Dealing with trust and control: A meta-model for trustworthy information systems development

Information systems exist in every aspect of our life and our society depends on them enormously. Despite this reliance, these systems are often unreliable, prone to errors, and pose vulnerabilities for potential security attacks. We are often faced with a choice between using a valuable (or even an essential) system, which is not fully trustworthy, or else forgoing the services it provides. Developing a trustworthy software system is a challenging task. The system´s overall trustworthiness depends on trust relationships that are usually assumed and not properly analysed during the analysis and design of the system. The lack of appropriate analysis of such trust relationships, or the lack of appropriate justification of relevant trust assumptions, usually results in systems that can potentially fail to fully achieve those functionalities that depend on such trust relationships. In this paper, we present a meta-model for a modelling language that allows developers to capture possible trust relationships and to reason about them. The meta-model includes a set of trust based concepts, which support the development of trustworthy systems. A case study from the UK health care sector is used to illustrate the usefulness of the meta-model.