Human Factors in Developing
Trustworthy Service-Based Systems
Stephen S. Yau
Information Assurance Center, and
School of Computing, Informatics, and Decision Systems Eng.
Arizona State University
Tempe, Arizona USA
yau@asu.edu
Evolution of Computing Paradigms
Main Frame
Computer
1950s
Personal
Computer
Early
1970s
Object
Oriented
Computing
Grid
Computing
Service
Computing
Cloud
Computing
Early
1980s
Mid
1990s
2001
2005
Wireless Technology
Virtualization Technology
Internet and LAN
(Distributed Computing)
SERE 2012, S. S. Yau
2
Outline






Trustworthy Service-Based Systems
(SBS)
Challenges of Developing Trustworthy
SBS
Human Factors in Developing
Trustworthy SBS
Current State of Art
An Example
Future Research
SERE 2012, S. S. Yau
3
Service-Based Systems (SBS)


Based on service-oriented architecture (SOA)
Adopted in various application domains







E-business
Health care information systems
Homeland security
Various collaborations
…
Services in SBS provide standard interfaces for
accessing capabilities offered by various providers
Services in SBS compose to form workflows
(business processes) to provide functionality not
provided by any individual service
SERE 2012, S. S. Yau
4
Service-Based Systems (SBS) (cont.)

Many advantages of SBS, among them
Interoperation of heterogeneous
systems
 Rapid composition of applications
(workflows) from distributed services
 Adaptation to dynamic application
requirements of users or environments
(functional and QoS)

SERE 2012, S. S. Yau
5
Trustworthy SBS

Trustworthy SBS are needed for various
critical applications due to






Over public or private networks, as well as mobile
networks – more open to attacks
Interactions involving unknown entities
Dynamic and pervasive environments
Large-scale and cross-domain service
collaborations
Distributed control
Dynamic QoS expectations for multiple workflows
SERE 2012, S. S. Yau
6
Trustworthy SBS (cont.)

Major aspects

Human








Users and collaborators
Service and infrastructure providers
Insiders and outsiders
Devices, software, and system architectures
Dynamic security policies and enforcement
Dynamic user requirements and environments
Effective techniques
Cost, usability and efficiency
SERE 2012, S. S. Yau
7
Trustworthy SBS (cont.)

Various system technologies are needed for
developing trustworthy SBS




Security
Trust management
Situation awareness
Runtime adaptation
QoS monitoring and analysis
 QoS requirement trade-off
 Resource allocation

SERceE 2012, S. S. Yau
8
Challenges of
Developing Trustworthy SBS

Interactions among services may have
unforeseen consequences in trust,
security, QoS, and risk

Possible problems:
Untrusted/malicious services
 Intermediate results generated during service
interactions may reveal sensitive information
 Trustworthiness of service providers,
infrastructure providers and users

SERE 2012, S. S. Yau
9
Challenges of
Developing Trustworthy SBS (cont.)

SBS has multiple QoS requirements from
multiple users for various applications

Runtime tradeoffs among expected QoS
requirements


Example: Mechanisms providing security
protection are often computationally intensive and
require certain sacrifice in other QoS (e.g. service
delay and throughput) with available resources
Cost, usability and efficiency
SERE 2012, S. S. Yau
10
Challenges of
Developing Trustworthy SBS (cont.)

Environments of SBS often dynamically change




Make assessing trust and risk difficult
Need situation awareness due to dynamic trust and risk
Need adaptive enforcement of security policies
Information needed for making decisions regarding
trustworthiness usually distributed on multiple services and
organizations.



Need cooperative decision making (e.g. delegation, policy
composition with multiple organizations, collaborative QoS
management, risk assessment, trust evaluation)
Need efficient enforcement of distributed security policies
Need protection against various entities
SERE 2012, S. S. Yau
11
Challenges of
Developing Trustworthy SBS (cont.)

Service selection and composition



How to select most appropriate services and
compose them to satisfy both functional and QoS
requirements of various users, while ensure overall
system trustworthiness and security?
Need meaningful and quantitative metrics for
trustworthiness, security and various attributes of
overall SBS
How to rank service ranking to identify the “best”
services satisfying their requirements
SERE 2012, S. S. Yau
12
What are Human Factors?


In general, a human factor is a physical,
psychological or cognitive property of an individual
or an individual in a community, which is specific
to humans and influences on technological systems
as well as their applications.
Examples: Influences, interests, relationships
(collaboration/competition), opinions
(positive/negative/neutral, support/against), knowledge
(expertise), reputation, wisdom, physical and
psychological factors (stress, fatigue, fear, happy).
SERE 2012, S. S. Yau
13
Why Should Human Factors Be
Considered in Developing TSBS?


Cyber systems become more powerful, and their
applications become more diverse and
pervasive
Human factors are increasingly influential on
the quality and efficiency of generating the
results because



SBS getting more embedded
Applications increasingly involving multi-party
collaborations and often more pervasive
Applications must address multiple quality aspects
expected by users, such as security, privacy,
trustworthiness and performance
SERE 2012, S. S. Yau
14y
Three Levels of Human Factors

Level 1. Direct Human-and-Human Relations


Level 2. Indirect Human-and-Human Relations



Collaboration of among users of cyber systems
Service-users choose the services from service providers
through service directories
First-time collaborations among the users based on past
data
Level 3. Human in Communities



Influence among users of cyber systems
Knowledge sharing among the users of cyber systems
Matching service-users’ interest with services
SERE 2012, S. S. Yau
15
Direct Human-and-Human
Relations

Challenges:
How to quantify human factors in terms of
the determinants, such as workload on the
human, fatigue, learnability, attention,
vigilance, human relations, human
performance, human reliability, stress,
individual differences, aging, safety, and
results of decision making.
 How human factors affect humans
themselves?

SERE 2012, S. S. Yau
16
Indirect Human and Human
Relations

Example:



In a SBS, the providers upload their
services/applications. The users search the
service/application directory for the SBS and select
the services/applications they need. Besides the
quality of the services/applications, each user is
concerned with the trustworthiness of the services.
Challenge: How can a user choose a trustworthy
service?
Related human factors: human relationships,
stress, feedback, etc
SERE 2012, S. S. Yau
17
Human in Communities

Challenges:




How do the human factors from one person affect
other persons in the community?
How do the human factors from other persons in a
community affect one person in the community?
How do the human factors from one person in a
community spread in the SBS used by the
community?
…
SERE 2012, S. S. Yau
18
Human in Communities (cont.)

Example:



In a SBS, it is not easy for users to find their match
services/applications. It is also difficult for the service
providers to introduce their services/applications to
possible interested users using the SBS.
Challenge: How to incorporate human factors to match
all service-users with all services/applications
automatically and efficiently?
Related human factors: influence, interests, opinions,
human relationships …
SERE 2012, S. S. Yau
19
Current State of Art

Incorporating human factors in
developing cyber systems and
applications
Research has been mainly conducted by
researchers in psychology and sociology,
and few computer scientists and engineers.
 Primarily focus on human-machine
interactions, human-computer interactions,
situation awareness, and human errors

SERE 2012, S. S. Yau
20
Current State of Art (cont.)

Automated service composition based on various formal
specifications


Process calculi; BPEL4WS
QoS-aware service composition in SBS



Optimizing QoS attributes of services using the genetic algorithm
during the service compositions (G. Canfora, et al., University of
Sannio, Italy).
QoS provisioning for composed services, based on the Service
Level Agreement (SLA) contracts of individual services (X. Gu, et
al., University of Illinois, Urbana)
Developing QoS-aware middleware for web service composition to
maximize users’ satisfaction expressed in utility functions over QoS
attributes. (L. Zeng, et al., IBM)
Current State of Art (cont.)

Tradeoffs among security and multiple QoS in
SBS



Development of a framework for quantifying the strength of
system security (M. Satyanarayanan, et al., Carnegie Mellon
University)
An adaptive model for tradeoff between service
performance and security in service-based environments (S.
Yau, et al., Arizona State University)
A comprehensive QoS model for service-based systems, (I.
Jureta, et al., University of Namur, Belgium)
SERE 2012, S. S. Yau
22
Current State of Art (cont.)

Adaptive resource allocation in SBS




A multi-layered resource management framework for
dynamic resource management in enterprise systems. (P.
Lardieri, et al., Lockheed Martin Corporation)
Decentralized online resource allocation for dynamic web
service applications (J. Stoesser, et al., Universitat
Karlsruhe, Germany).
A regression based analytical model for dynamic resource
provisioning of multi-tier applications (Q. Zhang, et al, HP
Labs)
Adaptive resource allocation for SBS (S. Yau, et al.,
Arizona State University)
SERE 2012, S. S. Yau
23
Current State of Art (cont.)

Design of SBS for QoS Monitoring and adaptation
A development methodology for adaptive service-based
software systems (S. Yau, et al, Arizona State University)
 Comprehensive QoS monitoring of Web services and eventbased SLA violation detection (Michlmayr, et al, Vienna
University of Technology, Austria)
Testing of SBS
 Dynamic Reconfigurable Testing of Service-Oriented
Architecture (W. Tsai, et al, Arizona State University)


SERE 2012, S. S. Yau
24
Current State of Art (cont.)

Trust estimation in SBS




Flexible trust model for distributed service
infrastructure (Z. Liu, University of North Carolina
at Charlotte, S. Yau, Arizona State University)
Trusted computing platforms in web services
(Nagarajan, et al, Macquarie University, Australia)
Trust management for context-aware service
platforms (Neisse, et al, University of Twente, the
Netherlands)
Improving trust estimation in SBS (S. Yau and P.
Sun, Arizona State University)
SERE 2012, S. S. Yau
25
An Example: Improving
Trust Estimation in SBS

Improving trust estimation in servicebased systems by incorporating human
factors as well as QoS profiles
SERE 2012, S. S. Yau
26
Trust Estimation in SBS


Trust management needs to be incorporated in
SBSs to estimate service providers’
trustworthiness so that users can decide whether
to accept the services provided by the providers.
Limitations of existing trust estimation
approaches:


Only similarity of user profiles is considered
Based on pairwise trust relationship, which normally
does not include the transitive property in the
propagation of trust among service providers.
SERE 2012, S. S. Yau
An Example: Improving
Trust Estimation in SBS (cont.)

Incorporating two common human factors:
competition and collaboration in
interpersonal relationships, as well as QoS
profiles, which have significant effects on
trust estimation in SBS.
SERE 2012, S. S. Yau
Network Model to be Used in Our
Approach


V: a set of vertices (service
providers)
E: two sets of directed edges
(intention of one vertex to
another)



Competing edges (dashed lines)
Collaborating edges (solid lines)
Wedge: the weighting factor of
an edge, which indicates the
weight of competition or
collaboration.

In the range of [0, 1]
SERE 2012, S. S. Yau
29
Definition of a Transaction

A transaction in an SBS consists of three
phases:



Request phase: a user of a SBS requires services.
Selection phase: the requester chooses services from
the service providers of the SBS with trust values
exceeding an acceptable threshold specified by the
user.
Feedback phase: the requester gives feedback to the
SBS on the quality of the services used.
SERE 2012, S. S. Yau
30
Definition of a Transaction (cont.)

Information recorded in a transaction:


Which service providers selected by a service user
QoS profiles of all the selected services.


Record all aspects of quality of each service required by
user
Two types:


Claimed QoS profiles: provided by the service providers
along with their services when publishing the services.
Feedback QoS profiles: provided by the service user in the
feedback phase after using the services.
SERE 2012, S. S. Yau
31
Definition of a QoS Profile

A QoS profile of a service in a transaction is a vector
with n elements, each of which represents a
quantifiable aspect of the service, important for trust
estimation.


Claimed QoS profile:



Consider three aspects: Accuracy, delay and throughput
Provided by service providers
Denoted by cProfile = <cQ1, cQ2, …, cQn>
Feedback QoS profile:


Provided by service users
Denoted by fProfile = <fQ1, fQ2, …, fQn>
SERE 2012, S. S. Yau
32
Improving Trust Estimation in SBS

Initialization


Initialize the trust values of all service providers of
the SBS based on historic transactions using QoS
profiles, collaboration and competition.
Utilization


Update the trust values of the service providers in
current transaction using QoS profile.
Update the trust values of all the other service
providers using competition and collaboration.
SERE 2012, S. S. Yau
33
Improving
Trust Estimation in SBS (cont.)
Trust Values
Existing Trust (Initialization)
3
Trust System
Adaptor
Estimation
Estimated
Trust Values
Trust
Dissemination
Service-Based
System
Original Trust
Values
4
Estimated
Trust Values
Estimated
Trust Values
Trust refinement module
Profile evaluation
calculates
the trust
moduleofprocesses
values
service the
transactions
to extract
providers
based
on QoS
the QoS competition
profiles.
profiles,
and
collaboration.
Transactions
(Utilization)
1
Log(s)
Log Transactions
(Initialization)
SERE 2012, S. S. Yau
1
Trust Refinement
Module
QoS
Profiles
2
Profile
Evaluation
Module
34
Improving
Trust Estimation in SBS (cont.)
Trust Values
Existing Trust (Initialization)
3
Trust System
Adaptor
Estimation
5
6
7
Estimated
Trust Values
Trust
Dissemination
Original Trust
Values
Estimated
Trust Values
Estimated
Trust Values
The estimated trust
values are disseminated to service
providers in SBS
Service-Based
System
4
Trust Refinement
Module
QoS
Profiles
Transactions
(Utilization)
1
Log(s)
Log Transactions
(Initialization)
SERE 2012, S. S. Yau
1
2
Profile
Evaluation
Module
35
Effect of QoS Profile on Trust
Estimation


If the feedback QoS profiles of a selected service
is better than its corresponding claimed QoS
profiles, then the service user can decide the
service provider is more trustworthy, and
consequently increase the estimated trust value
of the service provider.
Otherwise, decrease the estimated trust value of
the service provider.
SERE 2012, S. S. Yau
36
Comparison of Claimed and
Feedback QoS Profiles

For a given service, ith signed normalized aspect
difference (snadi) is the signed normalized
difference between the ith aspects of its feedback
QoS profile and its claimed QoS profile.

Sign of snadi is decided by the system administrator, e.g.



cQi is better than fQi, positive
cQi is worse than fQi, negative
snadi is given by
where di_max and di_min are the maximal and minimal differences
of the ith aspect among all transactions
SERE 2012, S. S. Yau
37
Comparison of Claimed and
Feedback QoS Profiles (cont.)

Compare cProfile and fProfile

M is the overall score of the comparison.
where w1, …, wn are user-assigned weights for various
aspects in QoS profile
SERE 2012, S. S. Yau
38
Improvement of Trust Estimation
Using QoS Profiles


If M is positive, then the feedback QoS profile is better
than the claimed QoS profile; otherwise, the feedback
QoS profile is worse than the claimed QoS profile.
Improvement of the trust estimation using QoS
profiles.



T’(u) is improved estimated trust value of service provider u
T(u) is original estimated trust value of service provider u
γ is the parameter for adjusting the effect of M

By default, γ = 0.85.
SERE 2012, S. S. Yau
39
Improvement of Trust Estimation
Using QoS Profiles (cont.)

Rule 1. Competition relationship increases the trust values
of the participants in the competition group.



Rule 2. Collaboration relationship increases trust.


Competition limits free-ride
The more time one spends, the more one is likely to trust the
people in this group.
When two persons collaborate with each other, they tend to solve
problems together and this process can help to build trust between
them.
Rule 3. Transitive property of trust.


Whenever one service provider’s trust value changes, the trust
values of his/her neighbors will also change accordingly.
The trust value of a service provider is uniformly propagated to all
the other service providers he intends to compete or collaborate
with.
SERE 2012, S. S. Yau
40
Improvement of Trust Estimation
Using QoS Profiles (cont.)


Rules 1 and 2 show the positive correlation
between trust and competition or
collaboration.
Rule 3 defines how the trust values should be
propagated among the whole network of SBS.


The propagation of the trust values of service
providers is similar to PageRank (a webpage
reputation estimation approach).
The more people who intend to compete or
collaborate with a service provider, the more
trustful the service provider is.
SERE 2012, S. S. Yau
41
Expertise Needed to Incorporate
Human Factors in Developing TSBS









Services and cloud computing
Software and systems engineering
Networking, including mobile ad hoc networks,
intelligent devices, and social networks
Information assurance and security
Cognitive science
Psychology
Business
Culture
…
SERE 2012, S. S. Yau
42
Future Research to Incorporate
Human Factors in Developing TSBS



Develop meaningful metrics to quantify human
factors and QoS aspects of SBS, including trust,
security and others useful for developing TSBS
Develop a general framework with necessary
techniques and tools to effectively incorporate
a variety of relevant human factors in
developing TSBS
Validation
SERE 2012, S. S. Yau
43
Thank you
SERE 2012, S. S. Yau
44