电子学报 ›› 2019, Vol. 47 ›› Issue (11): 2344-2353.DOI: 10.3969/j.issn.0372-2112.2019.11.016

• 学术论文 • 上一篇    下一篇

基于社会学信任理论的软件可信性概念模型

杨曦, 罗平, 贾古丽   

  1. 清华大学软件学院信息系统安全教育部重点实验室, 北京 100084
  • 收稿日期:2018-09-11 修回日期:2019-03-25 出版日期:2019-11-25
    • 作者简介:
    • 杨曦 女,1977年2月出生,福建福州人.2005年云南大学软件工程专业硕士毕业,其后在福州大学从事教学、科研工作.2014年考入清华大学博士,研究方向为软件系统与理论、信息安全及软件可信性等.E-mail:x-yang14@mails.tsinghua.edu.cn;罗平 男,1959年6月出生,湖南溆浦人.清华大学软件学院教授.研究方向:密码算法设计与密码分析,漏洞分析与攻击,数据库漏洞与安全,木马利用技术,图像安全.负责和参加国家自然科学基金项目4项,国家科技部973和"十一五"科技攻关项目4项,部委和学校项目6项,横向课题6项.其中作为项目负责人16项.
    • 基金资助:
    • 国家自然科学基金重点项目 (No.90818021); 核高基重大专项 (No.2012zx01039-004-46); 国家发改委信息安全专项 (No.2012-1424)

The Concept Model of Software Trustworthiness Based on Trust-Theory of Sociology

YANG Xi, LUO Ping, GUL Jabeen   

  1. The Key Laboratory for Information System Security, Software School, Tsinghua University, Beijing 100084, China
  • Received:2018-09-11 Revised:2019-03-25 Online:2019-11-25 Published:2019-11-25
    • Supported by:
    • Key Program of National Natural Science Foundation of China (No.90818021); National Science and Technology Major Project  (NSTMP) Program Kernal Electronic Devices,  High-end General Application Chips,  Fundamental Software Products (No.2012zx01039-004-46); National Development and Reform Commission Information Security Special Program (No.2012-1424)

摘要: 可信性作为软件的一种复杂的高复合概念,几十年间都未能取得实质性进展和突破.本文在对可信性权威定义分析的基础上,论证了这些定义所涉范围彼此矛盾且不相容,进一步说明从本质出发研究软件可信性概念模型的重要性和必然性."可信"一词源于社会学,所以应该从社会学的信任理论出发来探讨软件可信性的本质.本文在上百篇经典社会学信任理论文献上构建出信任体系模型STM,并与软件的信任体系进行了对比和映射,提出基于社会学信任理论的软件可信性概念模型STCM.在STM和STCM的基础上给出软件可信性概念模型的定义系统.最后通过度量评估实验验证了模型是可行的、有效的,为软件可信性的发展提供了新的研究方向.

关键词: 软件可信性, 信任理论, STM, STCM, 可靠性, 安全性

Abstract: As a complex high-composite software concept, the trustworthiness research has failed to make substantial progress and breakthroughs during these decades. After analyzing the authority definitions of trustworthiness, this paper demonstrates that the scope of them is contradictory and incompatible. It further illustrates that the research of software trustworthiness conceptual model from its essence is very important and necessary. The term "trustworthiness" originates from sociology; so we should discuss the essence of software trustworthiness based on trust-theory of sociology. This paper constructs a trust system model STM based on hundreds of classical sociological literature on trust-theory. After comparing and mapping with software trust system, the paper proposes a software trustworthiness conceptual model STCM based on trust theory of sociology. Based on STM and STCM, a complete concept definition system of software trustworthiness is presented. Finally, STCM is proved to be feasible and effective by the measurement and evaluation experiment, which provides a new research direction for the advancement of software trustworthiness.

Key words: software trustworthiness, trust-theory, STM, STCM, reliability, security

中图分类号: