支持软件过程可信评估的可信证据

doi:10.13328/j.cnki.jos.005291

微信服务号

微信订阅号

2025年5月5日 14:42 星期一

首页 > 过刊浏览>2018年第29卷第11期 >3412-3434. DOI:10.13328/j.cnki.jos.005291

PDF HTML阅读 XML下载导出引用引用提醒

支持软件过程可信评估的可信证据
DOI:
                        10.13328/j.cnki.jos.005291
                    
CSTR:
                        
                    
作者:
                        王德鑫王德鑫
中国科学院 软件研究所 互联网软件技术实验室, 北京 100190;中国科学院大学, 北京 100190;计算机科学国家重点实验室(中国科学院 软件研究所), 北京 100190
在期刊界中查找
在百度中查找
在本站中查找
王青王青
中国科学院 软件研究所 互联网软件技术实验室, 北京 100190;中国科学院大学, 北京 100190;计算机科学国家重点实验室(中国科学院 软件研究所), 北京 100190
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:王德鑫(1985-),男,山东青岛人,博士,工程师,主要研究领域为可信软件,需求协商,开源社区知识共享;王青(1964-),女,博士,研究员,博士生导师,CCF高级会员,主要研究领域为软件过程方法与技术,经验软件工程.
通讯作者:王德鑫,E-mail:wangdexin@itechs.iscas.ac.cn;王青,E-mail:wq@itechs.iscas.ac.cn
中图分类号:
基金项目:国家自然科学基金（91318301，91218302，61432001）

Trustworthiness Evidence Supporting Evaluation of Software Process Trustworthiness

Author:

WANG De-Xin
WANG De-Xin
Laboratory for Internet Software Technologies, Institute of Software, The Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100190, China;State Key Laboratory of Computer Science(Institute of Software, The Chinese Academy of Sciences), Beijing 100190, China
在期刊界中查找
在百度中查找
在本站中查找
WANG Qing
WANG Qing
Laboratory for Internet Software Technologies, Institute of Software, The Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100190, China;State Key Laboratory of Computer Science(Institute of Software, The Chinese Academy of Sciences), Beijing 100190, China
在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

National Natural Science Foundation of China (91318301, 91218302, 61432001)

摘要

图/表

访问统计

参考文献 [36]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

近年来，软件可信一直是人们争论的焦点.一种比较共识的观点认为，软件可信是软件行为符合预期的程度.质量形成于过程，显然，建立质量信心的证据也散布于过程.软件开发过程中，主体、行为和各种保障手段则是建立软件可信的基本依据.基于证据的决策和管理是现代质量理论的核心，基于证据、数据驱动的软件工程都是试图从客观数据的角度去解决问题.在国家自然科学基金等计划的支持下，从过程保障的角度提出了软件过程可信度模型，其中，证据作为建立软件可信、支持可信评估的基础要素，是模型非常重要且基础的组成部分.主要研究该模型中的证据体系，遵循完整性、必要性、兼容性和可持续性这4项原则，基于过程管理的基本要素，通过调研以及与CMMI等软件过程参考模型的对接来提炼、定义和质证模型中的可信证据，使证据具备良好的公信力和可比性；同时，增加了部分目前其他模型都没有涉及的证据来刻画对软件过程的可信增强，从而建立了一个从可信实体、可信行为、可信制品这3个目标进行可信保障、并覆盖软件过程全生命周期的证据体系.该证据体系科学、客观并具有良好的公信力，结合可信度模型的其他部分，可以实现基于证据的、自底向上的软件过程可信评估，可供软件组织广泛采用.

关键词:软件可信;过程可信;证据采信

Abstract:

In recent years, software trustworthiness has been a focus of interest for researchers. A more consensus view is that software trustworthiness is the degree of how software behavior is accordant with people's expectation. The quality is formed in the process. Obviously, the evidences that build the confidence of software quality are presented in software process too. The process subjects, behaviors and the various methods to guarantee the quality of process products provide the basic evidences to establish the software trustworthiness. Evidence-based decision-making and management is the core of the modern theories of quality. Thus, both evidence-based and data-driving software engineering approaches have tried to address the problem from the perspective of objective data. Under the support of national natural science foundation of China, this study presents a software process trustworthiness model for building the confidence from the view of software processes. As the important and fundamental part in the model, evidence is used to transfer the trust chain bottom-up and to support the evaluation of trustworthiness of software process. Focusing on evidence system in the model, this study complies with four principles including integrity, necessity, compatibility and sustainability. According to the basic requirements of process management, it investigates CMMI and other software process reference models to refine and cross-examination the evidences, create some new evidence to adapt open source software development and extend some evidence to enhance the trustworthiness of process. The study develops an evidence system with high credibility, objectiveness and comparability. The presented evidence system can establish the trustworthiness from three dimensions:process subjects, process behaviors and process products. It also covers the whole lifecycle of software development. Combined with other parts of the trustworthiness model, it can support the evidence-based, bottom-up trustworthiness evaluation of software process. The presented model can be widely applied in software industry.

Key words:software trustworthiness;process trustworthiness;credibility for evidence

参考文献

[1] Int'l Standards Organization. ISO 9000. 2015.

[2] CMMI for development, Version 1.3. 2010. http://cmmiinstitute.com/resources/cmmi-development-version-13

[3] Wang DX, Wang Q, He J. Evidence-Based software process trustworthiness model and evaluation method. Ruan Jian Xue Bao/Journal of Software, Ruan Jian Xue Bao/Journal of Software, 2017,28(7):1713-1731(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5102.htm[doi:10.13328/j.cnki.jos.005102]

[4] Yang Y, Wang Q, Li MS. Process trustworthiness as a capability indicator for measuring and improving software trustworthiness. In:Wang Q, et al., eds. Proc. of the ICSP 2009. Heidelberg:Springer-Verlag. 2009. 389-401.

[5] Goertzel KM, Winograd T, McKinley HL, Oh L, Colon M, McGibbon T, Fedchak E, Vienneau R. Software security assurance:A state-of-the-art-report. Technical Report, Herndon, 2007.

[6] Amoroso E, Taylor C, Watson J, Weiss J. A process-oriented methodology for assessing and improving software trustworthiness. In:Proc. of the 2nd ACM Conf. on Computer and Communications Security. Virginia, 1994. 39-50.

[7] Department of Defense, National Computer Security Center. Trusted Computer System Evaluation Criteria. 1985.

[8] Parnas DL, Van Schouwen AJ, Kwan SP. Evaluation of safety-critical software. Communications of the ACM, 1990,33(6):636-648.

[9] Common criteria portal. http://www.commoncriteriaportal.org/

[10] Dwarakanath A, Shrikanth NC, Abhinav K, Kass A. Trustworthiness in enterprise crowdsourcing:A taxonomy & evidence from data. In:Proc. of the ICSE 2016. Companion, 2016. 41-50.

[11] Prandi C, Mirri S, Salomoni P. Trustworthiness assessment in mapping urban accessibility via sensing and crowdsourcing. In:Proc. of the URB-IOT 2014. 2014. 108-110.

[12] Almanea MIM. Cloud advisor-A framework towards assessing the trustworthiness and transparency of cloud providers. In:Proc. of the 2014 IEEE/ACM 7th Int'l Conf. on Utility and Cloud Computing (UCC 2014). 2014. 1018-1019.

[13] Wu ZP, Zhou Y. Customized cloud service trustworthiness evaluation and comparison using fuzzy neural networks. In:Proc. of the IEEE 40th Annual Computer Software and Applications Conf. (COMPSAC 2016). 2016. 433-442.

[14] Mukherjee S, Weikum G, Danescu-Niculescu-Mizil C. People on drugs:Credibility of user statements in health communities. In:Proc. of the 20th ACM SIGKDD Int'l Conf. on Knowledge Discovery and Data Mining (KDD 2014). 2014. 65-74.

[15] Sharma NK, Gaur V, Muttoo SK. A dynamic reputation system with built-in attack resilience to safeguard buyers in e-market. ACM SIGSOFT Software Engineering Notes, 2012,37(4):1-19.

[16] Li D, Yang Y. Enhance value by building trustworthy software-reliant system of systems from software product lines. In:Proc. of the 3rd Int'l Workshop on Product LinE Approaches in Software Engineering (PLEASE 2012). 2012. 13-16.

[17] Gallege LS. TruSSCom:Proposal for trustworthy service representation, selection and negotiation for integrating software systems. In:Proc. of the 2013 Companion Publication for Conf. on Systems, Programming, & Applications:Software for Humanity (SPLASH 2013). 2013. 33-36.

[18] Hoekstra M, Lal R, Pappachan P, Rozas C, Phegade V, Cuvillo JD. Using innovative instructions to create trustworthy software solutions. In:Proc. of the 2nd Int'l Workshop on Hardware and Architectural Support for Security and Privacy (HASP 2013). 2013.

[19] Int'l Standards Organization. ISO 9126. 2001.

[20] Chen HW, Wang J, Dong W. High confidence software engineering technologies. Chinese Journal of Electronics, 2003,31(S1):1933-1938(in Chinese with English abstract).

[21] Cai SB, Zou YZ, Shao LS, Xie B, Shao WZ. Framework supporting software assets evaluation on trustworthiness. Ruan Jian Xue Bao/Journal of Software, 2010,21(2):359-372(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3786.htm[doi:10.3724/SP.J.1001.2010.03786]

[22] Tan T, He M, Yang Y, Wang Q, Li MS. An analysis to understand software trustworthiness. In:Proc. of the 2008 Int'l Symp. on Trusted Computing. 2008. 2366-2371.

[23] Zeng J, Sun HL, Liu XD, Deng T, Huai JP. Dynamic evolution mechanism for trustworthy software based on service composition. Ruan Jian Xue Bao/Journal of Software, 2010,21(2):261-276(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3735.htm[doi:10.3724/SP.J.1001.2010.03735]

[24] Wang J, Chen YX, Gu B, Guo XY, Wang BH, Jin SY, Xu J, Zhang JY. An approach to measuring and grading software trust for spacecraft software. Scientia Sinica Technologica, 2015,45(2):221-228(in Chinese with English abstract).

[25] Tao H, Chen YX. A new metric model for trustworthiness of softwares. Telecommunication Systems, 2012,51(2):95-105.

[26] Lin C, Xue C. Multi-Objective evaluation and optimization on trustworthy computing. Science China Information Sciences, 2016, 59(10):No.108102.

[27] Lang B, Liu XD, Wang HM, Xie B, Mao XG. A classification model for software trustworthiness. Journal of Frontiers of Computer Science and Technology, 2010,4(3):231-239(in Chinese with English abstract).

[28] Wang HM. TRUSTIE:Towards software production based on crowd wisdom. In:Proc. of the 20th Int'l Systems and Software Product Line Conf. (SPLC 2016). 2016. 22-23.

[29] ISO/IEC 15504. 2015. https://en.wikipedia.org/wiki/ISO/IEC_15504

附中文参考文献:

[3] 王德鑫,王青,贺劼.基于证据的软件过程可信度模型及评价方法.软件学报,2017,28(7):1713-1731. http://www.jos.org.cn/1000-9825/5102.htm[doi:10.13328/j.cnki.jos.005102]

[20] 陈火旺,王戟,董威.高可信软件工程技术.电子学报,2003,31(S1):1933-1938.

[21] 蔡斯博,邹艳珍,邵凌霜,谢冰,邵维忠.一种支持软件资源可信评估的框架.软件学报,2010,21(2):359-372. http://www.jos.org.cn/1000-9825/3786.htm[doi:10.3724/SP.J.1001.2010.03786]

[23] 曾晋,孙海龙,刘旭东,邓婷,怀进鹏.基于服务组合的可信软件动态演化机制.软件学报,2010,21(2):261-276. http://www.jos.org.cn/1000-9825/3735.htm[doi:10.3724/SP.J.1001.2010.03735]

[24] 王婧,陈仪香,顾斌,郭向英,王保华,金晟毅,徐建,张居阳.航天嵌入式软件可信性度量方法及应用研究.中国科学:技术科学,2015, 45(2):221-228.

[27] 郎波,刘旭东,王怀民,谢冰,毛晓光.一种软件可信分级模型.计算机科学与探索,2010,4(3):231-239.

引用本文

王德鑫,王青.支持软件过程可信评估的可信证据.软件学报,2018,29(11):3412-3434

复制

文章指标

点击次数:3356
下载次数: 4875
HTML阅读次数: 2181
引用次数: 0

历史

收稿日期:2017-01-29
最后修改日期:2017-03-20
录用日期:
在线发布日期: 2017-07-20
出版日期:

微信服务号

微信订阅号

引用本文

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

分享

微信扫一扫：分享

文章指标

历史

文章二维码