Problem-based Derivation of Trustworthiness Requirements from Users’ Trust Concerns

Abstract

The trustworthiness of cyber-physical systems (CPS) that support complex collaborative business processes is an emergent property. New technologies like cloud computing bring new capabilities for hosting and offering complex collaborative business operations. However, these advances might introduce new vulnerabilities and threats caused by collaboration and data exchange over the Internet. Hence, users become more concerned about trust. In order to address users’ trust concerns, trustworthiness requirements for the CPS must be elicited and satisfied. They describe the properties (qualities) the CPS must possess in order to be trustworthy. In this paper, we suggest a problem-based requirements engineering method that supports specifically the derivation of trustworthiness requirements. Based on identified trust concerns of users, trust assumptions are made explicit in problem diagrams. They express the conditions under which users are willing to trust. The problem diagrams and trust assumptions are then refined until they are concrete enough to derive trustworthiness requirements from them. During the refinement process, trust assumptions may influence and modify the system design (and vice versa, i.e., due to a certain system design, new trust concerns may arise that need to be addressed). In this way, users’ trust concerns are considered right from the beginning and trustworthiness is designed into the CPS. An application example from the healthcare domain is used to demonstrate our approach.