Trust Domains - A framework for modelling and designing e-service infrastructures for controlled sharing of information

Lead Research Organisation: University College London
Department Name: Computer Science


Ensuring flows of information to the right people over multiple collaborating organisations is becoming increasingly important for both business and government. There are, however, trade-offs between the productivity and functional gains from sharing information, on the one hand, and the risks of leakage and opening up IT systems, on the other. Recent developments in trusted computing and virtualization can address these trade offs in a flexible manner, as they allow for the creation of policy controlled IT systems with configurable security properties. Collaborative, secure sharing solutions can be realized through the creation of dynamic 'Trust Domains' --- a notion that we propose to explore at and between all levels of the policy-service-infrastructure stack --- that enforce information flow and configuration policies. We propose a customer-driven project that starts out from examples of information sharing within police forces and agencies they work with. Based on a practical understanding of the required flows and policies, we will develop an abstract framework for qualifying types of and flows of information and a corresponding model of the associated risks. This allows process owners to describe their requirements and concerns. We will research how to qualify and map information flows to Trust Domain configurations, derive guidelines and templates for supporting solution architects in building IT services, and extend our set of analytics and modelling tools to help stakeholders gain an understanding of the risks associated with information flows and enforcement mechanisms.There are business opportunities for creating and operating new e-services with enhanced trust and security properties based on new methodologies and toolsets. The framework we suggest takes a business driven approach to risk, trust and security and covers aspects of process and system analysis, design, configuration, security policy, human roles, and operational management. We create a value proposition by having the models, tools and methodologies that allows us to bridge the current gap between business level risk and system configuration and policy design. Hence mapping service needs onto trusted platforms, domains, and infrastructureThe project complements and expands ongoing, TSB-funded work on trust economics as well as on complexity, risk, and resilience management pioneered and exploited by HP's UK Enterprise Services. Both HP Enterprise Services and HP Labs, Bristol believe that bridging high-level incentive models and systems design for trust domains would be a unique global differentiator, not only aligned with US-NITRD 'game-changing' themes, but ahead of them in suggesting an integrated approach. The academic components of this project will contribute the following developments in support of this programme: - The concept of Trust Domain, at and between the various levels of the socio-technical system stack (policy-service-infrastructure); - Mathematical systems modelling technologies to support tools and methodologies for reasoning about the properties, dynamics, and applications of the Trust Domain concept; - A thorough taxonomy of technical, design, and architectural properties which give rise to different trust characteristics in deployed services; - Modelling the quality of trust and expectations among components, to the extent of being able to make a meaningful comparison of solutions based on different architectural paradigms, within a given context.Targeted market: intra-corporate and intra-governmental data centres and 'clouds' whose stringent information flow control requirements cannot be met by today's providers.

Planned Impact

The pathways to impact for this project can be summarized conveniently under the following three headings: Academic Impact - Research: influencing and challenging a range of academic disciplines in computing, mathematics, and management. - Education and Training: New Master's degree programmes combining the relevant technological and management skills. Industrial and Commercial Impact - Hewlett--Packard: - HP's UK-based research effort - HP's UK-based IT services and security businesses - HP's UK customers - Perpetuity: a client- and problem-base, encompassing questions such as access control and trust in the context of both corporate/physical security and information security will provide a rich collection of challenges for our conceptual work and tool/methodology development. - The wider security ecosystem: the community that is touched by this project, via academic research, industrial research, education/training, and as customers of HP and Perpetuity, will influence systems policy and implementation in academia, industry, and government. Impact in RCUK Priorities and in UK Society - Fostering global economic performance, and specifically the economic competitiveness of the United Kingdom The delivery of systems and services with appropriate levels of security - that is, systems that generate value whilst remaining sufficiently secure, robust, and flexible to cope with perturbations, be they internally (design changes) or externally (changes in the environment) generated - is a challenge to corporations and economies around the world. De- veloping robust, mathematically based technologies will allow the UK to lead in this respect. - Increasing the effectiveness of public services and policy. Public services are delivered by sys- tems that are based on complex technological substrates. These systems support services - to citizens, government, companies, charities, etc. - that are intended to implement society's agreed policies. At each of these three (infrastructure, service, policy) layers, groups of system components, be they individuals, organizations, or technology elements, need to form groups within which mutually understood and/or rep- resented levels of trust obtain. - Enhancing quality of life, health, and creative output. Citizens' quality of life will be enhanced by better, more secure services, more readily and appropriately trustable services, be they delivered by government or the private sector. Moreover, improved cost-effectiveness will tend to reduce the taxation burden and encourage reinvestment by service-providers.


10 25 50
publication icon
Anderson G (2016) A calculus and logic of bunched resources and processes in Theoretical Computer Science

publication icon
Collinson M (2014) A substructural logic for layered graphs in Journal of Logic and Computation

publication icon
G. Anderson (2015) The Trust Domains Guide

Related Projects

Project Reference Relationship Related To Start End Award Value
TS/I002502/1 01/04/2011 31/10/2013 £218,421
TS/I002502/2 Transfer TS/I002502/1 01/11/2013 31/03/2014 £28,173
Description The concept of a trust domain has proved useful in collaborative work with National Grid plc related to its re-engineering of its corporate security architecture. A short paper explaining this work is preparation.
First Year Of Impact 2015
Sector Digital/Communication/Information Technologies (including Software),Energy
Impact Types Societal,Policy & public services

Description National Grid Cyber-security Research 
Organisation The National Grid Co plc
Country United Kingdom 
Sector Private 
PI Contribution Research collaboration: Pym is Director of Cyber-security Research at National Grid
Collaborator Contribution Research collaboration
Impact Multi-discipinary. Colleagues from Universities of Aberdeen and Durham also involved. Various outputs: EC 'Seconomics' Project deliverables; presentations to National Grid management and security staff.
Start Year 2013
Description D. Pym has served as a member of Home Office Working Group on the Costs of Cybercrime 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Expert panel advising the Home Office.
Year(s) Of Engagement Activity 2014,2015,2016