您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

山东大学学报(理学版) ›› 2016, Vol. 51 ›› Issue (11): 58-65.doi: 10.6040/j.issn.1671-9352.2.2015.337

• • 上一篇    下一篇

一种基于证据的软件可信性度量模型

刘大福1,苏旸1,2*   

  1. 1. 网络与信息安全武警部队重点实验室, 陕西 西安 710086;2. 武警工程大学信息安全研究所, 陕西 西安 710086
  • 收稿日期:2015-08-17 出版日期:2016-11-20 发布日期:2016-11-22
  • 通讯作者: 苏旸(1975— ),男,博士, 教授,研究方向为网络安全、可信计算.E-mail:suyang75@126.com E-mail:313135071@qq.com
  • 作者简介:刘大福(1992— ),男,硕士研究生,研究方向为云计算安全、可信计算.E-mail:313135071@qq.com

Research on evidence-based software trustworthiness metrics model

LIU Da-fu1, SU Yang1,2*   

  1. 1.Key Laboratory of Network &
    Information Security of CAPF, Xian 710086, Shaanxi, China;
    2. The Institute of Information Security, Engineering University of CAPF, Xian 710086, Shaanxi, China
  • Received:2015-08-17 Online:2016-11-20 Published:2016-11-22

PDF (PC)

605

摘要: 为更全面系统地度量软件的可信性,根据客户对软件不同的主观需求将软件的可信性建立在各类证据之上,建立了一个基于证据的度量模型。模型根据系统安全保证的成功经验将可信性度量分成三个阶段,并对每个阶段定义相应的软件可信声明。通过可信架构分析,围绕可信声明收集建立证据和论据。综合收集到的信息,使用目标结构化表示法(goal-structuring notation, GSN)生成软件可信案例,由案例中声明是否被充分证明作为标准来度量软件的可信性。

关键词: 证据, 软件可信案例, 软件可信性度量, 目标结构化表示法

Abstract: In order to comprehensively measuring software trustworthiness, a metrics model was established based on evidence with different software requirements of customers. Software trustworthiness metrics was divided into three stages which were defined refers to system assurance in this model, and every stage had its corresponding software trusted goal. Then, through trusted architecture analysis, this model gathered evidences and arguments for a trusted goal. Finally, with the collected information integrated, software trusted case was generated by goal-structuring notation(GSN). Whether the goal was fully proved by the cases is treated as a standard to measure the trustworthiness of the software.

Key words: software trustworthiness metrics, goal-structuring notation, software trusted case, evidence

中图分类号: 

  • TP311
[1] 沈昌祥, 张焕国, 王怀民,等. 可信计算的研究与发展[J]. 中国科学:信息科学, 2010(2):139-166. SHEN Changxiang, ZHANG Huanguo, WANG Huaimin, et al. Research and development of trusted computing[J]. Science in China: Information Science, 2010(2):139-166.
[2] 刘克,单志广,王戟,等. 可信软件基础研究重大研究计划综述 [J].中国科学基金, 2008, 22(3):145-151. LIU Ke, SHAN Zhiguang, WANG Ji, et al. A summary of the major research plan of the trusted software foundation [J]. China Science Foundation, 2008, 22(3):145-151.
[3] FORREST S, HOFMEYR S A, SOMAYAJI A. Intrusion detection using sequences of system calls[J]. Journal of Computer Security, 1998, 6(3):151-180.
[4] XUAN D H, HU J, BERTOK P. A multi-layer model for anomaly intrusion detection using program sequences of system calls[J]. Proceedings of IEEE International Conference, 2003:531-536.
[5] CHEN N, HOI S C H, XIAO X. Software process evaluation: a machine learning framework with application to defect management process[J]. Empirical Software Engineering, 2014, 19(6):1-34.
[6] 田俊峰,韩金娥,杜瑞忠,等. 基于软件行为轨迹的可信性评价模型[J]. 计算机研究与发展, 2012, 49(7):1514-1524. TIAN Junfeng, HAN Jine, DU Ruizhong, et al. Credibility evaluation model based on software behavior locus [J]. Computer Research and Development, 2012, 49(7):1514-1524.
[7] 庄琭, 蔡勉, 李晨. 基于软件行为的可信动态度量[J]. 武汉大学学报(理学版), 2010, 56(2):133-137. ZHUANG Lu, CAI Mian, LI Chen. Software behavior-based trusted dynamic measurement [J]. Journal of Wuhan University(Natural Science Edition), 2010, 56(2):133-137.
[8] GRADY R B. Practical software metrics for project management and process improvement[M]. USA: Prentice Hall, 1992:88-105.
[9] NAMI M, SURYN W. From requirements to software trustworthiness using scenarios and finite state machine[J]. Annals of the University of Petrosani Mechanical Engineering, 2012, 2(1):3126-3131.
[10] DING S, YANG S L, FU C. A novel evidential reasoning based method for software trustworthiness evaluation under the uncertain and unreliable environment [J]. Expert Systems with Applications, 2012, 39(3):2700-2709.
[11] 陈火旺, 王戟, 董威. 高可信软件工程技术[J]. 电子学报, 2003, 31(Z1): 2-7. CHEN Huowang, WANG Ji, DONG Wei. High confidence software engineering technology [J]. Electronic Journal, 2003, 31(Z1):2-7.
[12] KIROVSKI D, DRINIC M, POTKONJAK M. Enabling trusted software integrity[J]. ACM Sigplan Notices, 2002, 37(10):108-120.
[13] CROLL P R. Engineering for systems assurance a state of the practice report[C] //Proceedings of the 1st Annual IEEE Systems Conference. New York: IEEE, 2007:1-7.
[14] KELLY T P. Arguing safety— a systematic approach to managing safety cases[J]. York: University of York, 2007:68-99.
[15] LANDOLL D J. The security risk assessment handbook[M]. New York: Auerbach Publications, 2006.
[16] GRADY R B. Practical software metrics for project management and process improvement[M]. USA: Prentice Hall, 1992:88-105.
[17] SWIDERSKI F, SNYDER W. Threat modeling[M]. USA: Microsoft Press, 2004.
[18] QUINN S, WALTERMIRE D, JOHNSON C, et al. The technical specification for the security content automation protocol: SCAP Version 1.0[R]. USA: NIST Interagency, 2004.
[19] MELL P, SCARFONE K,ROMANOSKY S. The common vulnerability scoring system and its applicability to federal agency [R]. USA: NIST Interagency, 2007.
[20] 诸葛建伟, 陈力波, 田繁. Metasploit渗透测试魔鬼训练营[M]. 北京: 机械工业出版社, 2013. ZHUGE Jianwei, CHEN Libo, TIAN Fan. Metasploit penetration testing devil training camp[M]. Beijing: Machinery Industry Press, 2013.
[21] 陈邻富, 卢炎生, 谢晓东. 软件错误注入测试研究[J]. 软件学报, 2009, 20(6):1425-1443. CHEN Linfu, LU Yansheng, XIE Xiaodong. Research on software error injection test[J]. Journal of Software, 2009, 20(6):1425-1443.
[22] MCGRAW G, POTTER B. Software security testing[J]. IEEE Security and Privacy, 2004, 2(5):81-85.
[23] 洪志国, 李焱, 范植华,等. 层次分析法中高阶平均随机一致性指标(RI)的计算[J]. 计算机工程与应用, 2002, 38(12):45-47. HONG Zhiguo, LI Yan, FAN Zhihua, et al. Caculation on high-ranked RI if analytic hierarchy process[J]. Computer Engineering and Applications, 2002, 38(12):45-47.
[1] 陈圣群,王应明,施海柳. 多时期匹配决策的等级置信度融合法[J]. 山东大学学报(理学版), 2016, 51(3): 60-69.
[2] 蒋伟进, 许宇晖, 郭宏, 许宇胜. 基于多智能体的多维证据动态信任计算模型[J]. 山东大学学报(理学版), 2015, 50(01): 1-11.
[3] 甘信军, 杨维强. 证据权重方法与信用风险控制[J]. 山东大学学报(理学版), 2014, 49(12): 55-59.
[4] 凌密然, 米据生, 马丽. 异构形式背景上的不确定推理[J]. 山东大学学报(理学版), 2014, 49(08): 28-32.
[5] 曹 瑛,王明文,陶红亮 . 基于Markov网络的检索模型[J]. J4, 2006, 41(3): 126-130 .
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
版权所有 © 2018 《山东大学学报(理学版)》编辑部 
地址: 山东省济南市山大南路27号山东大学中心校区(250100) 电话: +86-0531-88366917 E-mail: xblxb@sdu.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发