EPSRC logo

Details of Grant 

EPSRC Reference: TS/I002502/2
Title: Trust Domains - A framework for modelling and designing e-service infrastructures for controlled sharing of information
Principal Investigator: Pym, Professor D
Other Investigators:
Collinson, Dr MJ
Researcher Co-Investigators:
Project Partners:
Department: Computer Science
Organisation: UCL
Scheme: Technology Programme
Starts: 01 November 2013 Ends: 31 March 2014 Value (£): 28,173
EPSRC Research Topic Classifications:
Human-Computer Interactions Information & Knowledge Mgmt
Mobile Computing
EPSRC Industrial Sector Classifications:
Manufacturing Communications
Financial Services Creative Industries
Information Technologies
Related Grants:
Panel History:  
Summary on Grant Application Form
Ensuring flows of information to the right people over multiple collaborating organisations is becoming increasingly important for both business and government. There are, however, trade-offs between the productivity and functional gains from sharing information, on the one hand, and the risks of leakage and opening up IT systems, on the other. Recent developments in trusted computing and virtualization can address these trade offs in a flexible manner, as they allow for the creation of policy controlled IT systems with configurable security properties. Collaborative, secure sharing solutions can be realized through the creation of dynamic 'Trust Domains' --- a notion that we propose to explore at and between all levels of the policy-service-infrastructure stack --- that enforce information flow and configuration policies. We propose a customer-driven project that starts out from examples of information sharing within police forces and agencies they work with. Based on a practical understanding of the required flows and policies, we will develop an abstract framework for qualifying types of and flows of information and a corresponding model of the associated risks. This allows process owners to describe their requirements and concerns. We will research how to qualify and map information flows to Trust Domain configurations, derive guidelines and templates for supporting solution architects in building IT services, and extend our set of analytics and modelling tools to help stakeholders gain an understanding of the risks associated with information flows and enforcement mechanisms.There are business opportunities for creating and operating new e-services with enhanced trust and security properties based on new methodologies and toolsets. The framework we suggest takes a business driven approach to risk, trust and security and covers aspects of process and system analysis, design, configuration, security policy, human roles, and operational management. We create a value proposition by having the models, tools and methodologies that allows us to bridge the current gap between business level risk and system configuration and policy design. Hence mapping service needs onto trusted platforms, domains, and infrastructureThe project complements and expands ongoing, TSB-funded work on trust economics as well as on complexity, risk, and resilience management pioneered and exploited by HP's UK Enterprise Services. Both HP Enterprise Services and HP Labs, Bristol believe that bridging high-level incentive models and systems design for trust domains would be a unique global differentiator, not only aligned with US-NITRD 'game-changing' themes, but ahead of them in suggesting an integrated approach. The academic components of this project will contribute the following developments in support of this programme: - The concept of Trust Domain, at and between the various levels of the socio-technical system stack (policy-service-infrastructure); - Mathematical systems modelling technologies to support tools and methodologies for reasoning about the properties, dynamics, and applications of the Trust Domain concept; - A thorough taxonomy of technical, design, and architectural properties which give rise to different trust characteristics in deployed services; - Modelling the quality of trust and expectations among components, to the extent of being able to make a meaningful comparison of solutions based on different architectural paradigms, within a given context.Targeted market: intra-corporate and intra-governmental data centres and 'clouds' whose stringent information flow control requirements cannot be met by today's providers.
Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: