| With the deepening of the information process,the viewpoint of the software-defined world is gradually recognized by people,and software security issues are becoming more and more important.Risk management in software exists at every stage of the software life cycle.If the risk assessment of software can be carried out at the early stage of software development,it will achieve the effects of early detection and early prevention,and reduce software security risks from the source.The risk identification and safety control of the software design is an important part of risk management.This paper takes the software structure data generated in the software design stage as the main research object and proposes a risk assessment method based on the software structure.The purpose of the paper is to find the high-risk nodes in the software design structure in order to propose amendments and improvements as soon as possible.First,starting with a static UML class diagram,a method for measuring class risk is proposed.This paper considers the risk of the class from the two aspects of class complexity and class severity.By using software measurement engineering theory,this paper proposed a complexity model to measure class complexity;Then successive failure theory was explored to propose a severity model to measure class severity;And then calculate the risk value of the class based on the binary relationship between risk and complexity and severity in risk assessment theory;At last,taking JUnit4.10 as a research case to conduct numerical experiments to prove the rationality of this method.The experimental results show that the method can accurately identify the core classes and high-risk classes in the software without the domain expert's prior judgment,which proves the effectiveness of the method.Then,starting from the component relationship network in the general software structure,the component structure network model is proposed considering the characteristics of components with fault tolerance and fault propagation.According to the component network model,the key factors that affect component execution failure and the impact of different component execution path structure types on path execution failure are obtained;from the perspective of software function service,a software system risk evaluation metric is proposed.Combined with the component network model,the impact of the key factors of component execution failure on the overall risk of the software structure is analyzed in order to evaluate the overall security risk of the software system;the Monte Carlo simulation method is used to simulate the component fault propagation process.The risk of software structure is calculated under the different values of key factors and the trend of its impact on the overall risk of software structure.What the aim is to verify the rationality of the component structure network model.Finally,this paper establishes a layer-by-layer recursive software structure risk assessment system from class to component and to software,which provides a set of risk assessment methods for software risk management.The risk assessment system proposed in this paper provides a theoretical support for the automatic inspection of software structure design schemes and the improvement of the safety and reliability of software structure design framework.The study results of this paper enrich the quantitative measurement methods in software risk assessment and provide a solution for risk management and control in software design schemes. |
PDF Full Text Request