Reputation as a decision criteria for whom to trust has been successfully adopted by a few internet-based businesses such as ebay or Amazon. Moreover, trust evaluation is becoming of increasing importance for future internet systems such as smart grids, because these contain potentially millions of users, their data, and a huge number of subsystems. The resulting scale and complexity makes them ideal candidates for trust and reputation based security controls, but currently engineering methodologies are missing that provide structured step-by-step instructions on how to design such controls. We contribute such a methodology including tool support that helps (i) to elicit trust relationships, (ii) to reason about how to construct trust and reputation engines for these and finally (iii) to specify consequent security controls. The methodology is based on formal OCL-expressions that provide (semi-)automatic support analysing UML models with regard to trust and reputation information.