Keywords

1 Introduction

Trust relationship is one of important reciprocal relationships in our society and cyber space. There are many reciprocal relationships that must concern two parties, e.g., parent-child relationship, relative relationship, friendship, cooperative relationship, complementary relationship, trade relationship, buying and selling relationship, and so on [7]. Especially, trust relationship is basis of communications between human to human, human to system, and system to system, and basis of decision making of human and/or system. For example, we trust the data that we use for a decision to be reliable; when we cross an intersection of streets, we trust the cars in other directions to follow the traffic signals [13].

Trust reasoning is an indispensable process to establish trustworthy and secure communication under open and decentralized systems that include multi-agents and humans. Trust reasoning is the ability to reason about trust targets and their relationships whether these targets are trusted or not. In open and decentralized systems, although it is difficult to know whether a system, an agent, or a human that require to connect with our system can be trusted or not before communication with it, we want to know that to establish trustworthy and secure communication. Thus, we should calculate the degree of trust of target system, agent, or human by using already known fact, hypotheses, and observed data. Trust reasoning is a process to calculate the degree of trust or decide which target can be regarded as trust one.

Reciprocal logics [7] is an expectable candidate for a logic system underlying trust reasoning. Classical mathematical logics and its various conservative extensions are not suitable for logic systems underlying reasoning, because those have paradoxes of implication [1, 2]. Strong relevant logics have rejected those paradoxes of implication, and are considered as the universal basis of various applied logics for knowledge representation and reasoning [6]. Thus, strong relevant logics and its conservative extensions are candidates for logic systems underlying reasoning. Reciprocal logics is a conservative extension of strong relevant logics to deal with various reciprocal relationships. The reciprocal logics provide several predicates to describe propositions about trust relationship [7].

On the other hand, there are various trust properties for trust relationships. Basically, trust is established in interaction between two entities: trustor and trustee. Trustee provides trustworthy data to make a trustor trust in a trustee. For example, home appliance devices (trustee) provide energy-related data for users (trustor) to control these devices in use case of home energy management [16]. Trust is affected by several subjective such as social status and physical properties; and objective factors such as competence and reputation and classified the properties influencing trust into [12, 23]. Trust is a trustors belief about some trustees property [9]. Many trust properties has been identified in literature, trust in reliability, honesty, credibility [15, 22, 25]. Most authors focused on only one dimension such as trust in the reliability [14, 18], trust in the sincerity [19] and other researchers dealt with trust and cooperation. Demolombe [8] provided a formal definition for 6 trust properties based on modal logics. Current reciprocal logics does not cover such trust properties.

This paper aims to extends reciprocal logics to deal with various trust properties for trust reasoning. At first, we have surveyed and identified properties that are relevant to the trustworthy relationship, and then extends reciprocal logics by introducing new predicates for the identified trust properties. The paper also shows an example of usage the extension logic. The extended logics illustrates the general properties of trust that can facilitate the engineering of trustworthy systems.

The rest of the paper is organized as follows: Sect. 2 shows previous works about trust properties. Section 3 gives overview of reciprocal logics and its limitation. Section 4 presents an extension of reciprocal logics and an example of usage the extension logic. Finally, some concluding remarks are given in Sect. 5.

2 Trust Properties in Previous Works

In the domain of trust reasoning, several work show the interest to clearly differentiate between trust in reliability and trust in honesty which is later called credibility [15, 22, 25]. However, a large set of works focused only on trust in the reliability [14, 18] and trust in the sincerity. Leturc et al. [17] defined trust as a subjective probability just refers to one dimension of trust while ignoring the other dimension which is objective probability. The subjective probability assembles too many important parameters and beliefs, that are very relevant in social reasoning [19] while there is a need to define other parameters and beliefs related to trust objectives such as competence. Yan et al. [23, 24] only discusses trust properties and its classification but its formal representation is not presented.

Demolombe [8] provided a formal definition for trust that distinguishes between different properties an agent may have trust in. Other study also shows that having high (reliability) trust in a person in general is not necessarily enough to decide to enter a situation of dependence on that person [21]. There is a need to consider other factors that influence trustworthy relationship. Yan et al. [23] presented suggestions to evaluate trust with regard to competence, benevolence, integrity, and predictability and also targeted trust at different context and technology areas.

Trust properties presented in [8] are based on modal logics. These properties are defined in terms of material implications which leads to a well-known paradox. Other review shows that [12, 19] are also interested to model trust with modal logics, graph-based approach [20], Second order propositional logic [10] based on classical mathematical logics.

3 Reciprocal Logics and Its Limitation

Relevant logics were constructed during the 1950s in order to find a mathematically satisfactory way of grasping the elusive notion of relevance of antecedent to consequent in conditionals, and to obtain a notion of implication which is free from the so-called ‘paradoxes’ of material and strict implication [10, 20].

Strong relevant logics [6] were proposed in order to find a satisfactory logic to underlie relevant reasoning. These logic requires that the premises of a argument represented by an entailment include no unnecessary and needless conjuncts and the conclusion of that argument includes no unnecessary and needless disjuncts, and rejected those conjunction-implicational paradoxes and disjunction-implicational paradoxes [6].

Reciprocal logics [7] was established for specifying, verifying and reasoning about reciprocal relationships. These reciprocal logics underlie relevant reasoning as well as truth-preserving reasoning in the sense of conditional, ampliative reasoning, paracompletes reasoning, and paraconsistent reasoning. Moreover, the logics can be used for reasoning about relative relations among points as well as regions. Cheng [5] shows that various reciprocal logics can be obtained by introducing predicates and related axioms about reciprocal relationships into strong relevant logics.

Reciprocal relationship such as trust relationships may be symmetrical or unsymmetrical transitive or non transitive. Althought there are many definition based on the concept of trust. Trust Relationships have usually something in common. In general a trust relationship must concern two entities say trustor and trustee such that trustor trust trustee to do something. Trust relationships is not necessarily symmetrical and not necessarily transitive. In many cases, a trust relationship is conditional in the form that A trust B to do something if the condition is true [7]. Predicates which are already defined in [7] for one of the reciprocal logics, i.e., trust relationships are as follows.

The limitation of reciprocal logics is that the logic does not provide enough predicates to describe sentences about trust easily. This papers aims to describe various predicates for trust properties. Further, they can be used to represent and specify various reciprocal relationships and then to reason about the trustworthy decision and actions [7].

  • Defined predicates by Cheng [7]:

  • \(TR(pe_{1},pe_{2})\) means \(pe_{1}\) trusts \(pe_{2}\).

  • \(NTR(pe_{1},pe_{2})\) \(=_{d_{f}}\) \(\lnot (TR(pe_{1},pe_{2}))\), \(NTR(pe_{1},pe_{2})\) means \(pe_{1}\) doesnot trust \(pe_{2}\).

  • \(TREO(pe_{1},pe_{2})\) \(=_{d_{f}}\) \(TR(pe_{1},pe_{2})\) \(\wedge \) \((TR(pe_{2},pe_{1}))\), \(TREO(pe_{1},pe_{2})\) means \(pe_{1}\) and \(pe_{2}\) trust each other.

  • \(ITR(pe_{1},pe_{2},pe_{3})\) \(=_{d_{f}}\) \(\lnot (TR(pe_{1},pe_{2}) \wedge \) \((TR(pe_{1},pe_{3})\), \(ITR(pe_{1},pe_{2},pe_{3})\) means \(pe_{1}\) doesnot trust both \(pe_{2}\) and \(pe_{2} \) (Incompatibility).

  • \(XTR(pe_{1},pe_{2},pe_{3})\) \(=_{d_{f}}\) \((TR(pe_{1},pe_{2})\) \(\vee (TR(pe_{1},pe_{3}))\) \(\wedge (NTR(pe_{1},pe_{2})\) \(\vee (NTR(pe_{1},pe_{3}))\) \(XTR(pe_{1},pe_{2},pe_{3})\) means \(pe_{1}\) trust either \(pe_{2}\) or \(pe_{3}\) but not both (exclusive disjunction).

  • \(JTR(pe_{1},pe_{2},pe_{3})\) \(=_{d_{f}}\) \(\lnot (TR(pe_{1},pe_{2}) \vee \) \((TR(pe_{1},pe_{3}))\), \(JTR(pe_{1},pe_{2},pe_{3})\) means \(pe_{1}\) trust either \(pe_{2}\) or \(pe_{3}\) (joint denial).

  • \(TTR(pe_{1},pe_{2},pe_{3})\) \(=_{d_{f}}\) \((TR(pe_{1},pe_{2}) \wedge \) \((TR(pe_{2},pe_{3}))\) \(\Rightarrow \) \((TR(pe_{1},pe_{3})\) , \(TTR(pe_{1},pe_{2},pe_{3})\) means \(pe_{1}\) trust \(pe_{3}\) if \(pe_{1}\) trusts \(pe_{2}\) and \(pe_{2}\) trust \(pe_{3}\).

  • \(CTR(pe_{1},pe_{2},pe_{3})\) \(=_{d_{f}}\) \((TR(pe_{1},pe_{3})\) \(\Rightarrow \) \((TR(pe_{2},pe_{3}))\), \(CTR(pe_{1},pe_{2},pe_{3})\) means \(pe_{2}\) trusts \(pe_{3}\) if \(pe_{1}\) trusts \(pe_{3}\).

  • \(NCTR(pe_{1},pe_{2},pe_{3})\) \(=_{d_{f}}\) \((TR(pe_{1},pe_{3})\) \(\Rightarrow \) \((TR(pe_{2},pe_{3}))\), \(NCTR(pe_{1},pe_{2},pe_{3})\) means \(pe_{2}\) trusts \(pe_{3}\) if \(pe_{1}\) doesnot trusts \(pe_{3}\).

  • \(CNTR(pe_{1},pe_{2},pe_{3})\) \(=_{d_{f}}\) \(\lnot (TR(pe_{1},pe_{3})\) \(\Rightarrow \) \(\lnot (TR(pe_{2},pe_{3}))\), \(CNTR(pe_{1},pe_{2},pe_{3})\) means \(pe_{2}\) does not trusts \(pe_{3}\) if \(pe_{1}\) doesnot trusts \(pe_{3}\).

  • \(TRpo(pe_{1},o_{1})\) \(=_{d_{f}}\) \(\forall \) \(pe_{2}(B(pe_{2},o_{1})\) \(\wedge \) \((TR(pe_{1},pe_{2}))\), \(TRpo(pe_{1},o_{1})\) means \(pe_{1}\) trusts \(o_{1}\).

  • \(NTRpo(pe_{1},o_{1})\) \(=_{d_{f}}\) \(\forall \) \(pe_{2}(B(pe_{2},o_{1})\) \(\wedge \) \((NTR(pe_{1},pe_{2}))\), \(NTRpo(pe_{1},o_{1})\) means \(pe_{1}\) doesnot trusts \(o_{1}\).

  • \(NTRpo(o_{1},pe_{1})\) \(=_{d_{f}}\) \(\forall \) \(pe_{2}(B(pe_{2},o_{1})\) \(\wedge \) \((NTR(pe_{2},pe_{1}))\), \(NTRpo(o_{1},pe_{1})\) means \(o_{1}\) doesnot trusts \(pe_{1}\).

  • \(TRoo(o_{1},o_{2})\) \(=_{d_{f}}\) \(\forall \) \(pe_{1}\) \(\forall \) \(pe_{2}\) \((B(pe_{1},o_{1})\) \(\wedge \) \((B(pe_{2},o_{2}))\) \(\wedge (TR(pe_{1},pe_{2})\), \(TRoo(o_{1},o_{2})\) means \(o_{1}\) trusts \(o_{2}\).

  • \(NTRoo(o_{1},o_{2})\) \(=_{d_{f}}\) \(\forall \) \(pe_{1}\) \(\forall \) \(pe_{2}\) \((B(pe_{1},o_{1})\) \(\wedge \) \((B(pe_{2},o_{2}))\) \(\wedge (NTR(pe_{1},pe_{2})\), \(NTRoo(o_{1},o_{2})\) means \(o_{1}\) doesnot trusts \(o_{2}\).

4 An Extension of Reciprocal Logics for Trust Properties

4.1 Description of Trust Properties

Trust is an essential element of any coherent trustworthy relationship. Trust relationships are more tractable with the aid of trust properties. So, we need to extend reciprocal logics with trust properties that supports trustworthy decisions. We studied various trust properties and classified them according to trustee and trustor objectives and subjectivities respectively. According to our survey we have identified trust properties which are regularly assigned to trust and influence the concept of computational trust. We have also adopted some ideas of trust properties by Demolombe [8]. We further presents a formal representations of identified trust properties and applies them on context based cases.

Current reciprocal logics are not enough to represent sincerity, validity, vigilance, obedience, reliability, credibility, cooperativity, completeness, willingness because at present it only deals with the basic trust relationships which doesn’t includes a piece of information exchange between two entities.

  • Brief definitions of trust properties are as follows:

  • Sincerity: Sincerity is the relationship between what the trustee says and what he believes [3].

  • Validity: Validity is the relationship between what the trustee says and what is true [3].

  • Completeness: Completeness is the relationship between what is true and what the trustee says [3].

  • Cooperativity: Cooperativity is the relationship between what the trustee believes and what he says [3]. The number of interactions between entities that have been held in positive manner [16].

  • Credibility: Credibility indicates the degree to which the trustor believes that trustee will participate in the collaboration [16]. This information might be measured based on the level of uncertainty.

  • Vigilance: Vigilance is the relationship between what is true and what the trustee believes [3].

  • Reliability: Reliability means that any cyber object might imply that it fulfils the required quality of service and it can be measured as probability that an entity correctly performs a required job in a specified period of time under stated conditions [16].

  • Obedience: Trustor is said to be obedient if it behaves according to the trustees standards.

  • Willingness: Trustor is said to be willing if it is relying on the actions of another party. Trustee decide and intends to do what the trustor have propose to do.

4.2 Formal Representation of Extended Predicates

This section shows trust properties and its formal representation. If any trust relationship between trustor and trustee in a particular context does not meet any of the trust properties, we consider that the communication is not trustworthy. Targets behave different in centralized and distributed environment. A target in a distributed environment may not have direct knowledge of other target so there is a need for mechanisms to support establishment of trust relationships between distributed targets. For this we analyzed various trust properties which will also support the trust relationship among targets involved in a distributed environment.

Predicates

  • C is the content

  • Trustor is represented with \(pe_{1}\).

  • Trustee is represented with \(pe_{2}\).

  • T(c) C is true

  • \(PER(pe_{1}) \) \(pe_{1}\) performs according to c.

  • \(DE(pe_{2},c)\) \(pe_{2}\) decides according to c.

  • \(BEH(pe_{2},c)\) \(pe_{2}\) behaves according to c.

  • \(I(pe_{1},pe_{2},c)\) \(pe_{1}\) has informed \(pe_{2}\) about c.

  • \(BEL(pe_{2},c)\) \(pe_{2}\) believe in c.

  • \(STR(pe_{1},pe_{2},c)\) \(pe_{1}\) trust \(pe_{2}\) in his sincerity about c.

  • \(ValTR(pe_{1},pe_{2},c)\) \(pe_{1}\) trust\(pe_{2}\) in his validity about c.

  • \(VigTR(pe_{1},pe_{2},c)\) \(pe_{1}\) trust \(pe_{2}\) in his vigilance about c.

  • \(ObTR(pe_{1},pe_{2},c)\) \(pe_{1}\)trust \(pe_{2}\) in his obedience about c.

  • \(ReTR(pe_{1},pe_{2},c)\) \(pe_{1}\) trust \(pe_{2}\)in his Reliability about c.

  • \(WTR(pe_{1},pe_{2},c)\) \(pe_{1}\) trust \(pe_{2}\)in his willingness about c.

  • \(CreTR(pe_{1},pe_{2},c)\) \(pe_{1}\) trust \(pe_{2}\) in his Credibility about c.

  • \(CoTR(pe_{1},pe_{2},c)\) \(pe_{1}\) trust \(pe_{2}\)in his Cooperativity about c.

  • \(CptTR(pe_{1},pe_{2},c)\) \(pe_{1}\) trust \(pe_{2}\) in his Completeness about c.

Defined Predicates:

  1. 1.

    \(STR(pe_{1},pe_{2},c)\) \(=_{d_{f}}\) \(BEL(pe_{1},\)I(\(pe_{1}\),\(pe_{2}\),c)\(\Rightarrow \) \(BEL(pe_{2},\)T(c)\()\) \()\), \(STR(pe_{1},pe_{2},c)\) means trustor believes that if it is informed by the trustee about some content,then the trustee believes that this content is true.

  2. 2.

    \(ValTR(pe_{1},pe_{2},c)\) \(=_{d_{f}}\) \(BEL((pe_{1},\)I(\(pe_{2}\),\(pe_{1}\),c)\(\Rightarrow \)T(c)), \(ValTR(pe_{1},pe_{2},c)\) means truster believes that if it is informed by the trustee about some content, then this content is true.

  3. 3.

    \(CptTR(pe_{1},pe_{2},c)\) \(=_{d_{f}}\) \(BEL(pe_{1},\)T(c)\(\Rightarrow \)I(\(pe_{2}\),\(pe_{1}\),c)), \(CptTR(pe_{1},pe_{2},c)\) means that truster believes that if some content is true, then the truster is informed by the trustee about this content.

  4. 4.

    \(CoTR(pe_{1},pe_{2},c)\) \(=_{d_{f}}\) \(BEL(pe_{1},\)BEL(\(pe_{2}\),T(c))) \(\Rightarrow \) \(I(pe_{2},pe_{1},c) \) \()\), \(CoTR(pe_{1},pe_{2},c)\) means truster believes that if the trustee believes that some content is true, then the truster is informed by the trustee about this content.

  5. 5.

    \(CreTR(pe_{1},pe_{2},c)\) \(=_{d_{f}}\) \(BEL(pe_{1},(\)BEL(\(pe_{2}\),T(c))) \(\Rightarrow \) c), \(CreTR(pe_{1},pe_{2},c)\) means truster believes that if the trustee believes that some content is true, then this content is true.

  6. 6.

    \(VigTR(pe_{1},pe_{2},c)\) \(=_{d_{f}}\) \(BEL(pe_{1},T(c) \Rightarrow \) ( BEL(\(pe_{2}\),c)\()\) \()\) , \(VigTR(pe_{1},pe_{2},c)\) means truster believes that if some content is true, then the trustee believes that this content is true.

  7. 7.

    \(ObTR(pe_{1},pe_{2},c)\) \(=_{d_{f}}\) \(BEL(pe_{1},\)S(\(pe_{2}\),c)\(\Rightarrow \) \(I(pe_{1},pe_{2},c)\) \()\), \(ObTR(pe_{1},pe_{2},c)\) means trustor believe that trustee would satisfies the informed content C.

  8. 8.

    \(ReTR(pe_{1},pe_{2},c)\) \(=_{d_{f}}\) \(BEL(pe_{1},\)PER(\(pe_{2}\),c)\(\Rightarrow \) \(I(pe_{1},pe_{2},c)\) \()\), \(ReTR(pe_{1},pe_{2},c)\) means trustor believes that trustee will perform according to content.

  9. 9.

    \(WTR(pe_{1},pe_{2},c)\) \(=_{d_{f}}\) \(BEL(pe_{1},\)DE(\(pe_{2}\),c)) ,  \(WTR(pe_{1},pe_{2},c)\) means trustee believes that trustor has decided to do what it has been informed by trustor.

A summary of our classification is presented in Table 1. It shows identified trust properties classified according to trustee and trustor objectives and subjectivities respectively. This table is used as a frame of reference in context based cases to identify whether targets (Person, Agent or Service) and trust relationships among them are trustworthy or not.

Context Based Cases

Context refers to the circumstances and associations of the target in a trust relationship decision. Context based case means the case which has some context. For example, an agent providing a description for an item, where the agent may be a vendor selling that item, or as a consumer advocate reporting on that item [4].

Secondly context based cases involves some target. A target is an entity which is being evaluated or given trust varies with the perspective of the problem [4]. A target could be one from any domain. Human user from social domain, Web services from web domain, agent from network domain, systems and objects from cyber and physical domain respectively.

Trust is usually specified in terms of a relationship between a trustor, the subject that trusts a target entity, which is known as the trustee, i.e., the entity that is trusted and it forms the basis for allowing a trustee to use or manipulate resources owned by a trustor or may influence a trustor’s decision to use a service provided by a trustee [11]. A target can behave as a trustor or a trustee depending on the context. For example, a service is only trusted if it response less than 0.2 ms or a system protecting files from the accidental deletion [11].

Table 1. Classification of trust properties w.r.t objective’s and subjectivities.
Full size table

This paper considers a case from a distributed enviorment which involves a user and a server. A user u wants to know about the weather. The user has found a web service s1 holds by a server s that presents weather information, but he doesn’t know whether it delivers up to date information, or whether the information is correct at all. User asks the server about web service which is said to be content in this case. If the server do not provide the correct information then the user concludes that the server is not trustworthy.

Table 2. Shows trust predicates used to define relationship between two targets.
Full size table

These trust predicates are used to reason about a case, a user requests a service from a server. We can see that server is sincere about user that it will provide valid details in order to access a web service from server s. User trusts server regarding its reliability and believe that a valid service will be provided by a server (Table 2).

Identification of targets:

  • User

  • Server

A target may behaves as a trustor or a trustee. In this case if a user behaves as a trustor and server behaves as a trustee than a user should access the required service through proper channel following trustor’s standards. For this predicate \(ObTR(pe_{1},pe_{2},c)\) has been defined in Sect. 4 and \(ReTR(pe_{1},pe_{2},c)\) predicate shows server should be reliable and provide services as required. If a user behaves as a trustee and server behaves as a trustor than a user should provide valid login details. If the login details are correct then server should complete the request.

  1. 1.

    (us): the user requests a service.

  2. 2.

    ObTR(suc): the user follows the rules (which is c in the predicate) while accessing server.

  3. 3.

    STR(suc): the user provides valid login details.

  4. 4.

    TR(su): the server trusts the user.

  5. 5.

    ReTR(usc): the server is reliable and provides requested service.

  6. 6.

    CptTR(usc): the server is capable to provide a service and perform the function as expected.

  7. 7.

    TR(us): the user trusts the server.

  8. 8.

    TREO(us): at this point both the server and the user trusts each other.

From the above case, we obtain two beliefs that user believes that service is valid and the server is reliable. It can also be said that using predicates defined for trust properties using reciprocal logics provides us with a criterion of logical validity of reasoning.

5 Conclusion

This paper discussed a significant concept of reciprocal relationships. We have extended reciprocal logics with various trust properties for trust reasoning. We have also provided definitions of trust properties and introduced new predicates to reciprocal logics.

As future work, we plan to investigate and develop actual framework for reciprocal relationships which could be said as a complete and comprehensive set of basis for trustworthy systems. Studying trust dynamics in reputation is another direction for further investigation.