skip to main content
article

Trustworthy software systems: a discussion of basic concepts and terminology

Published: 01 November 2006 Publication History

Abstract

Basic concepts and terminology for trustworthy software systems are discussed. Our discussion of definitions for terms in the domain of trustworthy software systems is based on former achievements in dependable, trustworthy and survivable systems. We base our discussion on the established literature and on approved standards. These concepts are discussed in the context of our graduate school TrustSoft on trustworthy software systems. In TrustSoft, we consider trustworthiness of software systems as determined by correctness, safety, quality of service (performance, reliability, availability), security, and privacy. Particular means to achieve trustworthiness of component-based software systems - as investigated in TrustSoft - are formal verification, quality prediction and certification; complemented by fault diagnosis and fault tolerance for increased robustness.

References

[1]
R. Achatz, J. Bosch, D. Rombach, T. Beauvais, A. Fuggetta, J.-P. Banatre, F. Bancilhon, S. De Panfilis, F. Bomarius, H. Saikkonen, H. Kuilder, G. Boeckle, B. Fitzgerald, and C. M. Olsson. The software and services challenge. Technical report, Technology Pillar on Software, Grids, Security and Dependability of the 7th Framework Programme, January 2006.
[2]
ATIS T1A1. Performance and Signal Processing. American National Standards Institute, ATIS Committee T1A1, 2001.
[3]
R. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley Computer Publishing, 2001. ISBN 0-471-38922-6.
[4]
Algirdas Avižienis, Jean-Claude Laprie, Brian Randell, and Carl Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1(1):11--33, 2004. ISSN 1545--5971.
[5]
A. Avizienis and L. Chen. On the implementation of n-version programming for software fault tolerance during execution. In Proc. IEEE International Computer Software & Applications Conference (COMPSAC 77), pages 149--155, November 1977.
[6]
B. Bérard, M. Bidoit, A. Finkel, F. Laroussinie, A. Petit. L. Petrucci, Ph. Schnoebelen Ph, and P. McKenzie. Systems and Software Verification - Model-Checking Techniques and Tools. Springer-Verlag, 2001. ISBN 3-540-41523-8.
[7]
Larry Bernstein. Trustworthy software systems. SIGSOFT Softw. Eng. Notes, 30(1):4--5, 2005.
[8]
B. Boehm. Verifying and validating software requirements and design specifications. IEEE Software, 1(1): 75--88, 1984.
[9]
R. S. Boyer and J. S. Moore. Program verification. Journal of Automated Reasoning, 1(1):17--23, 1985.
[10]
Aaron B. Brown and David A. Patterson. Towards availability benchmarks: A case study of software raid systems. In Proceedings of the 2000 USENIX Annual Technical Conference, San Diego, CA, USA, June 2000.
[11]
Bundesamt für Sicherheit in der Informationstechnik. BSI Certification and BSI Product Information -- notes for manufacturers and vendors. http://www.bsi.bund.de/zertifiz/zert/7138_e.pdf, 2004. retrieved 3/1/2006.
[12]
Bytepile. BytePile.com - Definition of QoS, 2006. URL http://www.bytepile.com/definitions-q.php.
[13]
John Cheeseman and John Daniels. UML Components: A Simple Process for Specifying Component-based Software (Component-based Development S.). Addison Wesley, 2000.
[14]
Roger C. Cheung. A user-oriented software reliability model. IEEE Transactions on Software Engineering, 6(2):118--125, March 1980. ISSN 0098--5589. Special collection from COMPSAC '78.
[15]
George Coulouris, Jean Dollimore, and Tim Kindberg. Distributed Systems: Concepts and Design. Pearson Education, third edition, 2001.
[16]
M. A. Cusumano. Who is liable for bugs and security flaws in software? Communications of the ACM, 47(3): 25--27, 2004.
[17]
Rogrio de Lemos. ICSE 2003 WADS panel: Fault tolerance and self-healing, 2003. URL citeseer.ist.psu.edu/656379.html.
[18]
Department of Trade and Industry. Information technology security evaluation criteria. http://www.bsi.de/zertifiz/itkrit/itsec-en.pdf, 1991. retrieved 3/1/2006.
[19]
Klaus Echtle. Fehlertoleranzverfahren. Springer-Verlag, Berlin, 1990.
[20]
R. J. Ellison, D. A. Fischer, R. C. Linger, H. F. Lipson, T. Longstaff, and N. R. Mead. Survivable network systems: an emerging discipline. Technical Report CMU/SEI-97-TR-013, Software Engineering Institute, Carnegie Mellon University, May 1999. Revised.
[21]
C. Floyd. A systematic look at prototyping. In R. Budde, K. Kuhlenkamp, L. Mathiassen, and H. Züllighoven, editors, Approaches to Prototyping, pages 1--18. Springer-Verlag, 1984.
[22]
Svend Frolund and Jari Koistinen. QML: A language for quality of service specification. Technical Report HPL-98-10, Hewlett Packard Laboratories, February 10 1998. URL http://www.hpl.hp.com/techreports/98/HPL-98-10.pdf.
[23]
Svend Frolund and Jari Koistinen. Quality of service aware distributed object systems. Technical Report HPL-98-142, Hewlett Packard, Software Technology Laboratory, August 1998. URL http://www.hpl.hp.com/techreports/98/HPL-98-142.html.
[24]
Svend Frolund and Jari Koistinen. Quality-of-service specification in distributed object systems. Distributed Systems Engineering, 5(4):179--202, 1998.
[25]
W. Hasselbring. On defining computer science terminology. Communications of the ACM, 42(2):88--91, February 1999.
[26]
W. Hasselbring and Simon Giesecke, editors. Dependability Engineering. Gito Verlag, Berlin, Germany, 2006. ISBN 3-936771-56-1.
[27]
W. Hasselbring and R. Reussner. Toward trustworthy software systems. IEEE Computer, 39(4):91--92, April 2006.
[28]
Wilhelm Hasselbring. Component-based software engineering. In S. K. Chang, editor, Handbook of Software Engineering and Knowledge Engineering, Volume 2, pages 289--305. World Scientific Publishing, River Edge, NJ, USA, 2002.
[29]
IEEE 1012--1998. IEEE 1012--1998: Standard for Software Verification and Validation. IEEE, 1998. Published standard.
[30]
IEEE 610.12:1990. IEEE 610.12:1990: Standard Glossary of Software Engineering Terminology. IEEE, 1990. Published standard.
[31]
IEEE SWEBOK. SWEBOK: Guide to the Software Engineering Body of Knowledge. IEEE Computer Society Professional Practices Committee, Los Alamitos, California, 2004.
[32]
ISO 8402. ISO 8402 Quality Management and Quality Assurance: Vocabulary. ISO, 1994. Published standard.
[33]
ISO 9126--3. Software engineering - Product quality - Part 3: Internal Metrics. ISO/IEC, June 2001. Published standard.
[34]
ISO 9126--1. Software engineering - Product quality - Part 1: Quality model. ISO/IEC, June 2001. Published standard.
[35]
ISO/IEC 14598--1. ISO/IEC 14598--1: Information technology - Software product evaluation - Part 1: General overview. ISO/IEC, 1999. Published standard.
[36]
ISO/IEC 9126--1. ISO/IEC 9126--1: Software Engineering - Product Quality - Part 1: Quality Model. ISO/IEC, June 2001. Published standard.
[37]
Raj Jain. The Art of Computer Performance Analysis. John Wiley & Sons, 1991.
[38]
Pankaj Jalote. Fault tolerance in distributed systems. Prentice-Hall, 1994.
[39]
Donald E. Knuth. The Art of Computer Programming, Volume 1, Fundamental Algorithms. Addison-Wesley, Reading, MA, USA, third edition, 1997. ISBN 0-201-89683-4.
[40]
P. Koopman. Workshop on Architecting Dependable Systems (WADS'03), May 2003. URL www.ece.cmu.edu/~koopman/roses/wads03/wads03.pdf.
[41]
Leslie Lamport. Proving the correctness of multiprocess programs. IEEE Trans. Software Eng., 3(2):125--143, 1977.
[42]
J. C. Laprie, editor. Dependability: Basic Concepts and Terminology. Springer-Verlag, Wien, 1998.
[43]
J.-C. Laprie and K. Kanoun. Software Reliability and System Reliability. In Lyu {48}, pages 27--69.
[44]
J. C. C. Laprie, A. Avižienis, and H. Kopetz, editors. Dependability: Basic Concepts and Terminology, volume 5 of Dependable Computing and Fault Tolerance. Springer-Verlag, 1992. ISBN 0387822968.
[45]
E. D. Lazowska, J. Zahorjan, G. S. Graham, and Sevcik K. C. Quantitative System Performance - Computer System Analysis Using Queueing Network Models. Prentice-Hall, 1984.
[46]
Nancy G. Leveson. Safeware: system safety and computers. Addison-Wesley Publishing Company, Inc., 1995. ISBN 0-201-11972-2.
[47]
William W. Lowrance. Of acceptable risk: science and the determination of safety. William Kaufman, Inc., 1976. ISBN 0-913232-30-0.
[48]
Michael R. Lyu. Software Reliability Engineering. McGraw-Hill, New York, 1 edition, 1996.
[49]
D. A. Menasce, V. A. F. Almeida, and L. W. Dowdy. Performance by Design. Prentice Hall, 2004.
[50]
B. Meyer. Object-Oriented Software Construction, Second Edition. The Object-Oriented Series. Prentice-Hall, Englewood Cliffs (NJ), USA, 1997.
[51]
J. F. Meyer. Performability evaluation: where it is and what lies ahead. In Proceedings of the International Symposium Computer Performance and Dependability, pages 334--343. IEEE, April 1995. 1995.395818.
[52]
John D. Musa, Anthony Iannino, and Kazuhira Okumoto. Software Reliability: Measurement, Prediction, Application. McGraw-Hill, 1987. ISBN 0-07-044093-X.
[53]
David Lorge Parnas. Software aging. In ICSE '94: Proceedings of the 16th international conference on Software engineering, pages 279--287, Los Alamitos, CA, USA, 1994. IEEE Computer Society Press. ISBN 0-8186-5855-X.
[54]
A. Pfitzmann and M. Hansen. Anonymity, unlinkability, unobservability, pseudonimity, and identity management - a consolidated proposal for terminology, 2005. URL http://dud.inf.tu-dresden.de/Anon_Terminology.shtml.
[55]
Charles P. Pfleeger. Security in Computing. Prentice-Hall, Inc., Upper Saddle River, NJ, USA, 1997. ISBN 0-13-337486-6.
[56]
Brian Randell. System structure for software fault tolerance. IEEE Transactions on Software Engineering, SE-1(2):220--232, June 1975.
[57]
Matthias Rohr. Example of empirical research: N-version programming. In W. Hasselbring and Simon Giesecke, editors, Research Methods in Software Engineering, pages 39--62. Gito Verlag, Berlin, Germany, 2006. ISBN 3-936771-57-X.
[58]
F. B. Schneider, editor. Trust in Cyberspace. National Academy Press, Washington, DC, 1998.
[59]
B. Schneier. Beyond Fear. Springer-Verlag, Berlin, Germany, 2003. ISBN 0-387-02620-7.
[60]
Connie U. Smith and Lloyd G. Williams. Performance Solutions: A Practical Guide To Creating Responsive, Scalable Software. Addison-Wesley, 2002.
[61]
Ian Sommerville. Software Engineering. Addison-Wesley, 7th edition, 2004.
[62]
Neil R. Storey. Safety Critical Computer Systems. Addison-Wesley Longman Publishing Co., Inc., 1996. ISBN 0-201-42787-7.
[63]
Clemens Szyperski, Dominik Gruntz, and Stephan Murer. Component Software: Beyond Object-Oriented Programming. ACM Press and Addison-Wesley, New York, NY, 2nd edition, 2002.
[64]
Andrew S. Tanenbaum and Maarten Van Steen. Distributed Systems: Principles and Paradigms. Prentice Hall, 2001. ISBN 0130888931.
[65]
K. S. Trivedi. Probability and Statistics with Reliability, Queuing and Computer Science Applications. Prentice Hall, 1982. ISBN 0-13-711564-4.
[66]
Kishor S. Trivedi. Probability and Statistics with Reliability, Queuing and Computer Science Applications. John Wiley and Sons, 2nd edition, 2001. ISBN 0-471-33341-7.
[67]
US Department of Defense. Electronic Reliability Design Handbook, 1998. URL http://www.barringer1.com/mil_files/MIL-HDBK-338.pdf.

Cited By

View all
  • (2024)Quantum Computing SecurityApplications and Principles of Quantum Computing10.4018/979-8-3693-1168-4.ch020(399-417)Online publication date: 31-Jan-2024
  • (2024)The Gap Between Trustworthy AI Research and Trustworthy Software Research: A Tertiary StudyACM Computing Surveys10.1145/369496457:3(1-40)Online publication date: 11-Nov-2024
  • (2024)A Measurement of Aerospace Embedded Software Trustworthiness2024 IEEE 7th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)10.1109/ITNEC60942.2024.10733309(779-787)Online publication date: 20-Sep-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM SIGSOFT Software Engineering Notes
ACM SIGSOFT Software Engineering Notes  Volume 31, Issue 6
November 2006
182 pages
ISSN:0163-5948
DOI:10.1145/1218776
Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 November 2006
Published in SIGSOFT Volume 31, Issue 6

Check for updates

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)148
  • Downloads (Last 6 weeks)0
Reflects downloads up to 18 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Quantum Computing SecurityApplications and Principles of Quantum Computing10.4018/979-8-3693-1168-4.ch020(399-417)Online publication date: 31-Jan-2024
  • (2024)The Gap Between Trustworthy AI Research and Trustworthy Software Research: A Tertiary StudyACM Computing Surveys10.1145/369496457:3(1-40)Online publication date: 11-Nov-2024
  • (2024)A Measurement of Aerospace Embedded Software Trustworthiness2024 IEEE 7th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)10.1109/ITNEC60942.2024.10733309(779-787)Online publication date: 20-Sep-2024
  • (2024)A Gauging of Software Trustworthiness through the Grey Correlation Methodology2024 IEEE 6th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC)10.1109/IMCEC59810.2024.10575842(638-644)Online publication date: 24-May-2024
  • (2024)A model for Measuring the Trustworthiness of Component Software System2024 IEEE 4th International Conference on Information Technology, Big Data and Artificial Intelligence (ICIBA)10.1109/ICIBA62489.2024.10868030(870-878)Online publication date: 6-Dec-2024
  • (2024)A software trustworthiness evaluation methodology for cloud services with picture fuzzy informationApplied Soft Computing10.1016/j.asoc.2023.111205152(111205)Online publication date: Feb-2024
  • (2023)The Allocation Scheme of Software Development Budget with Minimal Conflict AttributesInternational Journal of Software Engineering and Knowledge Engineering10.1142/S021819402350059634:04(545-568)Online publication date: 8-Nov-2023
  • (2023)Towards Practical Dynamic Trust Monitoring of Containerized Services in NFV InfrastructureICC 2023 - IEEE International Conference on Communications10.1109/ICC45041.2023.10279302(5227-5233)Online publication date: 28-May-2023
  • (2023)Trustworthiness analysis and evaluation for command and control cyber-physical systems using generalized stochastic Petri netsInformation Sciences10.1016/j.ins.2023.118942638(118942)Online publication date: Aug-2023
  • (2022)The Trustworthiness Measurement Model of Component Based on DefectsMathematical Problems in Engineering10.1155/2022/72900012022(1-15)Online publication date: 12-Dec-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media