Understanding the trust of software-intensive distributed systems

An early understanding of the trust concerns while composing a distributed system from independently developed software services saves time and effort. It also allows the developer of such distributed systems to reason about the trust-related properties of these systems. Although there are prevalent approaches for evaluating the trust of such systems, it is not clear which approach, if any, is the most comprehensive and best suited for a given situation. Moreover, there is no agreement about a unified approach, for quantifying trust, which can be applied to the entire software life-cycle of distributed systems. This article, first, motivates the need for such a quantification of trust via a case study from the domain of indoor tracking. It then provides a comprehensive survey of current approaches that define trust, in general domains, and then focuses on the relevant approaches from the domain of software-oriented distributed systems. These prevalent efforts are categorized into groups using existing clustering tools and then are further analyzed for their comprehensiveness. The analysis depicts: (1) many trust-related efforts and associated models have their own constrained views of trust; (2) different trust models focus on different aspects of trust and life-cycle details; and (3) it is difficult to interoperate across different trust models. Hence, the paper identifies a set of principles that can assist in quantifying and evaluating the trust throughout the software life-cycle of distributed systems. These principles, then, are applied to the aforementioned case study to provide an outline of how trustworthy distributed systems can be composed from independent software services. Copyright (c) 2015 John Wiley & Sons, Ltd.