基于软件行为的检查点风险评估信任模型

doi:10.3969/j.issn.1001-2400.2012.01.032

J4 ›› 2012, Vol. 39 ›› Issue (1): 179-184+190.doi: 10.3969/j.issn.1001-2400.2012.01.032

基于软件行为的检查点风险评估信任模型

刘玉玲;杜瑞忠;冯建磊;田俊峰

(河北大学数学与计算机学院，河北保定 071002)

收稿日期:2011-09-27 出版日期:2012-02-20 发布日期:2012-04-06
作者简介:刘玉玲(1964-)，女，教授，E-mail: durz@mail.hbu.edu.cn．
基金资助:
国家自然科学基金资助项目(60873203，61170254);河北省杰出青年基金资助项目(F2010000317);河北省自然科学基金资助项目(F2010000319，F20112010331)

Trust model of software behaviors based on check point risk assessment

LIU Yuling;DU Ruizhong;FENG Jianlei;TIAN Junfeng

(College of Mathematics and Computer Sci., Hebei Univ., Baoding 071002， China)

Received:2011-09-27 Online:2012-02-20 Published:2012-04-06

摘要/Abstract

摘要：

针对当前软件行为可信研究中往往忽略风险因素影响，为提高软件行为可信性评价的准确性和合理性，通过在软件行为轨迹中织入若干检查点，提出一种基于软件行为的检查点风险评估信任模型(CBRA-TM)；通过累积多个有疑似风险的检查点，利用风险评估策略，判定有疑似风险的检查点；采用奖励或处罚机制求出软件行为的可信度，最终判断软件行为是否可信．仿真实验结果表明，该模型能够有效地识别软件行为中潜在的风险，能够较准确地计算软件行为的可信度，验证了模型的有效性和可行性．

关键词: 信任模型, 软件行为, 风险评估, 检查点

Abstract:

In the credible research on current software, risk factors are often ignored. For improving the accuracy and reasonableness of the credible research, by insetting a number of checkpoints into the software behavior tracks, we propose a trust model called (CBRA-TM) which is based on checkpoint behavioral risk assessment. This model can determine the credibility of the software behavior by using risk assessment strategies to determine a suspected risk checkpoint, accumulate multiple checkpoints which are suspected and calculate the credibility of software behavior through the reward or punishment mechanism. Simulation results show that the model can identify potential risks and calculate the credibility accurately, which verifies the validity and feasibility of the model.

Key words: trust model, software behaviors, risk evaluation, check point

中图分类号:

TP393

刘玉玲;杜瑞忠;冯建磊;田俊峰. 基于软件行为的检查点风险评估信任模型[J]. J4, 2012, 39(1): 179-184+190.

LIU Yuling;DU Ruizhong;FENG Jianlei;TIAN Junfeng. Trust model of software behaviors based on check point risk assessment[J]. J4, 2012, 39(1): 179-184+190.

参考文献

［1］沈昌祥, 张焕国, 王怀民, 等. 可信计算的研究与发展［J］. 中国科学, 2010, 40(2): 139-166.
Shen Changxiang, Zhang Huanguo, Wang Huaimin, et al. Research on Trusted Computing and Its Development［J］. Science China, 2010, 40(2): 139-166.
［2］ Lo D, Cheng H, Han J W. Classification of Software Behaviors for Failure Detection: a Discriminative Pattern Mining Approach［C］//Proc 2009 ACM SIGKDD Int Conf on Knowledge Discovery and Data Mining. New York: ACM, 2009: 557-566.
［3］ Wang H M, Tang Y B, Yin G, et al. Trustworthiness of Internet-Based Software［J］. Science in China-Series F: Information Sciences, 2006, 49(6): 759-773.
［4］陈火旺, 王戟, 董威. 高可信软件工程技术［J］. 电子学报, 2003, 31(12A): 1933-1938.
Chen Huowang, Wang Ji, Dong Wei. High Confidence Software Engineering Technologies［J］. Chinese Journal of Electronics, 2003, 31(12A): 1933-1938.
［5］ Lu J, Xu F, Wang Y. Trust Management Based Software Confidence Assurance in Open Environment［J］. Communications of the CCF, 2007, 3(11): 26-34.
［6］ Diakov K, Batteram J, Zandbelt H. Monitoring of Distributed Component Interactions［C/OL］. ［2011-01-15］. http://doc.utwente.nl/66764/1/8-awentenkov.pdf.
［7］ Li J. Monitoring and Characterization of Component-Based Systems with Global Causality Capture［C］//Proc of the 23rd International Conference on Distributed Computing Systems (ICDCS 2003). Washington: IEEE Computer Society, 2003: 422-433.
［8］ Mariani L, Pezze M. A Technique for Verifying Component Based Software［J］. Electronic Notes in Theoretical Computer Science, 2005(116): 17-30.
［9］ Chen F, Grigore R. Mop: an Efficient and Generic Runtime Verification Framework［C］//Proc of the 22nd Annual ACM SIGPLAN Conference on Object-Oriented Programming Systems and Applications. New York: ACM, 2007: 569-588.
［10］古亮, 郭耀, 王华. 基于TPM的运行时软件可信证据收集机制［J］. 软件学报, 2010, 21(2): 373-388.
Gu Liang, Guo Yao, Wang Hua. A Runtime Software Trustworthiness Evldence Collection Mechanism Based on TPM［J］. Journal of Software, 2010, 21(2): 373-388.
［11］ Jфsang A, St'ephane L P. Analyzing the Relationship between Risk and Trust［C/OL］.［2011-01-25］. http://eprints.ecs.soton.ac.uk/8769/1/risktrust.pdf.
［12］ Robert A O. Trust as Risk and the Foundation of Investment Value［J］. The Journal of Socio-Economic, 2008, 37(6): 2189-2200.
［13］赵冬梅, 马建峰, 王跃生. 信息系统的模糊风险评估模型［J］. 通信学报, 2007, 28(4): 51-56.
Zhao Dongmei, Ma Jianfeng, Wang Yuesheng. Model of Fuzzy Risk Assessment of the Information System［J］. Journal on Communications, 2007, 28(4): 51-56.
［14］范红, 冯登国, 吴亚非. 信息安全风险评估方法与应用［M］. 北京: 清华大学出版社, 2006.
［15］范红, 冯登国. 信息安全风险评估实施教程［M］. 北京: 清华大学出版社, 2007.
［16］ Jфsang A, Bradley D, Knapskog S J. Belief-Based Risk Analysis［C］//Proc of the 2nd Workshop on Australasian Security, Data Mining and Web Intelligence, and Software Internationalization. Australia: Australian Computer Society, 2004: 63-68.
［17］张吉军. 模糊层次分析法(FAHP)［J］. 模糊系统与数学, 2000, 14(2): 80-88.
Zhang Jijun. Fuzzy Analytical Hierarchy Process(FAHP) ［J］. Fuzzy Systems and Mathematics, 2000, 14(2): 80-88.
［18］覃志东, 熊光泽. 高可信软件可靠性和防危性测试和评价理论研究［D］. 四川: 电子科技大学, 2005.
［19］骆正清, 杨善林. 层次分析法中几种标度的比较［J］. 系统工程理论与实践, 2004(9): 51-60.
Luo Zhengqing, Yang Shanlin. Comparative Study on Several Scales in AHP［J］. Systems Engineering Therory and Practice, 2004(9): 51-60.

[1]	杨波,钟永超,杨浩男,徐紫枫,李晓琦,张玉清. 智能网联汽车Wi-Fi隐私泄露风险研究[J]. 西安电子科技大学学报, 2023, 50(4): 215-228.
[2]	杨宏宇;宁宇光. 一种云平台动态风险访问控制模型[J]. 西安电子科技大学学报, 2018, 45(5): 80-88.
[3]	吴德;刘三阳. 信息安全风险评估模型SVRAMIS[J]. J4, 2013, 40(1): 44-47+154.
[4]	刘西洋;刘涛;柏志文;王艳;穆浩英. 一种优化的跨平台可逆调试器 [J]. J4, 2009, 36(1): 64-68.
[5]	孙鹏岗1;权义宁1;刘俊萍2. L-模糊集信任机制的网格计算任务调度方法 [J]. J4, 2008, 35(1): 110-115.
[6]	温浩宇;任小龙;徐国华. 一种基于D-S理论的P2P网络信任模型[J]. J4, 2005, 32(3): 400-402.

基于软件行为的检查点风险评估信任模型

Trust model of software behaviors based on check point risk assessment

PDF (PC)

赞

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 6

Metrics

本文评价

推荐阅读 0