JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2016, Vol. 51 ›› Issue (11): 58-65.doi: 10.6040/j.issn.1671-9352.2.2015.337

Previous Articles     Next Articles

Research on evidence-based software trustworthiness metrics model

LIU Da-fu1, SU Yang1,2*   

  1. 1.Key Laboratory of Network &
    Information Security of CAPF, Xian 710086, Shaanxi, China;
    2. The Institute of Information Security, Engineering University of CAPF, Xian 710086, Shaanxi, China
  • Received:2015-08-17 Online:2016-11-20 Published:2016-11-22

Abstract: In order to comprehensively measuring software trustworthiness, a metrics model was established based on evidence with different software requirements of customers. Software trustworthiness metrics was divided into three stages which were defined refers to system assurance in this model, and every stage had its corresponding software trusted goal. Then, through trusted architecture analysis, this model gathered evidences and arguments for a trusted goal. Finally, with the collected information integrated, software trusted case was generated by goal-structuring notation(GSN). Whether the goal was fully proved by the cases is treated as a standard to measure the trustworthiness of the software.

Key words: software trustworthiness metrics, goal-structuring notation, software trusted case, evidence

CLC Number: 

  • TP311
[1] 沈昌祥, 张焕国, 王怀民,等. 可信计算的研究与发展[J]. 中国科学:信息科学, 2010(2):139-166. SHEN Changxiang, ZHANG Huanguo, WANG Huaimin, et al. Research and development of trusted computing[J]. Science in China: Information Science, 2010(2):139-166.
[2] 刘克,单志广,王戟,等. 可信软件基础研究重大研究计划综述 [J].中国科学基金, 2008, 22(3):145-151. LIU Ke, SHAN Zhiguang, WANG Ji, et al. A summary of the major research plan of the trusted software foundation [J]. China Science Foundation, 2008, 22(3):145-151.
[3] FORREST S, HOFMEYR S A, SOMAYAJI A. Intrusion detection using sequences of system calls[J]. Journal of Computer Security, 1998, 6(3):151-180.
[4] XUAN D H, HU J, BERTOK P. A multi-layer model for anomaly intrusion detection using program sequences of system calls[J]. Proceedings of IEEE International Conference, 2003:531-536.
[5] CHEN N, HOI S C H, XIAO X. Software process evaluation: a machine learning framework with application to defect management process[J]. Empirical Software Engineering, 2014, 19(6):1-34.
[6] 田俊峰,韩金娥,杜瑞忠,等. 基于软件行为轨迹的可信性评价模型[J]. 计算机研究与发展, 2012, 49(7):1514-1524. TIAN Junfeng, HAN Jine, DU Ruizhong, et al. Credibility evaluation model based on software behavior locus [J]. Computer Research and Development, 2012, 49(7):1514-1524.
[7] 庄琭, 蔡勉, 李晨. 基于软件行为的可信动态度量[J]. 武汉大学学报(理学版), 2010, 56(2):133-137. ZHUANG Lu, CAI Mian, LI Chen. Software behavior-based trusted dynamic measurement [J]. Journal of Wuhan University(Natural Science Edition), 2010, 56(2):133-137.
[8] GRADY R B. Practical software metrics for project management and process improvement[M]. USA: Prentice Hall, 1992:88-105.
[9] NAMI M, SURYN W. From requirements to software trustworthiness using scenarios and finite state machine[J]. Annals of the University of Petrosani Mechanical Engineering, 2012, 2(1):3126-3131.
[10] DING S, YANG S L, FU C. A novel evidential reasoning based method for software trustworthiness evaluation under the uncertain and unreliable environment [J]. Expert Systems with Applications, 2012, 39(3):2700-2709.
[11] 陈火旺, 王戟, 董威. 高可信软件工程技术[J]. 电子学报, 2003, 31(Z1): 2-7. CHEN Huowang, WANG Ji, DONG Wei. High confidence software engineering technology [J]. Electronic Journal, 2003, 31(Z1):2-7.
[12] KIROVSKI D, DRINIC M, POTKONJAK M. Enabling trusted software integrity[J]. ACM Sigplan Notices, 2002, 37(10):108-120.
[13] CROLL P R. Engineering for systems assurance a state of the practice report[C] //Proceedings of the 1st Annual IEEE Systems Conference. New York: IEEE, 2007:1-7.
[14] KELLY T P. Arguing safety— a systematic approach to managing safety cases[J]. York: University of York, 2007:68-99.
[15] LANDOLL D J. The security risk assessment handbook[M]. New York: Auerbach Publications, 2006.
[16] GRADY R B. Practical software metrics for project management and process improvement[M]. USA: Prentice Hall, 1992:88-105.
[17] SWIDERSKI F, SNYDER W. Threat modeling[M]. USA: Microsoft Press, 2004.
[18] QUINN S, WALTERMIRE D, JOHNSON C, et al. The technical specification for the security content automation protocol: SCAP Version 1.0[R]. USA: NIST Interagency, 2004.
[19] MELL P, SCARFONE K,ROMANOSKY S. The common vulnerability scoring system and its applicability to federal agency [R]. USA: NIST Interagency, 2007.
[20] 诸葛建伟, 陈力波, 田繁. Metasploit渗透测试魔鬼训练营[M]. 北京: 机械工业出版社, 2013. ZHUGE Jianwei, CHEN Libo, TIAN Fan. Metasploit penetration testing devil training camp[M]. Beijing: Machinery Industry Press, 2013.
[21] 陈邻富, 卢炎生, 谢晓东. 软件错误注入测试研究[J]. 软件学报, 2009, 20(6):1425-1443. CHEN Linfu, LU Yansheng, XIE Xiaodong. Research on software error injection test[J]. Journal of Software, 2009, 20(6):1425-1443.
[22] MCGRAW G, POTTER B. Software security testing[J]. IEEE Security and Privacy, 2004, 2(5):81-85.
[23] 洪志国, 李焱, 范植华,等. 层次分析法中高阶平均随机一致性指标(RI)的计算[J]. 计算机工程与应用, 2002, 38(12):45-47. HONG Zhiguo, LI Yan, FAN Zhihua, et al. Caculation on high-ranked RI if analytic hierarchy process[J]. Computer Engineering and Applications, 2002, 38(12):45-47.
[1] CHEN Sheng-qun, WANG Ying-ming, SHI Hai-liu. Data fusion method for multiperiod matching decision-making with rank belief degrees [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(3): 60-69.
[2] JIANG Wei-jin, XU Yu-hui, GUO Hong, XU Yu-sheng. A multi-dimensional evidence dynamic trust computing model based on multi-agent [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2015, 50(01): 1-11.
[3] GAN Xin-jun, YANG Wei-qiang. Weight of evidence method and credit risk control [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(12): 55-59.
[4] LING Mi-ran, MI Ju-sheng, MA Li. Heterogeneous formal contexts for uncertainty reasoning [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(08): 28-32.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!