摘要
互联网软件资源的开放性复杂性应用广泛性对当前的可信模型提出新的挑战.为回应这些挑战以符合认知途径和成本递进的方式评估软件,给出用于可信评估的相关概念,综合软件环境、使用体验和生产过程中的可信要素,提出支持评估的证据模型,模型分为声誉可信、交互可信、机理可信三个可信剖面,可用于评估互联网软件资源.分析了可信剖面下的多个可信目标和目标的证据来源,最后给出模型在软件可信性评价中的应用方法.
Nowadays more trustworthy software and services are demanded to cope with the growing scale and complexity of computing systems and internet has become one of the most important sources for software acquisition, but existing trust models are challenged to evaluate the trustworthiness of the open, complex and widely-used software resources on the internet. From the perspective of trustworthy software management, software submission is more open and more frequent than the traditional way, a large number of the software are under evaluation, and the suppliers often do not present sufficient evidence for proving trustworthiness of the software they have submitted. To provide each software package with some specific evaluators is neither practical nor necessary.
In order to answer the challenges, several concepts related to software trustworthiness evaluation (STE) are defined, and then an evidence model for STE used to evaluate software on the internet in a cognitive and cost- progressive way is provided. Three trustworthiness profiles of the model are proposed and explained, namely reputation, experience and mechanism. Multiple objectives under the profiles and the evidence sources of the objectives are analyzed.
A software entity is trustworthy if there are sufficient reliable evidences leading evaluator and users to believe that the software will meet the users' anticipation. Our model organizes the evidences according their cognitive reliability. To assign software to higher level of trust depends on more reliable cognitive evidences provided. Reputation evidences are less reliable and can lead the software to a low level Of-trust. It is also the low cost way to evaluate software. The evidences of intuitional experiences of interaction with the executing software are more reliable to achieve a higher trust level. The interaction experiences are perception on software attributes such as correctness, reliability, security, privacy, safety, survivability, behavior consistency, etc. Mechanism evidences incl
出处
《南京大学学报(自然科学版)》
CAS
CSCD
北大核心
2010年第4期456-463,共8页
Journal of Nanjing University(Natural Science)
基金
国家高技术研究发展计划(863)(2007AA010301)
关键词
软件可信
评估
认知
声誉
证据模型
software trustworthiness, evaluation, cognition, reputation, evidence model
