A Software Trustworthiness Evaluation Method Based On Analytic Hierarchy Process With Consistency Correction

With the rapid development of information technology,software has penetrated into various fields and industries,playing a key role in expanding domains and solving complex problems.However,software of increasing scale inevitably faces various defects and vulnerabilities,and incidents of software failure,crash or attack occur frequently,highlighting the issue of software trustworthiness.In this context,the problem of “highly trustworthy” software development has become a research hotspot for scholars at home and abroad.Among them,software trustworthiness evaluation,as a powerful support for ensuring and improving software trustworthiness,has become one of the important technologies for software trustworthiness assurance.Software trustworthiness evaluation aims to make a quantitative assessment of the set of software quality attributes that users are concerned about according to user requirements,to ensure that the software always runs in accordance with user expectations.This process requires identifying and selecting the key trustworthiness features of the evaluated software system to construct a trustworthiness evaluation model;and collecting trustworthiness evidence from the software production process to support the trustworthiness measurement of the constructed model.However,the current software trustworthiness evaluation models and trustworthiness measurement methods still have defects,and their problems are summarized as follows:(1)Most of the evaluation models are directly transformed from quality models,with a single source of trustworthiness attributes,and without analyzing whether the relevant attributes are applicable to software trustworthiness evaluation,resulting in poor interpretability and applicability of their trustworthiness evaluation models;especially they cannot be extended to industry standards for specific domains such as automobiles,making it difficult to support the application promotion of such industries with typical trustworthiness evaluation needs;and their evaluation process does not consider the difference of concern points of trustworthiness attributes in different stages.(2)The weight allocation methods of various trustworthiness attributes have the arbitrariness of subjective scoring,and their trustworthiness measurement process highly depends on the accuracy of human evaluation by decision makers,and often due to the bias introduced by human evaluation when large-scale weights are given,resulting in consistency problems in the weight judgment of trustworthiness attributes.(3)In the overall process of trustworthiness measurement,from the measurement of each bottom-level indicator to the data fusion layer by layer upwards,the whole process lacks available and efficient tool support,and the manual calculation process is inefficient and prone to errors.To address these problems,based on summarizing and analyzing traditional quality models and measurement methods,this thesis carries out research on software product trustworthiness evaluation,especially for automotive software,which is a typical highly trustworthy critical system,and develops a trustworthiness evaluation model,method framework and prototype tool.The main contributions and research results of this thesis are as follows:(1)The thesis proposes a hierarchical model for evaluating the trustworthiness of software products called i Trust Eval.Firstly,based on the correlation and evolution of software trustworthiness definitions from different academic organizations,the feasibility of using traditional quality models for software evaluation is discussed.Secondly,a statistical analysis of the attributes focused on by classical quality models and the trustworthy attributes focused on by current work in the trustworthy field is conducted to construct a general list of trustworthy attributes and ensure the applicability of the model.At the same time,suggestions for using and extending the i Trust Eval model are provided,and taking the automotive field as an example,considering the differences in trustworthy attributes at different stages of the product development lifecycle,a trustworthy evaluation model for automotive systems is developed.(2)The thesis improves the key issue of indicator weight allocation in trustworthy measurement.The basic methods and problems faced in weight allocation during current trustworthy measurement are described,and a weight allocation method that uses fuzzy theory to improve the subjective weight allocation algorithm Analytic Hierarchy Process(AHP)is proposed.Based on this,a combined algorithm AHP-FAHP(Fuzzy Analytic Hierarchy Process)is designed and developed to effectively balance decision subjectivity and accuracy.At the same time,to address the problem of AHP algorithm results being invalidated due to inconsistencies in decision-maker input values,a matrix consistency correction method MO-PCM(Multi-Objective optimization-Pairwise Comparison Matrix correction)based on multi-objective optimization is proposed.(3)The thesis develops a prototype tool for trustworthiness evaluation corresponding to the i Trust Eval model and its related algorithms.Using this as a tool,a case analysis of trustworthiness evaluation for vehicle control software,a typical component of automotive systems,is conducted.While proving the effectiveness of the trustworthiness evaluation framework,the usage process of the prototype system is detailed to improve trustworthiness evaluation efficiency.