Studies on the Development and Improvement of Quantitative Vulnerability Assessment Methods for the Internet Software

互联网软件漏洞定量评估方法的开发与改进研究

• 批准号: 18500066
• 负责人: KIMURA Mitsuhiro
• 金额: $ 1.2万
• 依托单位: Hosei University
• 依托单位国家: 日本
• 项目类别: Grant-in-Aid for Scientific Research (C)
• 财政年份: 2006
• 资助国家: 日本
• 起止时间: 2006 至 2007
• 项目状态: 已结题
• 来源: https://kaken.nii.ac.jp/grant/KAKENHI-PROJECT-18500066/
• 关键词: Software reliability; Software vulnerability; Bootstrap method; Stochastic models; Simulation models; Parameter calibration; Linearized growth curve model; 線形化成長曲線モデル; ソフトウェア品質; 脆弱性; 信頼性

We have first discussed the software vulnerability assessment method for the Internet software, which is exposed to the malicious users. After discussing the concept of software vulnerability with expanding the traditional approach of software reliability assessment methods, we have modeled a stochastic model in order to evaluate the software vulnerability as an ex post facto estimation. We have pointed out that classical software reliability measurement methods would not be trustworthy when the software system is operated in the operational environment, which allows anonymity of the users. We have presented the software vulnerability assessment modeling and shown its practical estimation results for the sendmail system.To develop and improve the software vulnerability assessment methods, we have secondly tackled the problem of making some more microscopic approach for software debugging process. One fruitful result has been obtained by using simulation approach. Especially, our simula … More tion models have an ability of calibration of control parameters included in the simulation models based on a least mean square error rule. This simulation-based approach can treat wide variety of modeling for software reliability/vulnerability assessment.Also, in order to obtain more applicability for the software reliability/vulnerability models, we have developed a new methodology based on a linearized growth curve model. In the literature of software reliability/vulnerability assessment, there have been many assessment models have been proposed so far. They are the achievement of studies performed by a lot of researchers. Various approaches have been tried to describe software reliability quantitatively through the observation of software development processes. Namely, there are the models which use stochastic processes, non-parametric models, neural networks, and so on. This fact shows that each model has some advantages for several data sets that are analyzed in the paper itself ; however, the model is not always applicable to all kinds of data. Therefore, we have a number of software reliability models. In order to overcome this complication of model selection, we have discussed a method of generalizing several proposed software reliability data analysis. These new methods can open a new door of software vulnerability assessment methods. Less

本文首先讨论了面向恶意用户的Internet软件的脆弱性评估方法。在讨论了软件脆弱性的概念和扩展了传统的软件可靠性评估方法之后，我们建立了一个随机模型，以评估软件脆弱性作为事后估计。我们已经指出，经典的软件可靠性度量方法将是不可信的，当软件系统运行在操作环境中，这允许匿名的用户。本文首先给出了sendmail系统的软件脆弱性评估模型，并给出了其实际评估结果。其次，为了发展和改进软件脆弱性评估方法，我们研究了如何对软件调试过程进行更微观的分析。利用仿真方法得到了一个富有成效的结果。特别是我们的模拟 ...更多信息 仿真模型具有基于最小均方误差规则校准仿真模型中包括的控制参数的能力。这种基于仿真的方法可以处理各种各样的软件可靠性/脆弱性评估模型，同时，为了使软件可靠性/脆弱性模型具有更好的适用性，我们提出了一种基于线性增长曲线模型的新方法。在软件可靠性/脆弱性评估的文献中，已经提出了许多评估模型。它们是许多研究人员的研究成果。通过对软件开发过程的观察，已经尝试了各种方法来定量地描述软件可靠性。这一事实表明，对于本文所分析的几个数据集，每种模型都有一定的优势;然而，该模型并不总是适用于所有类型的数据。因此，我们有一些软件可靠性模型。为了克服模型选择的复杂性，我们讨论了一种推广几种建议的软件可靠性数据分析的方法。这些新方法为软件脆弱性评估方法的研究打开了一扇新的大门。少

项目成果

A study on two-parameter numerical differentiation method by gamma function model for software reliability data analysis

软件可靠性数据分析的伽玛函数模型二参数数值微分法研究

• 发表时间: 2006
• 期刊: Proc. of 12th ISSAT Intern. Conference on Reliability and Quality in Design
• 作者: Uratani;Yoshikazu;Koide;Hiroshi;M.Kimura;M. Kimura;M. Kimura;木村 光宏;M.Kimura;M.Kimura;M. Kimura;M.Kimura;M.Kimura
• 通讯作者: M.Kimura

A Linearized Growth Curve Model for Software Reliability Data Analysis

软件可靠性数据分析的线性增长曲线模型

• 发表时间: 2008
• 期刊: Recent Advances in Reliability and Quality in Design(ed. H. Pham), Springer
• 作者: Uratani;Yoshikazu;Koide;Hiroshi;M.Kimura;M. Kimura;M. Kimura
• 通讯作者: M. Kimura

Software Vulnerability : Definition, Modeling, and Practical Evaluation for E-mail Transfer Software

软件漏洞：电子邮件传输软件的定义、建模和实际评估

• 发表时间: 2006
• 期刊: International Journal of Pressure Vessels & Piping Vol.83, No.4
• 作者: Uratani;Yoshikazu;Koide;Hiroshi;M.Kimura;M. Kimura;M. Kimura;木村 光宏;M.Kimura;M.Kimura;M. Kimura
• 通讯作者: M. Kimura

オープンソースソフトウェアに対する最適バージョンアップ時期推定のためのソフトゥェアツール

用于估计开源软件最佳版本更新时间的软件工具

• 发表时间: 2007
• 作者: Uratani;Yoshikazu;Koide;Hiroshi;M.Kimura;M. Kimura;M. Kimura;木村 光宏;M.Kimura;M.Kimura;M. Kimura;M.Kimura;M.Kimura;M.Kimura;田村 慶信・肌付 康司・山田 茂・木村 光宏
• 通讯作者: 田村 慶信・肌付 康司・山田 茂・木村 光宏

A Linearized Growth Curve Model for Software Reliability Data Analysis, in Recent Advances in Reliability and Quality in Design(H.Pham ed.)

软件可靠性数据分析的线性增长曲线模型，可靠性和设计质量的最新进展（H.Pham 编辑）

• 发表时间: 2008
• 作者: H. Nakajima;M. Kimura;M.Kimura;M.Kimura;M. Kimura;M. Kimura;M.Kimura(分担執筆);木村 光宏(分担執筆)
• 通讯作者: 木村 光宏(分担執筆)