Research On The Metric Model Of Software Trustworthiness Based On Losses

Along the occurrence and intensifying of software crisis, the program of softwaretrustworthiness has attracted by many researchers and organizations at home and abroad.We carried out lots of research work about latest metric models and measurementmethods of trustworthy attributes, and try to solve two problems: one is that there existno unified and standard definition and scope about software trustworthiness because itis a new concept; another problem is lacking of an integrated trustworthiness metricmodel and measurement process.In order to provide the unified definition and scope of software trustworthiness, anew concept called loss is proposed in this paper, which represents extra expenses orcost caused by the software trustworthy issues. Loss, as an important concept in thispaper, is of great significance in software engineering, because it can be used insoftware compare, planning and financial budget. Based on losses, we redefine softwaretrustworthiness and trustworthy attributes: identity trustworthiness, industry standardstrustworthiness and ability trustworthiness, and give their expressions.Based on new definitions, attribute partition and trusted mechanism of humanbeings, an integrated measurement framework of software trustworthiness is proposedin this paper. In this framework, loss, as a unified scale, is used to measure the wholesoftware trustworthiness. This framework also includes identity trustworthinessmeasurement method, industry standards trustworthiness measurement method andability trustworthiness measurement. Through these methods, loss caused bytrustworthy attributes can be computed as well as thevector expressionof integratedsoftware trustworthiness.In the measurement of identity trustworthiness, current source code detection toolsare used to figure out the total loss caused by identity problems. In the measurement ofindustry standards trustworthiness, the metric model on basis of attribute partition isintroduced in this paper, and multiple short boards effect and artificial threshold areadded to improve this model. After some optimizations, a standard measurementprocess is proposed. In the measurement of ability trustworthiness, a new method basedon compound Poisson process is proposed to measure strong reliability and strong safety, which are the improved definitions of reliability and safety on the basis of loss.The new method uniformly regards failures in strong reliability and vulnerabilities instrong safety as random processes, specifically as non-homogeneous Poisson processes.We choose practical G-O model as basic model, and combine the occurrence of thefailures or vulnerabilities with their loss by utilizing the properties of compoundPoisson process. Furthermore, we observe that the occurrence of vulnerabilities ischaracterized by obvious stages. To solve this problem, we find a further improvedmeasurement method for strong safety by adding a new parameter call correlationparameter which is used to lengthen or shorten the timeline.Except the integrated measurement framework for software trustworthiness andmeasurement methods for different trustworthy attributes, some experiments andsamples are represented in this paper to prove their effectiveness and correctness. At last,based on the proof that our measurement methods are efficient, a standard measurementprocess and meaningful measurement scale called loss are provided in our paper.