Sachar Paulus

Trustworthiness Attributes and Metrics for Engineering Trusted Internet-Based Software Systems

Trustworthiness of Internet-based software systems, apps, services and platform is a key success factor for their use and acceptance by organizations and end-users. The notion of trustworthiness, though, is subject to individual interpretation and preference, e.g., organizations require confidence about how their business critical data is handled whereas end-users may be more concerned about usability. As one main contribution, we present an extensive list of software quality attributes that contribute to trustworthiness. Those software quality attributes have been identified by a systematic review of the research literature and by analyzing two real-world use cases. As a second contribution, we sketch an approach for systematically deriving metrics to measure the trustworthiness of software system. Our work thereby contributes to better understanding which software quality attributes should be considered and assured when engineering trustworthy Internet-based software systems.

Trustworthy Software Development

This paper presents an overview on how existing development methodologies and practices support the creation of trustworthy software. Trustworthy software is key for a successful and trusted usage of software, specifically in the Cloud. To better understand what trustworthy software applications actually mean, the concepts of trustworthiness and trust are defined and put in contrast to each other. Furthermore, we identify attributes of software applications that support trustworthiness. Based on this groundwork, some well-known software development methodologies and best practices are analyzed with respect on how they support the systematic engineering of trustworthy software. Finally, the state of the art is discussed in a qualitative way, and an outlook on necessary research efforts and technological innovations is given.

Towards Trustworthiness Assurance in the Cloud

Cloud- and service-oriented computing paradigms are intrinopaque to their users, as they cannot inspect providers’ implementations, and important concerns about aspects like security, compliance, dependability can arise. Therefore, users have to make trust decisions with respect to software providers, with the hope that there will not be any detrimental consequences. To contrast this situation, the paper proposes a framework to define, assess, monitor and make explicit the elements of a service that render it trustworthy. This paper relies on a number of recent scientific contributions, and aims at supporting informed decisions on obscure service implementations by machine-understandable statements about their objective (trustworthiness) characteristics. Such statements would innovate upon many aspects of service operations, from discovery to composition, deployment and monitoring. To demonstrate this, the paper presents a concept for a Trustworthy Service Marketplace.

Evidence-Based Trustworthiness of Internet-Based Services Through Controlled Software Development

Users of Internet-based services are increasingly concerned about the trustworthiness of these services (i.e., apps, software, platforms) thus slowing down their adoption. Therefore, successful software development processes have to address trust concerns from the very early stages of development using constructive and practical methods to enable the trustworthiness of software and services. Unfortunately, even well-established development methodologies do not specifically support the realization of trustworthy Internet-based services today, and trustworthiness-oriented practices do not take objective evidences into account. We propose to use controlled software life-cycle processes for trustworthy Internet-based services. Development, deployment and operations processes, can be controlled by the collection of trustworthiness evidences at different stages. This can be achieved by e.g., measuring the degree of trustworthiness-related properties of the software, and documenting these evidences using digital trustworthiness certificates. This way, other stakeholders are able to verify the trustworthiness properties in a later stages, e.g., in the deployment of software on a marketplace, or the operation of the service at run-time.

Extending Development Methodologies with Trustworthiness-By-Design for Socio-Technical Systems

Socio-Technical Systems STS include humans, organizations, and the information systems that they use to achieve certain goals [1]. They are increasingly relevant for society, since advances in ICT technologies, such as cloud computing, facilitate their integration in our daily life. Due to the difficulty in preventing malicious attacks, vulnerabilities, or the misuse of sensitive information, users might not trust these systems. Trustworthiness in general can be defined as the assurance that the system will per-form as expected, or meets certain requirements cf., e.g. [2]. We consider trustworthiness as a multitude of quality attributes. As a means of constructive quality assurance, development methodologies should explicitly address the different challenges of building trustworthy software as well as evaluating trustworthiness, which is not supported by development methodologies, such as User-Centered Design UCD [3].

Ubiquitous Learning Applied to Coding: A set of tools and services to deliver code-intensive learning contexts to student devices

Today programming is a crucial skill in many disciplines, demanding for an adequate education. Unfortunately, programming education requires a dedicated set of tools (editor, compiler, ...), often forcing the students to use the pre-configured machines at their universities. In an ideal setup, students were able to work on their programming assignments anywhere and on any device. This paper presents an infrastructure and tool set for a bring your own device concept in programming education: lecturers are able to provide applications, data and configurations easily and students can install individualized setups for different lectures and programming languages on their clients with one click. Neither student nor lecturer needs detailed knowledge of the installation or configuration process.

Sichere Software im Umfeld von Industrie 4.0

Industrie 4.0 und Digitalisierung bedeuten insbesondere, dass Maschinen, Gerate und produzierte Guter mit „Intelligenz“ versehen und miteinander vernetzt werden. Die „Intelligenz“ wird durch ein Einsatz von Software realisiert; Software ist jedoch prinzipbedingt sehr leicht angreifbar – und die Vernetzung eroffnet viele neue Angriffswege. Die IT-Branche hat den Prozess der Vernetzung vor ca. 20 Jahren begonnen – und hat es bis heute trotz viel Forschung und grosen Investitionen nicht vollstandig geschafft, sichere Software herstellen zu konnen. Sichere Software zu entwickeln scheint daher nicht so einfach zu sein. Wie konnen Maschinen-Software-Hersteller das Wissensdefizit moglichst schnell aufholen?