Abstract
This paper presents an overview on how existing development methodologies and practices support the creation of trustworthy software. Trustworthy software is key for a successful and trusted usage of software, specifically in the Cloud. To better understand what trustworthy software applications actually mean, the concepts of trustworthiness and trust are defined and put in contrast to each other. Furthermore, we identify attributes of software applications that support trustworthiness. Based on this groundwork, some well-known software development methodologies and best practices are analyzed with respect on how they support the systematic engineering of trustworthy software. Finally, the state of the art is discussed in a qualitative way, and an outlook on necessary research efforts and technological innovations is given.
Chapter PDF
Similar content being viewed by others
References
Gol Mohammadi, N., Paulus, S., Bishr, M., Metzger, A., Koennecke, H., Hartenstein S., Pohl, K.: An Analysis of Software Quality Attributes and Their Contribution to Trustwor-thiness. In: 3rd International conference on Cloud Computing and Service Science (CLOSER), Special Session on Security Governance and SLAs in Cloud Computing – CloudSecGov, available in SCITEPRESS Digital Library, to appear in Springer-Verlag, SSRI, Aachen (2013)
Leveson, N., Stolzy, J.: Safety analysis using Petri nets. IEEE Transactions on Software Engineering 13(3), 386–397 (1987)
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley Series in Software Design. Wiley (2005)
Mei, H., Huang G., Xie, T.: Internetware: A software paradigm for internet computing, pp. 26–31. IEEE Computer Society (2012)
Araújo Neto, A., Vieira, M.: Untrustworthiness: A Trust-Based Security Metric. In: 4th International Conference on Risks and Security of Internet and Systems (CRiSIS), France, pp. 123–126 (2009)
San-Martín, S., Camarero, C.: A Cross-National Study on Online Consumer Perceptions, Trust, and Loyalty. Journal of Organizational Computing and Electronic Commerce 22, 64–86 (2012)
Chen, C., Wang, K., Liao, S., Zhang, Q., Dai, Y.: A Novel Server-based Application Ex-ecution Architecture. In: International Conference on Computational Science and Engineering, CSE 2009, vol. 2, pp. 678–683 (2009)
Harris, L.C., Goode, M.M.: The four levels of loyalty and the pivotal role of trust: a study of online service dynamics. Journal of Retailing 80(2), 139–158 (2004)
S-Cube: Quality Reference Model for SBA. S-Cube - European Network of Excellence (2008), http://www.s-cube-network.eu/results/deliverables/wp-jra-1.3/Reference_Model_for_SBA.pdf/view
ISO/IEC 9126-1: Software Engineering – Product quality – Part: Quality Model, International Organization of Standardization, Geneva, Switzerland (2001)
Gómez, M., Carbó, J., Benac-Earle, C.: An Anticipatory Trust Model for Open Distributed Systems. In: Butz, M.V., Sigaud, O., Pezzulo, G., Baldassarre, G. (eds.) ABiALS 2006. LNCS (LNAI), vol. 4520, pp. 307–324. Springer, Heidelberg (2007)
Yolum, P., Singh, M.P.: Engineering self-organizing referral networks for trustworthy service selection. IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and Humans 35(3), 396–407 (2005)
Yan, Z., Goel, G.: An adaptive trust control model for a trustworthy component software platform. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 226–238. Springer, Heidelberg (2007)
Boehm, B.W., Brown, J.R., Lipow, M.: Quantitative Evaluation of Software Quality. In: Proceedings of the 2ndInternational Conference on Software Engineering (ICSE), pp. 592–605. IEEE Computer Society Press, Los Alamitos (1976)
Adrion, W., Branstad, M., Cherniavsky, J.: Validation, Verification, and Testing of Computer Software. ACM Computing Surveys 14, 159–192 (1982)
McCall, J.A., Richards, P.K., Walters, G.F.: Factors in Software Quality. Volume I. Concepts and Definitions of Software Quality. US Department of Commerce, National Technical Information Service (NTIS), Final technical rept. (1977)
Royce, W.W.: Managing the Development of Large Software Systems: Concepts and Techniques. In: IEEE WESTCON, Los Angeles CA, pp. 1–9 (1970)
Boehm, B.: A Spiral Model of Software Development and Enhancement. IEEE Computer 21(5), 61–72 (1988)
Sommerville, I.: Software Engineering, 9th edn. Pearson, Boston (2011)
Jayaswal, B.K., Patton, P.C.: Design for Trustworthy Software: Tools, Techniques and Methodology for Developing Robust Software. Prentice Hall (2011)
Wordworth, J.: Software Engineering with B. Addison Wesley Longman (1996)
Schmidt, D.C.: Model-Driven Engineering. IEEE Computer 39(2), 25–31 (2006)
McGraw, G., Chess, B.: A Software Security Framework: Working Towards a Realistic Maturity Model. InformIT (October 2008)
ISO/IEC 15408:Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model, Geneva, Switzerland (2009)
ISO/IEC 21827:2002: Information technology – Systems Security Engineering – Capability Maturity Model (SSE-CMM) Geneva, Switzerland (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Paulus, S., Mohammadi, N.G., Weyer, T. (2013). Trustworthy Software Development. In: De Decker, B., Dittmann, J., Kraetzer, C., Vielhauer, C. (eds) Communications and Multimedia Security. CMS 2013. Lecture Notes in Computer Science, vol 8099. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40779-6_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-40779-6_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40778-9
Online ISBN: 978-3-642-40779-6
eBook Packages: Computer ScienceComputer Science (R0)