Combining risk-management and computational approaches for trustworthiness evaluation of socio-technical systems

Abstract

The analysis of existing software evaluation techniques reveals the need for evidence-based evaluation of systems' trustworthiness. This paper aims at evaluating trustworthiness of socio-technical systems during design-time. Our approach combines two existing evaluation techniques: A computa-tional approach and a risk management approach. The risk-based approach identifies threats to trustworthiness on an abstract level. Computational ap-proaches are applied to evaluate the expected end-to-end system trustworthiness in terms of different trustworthiness metrics on a concrete asset instance level. Our hybrid approach, along with a complementary tool prototype, support the assessment of risks related to trustworthiness as well as the evaluation of a sys-tem with regard to trustworthiness requirements. The result of the evaluation can be used as evidence when comparing different system configurations.