Nowadays more trustworthy software and services are demanded to cope with the growing scale and complexity of computing systems and internet has become one of the most important sources for software
acquisition, but existing trust models are challenged to evaluate the trustworthiness of the open, complex and widely -used software resources on the internet. From the perspective of trustworthy software management,
software submission is more open and more frequent than the traditional way, a large number of the software are under evaluation, and the suppliers often do not present sufficient evidence for proving trustworthiness of the
software they have submitted. To provide each software package with some specific evaluators is neither practical nor necessary. In order to answer the challenges, several concepts related to software trustworthiness evaluation ( STE) are
defined, and then an evidence model for ST E used to evaluate software on the internet in a cognitive and cost - progressive way is provided. T hree trustworthiness profiles of the model are proposed and explained, namely
reputation, experience and mechanism. Multiple objectives under the profiles and the evidence sources of the objectives are analyzed. A software entity is trustworthy if there are sufficient reliable evidences leading evaluator and users to believe
that the software will meet the users-anticipation. Our model organizes the evidences according their cognitivereliability. To assign software to higher level of trust depends on more reliable cognitive evidences provided.
Reputation evidences are less reliable and can lead the software to a low level of trust. It is also the low cost way to evaluate software. T he evidences of intuitional experiences of interaction with the executing software are more
reliable to achieve a higher trust level. T he interaction experiences are perception on software attributes such as correctness, reliability, security, privacy, safety, survivability, behavior consistency, etc. Mechanism evidences
include the artifacts of software requirement, design, implementation, and proof of consistency between two adjacent development phases, as well as the reports of software fault detection and diagnosis. Sufficient credible
mechanism evidences make it justified to assign software to the highest trust level. It takes more effort to provide sufficient evidences to meet the needs of evaluation.
Finally, some considerations of applying the model to software evaluation are discussed. The paper offers the model only as guidance and would not want it to be seen as binding in all circumstances. It needs to be tailored to the
software trustworthiness evaluation for particular domain and environment。
{{custom_sec.title}}
{{custom_sec.title}}
{{custom_sec.content}}
References
[ 1 ] ISO/ IEC 15408 -1. Information technology -Se - curity techniques - Evaluation criteria for IT secu- rity- Part 1: Introduction and general model, Second edition. 2005 -10 -01.
[ 2 ] Avizienis A, Laprie J C, Randell B, et al. Basic concepts and taxonomy of dependable and secure computing. IEEE T ransactions on Dependable and Secure Computing, 2004, 1( 1) : 11~ 33.
[ 3 ] Lin C, Peng X H. Research on trustworthy networks. Chinese Journal of Computers, 2005, 28( 5): 751~ 758. ( 林 闯, 彭雪海. 可信网络 研究. 计 算机学 报, 2005, 28( 5): 751 ~ 758) .
[ 4 ] Wang H M, T ang Y B, Yin G, et al. Trust- worthy theory of internet software. Science in China Series E, Information Sciences, 2006, 36 (10) : 1156~ 1169. (王怀民, 唐扬斌, 尹 刚等. 互联网软件的可信机理. 中国科学 E 辑 信息科学, 2006, 36(10) : 1156~ 1169).
[ 5 ] Mollering G, The nature of trust: From Georg Simmel to a theory of expectation, interpreta - tion and suspension. Sociology, 2001, 35: 403~ 420.
[ 6 ] Lewis J D, Weigert A. Trust as a social reality. Social Forces, 1985, 63( 4) : 967~ 985.
[ 7 ] Lewicki R J, Bunker B B. T rust in relation- ships: A model of trust development and de - cline. Bunker B B, Rubin J Z. Conflict, cooper - ation, and justice. San Francisco: Jossey -Bass, 1995, 133~ 174.
[ 8 ] Castelfranchi C, Falcone R. Socio -cognitive model of trust: Basic ingredients. IST C -T echn- i cal Report, 2008 -01 -01.
[ 9 ] Josang A, Ismail R, Boyd C. A survey of trust and reputation systems for online service prov- i sion. Decision Support Systems, 2007, 43(2) : 618~ 644.
[ 10] Pearson S, Mont M C, Crane S. Analysis of trust properties and related impact of trusted platforms. HP Laboratories Bristol Technical Report, HPL -2005 -55, 2005 -03 -18.
[ 11] Ruohomaa S, Kutvonen L. Trust management survey. iTrust 2005, Lecture Notes in Comput- er Science, 2005, 3477: 77~ 92.
[ 12] ISO 9126 -1. Standard for software engineering - Product quality - Part 1 -Quality model, 2001
[ 13] Schneider F B. T rust in cyberspace. New York: National Academic Press, 1999, 13~ 15.
[ 14] Chen H W, Wang J, Dong W. High confidence software engineering technologies. Chinese Journal of Electronics, 2003, 12A: 1933~ 1938.
( 陈火旺, 王 戟, 董 威. 高可信软件工程技术. 电子学报, 2003, 12A: 1933~ 1938) .
[ 15] Guo S H, Gao J, Lan Y Q, et al. Software component modeling based on ontology for de - pendability. Journal of Nanjing University(Nat- ural Sciences) , 2005, 41(z1) : 90~ 95. (郭树行,
高 静, 兰雨晴等. 面向可信的构件本体建模研究. 南京大学 学报( 自 然科学), 2005, 41 ( z1): 90~ 95) .
[ 16] Jadhava A S, Sonar R M, Evaluating and selec - ting software package: A review. Information and Software Technology, 2009, 51: 555~ 563.
{{custom_fnGroup.title_en}}
Footnotes
{{custom_fn.content}}
PDF(864588 KB)
