Trust and Reputation Management Systems (TRMSs) are critical for the modern web, yet their reliance on subjective user ratings or narrow Quality of Service (QoS) metrics lacks objective grounding. Concurrently, while regulatory frameworks like GDPR and HIPAA provide objective behavioral standards, automated compliance auditing has been limited to coarse, binary (pass/fail) outcomes. This paper bridges this research gap by operationalizing regulatory compliance as a quantitative and dynamic trust metric through our novel automated compliance engine (ACE). ACE first formalizes legal and organizational policies into a verifiable, obligation-centric logic. It then continuously audits system event logs against this logic to detect violations. The core of our contribution is a quantitative model that assesses the severity of each violation along multiple dimensions, including its Volume, Duration, Breadth, and Criticality, to compute a fine-grained, evolving compliance score. We evaluate ACE on a synthetic hospital dataset, demonstrating its ability to accurately detect a range of complex HIPAA and GDPR violations and produce a nuanced score that is significantly more expressive than traditional binary approaches. This work enables the development of more transparent, accountable, and resilient TRMSs on the Web.

翻译：信任与声誉管理系统（TRMSs）对现代网络至关重要，然而其依赖主观用户评分或狭隘的服务质量（QoS）指标，缺乏客观基础。与此同时，尽管GDPR和HIPAA等监管框架提供了客观的行为标准，但自动化合规性审计一直局限于粗略的二元（通过/失败）结果。本文通过我们新颖的自动化合规引擎（ACE）将监管合规性操作化为一种量化且动态的信任度量指标，从而弥合了这一研究空白。ACE首先将法律和组织政策形式化为一种可验证的、以义务为核心的逻辑。随后，它根据该逻辑持续审计系统事件日志以检测违规行为。我们贡献的核心是一个量化模型，该模型从多个维度（包括违规的规模、持续时间、广度和严重性）评估每次违规的严重程度，从而计算出一个细粒度、动态演化的合规性分数。我们在一个合成的医院数据集上评估了ACE，证明了其能够准确检测一系列复杂的HIPAA和GDPR违规行为，并生成一个比传统二元方法更具表现力的精细评分。这项工作有助于在网络上开发更透明、更负责任且更具韧性的TRMSs。