文章首先应用系统工程定性定量的方法,以语言性质为基础,通过语义关系量化软件的动态运行过程,在整体上以软件元素及其关系架构起软件的系统关系结构,其次对软件结构的脆弱性进行数学建模,以变异S-粗集的演算对软件运行过程的迁移特性进行分析,建立软件元素运行过程的迁移方程式组,通过推导得到软件结构的随机概率特征值,度量出软件结构的脆弱性,然后给出了软件脆弱度的主动控制方法,以及软件攻击面和可信性的计算方法,并提出制定完备编程规范的工程规则.最后测试了两个开源软件对该方法进行验证,并系统地分析了实验过程和相关数据.%We present a systems engineering method to analyze software vulnerabilities.We constructed the relational structure of software systems with software elements through the function of semantic relations between them at run time, in which the dynamic operation processes of software are quantified by the semantic relations based on the common natures of languages. Using the structure, we built a mathematical model to describe the property of software transfer states during their operational processes upon calculus of variation S-rough sets. Within the model,systems of transfer equations are established to compute the transfer operation of software elements,from which we deduced the stochastic-probability eigenvalues of software structures to certain constants. By analyzing software structures' vulnerabilities, we dealt with the derivation of formulas that calculate attack surface and measure software credibility, and proposed rules to control software vulnerabilities actively and develop programming specifications completely. To verify the methodology this paper presents, two open source software were tested, and experimental data were analyzed systematically.
展开▼
