Users expect a trustworthy system to behave according to its requirements. Trustworthiness is a fundamental design objective for any system that provides critical functions, for example, transportation systems, medical systems, and water purification. Typically, these systems are cyber-physical systems (CPSs). This book considers the development life cycle of trustworthy CPSs, from their requirements to their evaluation and use; it is a collection of the author’s work on this topic from 1998 to 2013. In a time where we use CPSs for many critical functions, the analysis and design of such systems is of high importance.
The treatment is comprehensive and systematic, with many references and detailed analyses of the different aspects relevant to system trustworthiness. The extensive use of the unified modeling language (UML), business process model and notation (BPMN), and i* models makes its understanding very intuitive and clear. The use of patterns facilitates the application of these results for the design of real systems. Several application cases demonstrate the use of the concepts.
Trustworthiness may imply security, reliability, safety, and other attributes depending on the user concerns and the type of application. This indicates that the design of trustworthy CPSs requires a holistic approach in analogy with designing secure systems. Because of the interdependencies of these attributes, evaluating trustworthiness is not easy; however, the author has produced credible metrics that allow designers to compare systems and evaluate specific systems.
A chapter is dedicated to a survey of development methodologies that could be used as the basis for a methodology to produce trustworthy products. From them, the author develops her own methodology that uses process patterns (called here process chunks) that can be combined with the stages of other methodologies. I think that security methodologies using patterns would appear well suited for this purpose, but they are not considered in this discussion, although the resulting methodology uses them.
While the book is about software aspects, some discussion of the use of hardware modules such as TPM would have been useful. The so-called “trusted computing” technology can verify that the software and platform we use are legitimate and have some security properties (key storage and others), so it certainly contributes to the trustworthiness of the whole system.
In spite of these small flaws, this is a valuable book for researchers of CPSs, students (it would be a good textbook for a graduate course on CPSs), and system developers (the approach is practical and can be put to work to build complex CPSs). There are few books on building trustworthy systems and this work fills a big gap; other books on computer trust are either rather old or discuss only specific aspects, while this book has taken a holistic view of trustworthiness. The author has made an important contribution to the theory and practice of trustworthy CPSs.