Software Trustworthiness Metric Theories Based On Languages And Its Applications

Software is the soul of information infrastructure. In recent years, the trustworthi-ness of software arouses more and more attention with the increasing size of software system. The fundamental research of trustworthy software has become one research focus in world currently, one of which is that how to set up the theory and model of software trustworthiness metrics. Therefore, it is necessary for software trustworthiness to build a metric theory based on formal methods, which gives the quantitative assessment of soft-ware trustworthiness. Meanwhile, software is facing greater challenges in open network environment. One of approaches to improve the trustworthiness of software is degraded substitution, and the issues of conformance of degraded substitution and measurement of degraded substitution trustworthiness are the important content on the research about software trustworthiness metrics.In this dissertation, based on languages, it formalizes and measures the trustworthi-ness of software system. The dissertation mainly makes the following contributions:Theories:(1) S-HCSP trustworthiness metric theory. Firstly, it puts the stochas-tic factors into HCSP and gives the modified model language S-HCSP. Then, it formally defines the trustworthiness metrics for S-HCSP's atomic constitutions, and presents the trustworthiness computation rules of S-HCSP's structures based on the principles of the bucket principle of economics and the Yin-yang operating principle of Taiji, etc.. Conse-quently, the S-HCSP trustworthiness metric theory is set up; (2) PQHL trustworthiness metric theory. A HL-baesed PQHL for program trustworthiness assessment is presented. It can describe the difference between the theory idea and implementation, and reflect the degree that the theory idea is implemented by the program in practice. Thus, it formally explains the reasons of the error of programs which are theoretically correct, the low trustworthiness of the sequential composition of two programs (components) which are both high in trustworthiness, etc.. Furthermore, the reliability of [α1,α2]1-quasi-Hoare Logic is proved. In addition, it discusses the thought background of PQHL and its rela-tion to HL; (3) Web service degraded substitution trustworthiness metric theory. In order to ensure the validity of Web service degraded substitution, a conformance condition is given based on the modified process algebra by introducing the time-out operator and the time-delay operator. Further, it studies the trustworthiness metric of Web service degraded substitution and sets up the Web service degraded substitution trustworthiness metric theory.Applications:(1) The combinatorial analysis used to establish S-HCSP trustwor-thiness metric theory is applied on the research of structured programming language-based software trustworthiness metrics and BPEL-based Web service trustworthiness metrics. And the models of software trustworthiness metrics and Web service trustworthiness met-rics are built; (2) PQHL is applied on the research of component-based software trustwor-thiness metrics. Based on PQHL, a metric method of component approximate matching is proposed and a component-based software trustworthiness metric model is built.Tool:Based on structured programming language-based software trustworthiness metric model, a tool for the measurement of software trustworthiness—STMVT is de-veloped by Ruby/Tk. STMVT can be used to compute the software trustworthiness metrics, and give the trustworthiness metrics'visualization, the wave graph of trustwor-thiness metrics, etc.. And STMVT can offer a reference for the quantitative assessment of software trustworthiness and be helpful for improving the trustworthiness of software. Additionally, this implementation demonstrates the feasibility of our theory, approach and model in practice.In conclusion, this dissertation sets up software system trustworthiness metric theo-ries based on languages, and applies the established theories to the research of trustwor-thiness metrics of specific software and Web service. Moreover, it develops a STMVT.