TU Darmstadt / ULB / TUbiblio

M-STAR: A Modular, Evidence-based Software Trustworthiness Framework

Alexopoulos, Nikolaos ; Habib, Sheikh Mahbub ; Schulz, Steffen ; Mühlhäuser, Max (2018)
M-STAR: A Modular, Evidence-based Software Trustworthiness Framework.
doi: 10.48550/arXiv.1801.05764
Report, Bibliographie

Kurzbeschreibung (Abstract)

Despite years of intensive research in the field of software vulnerabilities discovery, exploits are becoming ever more common. Consequently, it is more necessary than ever to choose software configurations that minimize systems' exposure surface to these threats. In order to support users in assessing the security risks induced by their software configurations and in making informed decisions, we introduce M-STAR, a Modular Software Trustworthiness ARchitecture and framework for probabilistically assessing the trustworthiness of software systems, based on evidence, such as their vulnerability history and source code properties. Integral to M-STAR is a software trustworthiness model, consistent with the concept of computational trust. Computational trust models are rooted in Bayesian probability and Dempster-Shafer Belief theory, offering mathematical soundness and expressiveness to our framework. To evaluate our framework, we instantiate M-STAR for Debian Linux packages, and investigate real-world deployment scenarios. In our experiments with real-world data, M-STAR could assess the relative trustworthiness of complete software configurations with an error of less than 10%. Due to its modular design, our proposed framework is agile, as it can incorporate future advances in the field of code analysis and vulnerability prediction. Our results point out that M-STAR can be a valuable tool for system administrators, regular users and developers, helping them assess and manage risks associated with their software configurations.

Typ des Eintrags: Report
Erschienen: 2018
Autor(en): Alexopoulos, Nikolaos ; Habib, Sheikh Mahbub ; Schulz, Steffen ; Mühlhäuser, Max
Art des Eintrags: Bibliographie
Titel: M-STAR: A Modular, Evidence-based Software Trustworthiness Framework
Sprache: Englisch
Publikationsjahr: 17 Januar 2018
Verlag: arXiv
Reihe: Cryptography and Security
Kollation: 18 Seiten
DOI: 10.48550/arXiv.1801.05764
URL / URN: http://arxiv.org/abs/1801.05764
Kurzbeschreibung (Abstract):

Despite years of intensive research in the field of software vulnerabilities discovery, exploits are becoming ever more common. Consequently, it is more necessary than ever to choose software configurations that minimize systems' exposure surface to these threats. In order to support users in assessing the security risks induced by their software configurations and in making informed decisions, we introduce M-STAR, a Modular Software Trustworthiness ARchitecture and framework for probabilistically assessing the trustworthiness of software systems, based on evidence, such as their vulnerability history and source code properties. Integral to M-STAR is a software trustworthiness model, consistent with the concept of computational trust. Computational trust models are rooted in Bayesian probability and Dempster-Shafer Belief theory, offering mathematical soundness and expressiveness to our framework. To evaluate our framework, we instantiate M-STAR for Debian Linux packages, and investigate real-world deployment scenarios. In our experiments with real-world data, M-STAR could assess the relative trustworthiness of complete software configurations with an error of less than 10%. Due to its modular design, our proposed framework is agile, as it can incorporate future advances in the field of code analysis and vulnerability prediction. Our results point out that M-STAR can be a valuable tool for system administrators, regular users and developers, helping them assess and manage risks associated with their software configurations.

Freie Schlagworte: Solutions, S1
Zusätzliche Informationen:

1. Version

Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Security Engineering
20 Fachbereich Informatik > Telekooperation
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Hinterlegungsdatum: 06 Sep 2018 14:17
Letzte Änderung: 19 Dez 2024 08:34
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen