Trust Distribution Diagrams

Concept

When we talk about comparing the trustworthiness of two different pieces of software, we have precious few metrics to ground this kind of discussion in reality. Some metrics like LoC (lines of code) seem attractive, but have little direct relationship to the trustworthiness of the software (at best they are a proxy for the number of expected vulnerabilities). On the other end of the spectrum, it is infeasible to undertake an exhaustive formal assurance process for every large, real-world piece of software, particularly in the presence of automated updates and program composition (e.g., Web 2.0 mashups). Trust Distribution Diagrams (TDDs) offer a visual language for understanding the amount and placement of trust relationships in a piece of software.

Publications

"Trust Distribution Diagrams: Theory and Applications". Michael E. Locasto, Steven J. Greenwald, and Sergey Bratus. Proceedings of the 4th Layered Assurance Workshop (LAW 2010). December 2010. Austin, TX, USA

[Paper (PDF)] [slides (PDF)]

Guide to Drawing TDDs

TDDs are not (yet) a formal language, so drawing them is a bit more of a craft than an exact science.

Diagrams

Here are a list of diagrams we have produced so far.
Software Category TDD Image TDD Complexity