An Design Approach of Trustworthy Software and Its Trustworthiness Evaluation

With the continuous deepening of the application of software in sensitive fields such as finance, military affairs and economy, the requirement of software trustworthiness becomes more urgent. For the problem of the trust chain of Trusted Computing Group (TCG), which mainly ensure the static trustworthiness of computers and cannot ensure the dynamic trustworthiness of running software, we extend the trust chain of TCG by introducing a trustworthy engine between operating system and application software, and present a trust chain model of trustworthy software driven by the trustworthy engine. We also present an approach of trustworthy software design and its trustworthiness evaluation policies based on the trust chain model of trustworthy software. The software trustworthiness is merged into software design by introducing the trustworthy view which describes the trustworthy behavior trace of software and inserting checkpoint sensor at each checkpoint of trustworthy software. The software trustworthiness is realized by measuring software integrity and monitoring the behavior trace of running software. Experiments and analysis show that the trustworthy software designed with our approach can detect the anomaly of running software effectively, and the ability to detect the anomaly of software successfully of our designed software is better than that of the software based on the trust chain of TCG.