQ1, fQ2, …, fQn>
32SERE 2012, S. S. Yau
Improving Trust Estimation in SBS
Initialization Initialize the trust values of all service providers of
the SBS based on historic transactions using QoS profiles, collaboration and competition.
Utilization Update the trust values of the service providers in
current transaction using QoS profile. Update the trust values of all the other service
providers using competition and collaboration.
33SERE 2012, S. S. Yau
Trust Values (Initialization
)
Estimated Trust Values
Log(s)
Transactions (Utilization)
Trust System Adaptor
Original Trust Values
Trust Refinement Module
Estimated Trust Values
Profile Evaluation
Module
QoS Profiles
Log Transactions (Initialization)
Existing Trust Estimation
Trust Dissemination
1
2
1
3
4
Service-Based System
Estimated Trust Values
Improving Trust Estimation in SBS (cont.)
Profile evaluation module processes the transactions to extract the QoS profiles.
Trust refinement module calculates the trust values of service providers based on QoS profiles, competition and collaboration.
34SERE 2012, S. S. Yau
Estimated Trust Values
Log(s)
Transactions (Utilization)
Trust System Adaptor
Original Trust Values
Trust Refinement Module
Estimated Trust Values
Profile Evaluation
Module
QoS Profiles
Log Transactions (Initialization)
Existing Trust Estimation
Trust Dissemination
1
2
1
3
4
Service-Based System
56
Trust Values (Initialization
)
7
Estimated Trust Values
Improving Trust Estimation in SBS (cont.)
The estimated trust values are dis-seminated to service providers in SBS
35SERE 2012, S. S. Yau
Effect of QoS Profile on Trust Estimation
If the feedback QoS profiles of a selected service is better than its corresponding claimed QoS profiles, then the service user can decide the service provider is more trustworthy, and consequently increase the estimated trust value of the service provider.
Otherwise, decrease the estimated trust value of the service provider.
36SERE 2012, S. S. Yau
For a given service, ith signed normalized aspect difference (snadi) is the signed normalized difference between the ith aspects of its feedback QoS profile and its claimed QoS profile. Sign of snadi is decided by the system administrator, e.g.
cQi is better than fQi, positive cQi is worse than fQi, negative
snadi is given by
Comparison of Claimed and Feedback QoS Profiles
37SERE 2012, S. S. Yau
where di_max and di_min are the maximal and minimal differences of the ith aspect among all transactions
Compare cProfile and fProfile M is the overall score of the comparison.
where w1, …, wn are user-assigned weights for various aspects in QoS profile
38
Comparison of Claimed and Feedback QoS Profiles (cont.)
SERE 2012, S. S. Yau
Improvement of Trust Estimation Using QoS Profiles
If M is positive, then the feedback QoS profile is better than the claimed QoS profile; otherwise, the feedback QoS profile is worse than the claimed QoS profile.
Improvement of the trust estimation using QoS profiles.
T’(u) is improved estimated trust value of service provider u T(u) is original estimated trust value of service provider u γ is the parameter for adjusting the effect of M
By default, γ = 0.85.
39SERE 2012, S. S. Yau
Rule 1. Competition relationship increases the trust values of the participants in the competition group.
Competition limits free-ride The more time one spends, the more one is likely to trust the
people in this group. Rule 2. Collaboration relationship increases trust.
When two persons collaborate with each other, they tend to solve problems together and this process can help to build trust between them.
Rule 3. Transitive property of trust. Whenever one service provider’s trust value changes, the trust
values of his/her neighbors will also change accordingly. The trust value of a service provider is uniformly propagated to all
the other service providers he intends to compete or collaborate with.
40
Improvement of Trust Estimation Using QoS Profiles (cont.)
SERE 2012, S. S. Yau
Improvement of Trust Estimation Using QoS Profiles (cont.)
Rules 1 and 2 show the positive correlation between trust and competition or collaboration.
Rule 3 defines how the trust values should be propagated among the whole network of SBS. The propagation of the trust values of service
providers is similar to PageRank (a webpage reputation estimation approach).
The more people who intend to compete or collaborate with a service provider, the more trustful the service provider is.
41SERE 2012, S. S. Yau
Expertise Needed to Incorporate Human Factors in Developing TSBS
Services and cloud computing Software and systems engineering Networking, including mobile ad hoc networks,
intelligent devices, and social networks Information assurance and security Cognitive science Psychology Business Culture …
SERE 2012, S. S. Yau 42
Future Research to Incorporate Human Factors in Developing TSBS
Develop meaningful metrics to quantify human factors and QoS aspects of SBS, including trust, security and others useful for developing TSBS
Develop a general framework with necessary techniques and tools to effectively incorporate a variety of relevant human factors in developing TSBS
Validation
43SERE 2012, S. S. Yau
Thank you
44SERE 2012, S. S. Yau