A Trustworthy Flaw Inspection Model Oriented To Security Attributes

With the rapid development of the information age,the ”software crisis” associated with it should not be underestimated.The quantification and evaluation of traditional software quality are both static and dynamic.In recent years,quantitative evaluation of software credibility has become a hot spot,and a series of research results have been obtained,but most of the work has studied software trustworthiness metrics from a static perspective.This paper studies the trusted quantitative evaluation of software quality from a dynamic perspective.Most of its research results are evaluated on the entire trusted attributes,but the correlation between different trusted attributes is ignored.This article selects security attributes as the research object,from the software failure model Set out to study software credibility measurement and evaluation models and methods for security attributes.This article focuses on the trustworthy of security attributes and its main work includes:1.We propose a classification method for trusted security attributes in the operation phase.We explore the relationship between trusted security attributes mainly from the perspective of software operation.The idea of set theory was adopted to give a model of the relationship between trusted security attributes and subattributes.We reduced the correlation between attributes to improve the ability to independently analyze security sub-attributes.2.In order to analyze the changes in the credibility of the software's own security attributes caused by the damage caused by external attacks.We propose a damage inspection model based on the security attributes of petri nets.Since the damage to the software is essentially the change of the software security state,the process of software failure due to external attacks is modeled in conjunction with the state transition change.The inspection model can be used to analyze the security subattributes,and finally the overall credibility analysis and evaluation of the software security attributes.3.We propose analysis and evaluation based on Markov chain technology.From the inspection model,it can be seen that the state transition relationship of the software system related to safety satisfies Markov property.The Markov theory is used to analyze the software state changes to obtain the transition probability matrix,so as to further measure and analyze the different security sub-attributes of the software system.Through the comparison between the experiment and the actual operation,it can be known that the measurement results are in full compliance with expectations.Through the above three points,this article has formed a systematic and relatively complete Trusted security analysis and evaluation framework.The damage inspection model is constructed using the state of the software after being attacked,and the Markov chain is used to calculate the state probability to quantitatively analyze the Trustworthy and security.Highlight the effectiveness and feasibility of the method.