AVAILABILITY AND RELIABILITY ANALYSIS OF COMPUTER SOFTWARE SYSTEMS CONSIDERING MAINTENANCE AND SECURITY ISSUES XIONG CHENG-JIE NATIONAL UNIVERSITY OF SINGAPORE 2011 AVAILABILITY AND RELIABILITY ANALYSIS OF COMPUTER SOFTWARE SYSTEMS CONSIDERING MAINTENANCE AND SECURITY ISSUES XIONG CHENG-JIE (B. Eng), WUHAN UNIVERSITY A THESIS SUBMITTED FOR THE DEGREE OF DOCTOR OF PHILOSOPHY DEPARTMENT OF INDUSTRIAL AND SYSTEMS ENGINEERING NATIIONAL UNIVERSITY OF SINGAPORE 2011 Acknowledgement First and foremost my greatest gratitude goes to my main supervisor, Prof. Xie Min, who supported me both in research and in practice all through my PhD candidature and whose wisdom is so charming that enlightened my research path. He is not only a well-respected advisor in research, but also more a spiritual tutor as well as a great friend. His knowledge and patience helped me transform from a beginner to a junior research without anxiety or frustration, which I am extremely grateful for. What is more, his noble personality and passion for research always spurs me to search more for research and life. I would have achieved much less if I had not been under his supervision. I am also heartily thankful to my co-supervisor, A/Prof. Ng Szu Hui, for her guidance and very detailed suggestions in my research, especially when I was undergoing the manuscript reviewing process. Her serious attitude towards research always reminds me to get rid of fickleness and utilitarianism, which was fatal in research. Her positive life style and friendliness also made me feel more inspired when I was her teaching assistant. I also gained lots of teaching experience from her. I am really grateful for her directions. Then I also want to express my gratefulness to the Department of Industrial and Systems Engineering and the National University of Singapore, for providing me scholarship and an excellent environment to study and research. I would have missed the most precious life experience if I had not won a chance to study in Singapore. I would like to thank A/Prof. Poh Kim Leng and Dr. NG Tsan Sheng, Adam, for serving as my oral qualification exam committee and provided me lots of deep insights for my further research. I also greatly thank Ms. Ow Lai Chun and Mr. Lau Pak Kai, for their excellent administrative and technical support to my PhD study. The warmest gratefulness also goes to A/Prof. Tang Loon Ching, who interviewed and encouraged me to join the Department of Industrial and System Engineering in Shanghai years ago. I would not be able to finish this thesis, or even to start writing this thesis, without their help. As a member of the Quality and Reliability Lab, I also benefited a lot from my lab mates. With all of them, I had a great post-graduate life for years. Special thanks goes to Li Yanfu and Shen Yan, who helped me a lot in life and at the same time in research, especially in research proposal and thesis writing. I would also like to thank Qian Yanjun, Yin Jun and Zhou Peng, for their help and advices that made my life and research easier. Finally, I would like to express my deepest thank to my parents, for their continuous encouragements and support for more than 20 years. Furthermore, to Mao Chengting, thank you for your understanding and encouragements. II Table of Contents Acknowledgement . I Summary . IV List of Tables . VII List of Figures VIII List of Notations and Acronyms . IX Chapter Introduction . 1.1 Focus of this thesis 1.2 Introduction to Quality Metrics of Computer Software Systems 1.2.1 Software Reliability . 1.2.2 Software Availability . 1.2.3 Software Service Reliability 1.3 External Factors Affecting Software Quality 1.3.1 Software Maintenance 1.3.2 Malicious Software 1.4 Research Motivation . 1.5 Thesis Organization Chapter Literature Review 10 2.1 Reviews on Software Reliability Modelling . 10 2.1.1 Basic Software Reliability Models . 10 2.1.2 Software Reliability Model Extensions . 22 2.2 Reviews on Software Availability Related Problems . 25 2.2.1 Software Maintenance and Software Availability . 26 2.2.2 Software Availability Assessment . 32 2.2.3 Malicious Software and Its Impact on Software Quality . 36 Chapter Software Availability Modelling and Application Extensions 40 3.1 Introduction . 40 I 3.2 Software Maintenance Activities and Software Availability 43 3.2.1 Decomposition of Software Maintenance Activities . 43 3.2.2 Software Maintenance Efforts and Software Maintenance Modeling . 46 3.2.3 Software Maintenance Modeling—A Numerical Example . 51 3.2.4 Validation of Software Maintenance Modelling 57 3.2.5 Software Availability Modeling Considering Software Maintenance . 58 3.3 Software Maintenance Policy Considering Software Availability Constraints 67 3.3.1 Re-investigation on Software Maintenance and Software Maintenance Policy 67 3.3.2 Software Maintenance Policy Modeling with Consideration of Software Availability and Cost Constraints 71 3.3.3 Validation of Policy Optimality—A Numerical Example . 75 3.4 Summary and Conclusion Remarks 80 Chapter Software Availability Assessment of N-version Programming Systems 82 4.1 Introduction . 82 4.2 Software Availability Modeling of N-version Programming Systems . 85 4.2.1 Structure Decomposition of N-version Programming Systems . 86 4.2.2 Proposed Model of Software Availability of N-version Programming Systems . 89 4.3 Impact of N-version Programming on Software Availability . 98 4.3.1 Failure and restoration rates for different versions of software . 98 4.3.2 Impact of N-version Programming on Software Availability: A Simulation Approach 101 4.3.3 Optimal Software Structure under Software Availability and Budget Constraints 112 Chapter Quality Degradation Analysis of Distributed Software Systems Considering Malware Attack . 119 5.1 Introduction . 120 5.2 Distributed Software Systems and Malware Epidemics: The Homogeneous Scenario 122 5.2.1 Modelling of Distributed System under Malware Attack: The Homogeneous Scenario . 123 5.2.2 Derivation of Software Service Reliability and Software Availability 129 5.2.3 Numerical Examples 131 5.3 Distributed Software Systems and Malware Epidemics – A Revisit 134 5.3.1 A Continuum State Reliability Model of Individual Nodes . 135 5.3.2 Virus Epidemic Model: The General Scenario 138 II 5.3.3 An Illustrative Example . 140 5.4 Service Reliability Modeling of Distributed System Considering Malware Epidemics . 145 5.4.1 Service Reliability Model without Communication Channel Failure 146 5.4.2 Service Reliability Model with Communication Channel Failure . 149 5.4.3 Computation of Service Reliability 151 5.4.4 A Numerical Example 153 Chapter Conclusions and Future Works . 160 6.1 Conclusions and Contributions . 160 6.2 Directions of Future Research . 162 Bibliography . 165 Appendix Service Reliability Calculation Algorithm 179 III Summary Reliability and availability have long been considered as critical metrics of high quality software systems. However, as plenty of research efforts have been devoted into the field of software reliability, only a little has been documented in the aspect of software availability. In the mean time, traditional ways of analyzing software quality often ignores the impact of environmental factors, such as software maintenance and software security issues. Realizing the importance of software availability to software quality study, this thesis first focuses on the modeling of software availability and some application extensions (Chapter 3). Then the model is further extended to analyze the availability issues of fault-tolerant software systems (Chapter 4), followed by a quality analysis of distributed software system considering malicious software attack (Chapter 5). The primal focus of this thesis is to develop a proper model to assess availability of software systems by analyzing feedback data (Chapter 3). To achieve this purpose, the origination of software availability problems is first analyzed. We assert that software maintenance is solely responsible for causing software availability problems and a rate-based model for describing software maintenance process is proposed. Based on the maintenance model, we incorporate the existing NHPP software failure models and propose a general approach for systematically calculating software availability. In order to check the effectiveness IV of our proposed models, we apply our model to a real-life industrial case to show its ability in helping seeking the optimal software maintenance policies. Besides the general modeling for calculating software availability, we also investigated the availability problems of fault-tolerant software systems (Chapter 4). The N-version programming technique is covered in this thesis and we proposed a Markov chain based software availability model to assess the availability of this special kind of software system. Interactions among different versions are explicitly considered and analyzed. Numerical analysis clearly reveals the positive impact of the N-version technique on enhancing software availability and we also propose a method for determining the optimal software structure from the availability costeffectiveness point of view. Moreover, as the threat of malicious software increases day by day with the quick popularization of internet, the analysis of the relationship between software quality degradation and malicious software attack forms another important part of this thesis. Hence, Chapter analyzed the problem of quality degradation of distributed software systems by considering malicious software attack. We first analyze the spreading path of malicious software within distributed software systems via the Markovian approach and derive the availability and reliability metrics of the system. Due to the difficulty in mathematical tractability of Markovian models, we revisit the malicious software epidemic problem using the continuum state model, which simplifies the mathematical calculation and provides us a highly abstract view of the whole distributed system. A general model of virus epidemic within distributed software systems is proposed based on the continuum state model, based on which software quality metrics is easy V to obtain. Furthermore, we derive and propose an algorithm for computing the service reliability, which is easy for computer utilization. VI Bibliography Chan T., S. Chung S., Ho T. (1996).'An Economic Model to Estimate Software Rewriting and Replacement Times', IEEE Transactions on Software Engineering., vol. 22, no. 8, pp. 580598 Chandy K.M., Lamport L. (1985).'Distributed snapshots: determining global states of distributed systems', ACM Transactions on Computer Systems, 3(1), pp.63–75. Chang Y.C., Liu C.T. (2009).'A generalized JM model with applications to imperfect debugging in software reliability', Applied Mathematical Modelling, 33(9), pp.3578-3588 Chapin N., Hale J., Khan K., Ramil J., Tan W.G. (2001).'Types of software evolution and software maintenance', Journal of Software Maintenance and Evolution: Research and Practice, 13(1), pp.3–30 Chatterjee S., Misra R.B., Alam S.S. (2004).'N-version programming with imperfect debugging', Computers and Electrical Engineering, 30, pp.453-463 Chen L., Avizienis A. (1978).'N-version programming: a fault tolerance approach to the reliable software', Proc. of the 8th International Symposium Fault-Tolerant Computing, IEEE, New York, pp.3-9 Chen T.Y., Kuo F.C., Liu H. (2009).'Application of a Failure Driven Test Profile in Random Testing', IEEE Transactions on Reliability, 58(1), pp.179-192 Chiu K.C., Ho J.W., Huang Y.S. (2009).'Bayesian updating of optimal release time for software systems', Software Quality Journal, 17(1), pp.99-120 Chiu K.C., Huang Y.S., Lee T.Z., (2008).'A study of software reliability growth from the perspective of learning effects', Reliability Engineering & System Safety, 93(10), pp. 14101421 Chivers H., Clark J.A., Cheng P.C. (2009).'Risk profiles and distributed risk assessment', Computers & Security, 28(7), pp.521-535. Christodorescu, M., Jha, S., & Kruegel, C. (2007).'Mining specifications of malicious behavior', In Proceedings of ESEC/FSE07, pp. 5–14 Cleland-Huang J., Chang C.K, Christensen M. (2003).'Event-Based Traceability for Managing Evolutionary Change', IEEE Transactions on Software Engineering, vol. 29 D. Gefen D., Scheberger S.L. (1996).'The NonHomogeneous Maintenance Periods: A Case Study of Software Modifications', Proc. 1996 Int‘l Conf. Software Maintenance (ICSM ‘96), pp. 134-141 Dai Y.S., Levitin G. (2007).'Optimal resource allocation for maximizing performance and reliability in tree-structured grid services', IEEE Transactions on Reliability, 56(3), pp.444453 Dai Y.S., Xie M, Poh K.L., Ng S.H. (2004).'A model for correlated failures in N-version programming', IIE Transactions, 36:12, pp.1183-1192 Dai Y.S., Xie M., Poh K.L. (2008).'Availability modeling and cost optimization for the grid resource management system', IEEE Transactions on Systems Man and Cybernetics Part aSystems and Humans, 38(1), pp.170-179. Dai Y.S., Xie M., Poh K.L., Liu G.Q. (2003).'A study of service reliability and availability for distributed systems'. Reliability Engineering and System Safety, 79, pp.103–112 Dai, Y.S., Wang, X.L. (2006).'Optimal resource allocation on grid systems for maximizing service reliability using a genetic algorithm', Reliability Engineering & System Safety, 91(9), pp.1071-1082 167 Bibliography Darcy D.P., Palmer J.W. (2006). 'The Impact of Modeling Formalisms on Software Maintenance', IEEE Transactions on Engineering Management, 53, No.4, pp.583-596 den Besten M., Dalle J.M., Galia F. (2008).'The allocation of collaborative efforts in open-source software', Information Economics and Policy, 20(4), pp.316-322 Dick S., Bethel C.L., Kandel A. (2007).'Software-reliability modeling: The case for deterministic behavior', IEEE Transactions on Systems Man and Cybernetics Part A-Systems and Humans, 37:1, pp.106-119 Dugan J.B., Lyu M.R. (1994).'System reliability analysis of an N-version programming application', IEEE Transactions on Reliability, 43, No. 4, pp.513–519 Eierman M.A., Dishaw M.T. (2007). 'The process of software maintenance: a comparison of object-oriented and third-generation development languages', Journal of Software Maintenance and Evolution: Research and Practice, No.19, pp.33–47 El-Sebakhy E.A. (2009).'Software reliability identification using functional networks: A comparative study', Expert Systems with Applications, 35(2), pp.4013-4020 Fahmy H. M. A. (2001).'Reliability evaluation in distributed computing environments using the AHP', Computer Networks, 36, pp.597-615. Farr W. (1996).'Software reliability modeling survey: Handbook of Software Reliability Engineering, ed. M.R. Lyu', New York, McGraw-Hill, pp.71-117 Feller J., Fitgerald B., Hissam S., Lakhani K. (2005).'Perspectives on Free and Open Source Software', MIT Press: Cambridge, MA Feng M., Gupta R. (2009).'Detecting Virus Mutations Via Dynamic Matching', Proc. IEEE International Conference on Software Maintenance, pp.105-114 Feng, Q., Mookerjee, V.S., Sethi, S.P. (2006).'Optimal policies for the sizing and timing of software maintenance projects', European journal of Operational Research, 173, pp.10471066 Fioravanti F., Nesi P. (2001).'Estimation and Prediction Metrics for Adaptive Maintenance Effort of Object-Oriented Systems', IEEE Transactions on Software Engineering, vol. 27, no. 12, pp. 1062-1084 Franks G., Al-Omari T., Woodside M., Das O., Derisavi S. (2009).'Enhanced Modeling and Solution of Layered Queueing Networks', IEEE Transactions on Software Engineering, 35(2), pp.148-161 Fujiwara T., Yamada S. (2003).'A testing-domain-dependent software reliability growth model for imperfect debugging environment and its evaluation of goodness-of-fit', Electronics and Communications in Japan Part III-Funamental Electronic Science, 86(1), pp.11-18 Ghosh S. (2007).'Distributed Systems–An Algorithmic Approach', Chapman & Hall/CRC3 Giffin J. (2010).'The Next Malware Battleground', IEEE SECURITY & PRIVACY Volume: Issue: Pages: 74-76 Glass R.L., Noiseux R.A. (1981).'Software Maintenance Guidebook', Prentice-Hall Goel A.L. (1985).'Software reliability models: assumptions, limitations, and applicability', IEEE Transactions on Software Engineering, 11, pp.1411-1423 Goel, A.L., Okumoto, K. (1979). ‗Time-dependent error-detection rate model for software and other performance measures‘, IEEE Transactions on Reliability, 28, pp.206-211 Goirizelaia I., Huarte M., Unzilla J., Selker T. (2008).'An optical scan e-voting system based on N-version programming', IEEE Security & Privacy, 6(3), pp.47-53 168 Bibliography Gokhale S.S., Lyu M.R. (2005).'A Simulation Approach to Structure-Based Software Reliability Analysis', IEEE Transactions on Software Engineering, 31, No. 8, pp.643-656 Gokhale S.S., Lyu M.R., Trivedi K.S. (2004).'Analysis of Software Fault Removal Policies Using a Non Homogeneous Continuous Time Markov Chain', Software Quality Journal, 12, pp.211-230 Gokhale S.S., Lyu M.R., Trivedi K.S. (2006).'Incorporating fault debugging activities into software reliability models: A simulation approach', IEEE Transactions on Reliability, Vol. 55, No. 2, pp.281-292 Gokhale S.S., Trivedi K.S. (1999).'A time/structure based software reliability model', Annals of Software Engineering 8, pp.85–121 Gregersen A.R., Jorgensen B.N. (2009).'Dynamic update of Java applications-balancing change flexibility vs programming transparency', Journal of Software Maintenance, Vol 21, 2, pp.81112 Gupta A., Kuppili P., Akella A., Barford P. (2009).'An Empirical Study of Malware Evolution', Proc. 1st International Conference on Communications Systems and Networks, pp.356-365 Gutjahr W.J. (2001).'A reliability model for nonhomogeneous redundant softare versions with correlated failures', Computer Systems Science and Engineering, 16, pp.361-270 Gutjahr W.J., Uchida G. (2002).'A branch-and-bound approach to the optimization of redundant software under failure correlation', Computers and Operations Research, 29(13), pp.17731791 Gyimothy T., Ferenc R., Siket I. (2005).'Empirical validation of object-oriented metrics on open source software for fault prediction', IEEE Transactions on Software Engineering, 31(10), pp.897-910 Hamill M., Goseva-Popstojanova K. (2009).'Common Trends in Software Fault and Failure Data', IEEE Transactions on Software Engineering, 35(4), pp.484-496 Hanebutte N., Oman P.W. (2005).'Software vulnerability mitigation as a proper subset of software maintenance', Journal of Software Maintenance and Evolution: Research and Practice, 17, pp.379-400 Hassan A.E., Holt R.C. (2004).'Predicting Change Propagation in Software Systems', Proc. 20th Int‘l Conf. Software Maintenance, pp. 284-293 Hausken K. (2008).'Strategic defense and attack for series and parallel reliability systems', European Journal of Operational Research, 186(2), pp.856-881. Hewett R., Kijsanayothin P., (2009).'On modeling software defect repair time', Empirical Software Engineering,, Vol 14: pp. 165-186 Ho J.W., Fang C.C., Huang Y.S., (2008).'The determination of optimal software release times at different confidence levels with consideration of learning effects', Software Testing Verification & Reliability, 18(4), pp.221-249 Huang C.Y. (2004).'Cost-reliability-optimal release policy for software reliability models incorporating improvements in testing efficiency', The Journal of Systems and Software, 77, pp.139–155 Huang C.Y., Kuo S.Y., Lyu M.R. (2007).'An Assessment of Testing-Effort Dependent Software Reliability Growth Models', IEEE Transactions on Reliability, 56, NO. 2, pp.198-211 Huang C.Y., Kuo S.Y. (2002).'Analysis of Incorporating Logistic Testing-Effort Function to Software Reliability Modelling', IEEE Transactions on Reliability, 51, No.3, pp.261-270 169 Bibliography Huang C.Y., Lo J.H. (2006).'Optimal resource allocation for cost and reliability of modular software systems in the testing phase', The Journal of Systems and Software, 79, pp.653-664 Huang C.Y., Lyu M.R. (2005).'Optimal Release Time for Software Systems Considering Cost, Testing-Effort, and Test Efficiency', IEEE Transactions on Reliability, 54, No. 4, pp.583-591 Huang C.Y., Lyu, M.R. (2005).'Optimal Testing Resource Allocation, and Sensitivity Analysis in Software Development', IEEE Transaction on Reliability, 54, No. 4, pp.592-603 Huang Y., Kintala C., Kolettis N., Fulton N.D. (1995).'Software rejuvenation: analysis, module and applications',Proc. the 25th International Symposium on Fault-Tolerant Computing (FTCS-25), Asadena, CA Hwang S., Pham H. (2009).'Quasi-Renewal Time-Delay Fault-Removal Consideration in Software Reliability Modeling', IEEE Transactions on Systems Man and Cybernetics Part ASystems and Humans, 39(1), pp.200-209 Jacoby R., Tohma Y. (1991).'Parameter value computation by least square method and evaluation of software availability and reliability at service-operation by the hyper-geometric distribution software reliability growth model (HGDM)', Proc.the 13th international conference on Software engineering, Austin, Texas, USA, pp.226-237 Jansen S., Ballintijn G., Brinkkemper S., Nieuwland, A. (2006).'Integrated development and maintenance for the release, delivery, deployment, and customization of product software: a case study in mass-market ERP software', Journal of Software Maintenance and Evolution: Research and Practice, 18, pp.138-151 Jelinski, Z.,Moranda, P.B. (1972). 'Software reliability research'. Statistical Computer Performance Evaluation, Freiberger W (ed.), Academic Press, New York. , pp.465-484 Jiang L.T., Xu G.Z. (2007).'Modeling and analysis of software aging and software failure', The Journal of Systems and Software, 80, pp.590-595 Jung H.W., Goldenson D.R. (2009).'Evaluating the relationship between process improvement and schedule deviation in software maintenance', Information and Software Technology, 51(2), pp. 351-361 Kan, S.H. (2003).'Metrics and Models in Software Quality Engineering, 2nd edition', Addison Wesley, New York Kaner C., Falk J.L., Nguyen H.Q. (1999).'Testing Computer Software, 2nd Ed.',John Wiley and Sons, New York Kapur P.K., Goswami D.N., Bardhan A., Singh O.(2007).'Flexible software reliability growth model with testing effort dependent learning process', Applied Mathematics Modelling, pp.1298-1307 Kelly D. (2009).'Determining factors that affect long-term evolution in scientific application software', Journal of Systems and Software, Vol 82, 5, pp.851-861 Kerrouche A., Leighton J., Boyle W.J.O., Gebremichael Y.M., Sun T., Grattan K.T.V., Taljsten B. (2008).'Strain measurement on a rail bridge loaded to failure using a fiber bragg gratingbased distributed sensor system', IEEE Sensors Journal, 8(11-12), pp.2059-2065. Kim J.H., Kim Y H, Park J.C. (1982).'A modified Markov model for the estimation of computer software performance', Operations Research Letter I, pp.253-257 Knight J.C., Ammann P.E. (1985).'An experimental evaluation of simple methods for seeding program errors', Proc. The 7th International Conference on Software Engineering, pp.337-342 170 Bibliography Knight J.C., Leveson N.G. (1986). 'An experimental evaluation of the assumption of independence in multiversion programming', IEEE Transactions on Software Engineering, SE-12, No. 1, pp.96–109 Ko A.J., Myers B.A., Coblenz M.J., Aung H.H. (2006).'An Exploratory Study of How Developers Seek, Relate, and Collect Relevant Information during Software Maintenance Tasks', IEEE Transactions on Software Engineering 32(12), pp. 971-987, 2006 Kolter, J., & Maloof, M. (2004).'Learning to detect malicious executables in the wild', In Proceedings of KDD‘04. Kondakci S. (2008).'Epidemic state analysis of computers under malware attacks', Simulation Modelling Practice and Theory, 16(5), pp.571-584 Kondakci S. (2009).'A concise cost analysis of Internet malware', Computers & Security, 28(7), pp.648-659 Koskinen J., Salminen A., Paakki J.(2004).'Hypertext support for the information needs of software maintainers', Journal of Software Maintenance and Evolution: Research and Practice, 16,pp.187–215 Kounev S. (2006).'Performance modeling and evaluation of distributed component-based systems using Queueing Petri Nets', IEEE Transactions on Software Engineering, 32(7), pp.486-502 Kozlov D., Koskinen S., Sakkinen M, Markkula J. (2008).'Assessing maintainability change over multiple software releases', Journal of Software Maintenance and Evolution: Research and Practice, 20, pp.31-58 Kung H.J. (2004).'Quantitative Method to Determine Software Maintenance Life Cycle', Proc. 20th Int‘l Conf. Software Maintenance, pp. 232-241 Lai C.D., Xie M., Poh K.L., Dai Y.S., Yang P. (2002).'A model for availability analysis of distributed software/hardware systems', Information and Software Technology, 44, pp.343350. Langberg N., Singpurwalla N.D. (1985).'A unification of some software reliability models', SIAM J. Scientific and Statistical Computation, 6, pp.781-790 Laprie J.C., Arlat J., Beounces C., Kanoun K. (1990).'Definition and analysis of hardware- and software-fault-tolerant architectures', IEEE Computer, 23, No. 7, pp.39–51 Lee C.H., Lee S.M. Park D.H. (2005).'Evaluation of software availability for the imperfect software debugging model', International Journal of Systems Science, 36:11, pp.671 - 678 Lee C.H., Nam K.H., Park D.H. (2002).'Software profit model under imperfect debugging and optimal software release policy', IEICE Transactions on Informatin and Systems, E85D(5), pp.833-838 Lee Y., Larsen K.R. (2009).'Threat or coping appraisal: determinants of SMB executives' decision to adopt anti-malware software', European Journal of Information Systems, 18(2), pp.177-187 Lelarge M. (2010).'Economics of Malware: Epidemic Risks Model, Network Externalities and Incentives', Proc. 47TH Annual Allerton Conference on Communicaton, Control and Computing, 1(2), pp.1353-1360 Levitin G, Dai Y.S. (2007).'Performance and reliability of a star topology grid service with data dependency and two types of failure', IIE Transactions, 39(8), pp.783-794 171 Bibliography Levitin G. (2004).'Reliability and performance analysis for fault-tolerant programs consisting of versions with different characteristics', Reliability Engineering and System Safety, 86, pp.7581 Levitin G. (2005).'Optimal structure of fault-tolerant software systems', Reliability Engineering and System Safety, 89, pp.286–295 Levitin G. (2007).'Optimal defense strategy against intentional attacks', IEEE Transactions on Reliability, 56(1), pp.148-157. Levitin G., Ben-Haim H. (2008).'Importance of protections against intentional attacks', Reliability Engineering & System Safety, 93(4), pp.639-646. Levitin G., Hausken K. (2008).'Protection vs. Redundancy in homogeneous parallel systems', Reliability Engineering & System Safety, 93(10), pp.1444-1451. Levitin G., Xie M. (2006).'Performance distribution of a fault-tolerant system in the presence of failure correlation', IIE Transactions, 38:6, pp. 499 — 509 Liburd S. (2004). PhD Thesis. 'An N-version electronic voting system', Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science Lientz B,P., Swanson E.B. (1981).'Software Maintenance Management', Addison-Wesley, Reading, MA Lin C., Jiang X., Yin H., Wang Y. Z. , Hu Y.D. , Xiong B.B. (2009).'Optimizing availability and QoS of heterogeneous distributed system based on residual lifetime in uncertain environment', Journal of Supercomputing, 48(3), pp.243-263 Littlewood B., Miller D.R. (1989).'Conceptual modeling of coincident failures in multi-version software', IEEE Transactions on Software Engineering, 15, No. 12, pp. 1596–1614 Littlewood B., Verrall J.L.(1973).'A Bayesian reliability growth model for computer software', Applied Statistics, 22, pp.332-346 Liu C., Zhang X.Y., Han J.W. (2008).'A Systematic Study of Failure Proximity', IEEE Transactions on Software Engineering, 34(6), pp.826-843 Liu P.X., Zuo M.J., Meng Q.H. (2003).'Using neural network function approximation for optimal design of continuous-state parallel–series systems', Computers & Operations Research, 30(3), pp.339-352. Liu, B., Hsu,W., Ma, Y. (1998).'Integrating classification and association rule mining', In Proceedings of the fourth international conference on knowledge discovery and data mining (KDD-98), pp. 80–86 Long Q., Xie M., Ng S.H., Levitin G. (2008).'Reliability analysis and optimization of weighted voting systems with continuous states input', European Journal of Operational Research, 191(1), pp.238-250. Lutters W.G., Seaman C.B. (2007),'Revealing actual documentation usage in software maintenance through war stories', Information and Software Technology, 49, pp.576–587 Lyu M.R. (1996).'Handbook of Software Reliability Engineering', McGraw-Hill, New York Lyu M.R., Rangarajan S. (2002).'Optimal Allocation of Test Resources for Software Reliability Growth Modeling in Software Development', IEEE Transactions on Reliability, 51, No. 2, pp.183-192 Maciejewski H., Caban D. (2008).'Estimation of repairable system availability within fixed time horizon', Reliability Engineering and System Safety, 93, pp.100-106 Makela S., Leppanen V. (2009).'Client-based cohesion metrics for Java programs', Science of Computer Programming, Vol.74, 5-6, pp.355-378 172 Bibliography McClure C.L. (1981).'Managing Software Development and Maintenance', New York: Van Nostrand Reinhold Mende T., Koschke R., Beckwermert F. (2009).'An evaluation of code similarity identification for the grow-and-prune model', Journal of Software maintenance, Vol: 21, 2, pp.143-169 Microsoft. (2004).'Defining Malware: FAQ, http://technet.microsoft.com/enus/library/dd632948.aspx', accessed on Aug, 2010 Mitoya Y., Tokuno K., Yamada S. (2007).'Markovian software service availability measurement with imperfect debugging', Thirteenth ISSAT International Conference on Reliability and Quality in Design, Proceedings, pp. 58-62 Moranda P.B. (1979).'Event-altered rate models for general reliability analysis', IEEE Transactions on Reliability, R-28, pp.376-381 Moses J. (2009).'Should we try to measure software quality attributes directly? ',Software Quality Journal, Vol.17: 2, pp. 203-213 Munson J.B. (1981).'Software Maintainability: A Practical Concern for Lifecycle Costs', Computer, 14, pp.103-109 Murray W. (1988).'The application of epidemiology to computer viruses', Computer Security 7, pp.139–150. Nakagawa Y., Takenaka I.(1991).'Error complexity model for software reliability estimation', Transactions IEICE, J74-D-I, pp.379-386 Netcraft (2009).'February 2009 Web Server Survey. http://news.netcraft.com/archives/2009/02/18/february_2009_web_server_survey.html', accessed on Aug, 2010 Nicola V.F., Goyal A. (1990).'Modeling of correlated failures and community error recovery in multiversion software', IEEE Transactions on Software Engineering, 16, No. 3, pp.350–359 Ohba, M. (1984).'Software reliability analysis models', IBM Journal of Research and Development, 28, Vol.4, pp.428-443 Ohishi K., Okamura H., Dohi T. (2009).'Gompertz software reliability model: Estimation algorithm and empirical validation', Journal of Systems and Software, 82(3), pp. 535-543 Ouzineb M., Nourelfath M., Gendreau M. (2008).'Tabu search for the redundancy allocation problem of homogenous series–parallel multi-state systems‘, Reliability Engineering and System Safety, 93, pp.1257-1272 Parsons T., Mos A., Trofin M., Gschwind T., Murphy J. (2008).'Extracting Interactions in Component-Based Systems', IEEE Transactions on Software Engineering, 34(6), pp.783-799 Pham H. (1992).'Fault-Tolerant Software Systems: Techniques and Applications', IEEE Computer Society Press Pham H. (1999).'Wiley Encyclopedia of Electrical and Electronics Engineering, vol. 19', John Wiley and Sons, pp.565-578 Pham H., Nordmann L., Zhang X.M. (1999).'A ceneral imperfect-software-debugging model with S-shaped fault-detection rate', IEEE Transactions on Reliability, 48(2), pp.169-175 Pham, H. (1993).'Software reliability assessment: Imperfect debugging and multiple failure types in software development', EG&GRAMM- 10737, Idaho National Engineering Laboratory Pham, H. (2003). 'Software reliability and cost models: Perspectives, comparison, and practice', European Journal of Operation Research, 149, pp.475-489 Pickin S., Jard C., Jeron T., Jezequel J.M., Le Traon Y. (2007).'Test synthesis from UML models of distributed software', IEEE Transactions on Software Engineering, 33(4), pp.252-268 173 Bibliography Proenza J., Miro-Julia J., Hansson H. (2009).'Managing redundancy in CAN-based networks supporting N-Version Programming', Computer Standards & Interfaces, 31(1), pp.120-127 Puder A., Romer K, Pilhofer F. (2006).'Distributed Systems Architecture: A Middleware Approach', Morgan Kaufmann. Qin X.A., Xie T. (2008).'An availability-aware task scheduling strategy for heterogeneous systems', IEEE Transactions on Computer, 57, No. 2, pp.188-199 Raja U., Hale D.P., Hale J.E. (2009).'Modeling software evolution defects: a time series approach', Journal of Software Maintenance and Evolution-Research and Practice, 21(1), pp.49-71 Ramamoorthy C.V., Bastani, F.B. (1982). 'Software reliability – status and perspectives', IEEE Transactions on Software Engineering, 8, pp.354-371 Randell B. (1975).'System structure for software fault tolerance', IEEE Transactions on Software Engineering, 1, pp.220-232 Reza H. (2006).'A methodology for architectural design of concurrent and distributed software systems', Journal of Supercomputing, 37(3), pp.227-248. Rutherford M.J., Carzaniga A., Wolf A.L. (2008).'Evaluating test suites and adequacy criteria using simulation-based models of distributed systems', IEEE Transactions on Software Engineering, 34(4), pp.452-470, First presented in the 14th ACM SIGSOFT International Symposium on Foundations of Software Engineering, NOV, 2006 Portland, OR Sahin I., Zahedi F.M. (1999). 'Control limit policies for warranty, maintenance and upgrade of software systems', IIE Transactions, 33, No.9, pp.729-745 Sahin I., Zahedi F.M., (2001).'Policy analysis for warranty, maintenance, and upgrade of software systems', Journal of Software Maintenance and Evolution: Research and Practice, 13, pp.469-493 Schich G.J., Wolverton R.W. (1973).'Assessment of software reliability', Proc. of Operations Research, Physica-Verlag, Wurzburg-Wein, pp.395-442 Schick G.J, Wolverton R.W. (1978).'An analysis of competing software reliability models',IEEE Transactions on Software Engineering, SE-4, pp.104-120 Schneidewind N. (2008).'Comparison of Reliability and Testing Models', IEEE Transactions on Reliability, 57(4), pp.607-615 Schneidewind N.F. (1987).'The state of software maintenance'. IEEE Transactions on Software Engineering, 13, Vol.3, pp.303-310 Schneidewind N.F. (2007).'Experience report on using object-oriented design for software maintenance', Journal of Software Maintenance and Evolution: Research and Practice, 19, pp.183–201 Schultz, M., Eskin, E., & Zadok, E. (2001).'Data mining methods for detection of new malicious executables', In Security and privacy, 2001. Proceedings. 2001 IEEE symposium, pp. 38–49 Scott R.K., Gault J.W., McAllister D.F. (1987).'Fault-tolerant reliability modeling', IEEE Transactions on Software Engineering, SE-13, No. 5, pp.582–592 Sergiy A.V., Parnas D.L., Mendiratta V.B., Murphy E. (2008).'Computer Systems Availability Evaluation Using a Segregated Failures Model', Quality and Reliability Engineering International, 24, pp.447-465 Sha L., (2001).‘Using Simplicity to Control Complexity,‘ IEEE Software, vol. 18, no. 4, pp. 2028 174 Bibliography Shanthikumar J.G. (1981).'A general software reliability model for performance prediction', Microelectronics and Reliability, 21, pp.671-682 Shanthikumar J.G. (1984).'On a software availability model with imperfect maintenance', Operations Research Letters, 2, No.6, pp.285-290 Shyur H.J. (2003).'A stochastic software reliability model with imperfect-debugging and changepoint', The Journal of Systems and Software , 66, pp.135-141 Sneed H.M. (2004).'A Cost Model for Software Maintenance & Evolution', Proc. 20th International Conference on Software Maintenance, pp. 264- 273 Song Y.R., Jiang G.P. (2010).'Malware propagation in scale-free networks for the nodes with different anti-attack abilities', ACTA Physica Sinica, 59(2), pp.705-711 Sousa P., Bessani A.N., Correia M., Neves N.F., Verissimo P. (2010).'Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery', IEEE Transactions on Parallel and Distributed Systems, 21(4), pp.452-465 Stankovic N., Zhang K. (2002).'A distributed parallel programming framework', IEEE Transactions on Software Engineering, 28(5), pp.478-493 Sung, A., Xu, J., Chavez, P., Mukkamala, S. (2004).'Static analyzer of vicious executables (save)', In Proc. of the 20th annual Computer Security Applications Conference. Surisetty S., Kumar S. (2010).'Is McAfee SecurityCenter/Firewall Software Providing Complete Security for your Computer?', Proc. 4th International Conference on Digital Society, pp.178181 Swanson E.B. (1976).'The dimensions of maintenance', Proc. 2nd International Conference on Software Engineering, IEEE Computer Society Press: Los Alamitos CA, pp.492–497 Taboada H.A., Espiritu J.F., Coit D.W. (2008).'MOMS-GA: A multi-objective multi-state genetic algorithm for system reliability optimization design problems', IEEE Transactions on Reliability, 57, No. 1, pp.182-191 Tamai T., Torimitsu Y. (1992).'Software Lifetime and its Evolution Process over Generations', Proc. Conference on Software Maintenance , Orlando, Florida, pp. 63-69. Tamaru Y., Yamada S. (2009).'Optimization analysis for reliability assessment based on stochastic differential equation modelling for open source software', International Journal of System Science, 40(4), pp. 429-438 Tan Y., Mookerjee V.S. (2005).'Comparing Uniform and Flexible Policies for Software Maintenance and Replacement', IEEE Transactions on Software Engneering, 31, No.3, pp.238-255 Telang R., Wattal S. (2008).'An empirical analysis of the impact of software vulnerability announcements on firm stock price',IEEE Transactions on Software Engineering, 33(8), pp.544-557 Teng X., Pham H. (2002).'A Software Cost Model for Quantifying the Gain with Considerations of Random Field Environments', IEEE Transactions on Computers, 53, No. 3, pp.380-384 Tesauro, G., Kephart, J., Sorkin, G. (1996).'Neural networks for computer virus recognition', IEEE Expert, 11, pp.5–6. Thabtah, F. (2007).'Areview of associative classificationmining', TheKnowledge Engineering Review, 22(1) Thein T., Park J.S. (2009).'Availability Analysis of Application Servers Using Software Rejuvenation and Virtualization', Journal of Computer Science and Technology, 24(2), pp.339-346 175 Bibliography Thummalapenta S., Cerulo L., Aversano L., Di Penta M. (2010).'An empirical study on the maintenance of source code clones', Empirical Software Engineering 2010; 15(1):1-34 Tokuno K., Yamada S. (1999).'A summary of Markovian software availability modelling', Proc. Fifth ISSAT International Conf. Reliability and Quality in Design, pp.218-222 Tokuno K., Yamada S. (2003).'Relationship between Software Availability Measurement and the Number of Restorations with Imperfect Debugging', Computers and Mathematics with Applications, 46, pp.1115-1163 Tokuno K., Yamada S. (2007).'User-oriented and -perceived software availability measurement and assessment with environmental factors', Journal of the Operation Research Society of Japan, 50:4, pp. 444-462 Tokuno K., Yamada S. (2008).'Service-oriented Software Availability Model with Service Degradation', ICIM 2008: Proc. of the 9th International Conference on Industrial Management, pp.626-631 Trivedi A., Shooman M. (1975).'A many-state Markov model for the esimation and prediction of computer software performance parameters', Proc. 1975 Int. Conf. on Reliable Software, pp.208-220 Tsai C.H., Chang C.C. (2003),'Two Alternative Imperfect Multiaction Maintenance Models', Engineering Optimization, vol. 35, no. 2, pp. 215-227 Wang A.I., Arisholm E. (2009).'The effect of task order on the maintainability of object-oriented software', Information and Software Technology, 51(2), pp.293-305 Wang L.F., Singh C. (2008).'Reliability-constrained optimum placement of reclosers and distributed generators in distribution networks using an ant colony system algorithm', IEEE Transactions on Systems Man and Cybernetics Part C-Applications and Reviews, 38(6), pp.757-764. Wang S.J., Liu Q.M., Ma W.N. ,Dang B. (2009).'Analysis of a Mathematical Model for Worm Virus Propagation with time delay', Proc. 2nd International Conference on Environmental and Computer Science, pp.375-379 Wang, J., Deng, P., Fan, Y., Jaw, L., Liu, Y. (2003).'Virus detection using data mining techniques', In Proceedings of IEEE International Conference on Data Mining. Ware M.P., Wilkie F.G., Shapcott M. (2007).'The application of product measures in directing software maintenance activity', Journal of Software Maintenance and Evolution: Research and Practice 19, pp.133–154 Wattanapongskorn N., Coit D.W. (2007).'Fault-tolerant embedded system design and optimization considering reliability estimation uncertainty', Reliability Engineering and System Safety, 92, pp.395–407 Wattanapongskorn N., Levitan S.P. (2004).'Reliability optimization models for embedded systems with multiple applications', IEEE Transactions on Reliability, 53, No.3, pp.406-416 Wierman J. C., Marchette D. J. 2004. Modeling computer virus prevalence with a susceptibleinfected-susceptible model with reintroduction. Computational Statistics & Data Analysis, 45(1), 3-23. Xie L., Zhou J., Wang X. (2005).'Data mapping and the prediction of common cause failure probability', IEEE Transactions on Reliability, 54, No.2, pp.406-416 Xie M. (1990).'A Markov process model for software reliablity analysis', Applied Stochastic Models and Data Analysis, 6, pp.207-214 176 Bibliography Xie M., Bergman B. (1988).'On Modelling reliability growth for software', Proc the 8th IFAC Symposium on Identification and System Parameter Estimation Xie M., Dai Y. S., Poh K. L., Lai C. D. (2004).'Optimal number of hosts in a distributed system based on cost criteria', International Journal of Systems Science,35( 6), pp.343-353. Xie M., Yang B. (2003).'A Study of the Effect of Imperfect Debugging on Software Development Cost', IEEE Transactions on Software Engineering, 29, No. 5, pp.471-473 Xie, M. (1991).'Software reliability modelling', World Scientific Publisher, Singapore Yamachia H., Tsujimuraa Y., Kambayashia Y., Yamamoto H. (2006).'Multi-objective genetic algorithm for solving N-version program design problem', Reliability Engineering and System Safety ,Volume 91, Issue 9, pp.1083-1094 Yamada S., Osaki S.(1984).'Nonhomogeneous error detection rate models for software reliability growth', Stochastic Models in Reliability Theory, Springer-Verlag, Berlin, pp.120-143 Yang B., Hu H.J., Jia L.X. (2008).'A Study of Uncertainty in Software Cost and Its Impact on Optimal Software Release Time', IEEE Transactions on Software Engineering, 34(6), pp.813825 Ye Y.F., Li T., Huang K., Jiang Q.S., Chen Y. (2010).'Hierarchical associative classifier (HAC) for malware detection from the large and imbalanced gray list', Journal of Intelligent Information Systems, 35(1), pp.1-20 Ye Y.F., Li T., Jiang Q.S., Wang Y.Y. (2010).'CIMDS: Adapting Postprocessing Techniques of Associative Classification for Malware Detection', IEEE Transactions on Systems Man and Cybernetics Part C-Applications and Reviews, 40(3), pp.298-307 Ye, Y., Wang, D., Li, T., & Ye, D. (2007).'IMDS: Intelligent malware detection system', In Proceedings of ACM International Conference on Knowlege Discovery and Data Mining (SIGKDD 2007) Yi D., Lisnianski A. (2008).'Fuzzy universal generating functions for multi-state system reliability assessment', Fuzzy Sets and Systems, 159(3), pp.307-324 Yourdon E. (1980).'Structured Maintenance', Techniques of Program and System Maintenance, ed. By Parikh G. Yu L., Ramaswamy S. (2009).'Measuring the evolutionary stability of software systems: case studies of Linux and FreeBSD', IET Vol: 3: 1, pp. 26-36 Yu L., Schach S.R. (2008).'Applying association mining to change propagation', International Journal of Software Engineering and Knowledge Engineering, Vol:18: 8, pp.1043-1061 Yu L., Schach S.R., Chen K., Heller G.Z., Offutt J. (2006).'Maintainability of the kernels of open-source operating systems: A comparison of Linux with FreeBSD, NetBSD, and OpenBSD', The Journal of Systems and Software 79 pp.807–815, 2006 Zelkowitz M.V., Shaw A.C., Cannon J.D. (1979).'Principles of Software Engineering and Design', Prentice-Hall, Englewood Cliffs, NJ Zhang X.,Pham H. (2002).'Predicting operational software availability and its applications to telecommunication systems', International Journal of Systems Science, 33(11), pp.923-930 Zhang Y.L. (2008).'A geometrical process repair model for a repairable system with delayed repair', Computers and Mathematics with Applications, 55, pp.1629–1643 Zhang, X.M., Pham, H. (2006).'Software field failure rate prediction before software deployment', The Journal of Systems and Software, 79, pp.291-300 Zheng J. (2009).'Predicting software reliability with neural network ensembles', Expert Systems with Applications, 36(2), pp.2116-2122 177 Bibliography Zheng S. (2002).'Dynamic release policies for software systems with a reliability constraint', IIE transactions, 34, pp.253-262 Zou F.Z., Davis J. (2008).'Improving software reliability modeling using machine leaning techniques', International Journal of Software Engineering and Knowledge Engineering, 18(7), pp.102-117 178 Bibliography Appendix Service Reliability Calculation Algorithm Begin Rs (t )  P( E1 ) P(1  TE ) // initialize the system reliability, where P( E1 ) is the product of all links’ functioning probabilities in the 1st MTST: P( E )   pi1 , and P(1  TE ) can be obtained by directly i i using equation (5.29).   {} // initialize  which will be used to store the union of the events (E ) . For all  h*   s (1  h*  H )   [ E1      Eh*1 ] // let  store the union of the events (E ) that are the predecessors of the current event E h* . F  Reduction(, Eh* ) // F is the union of all preceding events (before E h* ) in which any link that is present in both E h* and any of its preceding events is deleted from those preceding events. S  Disjoint ( F ) // S is the sum of disjoint products representing F . This function is used to decomposes F into S to compute the probability of F . As F and E h* have no comment elements, the probability can be written as Bibliography P( E1      Eh*1  Eh* )  P( F  Eh* )  P( F ) P( Eh* ) Rs (t )  Rs (t )  P( Eh* ) P(S ) P(h*  TE ) End End Function Reduction(, Eh* ) // this function detects the links that appear in both  and E h* , and deletes those links from set  Begin for all li    (1  i  n ) // where n is the total number of links involved in the events union:  for all l hj*   h* (1  j  nh* ) // where nh* is the total number of links involved in the event: E h* if li  l hj* then ei  // to delete the links that appear in both  and E h* from set  , assign Boolean value of ‘1’ to those links end end F  // simplify the event union  with the Boolean values ‘1’ and assign it to F 180 Bibliography return F end function Function Disjoint ( F ) //this function decomposes the event F into a sum of disjoint products. It is noted that F has the following expression: F  E1( r )  E2( r )      Eh(*r)  ( E1( r )  E2( r )      Eh(*r) )   ( E1( r ) )   ( Eh(*r) ) where Ei(r ) is the reduced version of event E i (by applying the reduction function), and  is the exclusive operator. Begin S  ( E1( r ) ) // S is the set that stores the sum of disjoint products. This step initializes S . By the operation rule of exclusive operator, we have  ( E1( r ) )  e11  e11 e12  .  e11e12 .e1n1 e1n where n is the total number of links in the reduced event E1( r ) . for all  i  h * 1 // where (h * 1) is the total number of reduced events in the events union: F . // this step applies the operator  to decomposes Ei(r ) into S  S  ( Ei(r ) ) a sum of disjoint products. For instance,  ( Ei( r ) )  e1i  e1i e2i  .  e1i e2i .eni 1eni where n is the total number of links in the reduced event Ei(r ) . 181 Bibliography End Return S //expands S into the form of unions S  (e1 .en )  (e4 .em ) ) by the distributive low. End function 182 (e.g. [...]... quality of a software system Research in this area started from the technical point of view of software practitioners in software reliability (Jelinski and Moranda, 1972; Goel and Okumoto, 1979; Shanthikumar, 1981) and now has expanded to the consumers‘ point of view of software end users in software availability (Tokuno and Yamada, 2003) and software service reliability (Dai et al, 2003; Dai and Levitin,... most external factors, software maintenance and malicious software are of the most important factors that affect software quality 1.3.1 Software Maintenance Software maintenance is carried out during the operational phase and usually hampers normal software operation The software system usually cannot be online until software maintenance is done Two major characteristic of software maintenance is that... both software reliability and software service reliability What is more, for certain types of software such as open-source software, maintenance is so highly integrated with development that it is impossible to ignore the impact of software maintenance 1.3.2 Malicious Software The problem of software security has never been so severe, thanks to the prevailing Internet Malicious software, which is often... decade and are related to the foundations of this thesis Software reliability models and extensions serve as the basis of software quality research and this thesis is also motivated to extend the existing software quality research Thus, software reliability models will be reviewed first Then we focus on the problems of software availability The origination of software availability problem – software maintenance. .. namely correctness and timeliness This metric was proposed because together with software reliability and software availability, they represents three most basic requirements when people are using software systems – software needs to be correct (Reliability) ; software need to be accessible (Availability) and software needs to be stable (Service Reliability) 1.3 External Factors Affecting Software Quality... 2 Literature Review Software quality receives great attention of many software practitioners and various kinds of methods have been proposed to estimate software quality Other issues that directly affect software quality, such as software maintenance, software structure and software security issues have also been covered by many authors This chapter provides a detailed summary of the literature that... development of hardware technology and an increase population who are enjoying services provided by software, software availability related problems cannot be ignored (Tokuno and Yamada, 2003) 3 Chapter I Introduction When compared to software reliability, the literature in software availability is not vast and there is no standard definition of software availability Some authors regard software availability. .. Instant software availability at time t A i (t ) Average software availability over the period (0, t ] Di Initial hazard rate of sub version i Ei Initial failure restoration rate of sub version i Ctotal Total cost during the software operational cycle Co Cost of software operation Cm Cost of software maintenance Cr Risk cost if the software system is unavailable co Expected unit time cost of software. .. 1.2.1 Software Reliability There are many definitions of software reliability, but most authors consider that software reliability represents the probability of failure-free software operation for a specified period of time in a specified environment (Xie, 1991) Software reliability is widely regarded as the most important quality metrics and often used as an indicator for software release policy (Xie and. .. analysis of software systems cannot exclude external factors and many of the existing models do not provide satisfactory results in some occasions To overcome these drawbacks, it is necessary to take software maintenance, software structure and software security problems into the consideration of software quality metrics modeling As discussed above, many researchers have focused on three factors Software . II 3.2 Software Maintenance Activities and Software Availability 43 3.2.1 Decomposition of Software Maintenance Activities 43 3.2.2 Software Maintenance Efforts and Software Maintenance. traditional ways of analyzing software quality often ignores the impact of environmental factors, such as software maintenance and software security issues. Realizing the importance of software availability. 3.2.3 Software Maintenance Modeling—A Numerical Example 51 3.2.4 Validation of Software Maintenance Modelling 57 3.2.5 Software Availability Modeling Considering Software Maintenance 58 3.3 Software