Trustworthy software systems: a discussion of basic concepts and terminology

Basic concepts and terminology for trustworthy software systems are discussed. Our discussion of definitions for terms in the domain of trustworthy software systems is based on former achievements in dependable, trustworthy and survivable systems. We base our discussion on the established literature and on approved standards. These concepts are discussed in the context of our graduate school TrustSoft on trustworthy software systems. In TrustSoft, we consider trustworthiness of software systems as determined by correctness, safety, quality of service (performance, reliability, availability), security, and privacy. Particular means to achieve trustworthiness of component-based software systems - as investigated in TrustSoft - are formal verification, quality prediction and certification; complemented by fault diagnosis and fault tolerance for increased robustness.

[1]  Arvinder Kaur,et al.  Component Based Software Engineering , 2010 .

[2]  W. Lowrance,et al.  Of Acceptable Risk: Science and the Determination of Safety , 1976 .

[3]  T.C. Lethbridge,et al.  Guide to the Software Engineering Body of Knowledge (SWEBOK) and the Software Engineering Education Knowledge (SEEK) - a preliminary mapping , 2001, 10th International Workshop on Software Technology and Engineering Practice.

[4]  John F. Meyer Performability evaluation: where it is and what lies ahead , 1995, Proceedings of 1995 IEEE International Computer Performance and Dependability Symposium.

[5]  Alain Abran,et al.  The Guide to the Software Engineering Body of Knowledge , 1999, IEEE Softw..

[6]  A. Pfitzmann,et al.  Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management – A Consolidated Proposal for Terminology , 2002 .

[7]  Barry W. Boehm,et al.  Verifying and Validating Software Requirements and Design Specifications , 1989, IEEE Software.

[8]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .

[9]  Mladen A. Vouk Software Reliability Engineering , 1999 .

[10]  Rogério de Lemos ICSE 2003 WADS Panel: Fault Tolerance and Self-Healing , 2003 .

[11]  Felicita Di Giandomenico,et al.  Workshop on Architecting Dependable Systems (WADS 2007) , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[12]  Pankaj Jalote,et al.  Fault tolerance in distributed systems , 1994 .

[13]  Svend Frølund,et al.  Quality-of-service specification in distributed object systems , 1998, Distributed Syst. Eng..

[14]  Carleen Maitland,et al.  Trust in cyberspace , 2000 .

[15]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[16]  Donald E. Knuth,et al.  The Art of Computer Programming, Volume I: Fundamental Algorithms, 2nd Edition , 1997 .

[17]  David Lorge Parnas,et al.  Software aging , 1994, Proceedings of 16th International Conference on Software Engineering.

[18]  Philippe Schnoebelen,et al.  Systems and Software Verification, Model-Checking Techniques and Tools , 2001 .

[19]  Bertrand Meyer,et al.  Object-Oriented Software Construction, 2nd Edition , 1997 .

[20]  Tim Kindberg,et al.  Archive material from Edition 2 of Distributed Systems: Concepts and Design , 1994 .

[21]  Neil R. Storey,et al.  Safety-critical computer systems , 1996 .

[22]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[23]  John D. Musa,et al.  Software reliability measurement , 1984, J. Syst. Softw..

[24]  John D. Musa,et al.  Software Reliability Engineering , 1998 .

[25]  James Fealey,et al.  Performance by design , 2004 .

[26]  Svend Frølund,et al.  Quality of Service--Aware Distributed Object Systems , 1999, COOTS.

[27]  Peter Neumann,et al.  Safeware: System Safety and Computers , 1995, SOEN.

[28]  Clemens A. Szyperski,et al.  Component software - beyond object-oriented programming , 2002 .

[29]  Michael A. Cusumano,et al.  Who is liable for bugs and security flaws in software? , 2004, CACM.

[30]  Leslie Lamport,et al.  Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[31]  Kishor S. Trivedi Probability and Statistics with Reliability, Queuing, and Computer Science Applications , 1984 .

[32]  C. Floyd A Systematic Look at Prototyping , 1984 .

[33]  Ian Sommerville,et al.  Software Engineering (7th Edition) , 2004 .

[34]  S. Mohan,et al.  Performance Solutions: A Practical Guide to Creating Responsive, Scalable Software [Book Review] , 2003, IEEE Software.

[35]  George Coulouris,et al.  Distributed systems (3rd ed.): concepts and design , 2000 .

[36]  Roger C. Cheung,et al.  A User-Oriented Software Reliability Model , 1978, IEEE Transactions on Software Engineering.

[37]  Robert S. Boyer,et al.  Program Verification , 1985, J. Autom. Reason..

[38]  Alexander Romanovsky,et al.  Workshop on architecting dependable systems (WADS 2005) , 2005, ICSE 2005.

[39]  H. Kopetz,et al.  Dependability: Basic Concepts and Terminology , 1992, Dependable Computing and Fault-Tolerant Systems.

[40]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[41]  Larry Bernstein Trustworthy software systems , 2005, SOEN.

[42]  Wilhelm Hasselbring Technical opinion: On defining computer science terminology , 1999, CACM.

[43]  George Coulouris,et al.  Distributed systems - concepts and design , 1988 .

[44]  Jean-Claude Laprie,et al.  Software reliability and system reliability , 1996 .

[45]  Tobias Brosch,et al.  Beyond Fear , 2008, Psychological science.

[46]  Donald E. Knuth,et al.  The art of computer programming: V.1.: Fundamental algorithms , 1997 .

[47]  Wilhelm Hasselbring,et al.  Toward trustworthy software systems , 2006, Computer.

[48]  David A. Patterson,et al.  Towards Availability Benchmarks: A Case Study of Software RAID Systems , 2000, USENIX Annual Technical Conference, General Track.

[49]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[50]  Edward D. Lazowska,et al.  Quantitative system performance - computer system analysis using queueing network models , 1983, Int. CMG Conference.

[51]  John D. Musa,et al.  Software reliability - measurement, prediction, application , 1987, McGraw-Hill series in software engineering and technology.

[52]  Andrew S. Tanenbaum,et al.  Distributed systems: Principles and Paradigms , 2001 .

[53]  Brian Randell,et al.  System structure for software fault tolerance , 1975, IEEE Transactions on Software Engineering.

[54]  Standard Glossary of Software Engineering Terminology , 1990 .

[55]  Christian Jahl The information technology security evaluation criteria , 1991, [1991 Proceedings] 13th International Conference on Software Engineering.

[56]  John Daniels,et al.  UML Components: A Simple Process for Specifying Component-Based Software , 2000 .