微信服务号

微信订阅号

2025年3月24日 14:52 星期一
首页 > 过刊浏览>2016年第27卷第4期 >955-968. DOI:10.13328/j.cnki.jos.005024
PDF HTML阅读 XML下载 导出引用 引用提醒
软件可信评估研究综述:标准、模型与工具
作者:
基金项目:

国家自然科学基金(61272083);国家高技术研究发展计划(863)(2015AA015303);中央高校基础科研业务费专项资金(NS2015093)


Survey on Software Trustworthiness Evaluation:Standards, Models and Tools
Author:
Fund Project:

National Natural Science Foundation of China (61272083); National High-Tech Research and Development Plan of China (863) (2015AA015303); Fundamental Research Funds for the Central Universities (NS2015093)

  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [86]
    • |
  • 相似文献 [20]
    • |
  • 引证文献
    • | |
  • 文章评论
    摘要:

    安全攸关软件的可信性关乎生命安全和财产保全,因此,分析评价软件可信性是否符合用户的预期(即软件可信评估)至关重要.软件可信评估从主观和客观两个方面度量软件的质量,对软件生产和应用有着重要的意义.综述了可信评估管理中涉及到的标准、模型和工具,而非关注软件度量本身.首先分析对比了软件可信性、可信评估的定义,并在研究了与可信性密切相关的软件质量的联系与区别之后,从相关国际标准、评估涉及的模型(包括质量属性模型、证据模型、分级规范等)以及软件工具支持等方面综述了软件可信评估研究工作.并且区分了这些方面中领域相关、领域无关的不同之处.目前软件可信评估已取得了一定的理论成果,并开发了若干工具辅助进行可信评估,但仍需在通用性、可伸缩性等方面有所加强.

    Abstract:

    The failure of safety-critical software could result in death, injury and damage to people or loss of equipment or property. Therefore, it is important to evaluate whether software trustworthiness fulfills the user needs(i.e., trustworthiness evaluation). This paper first compares the definition of software trustworthiness and its evaluation. Then, it surveys the software trustworthiness evaluation from three different aspects:Standards, models, and CASE tools. This work studies these aspects from the view of domain-independent as well as domain-dependent. In summary, there is great progress being made for software trustworthiness evaluation theoretically and practically while its universality and scalability are still need to be improved.

    参考文献
    [1] Athalye P, Maksimovic D, Erickson R. High-Performance front-end converter for avionics applications. IEEE Trans. on Aerospace and Electronic Systems, 2003,39(2):462-470.[doi:10.1109/TAES.2003.1207258]
    [2] Final Report on the accident flight AF 447 Rio de Janeiro-Paris. BEA, 2012. http://www.bea.aero/docspa/2009/f-cp090601.en/pdf/f-cp090601.en.pdf
    [3] Wu WH, Kelly T. Safety tactics for software architecture design. In:Proc. of the 28th Annual Int'l Computer Software and Applications Conf. 2004.[doi:10.1109/CMPSAC.2004.1342860]
    [4] NSTC. Research challenges in high confidence systems. In:Proc. of the Committee on Computing, Information and Communications Workshop. 1997. http://www.hpcc.gov/pubs/hcs-Aug97/intro.html
    [5] Gates B. Trustworthy computing. 2002. http://www.wired.com/2002/01/bill-gates-trustworthy-computing/
    [6] TCG. Specification architecture overview specification. Revision 1.4.2nd, 2007.
    [7] Wang HM, Tang YB, Yin G, Li L. Credible mechanism of Internet software. Science in China-Series E:Information Sciences, 2006,36(10):1156-1169(in Chinese with English abstract).
    [8] ISO/IEC 15408-1:2009. Information technology-security techniques-evaluation criteria for IT security. Part1:Introduction and General Model, 2009.
    [9] ISO/IEC 25010:2011:Systems and software engineering-Systems and software quality requirements and evaluation(SQuaRE)-System and software quality models. 2011.
    [10] Avizienis A, Laprie JC, Randell B, Landwehr C. Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. on Dependable and Secure Computing, 2004,1(1):11-33.[doi:10.1109/TDSC.2004.2]
    [11] Lin C, Peng XH. Research on trustworthy networks. Chinese Journal of Computers, 2005,28(5):751-758(in Chinese with English abstract).
    [12] Wang HM, Yin G. Evolution of software trustworthiness in the network age. Communication of China Computer Federation, 2010,6(2):28-34(in Chinese with English abstract).
    [13] Fan XG, Chu WK, Zhang FM. Surveys of software safety. Computer Science, 2011,38(5):8-13(in Chinese with English abstract).
    [14] Liu K, Shan ZG, Wang J, He JF, Zhang ZT, Qin YW. Overview on major research plan of trustworthy software. Bulletin of National Natural Science Foundation of China, 2008,22(3):145-151(in Chinese with English abstract).
    [15] Mei H. Software credibility:Internet brings challenges. China Computer Federation, 2010,6(2):20-27(in Chinese with English abstract).
    [16] Cai SB, Zou YZ, Shao LS, Xie B, Shao WZ. Framework supporting software assets evaluation on trustworthiness. Ruan Jian Xue Bao/Journal of Software, 2010,21(2):359-372(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3786.htm[doi:10.3724/SP.J.1001.2010.03786]
    [17] Yang SL, Ding S, Chu W. Trustworthy software evaluation using utility based evidence theory. Journal of Computer Research and Development, 2009,46(7):1152-1159(in Chinese with English abstract).
    [18] Liu XD, Lang B, Xie B, Wang HM. Software trustworthiness classification specification(TRUSTIE-STC V 2.0). In:High Confidence Software Production Tools and Integrated Environment Technical Documentation. 2009. http://www.doc88.com/p-3008711993507.html
    [19] Lu G, Wang HM, Mao XG. A cognitive-based evidence model for software trustworthiness evalution. Journal of Nanjing University(Natural Sciences), 2010,46(4):456-463(in Chinese with English abstract).
    [20] Ding XL, Wang HM, Wang YY, Lu G. Verification oriented trustworthiness evidence and trustworthiness evaluation of software. Journal of Frontiers of Computer Science and Technology, 2010,4(1):46-53(in Chinese with English abstract).
    [21] Voas J. Trusted software's holy Grail. Software Quality Journal, 2003,11(1):9-17.[doi:10.1023/A:1023679926998]
    [22] Ding S, Yang SL. Research on evaluation index system of trusted software. In:Proc. of the 4th Int'l Conf. on WiCOM. 2008. 1-4.[doi:10.1109/WiCom.2008.1869]
    [23] Amoroso E, Taylor C, Watson J, Weiss J. A process-oriented methodology for assessing and improving software trustworthiness. In:Proc. of the 2nd ACM Conf. on Computer and Communications Security. New York:ACM, 1994. 39-50.[doi:10.1145/191177. 191188]
    [24] Qian HB, Yan HH, Zhang ML,Yang HY, He ZT, Zhu XJ. A test-oriented software measurement and evaluation method. China, CN200910082587.4, 2009(in Chinese).
    [25] Mohamed A, Ruhe G, Eberlein A. COTS selection:Past, present, and future. In:Proc. of the 14th Annual IEEE Int'l Conf. and Workshops on the Engineering of Computer-Based Systems. 2007. 103-114.[doi:10.1109/ECBS.2007.28]
    [26] Liu C. Comprehensive review and assessment of the structure and code of trusted software and support tools. China Science and Technology Achievements, 2010,11(16):21-22(in Chinese with English abstract).
    [27] Shen GH, Huang ZQ, Qian J, Xu YJ, Hao J, Zhao WY, Peng X. Research on software trustworthiness evaluation model and its implementation. Journal of Frontiers of Computer Science & Technology, 211,5(6):553-561(in Chinese with English abstract).
    [28] Qin LG, Yang M, Fang K. Research on the simulation credibility evaluation assistant tool based on hierarchical evaluation. Computer Simulation, 2010,27(6):118-121(in Chinese with English abstract).
    [29] He JS. Research and implementation of BPM field component credible evaluation system[MS. Thesis]. Xi'an:Northwestern University, 2010(in Chinese with English abstract).
    [30] Yang J. Research and implementation of software credibility assessment tools[MS. Thesis]. Xi'an:Northwestern University, 2010(in Chinese with English abstract).
    [31] Van der Feesten I, Reijers HA, van der Aalst WMP. Evaluating workflow process designs using cohesion and coupling metrics. Computers in Industry, 2008,V01.59:420-437.[doi:10.1016/j.compind.2007.12.007]
    [32] Jiang R. A trustworthiness evaluation method for software architectures based on the principle of maximum entropy(POME) and the grey decision-making method(GDMM). Entropy, 2014,16(9):4818-4838.[doi:10.3390/e16094818]
    [33] Wang HM, Tang YB, Yin G. Trustworthiness of internet-based software. Science in China-Series F:Information Sciences, 2006,49(6):759-773.[doi:10.1007/s11432-006-2024-4]
    [34] Viljanen L. Towards an ontology of trust. In:Proc. of the 2nd Int'l Conf. on Trust, Privacy and Security in Digital Business(TrustBus 2005). 2005,3592:175-184.[doi:10.1007/11537878_18]
    [35] Zhang LG, Zhang HG, Zhang F. The amount of credibility mechanism in turstede computing. Journal of Beijing University of Technology, 2010,36(5):586-591(in Chinese with English abstract).
    [36] Yuan L, Wang HM, Yin G, Shi DX, Mi HB. A role-based software credible assessment techniques. Journal of Beijing University of Technology, 2010,36(5):611-615(in Chinese with English abstract).
    [37] Zhang YJ, Zhang YM, Hai M. An evaluation model of software trustworthiness based on fuzzy comprehensive evaluation method. American Journal of Engineering and Technology Research, 2011,11(9):1145-1149.
    [38] Tao HW, Chen YX. A metric model for trustworthiness of softwares. In:Proc. of the 2009 IEEE/WIC/ACM Int'l Conf. on Web Intelligence and Intelligent Agent Technology. 2009. 69-72.[doi:10.1109/WI-IAT.2009.233]
    [39] Liu YZ, Luo X, Xue K, Luo P. A metric model research based on attributes for trustworthiness of software. Computer Science and Application, 2012,2:121-125(in Chinese with English abstract).
    [40] Zhang LW, Zhou Y, Chen YX, Zhang M, Zhang JY. Stability of software trustworthiness measurements models. In:Proc. of the 7th Int'l Conf. on Software Security and Reliability Companion. 2013. 219-224.[doi:10.1109/SERE-C.2013.23]
    [41] Pedraza-Garcia G, Astudillo H, Correal D. Modeling software architecture process with a decision-making approach. The Jornadas Chilenas de Computación(JCC2014), 2014. http://www.jcc2014.ucm.cl/jornadas/WORKSHOP/WBPM%202014/WBPM-6.pdf
    [42] Delgado A, Ruiz F, García-Rodríguez de Guzmán I, Piattini M. MINERVA:Model drIveN and sErvice oRiented framework for the continuous business process improVement and relAted tools. In:Dan A, Gittler F, Toumani F, eds. Proc. of the ICSOC/Service Wave 2009. LNCS 6275, 2010. 456-466.[doi:10.1007/978-3-642-16132-2_43]
    [43] Leilng KRPH, Leung HKN. On the efficiency of domain based COTS product selection method. Information and Software Technology, 2002,44:703-715.[doi:10.1016/S0950-5849(02)00118-0]
    [44] Sheng JF, Chen SQ, Wang B. Software requirements-driven COTS evaluation. Computer Engineering, 2005,(24):99-101(in Chinese with English abstract).
    [45] Golden B. Succeeding with Open Source. Reading:Addison-Wesley Professional, 2004.
    [46] Semeteys R, Pilot O, Baudrillard L, Le Bouder G, Pinkhardt W. Qualification and selection of open source software(QSOS), Version 2.0. Technical Report, Atos Origin, 2013.
    [47] OpenBRR. Business Readiness Rating for Open Source. A Proposed Open Standard to Facilitate Assessment and Adoption of Open Source Software, Request for Comments, 2005.
    [48] Rong M. A model for CPS software system trustworthiness evaluation based on attributes classifying. In:Proc. of the 8th Int'l Conf. on Computer Science & Education(ICCSE 2013). 2013. 1309-1314.[doi:10.1109/ICCSE.2013.6554124]
    [49] Tang JB. Research on credibility of warfare simulation system[Ph.D. Thesis]. Changsha:University of Defense Technology, 2009(in Chinese with English abstract).
    [50] Bao T, Liu SF, Wang XY. Research on a trusted construction method for electric power production management system. Acta Electronica Sinica, 2010,38(9):2166-2171(in Chinese with English abstract).
    [51] Zhang JK, Cheng L, Huang J, Wu Z. Mission-Based operational effectiveness evaluation model of combat aircraft. Journal of Beijing University of Aeronautics and Astronautics, 2005,31(12):1279-1283(in Chinese with English abstract).
    [52] Wang XL, Wang HW. Requirements for trust evaluation of Web services. Computer Systems & Applications, 2009,(4):36-39(in Chinese with English abstract).
    [53] Palviainen IM. Trustworthiness evaluation and testing of open source components. In:Proc. of the 7th Int'l Conf. on Quality Software(QSIC 2007). 2007.[doi:10.1109/QSIC.2007.4385514]
    [54] Tian JF, Xiao B, Ma XX, Wang ZX. The trust model and its analysis in TDDSS. Journal of Computer Research and Development, 2007,44(4):598-605(in Chinese with English abstract).[doi:10.1360/crad20070408]
    [55] Hur J, Lee Y, Yoon H, Choi D, Jin S. Trust evaluation model for wireless sensor networks. Advanced Communication Technology, 2005,491-496.[doi:10.1109/ICACT.2005.245914]
    [56] Perez M, Rojas T. Evaluation of workflow-type software products:A case study. Information and Software Technology, 2000,V01.42:489-502.[doi:10.1016/S0950-5849(00)00093-8]
    [57] Liu B, Fan YS. Service-Oriented workflow performance evaluation and correlation analysis for key performance indicators. Computer Integrated Manufacturing Systems, 2008,14(1):160-165(in Chinese with English abstract).
    [58] Li CX, Raghunathan A, Jha NK. Improving the trustworthiness of medical device software with formal verification methods. Embedded Systems Letters, 2013,5(3):50-53.[doi:10.1109/LES.2013.2276434]
    附中文参考文献:
    [7] 王怀民,唐扬斌,尹刚,李磊.互联网软件的可信机理.中国科学(E辑),2006,36(10):1156-1169.
    [11] 林闯.可信网络研究.计算机学报,2005,28(5):751-758.
    [12] 王怀民,尹刚.网络时代的软件可信演化.中国计算机学会通讯,2010,6(2):28-34.
    [13] 樊晓光,褚文奎,张凤鸣.软件安全性研究综述.计算机科学,2011,38(5):8-13.
    [14] 刘克,单志广,王戟,何积丰,张兆田,秦玉文."可信软件基础研究"重大研究计划综述.中国科学基金,2008,22(3):145-151.
    [15] 梅宏.软件可信性:互联网带来的挑战.中国计算机学会通讯,2010,6(2):20-27.
    [16] 蔡斯博,邹艳珍,邵凌霜,谢冰,邵维忠.一种支持软件资源可信评估的框架.软件学报,2010,21(2):359-372. http://www.jos.org.cn/1000-9825/3786.htm[doi:10.3724/SP.J.1001.2010.03786]
    [17] 杨善林,丁帅,褚伟.一种基于效用和证据理论的可信软件评估方法.计算机研究与发展,2009,46(7):1152-1159.
    [18] 刘旭东,郎波,谢冰,毛晓光,王怀民.软件可信分级规范.版本2.0,国家高技术研究发展计划(863)重点项目"高可信软件生产工具与集成环境"技术文档,TRUSTIE-STC V2.0,2009.
    [19] 卢刚,王怀民,毛晓光.基于认知的软件可信评估证据模型.南京大学学报(自然科学),2010,46(4):456-463.
    [20] 丁学雷,王怀民,王元元,卢刚.面向验证的软件可信证据与可信评估.计算机科学与探索,2010,4(1):46-53.
    [24] 钱红兵,晏海华,张茂林,杨海燕,何智涛,朱小杰.一种面向测试过程的软件可信性度量与评估方法:中国,CN200910082587.4, 2009.
    [26] 刘超.可信软件结构及代码的审查和综合评估及支持工具.中国科技成果,2010,11(16):21-22.
    [27] 沈国华,黄志球,钱巨,徐拥军,郝进,赵文耘,彭鑫.软件可信评估模型及其工具实现.计算机科学与探索,2011,5(6):553-561.
    [28] 秦立格,杨明,方可.仿真可信度评估辅助工具研究.计算机仿真,2010,27(6):118-121.
    [29] 贺久松.BPM领域构件可信评估系统的研究与实现[硕士学位论文].西安:西北大学,2010.
    [30] 杨静.软件可信性评估工具的研究与实现[硕士学位论文].西安:西北大学,2010.
    [35] 张立强,张焕国,张帆.可信计算中的可信度量机制.北京工业大学学报,2010,36(5):586-591.
    [36] 袁霖,王怀民,尹刚,史殿习,米海波.基于角色的软件可信评估技术.北京工业大学学报,2010,36(5):611-615.
    [39] 刘彦钊,罗峋,薛凯,罗平.一种基于属性划分的软件可信性度量模型研究.计算机科学与应用,2012,2:121-125.
    [44] 盛津芳,陈松乔,王斌.软件功能需求驱动的商业构件评估.计算机工程,2005,(24):99-101.
    [49] 唐见兵.作战仿真系统可信性研究[博士学位论文].长沙:国防科学技术大学,2009.
    [50] 包铁,刘淑芬,王晓燕.电力生产管理系统的可信构造方法研究.电子学报,2010,38(9):2166-2171.
    [51] 张建康,程龙,黄俊,武哲.基于任务的作战飞机效能评估模型.北京航空航天大学学报,2005,31(12):1279-1283.
    [52] 王秀利,王宏伟.Web服务可信评估要求.计算机系统应用,2009,(4):36-39.
    [54] 田俊峰,肖冰,马晓雪,王子贤.TDDSS中可信模型及其分析.计算机研究与发展,2007,44(4):598-605.[doi:10.1360/crad20070408]
    [57] 刘博,范玉顺.面向服务的工作流性能评价及指标相关度分析.计算机集成制造系统,2008,14(1):160-165.
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

沈国华,黄志球,谢冰,朱羿全,廖莉莉,王飞,刘银陵.软件可信评估研究综述:标准、模型与工具.软件学报,2016,27(4):955-968

复制
分享
文章指标
  • 点击次数:7136
  • 下载次数: 10500
  • HTML阅读次数: 4717
  • 引用次数: 0
历史
  • 收稿日期:2014-07-02
  • 最后修改日期:2014-12-22
  • 在线发布日期: 2016-01-12
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第19728172位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号