Advertisement

Process Trustworthiness as a Capability Indicator for Measuring and Improving Software Trustworthiness

  • Ye Yang
  • Qing Wang
  • Mingshu Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5543)

Abstract

Due to increasing system decentralization, component heterogeneity, and interface complexities, many trustworthiness challenges become more and more complicated and intertwined. Moreover, there is a lack of common understanding of software trustworthiness and its related development methodology. This paper reports preliminary results from an ongoing collaborative research project among 6 international research units, which aims at exploring theories and methods for enhancing existing software process techniques for trustworthy software development. The results consist in two parts: 1) the proposal of a new concept of Process Trustworthiness, as a capability indicator to measure the relative degree of confidence for certain software processes to deliver trustworthy software; and 2) the introduction of the architecture of a Trustworthy Process Management Framework (TPMF) toolkit for process runtime support in measuring and improving process trustworthiness in order to assess and assure software trustworthiness.

Keywords

Software Trustworthiness Process Trustworthiness Process Trustworthiness Model Measurement Model Risk Management 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Boehm, B.: A view of 20th and 21st century software engineering. In: International Conference on Software Engineering. Proceedings of the 28th international conference on Software Engineering, pp., 12–29 (2006)Google Scholar
  2. 2.
    Nelson, M., Clark, J., Spurlock, M.A.: Curing the Software Requirements and Cost Estimating Blues. PM: November/December (1999)Google Scholar
  3. 3.
    Department of Defense, National Computer Security Center: Trusted Computer System Evaluation Criteria. DoD 5200.28-STD (1985)Google Scholar
  4. 4.
    Parnas, D., et al.: Evaluation of Safety-Critical Software. CACM 33(6), 636–648 (1990)CrossRefGoogle Scholar
  5. 5.
    Amoroso, E.C.T., Watson, J., Weiss, J.: A process-oriented methodology for assessing and improving software trustworthiness. In: Proceedings of the 2nd ACM Conference on Computer and communications security, Virginia, USA, pp. 39–50 (1994)Google Scholar
  6. 6.
    Capability Maturity Model Integration Version 1.2 Overview, http://www.sei.cmu.edu/cmmi/adoption/pdf/cmmi-overview07.pdf
  7. 7.
    Common Criteria Portal, http://www.commoncriteriaportal.org/
  8. 8.
    DACS, Software Project Management for Software Assurance: A State-of-the-Art-Report, September 30 (2007)Google Scholar
  9. 9.
    DACS and IATAC, Software Security Assurance: A State-of-the-Art-Report, July 31 (2007)Google Scholar
  10. 10.
    United States Federal Aviation Administration, Safety and Security Extension for integrated Capability Maturity Model (September 2004)Google Scholar
  11. 11.
    CMU, Systems Security Engineering Capability Maturity Model SSE-CMM: Model Description Document, Version 3.0, June 15 (2003)Google Scholar
  12. 12.
    International Standards Organization, ISO 9126, Ist edn. (2001)Google Scholar
  13. 13.
    International Standards Organization, ISO 27000, Ist edn. (2005)Google Scholar
  14. 14.
    International Standards Organization, ISO 9001, 2nd edn. (2005)Google Scholar
  15. 15.
    Tan, T., He, M., et al.: An Analysis to Understand Software Trustworthiness. Accepted by the 2008 International Symposium on Trusted Computing, China (November 2008)Google Scholar
  16. 16.
    Shu, F., Jiang, N., Gou, L.: Technical Report: A Trustworthiness Measurement Model. ISCAS/iTechs Technical Report #106 (November 2008)Google Scholar
  17. 17.
    Jones, C.: Applied Software Measurement: Assuring Productivity and Quality. McGraw-Hill, New York (1997)zbMATHGoogle Scholar
  18. 18.
    Boehm, B.W., et al.: Software Cost Estimation with COCOMO II. Prentice-Hall, NY (2000)Google Scholar
  19. 19.
    Wang, Q., Gou, L., et al.: An Empirical Study on Establishing Quantitative Management Model for Testing Process. In: Wang, Q., Pfahl, D., Raffo, D.M. (eds.) ICSP 2007. LNCS, vol. 4470, pp. 233–245. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  20. 20.
    Gou, L., Wang, Q., et al.: Quantitatively Managing Defects for Iterative Projects: An Industrial Experience Report in China. In: Wang, Q., Pfahl, D., Raffo, D.M. (eds.) ICSP 2008. LNCS, vol. 5007, pp. 369–380. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Zhang, S., Wang, Y., et al.: Capability Assessment of Individual Software Development Processes Using Software Repositories and DEA. In: Wang, Q., Pfahl, D., Raffo, D.M. (eds.) ICSP 2008. LNCS, vol. 5007, pp. 147–159. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Wang, Q., Li, M.: Measuring and improving software process in China. In: 2005 International Symposium on Empirical Software Engineering (2005)Google Scholar
  23. 23.
    Yang, D., Wu, D., et al.: WikiWinWin: A Wiki Based System for Collaborative Requirements Negotiation. In: HICSS (2008)Google Scholar
  24. 24.
    Li, Y., Li, J., et al.: Requirement-Centric Traceability for Change Impact Analysis: A Case Study. In: Wang, Q., Pfahl, D., Raffo, D.M. (eds.) ICSP 2008. LNCS, vol. 5007, pp. 100–111. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  25. 25.
    Li, J., Hou, L., et al.: An Empirically-Based Process to Improve the Practice of Requirement Review. In: Wang, Q., Pfahl, D., Raffo, D.M. (eds.) ICSP 2008. LNCS, vol. 5007, pp. 135–146. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. 26.
    Liu, D., Wang, Q., Xiao, J., Li, J., Li, H.: RVSim: A Simulation Approach to Predict the Impact of Requirements Volatility on Software Project Plans. In: Wang, Q., Pfahl, D., Raffo, D.M. (eds.) ICSP 2008. LNCS, vol. 5007, pp. 307–315. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  27. 27.
    Dai, J., Xiao, J., Wang, Q., Li, M., Li, H.: Dynamically Optimize Process Execution Based on Process Agent. Accepted by 2008 International Conference on Software Engineering and Knowledge Engineering (SEKE 2008) (2008)Google Scholar
  28. 28.
    Li, J., Chen, Z., Wei, L., Xu, W.: Feather Selection via Least Squares Support Feature Machine. International Journal of Information Technology & Decision Making 6(4) (2007)Google Scholar
  29. 29.
    Du, J., Tan, T., He, M., et al.: Technical Report: A Process-Centric Approach to Assure Software Trustworthiness. ISCAS/iTechs Technical Report #106 (September 2008)Google Scholar
  30. 30.
    Wang, Q., Yang, Y.: Technical Report: A Process-Centric Methodology to Software Trustworthiness Assurance. ISCAS/iTechs Technical Report #105 (June 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Ye Yang
    • 1
  • Qing Wang
    • 1
  • Mingshu Li
    • 1
  1. 1.Lab for Internet Software TechnologyInstitute of Software Chinese Academy of SciencesZhongGuanCun, BeijingChina

Personalised recommendations