Visible to the public An Approach for Trustworthiness Benchmarking Using Software Metrics

TitleAn Approach for Trustworthiness Benchmarking Using Software Metrics
Publication TypeConference Paper
Year of Publication2018
AuthorsMedeiros, N., Ivaki, N., Costa, P., Vieira, M.
Conference Name2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC)
Date Publisheddec
ISBN Number978-1-5386-5700-3
KeywordsBenchmark testing, Buildings, Metrics, Mozilla Firefox project, pubcrawl, security, security attributes, security metrics, security of data, security vulnerabilities, software metrics, software quality, software security experts, Software systems, Trusted Computing, trustworthiness assessment model, trustworthiness benchmarking
Abstract

Trustworthiness is a paramount concern for users and customers in the selection of a software solution, specially in the context of complex and dynamic environments, such as Cloud and IoT. However, assessing and benchmarking trustworthiness (worthiness of software for being trusted) is a challenging task, mainly due to the variety of application scenarios (e.g., businesscritical, safety-critical), the large number of determinative quality attributes (e.g., security, performance), and last, but foremost, due to the subjective notion of trust and trustworthiness. In this paper, we present trustworthiness as a measurable notion in relative terms based on security attributes and propose an approach for the assessment and benchmarking of software. The main goal is to build a trustworthiness assessment model based on software metrics (e.g., Cyclomatic Complexity, CountLine, CBO) that can be used as indicators of software security. To demonstrate the proposed approach, we assessed and ranked several files and functions of the Mozilla Firefox project based on their trustworthiness score and conducted a survey among several software security experts in order to validate the obtained rank. Results show that our approach is able to provide a sound ranking of the benchmarked software.

URLhttps://ieeexplore.ieee.org/document/8639656
DOI10.1109/PRDC.2018.00019
Citation Keymedeiros_approach_2018