Abstract
Basic concepts and terminology for trustworthy software systems are discussed. Our discussion of definitions for terms in the domain of trustworthy software systems is based on former achievements in dependable, trustworthy and survivable systems. We base our discussion on the established literature and on approved standards. These concepts are discussed in the context of our graduate school TrustSoft on trustworthy software systems. In TrustSoft, we consider trustworthiness of software systems as determined by correctness, safety, quality of service (performance, reliability, availability), security, and privacy. Particular means to achieve trustworthiness of component-based software systems - as investigated in TrustSoft - are formal verification, quality prediction and certification; complemented by fault diagnosis and fault tolerance for increased robustness.
- R. Achatz, J. Bosch, D. Rombach, T. Beauvais, A. Fuggetta, J.-P. Banatre, F. Bancilhon, S. De Panfilis, F. Bomarius, H. Saikkonen, H. Kuilder, G. Boeckle, B. Fitzgerald, and C. M. Olsson. The software and services challenge. Technical report, Technology Pillar on Software, Grids, Security and Dependability of the 7th Framework Programme, January 2006.Google Scholar
- ATIS T1A1. Performance and Signal Processing. American National Standards Institute, ATIS Committee T1A1, 2001.Google Scholar
- R. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley Computer Publishing, 2001. ISBN 0-471-38922-6. Google ScholarDigital Library
- Algirdas Avižienis, Jean-Claude Laprie, Brian Randell, and Carl Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1(1):11--33, 2004. ISSN 1545--5971. doi: 10.1109/TDSC.2004.2. Google ScholarDigital Library
- A. Avizienis and L. Chen. On the implementation of n-version programming for software fault tolerance during execution. In Proc. IEEE International Computer Software & Applications Conference (COMPSAC 77), pages 149--155, November 1977.Google Scholar
- B. Bérard, M. Bidoit, A. Finkel, F. Laroussinie, A. Petit. L. Petrucci, Ph. Schnoebelen Ph, and P. McKenzie. Systems and Software Verification - Model-Checking Techniques and Tools. Springer-Verlag, 2001. ISBN 3-540-41523-8.Google Scholar
- Larry Bernstein. Trustworthy software systems. SIGSOFT Softw. Eng. Notes, 30(1):4--5, 2005. Google ScholarDigital Library
- B. Boehm. Verifying and validating software requirements and design specifications. IEEE Software, 1(1): 75--88, 1984.Google ScholarDigital Library
- R. S. Boyer and J. S. Moore. Program verification. Journal of Automated Reasoning, 1(1):17--23, 1985. Google ScholarDigital Library
- Aaron B. Brown and David A. Patterson. Towards availability benchmarks: A case study of software raid systems. In Proceedings of the 2000 USENIX Annual Technical Conference, San Diego, CA, USA, June 2000. Google ScholarDigital Library
- Bundesamt für Sicherheit in der Informationstechnik. BSI Certification and BSI Product Information -- notes for manufacturers and vendors. http://www.bsi.bund.de/zertifiz/zert/7138_e.pdf, 2004. retrieved 3/1/2006.Google Scholar
- Bytepile. BytePile.com - Definition of QoS, 2006. URL http://www.bytepile.com/definitions-q.php.Google Scholar
- John Cheeseman and John Daniels. UML Components: A Simple Process for Specifying Component-based Software (Component-based Development S.). Addison Wesley, 2000. Google ScholarDigital Library
- Roger C. Cheung. A user-oriented software reliability model. IEEE Transactions on Software Engineering, 6(2):118--125, March 1980. ISSN 0098--5589. Special collection from COMPSAC '78.Google ScholarDigital Library
- George Coulouris, Jean Dollimore, and Tim Kindberg. Distributed Systems: Concepts and Design. Pearson Education, third edition, 2001. Google ScholarDigital Library
- M. A. Cusumano. Who is liable for bugs and security flaws in software? Communications of the ACM, 47(3): 25--27, 2004. Google ScholarDigital Library
- Rogrio de Lemos. ICSE 2003 WADS panel: Fault tolerance and self-healing, 2003. URL citeseer.ist.psu.edu/656379.html.Google Scholar
- Department of Trade and Industry. Information technology security evaluation criteria. http://www.bsi.de/zertifiz/itkrit/itsec-en.pdf, 1991. retrieved 3/1/2006.Google Scholar
- Klaus Echtle. Fehlertoleranzverfahren. Springer-Verlag, Berlin, 1990.Google Scholar
- R. J. Ellison, D. A. Fischer, R. C. Linger, H. F. Lipson, T. Longstaff, and N. R. Mead. Survivable network systems: an emerging discipline. Technical Report CMU/SEI-97-TR-013, Software Engineering Institute, Carnegie Mellon University, May 1999. Revised.Google Scholar
- C. Floyd. A systematic look at prototyping. In R. Budde, K. Kuhlenkamp, L. Mathiassen, and H. Züllighoven, editors, Approaches to Prototyping, pages 1--18. Springer-Verlag, 1984.Google Scholar
- Svend Frolund and Jari Koistinen. QML: A language for quality of service specification. Technical Report HPL-98-10, Hewlett Packard Laboratories, February 10 1998. URL http://www.hpl.hp.com/techreports/98/HPL-98-10.pdf.Google Scholar
- Svend Frolund and Jari Koistinen. Quality of service aware distributed object systems. Technical Report HPL-98-142, Hewlett Packard, Software Technology Laboratory, August 1998. URL http://www.hpl.hp.com/techreports/98/HPL-98-142.html.Google Scholar
- Svend Frolund and Jari Koistinen. Quality-of-service specification in distributed object systems. Distributed Systems Engineering, 5(4):179--202, 1998. doi: 10.1088/0967--1846/5/4/005.Google ScholarCross Ref
- W. Hasselbring. On defining computer science terminology. Communications of the ACM, 42(2):88--91, February 1999. Google ScholarDigital Library
- W. Hasselbring and Simon Giesecke, editors. Dependability Engineering. Gito Verlag, Berlin, Germany, 2006. ISBN 3-936771-56-1.Google Scholar
- W. Hasselbring and R. Reussner. Toward trustworthy software systems. IEEE Computer, 39(4):91--92, April 2006. Google ScholarDigital Library
- Wilhelm Hasselbring. Component-based software engineering. In S. K. Chang, editor, Handbook of Software Engineering and Knowledge Engineering, Volume 2, pages 289--305. World Scientific Publishing, River Edge, NJ, USA, 2002.Google ScholarCross Ref
- IEEE 1012--1998. IEEE 1012--1998: Standard for Software Verification and Validation. IEEE, 1998. Published standard.Google Scholar
- IEEE 610.12:1990. IEEE 610.12:1990: Standard Glossary of Software Engineering Terminology. IEEE, 1990. Published standard.Google Scholar
- IEEE SWEBOK. SWEBOK: Guide to the Software Engineering Body of Knowledge. IEEE Computer Society Professional Practices Committee, Los Alamitos, California, 2004.Google Scholar
- ISO 8402. ISO 8402 Quality Management and Quality Assurance: Vocabulary. ISO, 1994. Published standard.Google Scholar
- ISO 9126--3. Software engineering - Product quality - Part 3: Internal Metrics. ISO/IEC, June 2001. Published standard.Google Scholar
- ISO 9126--1. Software engineering - Product quality - Part 1: Quality model. ISO/IEC, June 2001. Published standard.Google Scholar
- ISO/IEC 14598--1. ISO/IEC 14598--1: Information technology - Software product evaluation - Part 1: General overview. ISO/IEC, 1999. Published standard.Google Scholar
- ISO/IEC 9126--1. ISO/IEC 9126--1: Software Engineering - Product Quality - Part 1: Quality Model. ISO/IEC, June 2001. Published standard.Google Scholar
- Raj Jain. The Art of Computer Performance Analysis. John Wiley & Sons, 1991.Google Scholar
- Pankaj Jalote. Fault tolerance in distributed systems. Prentice-Hall, 1994. Google ScholarDigital Library
- Donald E. Knuth. The Art of Computer Programming, Volume 1, Fundamental Algorithms. Addison-Wesley, Reading, MA, USA, third edition, 1997. ISBN 0-201-89683-4. Google ScholarDigital Library
- P. Koopman. Workshop on Architecting Dependable Systems (WADS'03), May 2003. URL www.ece.cmu.edu/~koopman/roses/wads03/wads03.pdf.Google Scholar
- Leslie Lamport. Proving the correctness of multiprocess programs. IEEE Trans. Software Eng., 3(2):125--143, 1977.Google ScholarDigital Library
- J. C. Laprie, editor. Dependability: Basic Concepts and Terminology. Springer-Verlag, Wien, 1998. Google ScholarDigital Library
- J.-C. Laprie and K. Kanoun. Software Reliability and System Reliability. In Lyu {48}, pages 27--69. Google Scholar
- J. C. C. Laprie, A. Avižienis, and H. Kopetz, editors. Dependability: Basic Concepts and Terminology, volume 5 of Dependable Computing and Fault Tolerance. Springer-Verlag, 1992. ISBN 0387822968. Google ScholarDigital Library
- E. D. Lazowska, J. Zahorjan, G. S. Graham, and Sevcik K. C. Quantitative System Performance - Computer System Analysis Using Queueing Network Models. Prentice-Hall, 1984. Google ScholarDigital Library
- Nancy G. Leveson. Safeware: system safety and computers. Addison-Wesley Publishing Company, Inc., 1995. ISBN 0-201-11972-2. Google Scholar
- William W. Lowrance. Of acceptable risk: science and the determination of safety. William Kaufman, Inc., 1976. ISBN 0-913232-30-0.Google Scholar
- Michael R. Lyu. Software Reliability Engineering. McGraw-Hill, New York, 1 edition, 1996.Google Scholar
- D. A. Menasce, V. A. F. Almeida, and L. W. Dowdy. Performance by Design. Prentice Hall, 2004.Google Scholar
- B. Meyer. Object-Oriented Software Construction, Second Edition. The Object-Oriented Series. Prentice-Hall, Englewood Cliffs (NJ), USA, 1997. Google ScholarDigital Library
- J. F. Meyer. Performability evaluation: where it is and what lies ahead. In Proceedings of the International Symposium Computer Performance and Dependability, pages 334--343. IEEE, April 1995. doi: 10.1109/IPDS. 1995.395818. Google ScholarDigital Library
- John D. Musa, Anthony Iannino, and Kazuhira Okumoto. Software Reliability: Measurement, Prediction, Application. McGraw-Hill, 1987. ISBN 0-07-044093-X. Google ScholarDigital Library
- David Lorge Parnas. Software aging. In ICSE '94: Proceedings of the 16th international conference on Software engineering, pages 279--287, Los Alamitos, CA, USA, 1994. IEEE Computer Society Press. ISBN 0-8186-5855-X.Google ScholarDigital Library
- A. Pfitzmann and M. Hansen. Anonymity, unlinkability, unobservability, pseudonimity, and identity management - a consolidated proposal for terminology, 2005. URL http://dud.inf.tu-dresden.de/Anon_Terminology.shtml.Google Scholar
- Charles P. Pfleeger. Security in Computing. Prentice-Hall, Inc., Upper Saddle River, NJ, USA, 1997. ISBN 0-13-337486-6. Google ScholarDigital Library
- Brian Randell. System structure for software fault tolerance. IEEE Transactions on Software Engineering, SE-1(2):220--232, June 1975.Google ScholarDigital Library
- Matthias Rohr. Example of empirical research: N-version programming. In W. Hasselbring and Simon Giesecke, editors, Research Methods in Software Engineering, pages 39--62. Gito Verlag, Berlin, Germany, 2006. ISBN 3-936771-57-X.Google Scholar
- F. B. Schneider, editor. Trust in Cyberspace. National Academy Press, Washington, DC, 1998. Google ScholarDigital Library
- B. Schneier. Beyond Fear. Springer-Verlag, Berlin, Germany, 2003. ISBN 0-387-02620-7.Google Scholar
- Connie U. Smith and Lloyd G. Williams. Performance Solutions: A Practical Guide To Creating Responsive, Scalable Software. Addison-Wesley, 2002. Google ScholarDigital Library
- Ian Sommerville. Software Engineering. Addison-Wesley, 7th edition, 2004. Google ScholarDigital Library
- Neil R. Storey. Safety Critical Computer Systems. Addison-Wesley Longman Publishing Co., Inc., 1996. ISBN 0-201-42787-7. Google ScholarDigital Library
- Clemens Szyperski, Dominik Gruntz, and Stephan Murer. Component Software: Beyond Object-Oriented Programming. ACM Press and Addison-Wesley, New York, NY, 2nd edition, 2002. Google ScholarDigital Library
- Andrew S. Tanenbaum and Maarten Van Steen. Distributed Systems: Principles and Paradigms. Prentice Hall, 2001. ISBN 0130888931. Google ScholarDigital Library
- K. S. Trivedi. Probability and Statistics with Reliability, Queuing and Computer Science Applications. Prentice Hall, 1982. ISBN 0-13-711564-4. Google ScholarDigital Library
- Kishor S. Trivedi. Probability and Statistics with Reliability, Queuing and Computer Science Applications. John Wiley and Sons, 2nd edition, 2001. ISBN 0-471-33341-7. Google ScholarDigital Library
- US Department of Defense. Electronic Reliability Design Handbook, 1998. URL http://www.barringer1.com/mil_files/MIL-HDBK-338.pdf.Google Scholar
Recommendations
Trustworthy Software Development
CMS 2013: 14th IFIP TC 6/TC 11 International Conference on Communications and Multimedia Security - Volume 8099This paper presents an overview on how existing development methodologies and practices support the creation of trustworthy software. Trustworthy software is key for a successful and trusted usage of software, specifically in the Cloud. To better ...
Research of Trustworthy Software System in the Network
PAAP '12: Proceedings of the 2012 Fifth International Symposium on Parallel Architectures, Algorithms and ProgrammingThis paper first analyzes the credibility of human society issues, gives a credible model, revealing the essence of credibility, that man's morality, competence and confidentiality of three aspects. Based on these we analyze the credible issue of the ...
Verification and Validation for Trustworthy Software Systems
A continuous and proactive process for conducting verification and validation of systems involves using scenario-based testing to validate whether formal assertions correctly capture the intent of the natural language requirements. The process is ...
Comments