Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
How to Develop a Security Controls Oriented Reference Architecture for Cloud, IoT and SDN/NFV Platforms Read chapter Read first chapter

2018 | OriginalPaper | Chapter

CodeTrust

Trusting Software Systems

Authors : Christian Damsgaard Jensen, Michael Bøndergaard Nielsen

Published in: Trust Management XII

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The information society is building on data and the software required to collect and analyse these data, which means that the trustworthiness of these data and software systems is crucially important for the development of society as a whole. Efforts to establish the trustworthiness of software typically include parameters, such as security, reliability, maintainability, correctness and robustness.
In this paper we explore ways to determine the trustworthiness of software, in particular code where some of the constituent components are externally sourced, e.g. through crowd sourcing and open software systems. We examine different quality parameters that we believe define key quality indicators for trustworthy software and define CodeTrust, which is a content based trust metric for software.
We present the design and evaluation of a research prototype that implements the proposed metric, and show the results of preliminary evaluations of CodeTrust using well known open source software projects.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter The Impact of Competence and Benevolence in a Computational Model of Trust
next chapter Visualisation of Trust and Quality Information for Geospatial Dataset Selection and Use: Drawing Trust Presentation Comparisons with B2C e-Commerce
Footnotes
1
OpenSSL is a widely used implementation of the Transport Layer Security (TLS) protocol [9], which allows two computers on the Internet to establish secure communication. It is often used by embedded systems and open source software, such as the Apache and nginx webservers which, at the time, powered around two thirds of the websites on the Internet.
 
2
The Common Critera captures the Protection Profile (PP) and the Security Target (ST) and measures the Evaluation Assurance Level (EAL), which depends on the depth and rigour of the security evaluation.
 
Literature
1.
2.
Amoroso, E., Taylor, C., Watson, J., Weiss, J.: A process-oriented methodology for assessing and improving software trustworthiness. In: Proceedings of the 2nd ACM Conference on Computer and Communications Security, pp. 39–50 (1994)
3.
Avizienis, A., Laprie, J.C., Randell, B.: Fundamental concepts of dependability. In: Proceedings of the 3rd IEEE Information Survivability Workshop (2000)
4.
5.
6.
Cerrudo, C.: Why the Shellshock Bug is Worse than Heartbleed. MIT Technology Review, Cambridge (2014)
7.
Commission of the European Communities: Information Technology Security Evaluation Criteria (ITSEC): Preliminary Harmonised Criteria
8.
9.
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, The Internet Engineering Task Force (2008)
10.
Fitzpatrick, J.: Applying the ABC metric to C, C++, and Java. In: More c++ Gems, pp. 245–264. Cambridge University Press, New York (2000). Originally published in C++ Report, June 1997
11.
Halstead, M.H.: Elements of Software Science (Operating and Programming Systems Series). Elsevier Science Inc., New York (1977)MATH
12.
ISO/IEC 15408: Common Criteria for Information Technology Security Evaluation
13.
Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973)CrossRef
14.
Mohammadi, N.G., Sachar Paulus, M.B., Metzger, A., Koennecke, H., Hartenstein, S., Pohl, K.: An analysis of software quality attributes and their contribution to trustworthiness. In: Proceedings of the 3rd International Conference on Cloud Computing and Services Science, Closer 2013, vol. 3, no. 3, pp. 542–552 (2013)
15.
Nielsen, M.B.: Quality and IT security assessment of open source software projects. M.Sc. thesis, DTU Compute, Technical University of Denmark (2017)
16.
17.
18.
Randell, B.: System structure for software fault tolerance. SIGPLAN Not. 10(6), 437–449 (1975)CrossRef
19.
Seggelmann, R., Tuexen, M., Williams, M.: Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension. RFC 6520, The Internet Engineering Task Force (2012)
20.
The Department of Defense (DoD): Trusted Computer System Evaluation Criteria (TCSEC), TCSEC Rainbow Series Library, Orange Book
21.
22.
23.
Thompson, K.: Reflections on trusting trust. Commun. ACM 27(8), 761–763 (1984)CrossRef
24.
Wang, J.A., Wang, H., Guo, M., Xia, M.: Security metrics for software systems. In: Proceedings of the 47th Annual Southeast Regional Conference, no. 47, pp. 1–6 (2009)
Metadata
Title
CodeTrust
Authors
Christian Damsgaard Jensen
Michael Bøndergaard Nielsen
Copyright Year
2018
Book
Trust Management XII

Print ISBN: 978-3-319-95275-8

Electronic ISBN: 978-3-319-95276-5

Copyright Year: 2018

DOI
https://doi.org/10.1007/978-3-319-95276-5_5

Premium Partner

    Image Credits