Trustworthiness Assessment and Monitoring Framework

Description

TMA is the trustworthiness monitoring and assessment solution for the ATMOSPHERE ecosystem. It includes an overall trustworthiness framework, with the relevant trustworthiness properties and metrics, the specification of the trustworthiness assessment lifecycle, and the requirements for the monitoring platform. It also includes the measurement and analysis services for the continuous assessment of the trustworthiness metrics based on the monitored data.

Contact persons

• Nuno Antunes, Assistant Professor at the University of Coimbra - nmsa@dei.uc.pt
• José D'Abruzzo Pereira - PhD Student at the University of Coimbra - josep@dei.uc.pt
• Regina Moraes, Associate Professor at the State University of Campinas, Brazil - regina@ft.unicamp.br

Who shall use it?

IT users in critical infrastructures (assets that are essential for the functioning of a society and economy), such as the healthcare sectors and public administrators. Researchers and practitioners working on the design/development of trustworthy cloud‐based systems.

What’s its value add?

It allows handle heterogeneous data while providing high portability & interoperability. It can be used to deploy a federation wide server to be used by developers to assess the trustworthiness of their applications, or used by applications themselves.

What are the unique selling points?

An holistic approach to cloud trustworthiness. TMA provides users with an infrastructure, data management and services that are more user-centric, protecting legal rights, including the aims of the GDPR in terms of increasing trust, fairness and transparency.

License

• Webpage: http://tma.dei.uc.pt
• Code available at https://github.com/eubr-atmosphere/tma-framework and https://github.com/eubr-atmosphere/tma-framework/releases/tag/v1.0.0

Exploitation Paths

• Talkdesk (a global company that allows ompanies to deploy their own client contact centers in few minutes, at low cost, with international clients such as Chevrolet, Sidecar, Dropbox, Shopify) and Vodafone (well-known mobile telecom company), along with University of Coimbra, joined forces through the TalkConnect (a P2020 project). The solution to be developed includes, among several other aspects, mechanism to monitor and evaluate the quality of the final solution, considering both design-time and run-time perspectives. Design-time metrics will be devised to assess the quality of the solution and drive development. Run-time metrics will be computed to support continuous adaptation. The quality of the solution is closely related with the satisfaction (trust) of its users. Classical quality attributes such as scalability, QoS, and security, are also of utmost importance. In this context, ATMOSPHERE TMA will be used for supporting quality monitoring, assessment, scalability, QoS, security and privacy assessment and adaptation.

• CloudEA is a security monitoring solution developed by Dell. The goal is to integrate ATMOSPHERE TMA with CloudEA in order to support security risk monitoring and mitigation (via adaptation). In practice, risk computation and the identification of potential adaptations will be delegated to TMA. CloudEA will be in charge of collecting the base information (at this moment, focusing on the McAfee ePO suite), thus acting like a probe (or set of probes), and also of implementing the adaptations (actuating) commanded by the TMA. 

• Portuguese Science Foundation (FCT) will develop further the TMA trustworthiness assessment concepts in the context of the project METRICS.

• The National Institute of Space Research (INPE) is an institution responsible for space research in Brazil. Currently, INPE is improving its Brazilian Environmental Data Collection System (BEDCS) to replace the system's satellites by nanosatellites (a new technology called CubeSat). For this end, INPE is envisaging to distribute the Database (called SINDA) all around the world. For this new model, it is important to use federated cloud computing technologies, improving the security. The TMA will be used to monitor different trustworthiness properties, with special focus on QoS and security aspects.

• TMA is being proposed to be integrated into RESECA-CPS project (REliability and SECurity Assessment solutions for Cyber-Physical Systems), which is being submitted to CAPES-FCT Call n. 22/2019. RESECA-CPS aims to explore Cyber-Physical Systems verification and validation (V&V) techniques by combining techniques, methods and tools that will be applied to different phases of the system life cycle.

Literature

• Trustworthiness Framework and Metrics Design. ATMOSPHERE Public Deliverable D3.1, April 2018

• Monitoring Instruments and Platform Design. ATMOSPHERE Public Deliverable D3.2, October 2018

• Trustworthiness Measurement and Analysis Services Design. ATMOSPHERE Public Deliverable D3.3, October 2018

• Monitoring Instruments and Platform Implementation D3.5, April 2019

• Special Issue on Security and Trust in Cloud Application Life-Cycle Management. Paper https://www.journals.elsevier.com/future-generation-computer-systems/call-for-papers/security-and-trust-in-cloud-application-life-cycle-managemen (April 2019)