The trust engineering framework: Architecting native security to defend against the next generation threats

This study examines trust in the framework of service-based systems and discusses why it is difficult to achieve. We propose a discipline we term trust engineering, which considers the interactions of trust-enhancing technology, system architecture, and the development life cycle. The traditional view of security solutions have focused on preventing external threats such as malware in the forms of viruses, hackers and worms through perimeter from penetrating the organizations system where solutions that include firewalls and antivirus software were the leading mitigating techniques. While still aware of outside threats, companies are now coming to understand they can no longer ignore inside violations concerning data at rest or data on the move in order to protect the organization´s private and confidential information. So information security and privacy is quickly becoming critical whether it is internal or external. This paper investigates trust-enhancing approaches, articulating a strategy based on three main thrusts: developing secure software systems (confidence), executing software in a protected, controlled environment (control), and monitoring software for cyber threats (discovery). Applying these three thrusts in combination with the proper architectural and life cycle perspective provides the best strategy for increasing our trust in software-based and service-based systems.