摘要
软件可信已经是一个迫在眉睫的重要问题,但对软件可信性的评估却一直没有一个系统且客观的标准.一些研究工作从可信证据的采集渠道入手,譬如认为有第3方测试的证据,其可信级别就高一些,而若有用户的使用反馈则可信级别就更高.这些工作在可信的客观性方面做了很好的贡献.但可信其实是一个系统性的问题,而且质量形成于过程,其证据的充分必要程度以及对必要开发过程的覆盖程度等非常关键.基于软件开发过程,从过程的实体、行为以及制品3个方面提取软件可信的证据,建立了由37个可信原则、182个过程可信证据和108个制品可信程度证据组成的软件过程可信度模型,并给出基于该模型证据的软件过程可信评估方法,试图从开发过程的可信程度来建立软件产品的可信的信心.
Today's software is required to be more trustworthy due to its ever more important role in the society. However there is still lack of systematic and objective criteria for the evaluation of software trustworthiness. Existing research focuses on how to get the evidence, with the assumption that system is more trustworthy if the evidence is obtained from a third party test, or from the feedback of past users. Although such study contributes to the objectivity of trustworthiness, the process-oriented nature of system trust is not well addressed. In this case, the sufficiency and necessity of software process related evidence, as well as the coverage ratio of the necessary development process, are critical. This paper attempts to establish the confidence of software product from the trustworthiness of development process. Based on the software development process, software trustworthiness is determined by three aspects:process entity, behavior and products. A software process trustworthiness model is proposed that includes 37 trustworthiness principles, 182 process entities and behaviors evidences, and 108 artifacts evidences. Based on this model, an evaluation method for process trustworthiness is also developed.
出处
《软件学报》
EI
CSCD
北大核心
2017年第7期1713-1731,共19页
Journal of Software
基金
国家自然科学基金(91318301
91218302)~~
关键词
软件可信
过程可信
软件制品可信
software trustworthiness
process trustworthiness
software artifacts trustworthiness
