Research On The Measurement Models Of Software Trustworthiness Based On Attributes

As the complexity of the software is getting larger and larger, it is difficult to avoid software bugs and system loopholes. Meanwhile, environments for software development and running have transited from static closeness to dynamical openness, which leads to a variety of uncer-tainty factors. Therefore the softwares often do not work in an expected way, and faults and failures arise frequently, which directly or indirectly cause the losses for users. Thus people pay more and more attention to software trustworthiness. Software trustworthiness is the ability of software to satisfy user expectation with its behavior and result, and to still provide continuous service by disturbances. The behavior and the result of the software can be characterized by a set of attribute, so can the ability of software to still provide continuous service by disturbances. The software trustworthiness measurement which is the quantification of software trustworthi-ness is one of the core scientific problems in the researching on software trustworthiness. So the problem of software trustworthiness measurement is transformed into the selection and mea-surement of the attributes that influence the software trustworthiness, the expression of the user expectation and the quantification of the conformance of the metric of the selected attributes with the user expectation. Concerning on these three issues, we evaluate the software trustwor-thiness from the perspective of source code by static analysis and functional approaches. The main contributions of this thesis are as follows:(1) We establish a model for the attributes that influence the software trustworthiness, which is consisted of the critical attributes taken out from the attribute set referring to defi-nition associated with trustworthiness, including software functionality, maintainability, reliability, survivability and controllability, and non-critical attributes selected by the user according to their requirements. We express the program as a collection of program elements and program unit, and build an inventory for each kind of program elements and program unit. These inventories not only include the properties and functions that the program elements and program unit should carry if the program is trustworthy, but also include the corresponding relation between these properties and functions and the attributes affected by them. Based on these inventories, we propose measurement models for software functionality, maintainability, reliability, survivability and controllability by nsing static analysis, such as programming slice analysis, in view of source code. Mean- while, we also present the quantitative relationship among the critical attributes based on these inventories.(2) We give an expression of the user expectation which is composed of attribute set, attribute weight set, threshold and compensation mechanism among attributes. Attribute set corre-sponds to the model for attributes that describe the software trustworthiness. The attribute weight set express the relative importance of the attributes in the attribute set for the user. The threshold is decided by the user according to their own requirements, if there is an attribute in the attrioute set whose value is less than the threshold, then we don't think the software is trustworthy. The compensation mechanism among attributes is described by the substitution among attributes which is composed of three levels. The first level just requires that attributes can substitute each other. The second level not only requires that attributes can substitute each other, but also requires that substitutivity between crit-ical attributes and non-critical attribute are more difficult than that either among critical attributes or among non-critical attributes, and we can change the substitution between critical attributes and non-critical attributes. The three level not only requires that at-tributes can substitute each other, but also requires that we change the substitution among attributes.(3) We propose four metric criteria for software trustworthiness based on hierarchy and weight:monotonicity, adhesiveness, sensitivity and substitutivity. Based on user expecta-tion and the four criteria we present five measurement models of software trustworthiness . The first model is proposed for the first level of compensation mechanism in user expec-tation. The second model is the improvement of the first model in the view of substitu-tivity, but it does not satisfy all the four criteria. The third model is builded based on the second level of compensation mechanism in user expectation. The fourth and fifth model are established based on the third level of compensation mechanism in user expectation. For a given user expectations, if the user chooses the first level in the compensation mech-anism, then he can evaluate the software trustworthiness by the first model; if he chooses the second level, then he can evaluate the software trustworthiness by the third model; if he chooses the third level, then he can evaluate the software trustworthiness by the fourth or the fifth model. (4) We give a polynomial-time combinational method for estimating the weights appeared in the measurement models of software trustworthiness based on the priority methods, and we also implement this method and the measurement models of software trustworthiness proposed by us with C Language.