A Review on Software Quality Forensics: Techniques, Challenges, and Limitations
Article Sidebar
Main Article Content
Abstract
Software quality forensics plays a vibrant role related to software quality, security, and integrity. The paper aims to derive a software quality forensics model through existing software quality models and their factors. The papers explore quality models, factors, approaches, tools, techniques, and standards regarding software quality investigation and confine the research area for software quality integrity breach forensics. The explore the deviations of quality attributes, standards, factors, and artifacts, it leads to further investigation of root-cause followed by digital evidence procedure for alleged software quality issues. Therefore, there is a need for a software quality forensics model and dedicated standards to fulfill the digital evidence procedure validation, satisfiable, and prosecution in the court of law in the context of alleged or illegal activity investigation quality of software. The paper has derived the techniques, challenges, and limitations of software quality forensics based on the review of research questions.
Article Details
References
"What you need to know about software liability," Insureon.com. Available:https://www.insureon.com/blog/what-you-need-to-know-about-software-liability.
Archive.org. [cited,2023 July 14]. Available from: https://web.archive.org/web/20071212183729/http://neptune.netcomp.monash.edu.au/cpe9001/assets/readings/www_uguelph_ca_~tgallagh_~tgallagh.html.
V. Bhattathiripad, Judiciary-Friendly Forensics of Software Copyright Infringement, Appendix 1: Challenges in Software Quality Forensics and Litigation-A Case Study. IGI Global, 2014.
Alan Gillies Gillies, "Software Quality: Theory and Management," Morrisville, NC, USA: Lulu Press, 2011.
A.J. Suali, S. S. M. Fauzi, Mhmwawm Nasir, and I. K. Raharjana, "Software Quality Measurement in Software Engineering Project: A Systematic Literature Review," Journal of Theoretical and Applied Information Technology, vol. 97, pp. 918–929, 2019.
D. Winkler, S. Biffl, D. Mendez, and M. Wimmer, "Software Quality: Future Perspectives on Software Engineering Quality: 13th International Conference, SWQD 2021," J. Bergsmann, Ed. Vienna, Austria; New York, NY, USA: Springer International Publishing, 2021.
G. Lacerda, F. Petrillo, M. Pimenta, and Y. G. Guéhéneuc, "Code smells and refactoring: A tertiary systematic review of challenges and observations," Journal of Systems and Software, vol. 167, p. 110610, 2020. Available: http://dx.doi.org/10.1016/j.jss.2020.110610.
I.Atoum, "A novel framework for measuring software quality-in-use based on semantic similarity and sentiment analysis of software reviews," Journal of King Saud University: Computer and Information Sciences, vol. 32, no. 1, pp. 113–125, 2020. [Online]. Available: http://dx.doi.org/10.1016/j.jksuci.2018.04.012.
T. Hynninen, J. Kasurinen, and O. Taipale, "Framework for observing the maintenance needs, runtime metrics and the overall quality-in-use," Journal of Software Engineering and Applications, vol. 11, no. 04, pp. 139–152, 2018. [Online]. Available: http://dx.doi.org/10.4236/jsea.2018.114009
M. N. Alim, T. Hapsari, and L. Purwanti, "The Effect of Competence and Independence on Audit Quality with Auditor Ethics as Moderating Variables," in National Accounting Symposium X, Makassar, Indonesia, 2007.
L. Pasquale, D. Alrajeh, C. Peersman, T. Tun, B. Nuseibeh, and A. Rashid, "Towards forensic-ready software systems," in Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results, New York, NY, USA: ACM, 2018.
Jan H. P. Eloff &Madeleine Adrienne Bihina Bella, "Methodology for Investigating Software Failures Using Digital Forensics and Near-Miss Analysis," Software Failure Investigation. pp.39–56, 2018. [Online]. Available: http://dx.doi.org/10.1007/978-3-319-61334-5_4
M. A. B. Bella and J. H. P. Eloff, "A near-miss management system architecture for the forensic investigation of software failures," Forensic science international, vol. 259, pp. 234–245, 2016. [Online]. Available: http://dx.doi.org/10.1016/j.forsciint.2015.10.007.
A.Bassey and J. Ekanem, "Application of Reverse Engineering Technique in Software Forensic Analysis to Detect Infringements," in Proceedings of the World Congress on Engineering 2021, WCE 2021, 2021.
P. Juniawan, "E-Voting Software Quality Analysis with McCall’s Method," in 8th International Conference on Cyber and IT Service Management (CITSM), 2020, pp. 1–5.
G. L. Saini, D. Panwar, S. Kumar, and V. Singh, "A systematic literature review and comparative study of different software quality models," Journal of Discrete Mathematical Sciences and Cryptography, vol. 23, no. 2, pp. 585–593, 2020. [Online]. Available: http://dx.doi.org/10.1080/09720529.2020.1747188.
E. Guveyi, M. S. Aktas, and O. Kalipsiz, "Human factor on software quality: A systematic literature review," in Computational Science and Its Applications - ICCSA 2020, Cham: Springer International Publishing, 2020, pp. 918–930.
S. S. Rathore and S. Kumar, "An empirical study of ensemble techniques for software fault prediction," Applied Intelligence, vol. 51, no. 6, pp. 3615–3644, 2021. [Online]. Available: http://dx.doi.org/10.1007/s10489-020-01935-6
S. Oveisi, M. A. Farsi, M. Nadjafi, and A. Moeini, "A New Approach to Promote Safety in the Software Life Cycle," Journal of Computer & Robotics, vol. 12, no. 1, pp. 77–91, 2019.
C. Johnson, "Forensic software engineering: Are software failures symptomatic of systemic problems?" Computer science, vol. 40, no. 9, pp. 835–847, 2002. [Online]. Available: http://dx.doi.org/10.1016/s0925-7535(01)00086-8.
L. Hatton, "Forensic Software Engineering: An Overview," 2004. [Online]. Available: https://www.leshatton.org/Documents/fse_Dec2004.pdf
D. Rowley and S. Ramakrishnan, "Forensic applications of software analysis," in Law and Technology, Taipei, 2002, pp. 7–9.
M. Abu Talib, "Towards early software reliability prediction for computer forensic tools (case study)," Springerplus, vol. 5, no. 1, p. 827, 2016. [Online]. Available: http://dx.doi.org/10.1186/s40064-016-2539-0
E. Imwinkelried, "Computer Source Code: A Source of the Growing Controversy Over the Reliability of Automated Forensic Techniques," 2002.
L. Daubner, R. Matulevi?ius, and B. Buhnova, "A model of qualitative factors in forensic-ready software systems," in Lecture Notes in Business Information Processing, Cham: Springer Nature Switzerland, pp. 308–324,2023.
R. Khelifi, R. Alnanih, and M. Abu Talib, "Application of quality in use model to assess the user experience of open-source digital forensics tools," International Journal of Electronic Security and Digital Forensics, vol. 12, no. 1, pp. 1–19, 2020. [Online]. Available: http://dx.doi.org/10.1504/ijesdf.2020.10025165.
G. Tully, N. Cohen, D. Compton, G. Davies, R. Isbell, and T. Watson, "Quality standards for digital forensics: Learning from experience in England & Wales," Forensic Science International: Digital Investigation, vol. 32, p. 200905, 2020. [Online]. Available: http://dx.doi.org/10.1016/j.fsidi.2020.200905
P. Sommer, "Accrediting digital forensics: What are the choices?" Digital Investigation, vol. 25, pp. 116–120, 2018. [Online]. Available: http://dx.doi.org/10.1016/j.diin.2018.04.004
ISO/IEC/IEEE Approved Draft Standard - Systems and Software Engineering -- Life Cycle Management -- Part 6: Systems and Software Integration. ISO/IEC/IEEE P24748-6/FDIS. 2023; 9:1–56.
ISO 25010, "Software Engineering - Software product Quality Requirements and Evaluation (SQuaRE) - System and software quality models," 2011.
B. W. Boehm, J. R. Brown, and M. Lipow. quantitative evaluation of software quality. International Conference on Software Engineering, Proceedings of the 2nd international conference on Software engineering(2nd):592– 605, 1976.
J. P. Cavano and J. A. McCall, "A framework for the measurement of software quality," Perform Eval Rev, vol. 7, no. 3–4, pp. 133–139, 1978. [Online]. Available: http://dx.doi.org/10.1145/1007775.811113
J. P. Miguel, D. Mauricio, and G. Rodriguez, "A review of software quality models for the evaluation of software products," arXiv [cs.SE], 2014.
R. Glott, "Quality models for Free/Libre Open-Source Software- towards the 'Silver Bullet'," in EUROMICRO Conference on Software Engineering and Advanced Applications IEEE Computer Society, 2010, pp. 439–446.
A. Madaehoh and T. Senivongse, "OSS-AQM: An open-source software quality model for automated quality measurement," in 2022 International Conference on Data and Software Engineering (ICoDSE), IEEE, 2022.
M. Miloševi?Ivana BjelovukTanja Kesi?,"Quality management system in forensic laboratories," [Online]. Kriminalisti?ko- policijska akademija, Beograd,2009, Available: https://core.ac.uk/download/pdf/196617864.pdf
"Forensic Science research and development technology working group: Operational requirements," National Institute of Justice. [Online]. Available:https://nij.ojp.gov/topics/articles/forensic-science-research-and-development-technology-working-group-operational.
S. Doyle, "A review of the current quality standards framework supporting forensic science: Risks and opportunities," WIREs Forensic Science, vol. 2, no. 3, 2022. [Online]. Available: http://dx.doi.org/10.1002/wfs2.1365
P. Behnamghader, R. Alfayez, K. Srisopha, and B. Boehm, "Towards a better understanding of software quality evolution through commit-impact analysis," in 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS), IEEE, 2017.
A. Alvaro, E. S. de Almeida, A. M. L. de Vasconcelos, and S. R. de Lemos Meira, "Towards a software component quality model," Available:https://www.cin.ufpe.br/~if723/seminarios-2005-1/Component%20Quality%20Model-v2
N. Saari, "Software Supply Chain Monitoring in Containerised Open-Source Digital Forensics and Incident Response Tools," 2022.
D.Brecht, "Computer crime investigation using forensic tools and technology, "Available:https://resources.infosecinstitute.com/topic/computer-crime-investigation-using-forensic-tools-and-technology/
J. Brunty, "Validation of forensic tools and methods: A primer for the digital forensics' examiner," WIREs Forensic Science, 2022. [Online]. Available: http://dx.doi.org/10.1002/wfs2.1474
Y. Guo, J. Slay, J. Beckett, and T. Watson, "Validation and verification of computer forensic software tools—Searching Function," Digital Investigation, vol. 6, pp. S12–S22, 2009. [Online]. Available: http://dx.doi.org/10.1016/j.diin.2009.06.015
"New Approaches to Digital Evidence Processing and Storage," Grants.gov announcement number NIJ, 2014.
D. Rowley and S. Ramakrishnan, "Forensic applications of software analysis," in Law and Technology, ACTA Press, pp. 7–9, 2002.
B.C. Kreitzberg, B. Shneiderman. “FORTRAN Programming: A Spiral Approach. FORTRAN Programming: A Spiral Approach.” 1982.
A.Gray, “Software Forensics: Extending Authorship Analysis, Techniques to Computer Programs”, the Information Science Discussion. 1997.
H. Page, G. Horsman, A. Sarna, and J. Foster, "A review of quality procedures in the UK forensic sciences: What can the field of digital forensics learn?" Science Justice, vol. 59, no. 1, pp. 83–92, 2019. [Online]. Available: http://dx.doi.org/10.1016/j.scijus.2018.09.006
G. Horsman, "Tool testing and reliability issues in the field of digital forensics," Digital Investigation, vol. 28, pp. 163–175, 2019. [Online]. Available: http://dx.doi.org/10.1016/j.diin.2019.01.009.
Johnson C. Forensic software engineering: are software failures symptomatic of systemic problems? Computer science.2002;40(9):835–47.Avail,http://dx.doi.org/10.1016/s0925-7535(01)00086-8.
S. Sengupta, "Software and Data Integrity Failures - examples & prevention," Crashtest Security, 2022. [Online]. Available: https://crashtest-security.com/owasp-software-data-integrity-failures/
M. S. Fisher, "Software verification and validation: An engineering and scientific approach," Springer Science & Business Media, 2007.
"Contacting NIST | NIST," 2019. [Online]. Available: https://www.nist.gov/about-nist/contact-us
"Computer forensics tool testing program (CFTT),”, Available: https://www.unodc.org/e4j/data/_university_uni_/computer_forensics_tool_testing_program_cftt.html?lng=en&match.
Pratikso, Abdul Rochim, Rachmad Mudiyono, Adolf Situmorang. (2023). Stabilization of Expansive Soil with Lime, Fly Ash and Cement. International Journal of Intelligent Systems and Applications in Engineering, 11(4s), 491–497. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/2706
V. R. Kebande and H. S. Venter, "On digital forensic readiness in the cloud using a distributed agent-based solution: issues and challenges," Aust J Forensic Sci, vol. 50, no. 2, pp. 209–238, 2018. [Online]. Available: http://dx.doi.org/10.1080/00450618.2016.1194473.
A.B. Ekanem, "Assessment of Components Stability for Modernization Using Software Maturity Index," International Journal of Scientific Research and Engineering Studies (IJSRES), vol. 2, no. 12, 2015.
J. Ouriques, S. Felipe, G. Emanuela, and P. D. Cartaxo, "On the Influence of Model Structure and Test Case Profile on the Prioritization of Test Cases in the Context of Model-Based Testing," in Software Engineering (SBES), 2013.
J. M.Arafeen, H.Do., "Test case prioritization using requirements-based clustering”, In 2013 IEEE Sixth International Conference on Software Testing, Verification, and Validation. IEEE; 2013.
S.H. Kim and W.J. Kim, "Evaluation of software quality-in-use attributes based on analysis network process," Cluster Computing, vol. 22, no. S1, pp. 2101–2114, 2019. [Online]. Available: http://dx.doi.org/10.1007/s10586-018-2309-6
Y. Yongfeng, "Software Reliability Metrics Selecting Method Considering Software Integrity Level," Computer Science, vol. 38, no. 1, pp. 145–149, 2011.
Robert Roberts, Daniel Taylor, Juan Herrera, Juan Castro, Mette Christensen. Enhancing Collaborative Learning through Machine Learning-based Tools. Kuwait Journal of Machine Learning, 2(1). Retrieved from http://kuwaitjournals.com/index.php/kjml/article/view/177
R. P. Radhakrishnan, M. Shin, and P. Ogale, "Data integrity security spots detected by object reference," in 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC), IEEE, 2021.
M. Banday, "Ensuring Authentication and Integrity of Open-Source Software using Digital Signature," International Journal of Computer Applications NSC, vol. no. 4, pp. 11–14, 2011.
V. Guveiy and T. Aktas, "Secure software developing recommendations," in 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science, and Technology (PIC S&T), IEEE, 2019.
M. Tarigopula, "Integrity Verification of Applications on Radium Architecture," 2015.
T. Naks, M. A. Aiello, S. T. Taft, and N. Zheng. "Using SPARK to ensure system to Software Integrity: A case study" ACM SIGAda Ada Letters [Internet]. 2020;40(1):74–8. Available from: http://dx.doi.org/10.1145/3431235.3431241.
C.Lamb, S.Zacchiroli “Reproducible builds: Increasing the integrity of software supply chains. IEEE Software”. 2022;39(2):62–70. Available from: http://dx.doi.org/10.1109/ms.2021.3073045.
T. Khalid, "Dependability Model for Decomposition and Allocation of System Safety Integrity Levels of Software Quality International Review on Computers and Software”. 2015; 10:1110–9.
D.Stephen, H.Kim, A.Kim, “A Study of Blockchain based on Graph Database for Software Quality Measurement Integrity”.Information and Communication Technology Convergence. 2018.
I. Habli, R. Hawkins, T. Kelly. "Software safety: relating software assurance and software integrity”, International Journal of Critical Computer-Based Systems.2010;1(4):364. Available from: http://dx.doi.org/10.1504/ijccbs.2010.036605.
Y. Zheng, Y. Chunlin, F. Zhengyun, Z.Na “ Trust chain model and credibility analysis in software systems.” In: 2020 5th International Conference on Computer and Communication Systems (ICCCS). IEEE; 2020.
Bogen and D. Dampier, "Unifying computer forensics modeling approaches: a software engineering perspective," in Proceedings of the first international workshop on systematic approaches to digital forensic engineering, Taipei, pp. 7–9, 2005.
"Guide to software quality," Perforce Software. [Online]. Available: https://www.perforce.com/resources/guide-to-software-quality.
WWW.g2.com. [cited 2023]. Available from: https://www.g2.com/categories/digital-forensics
ISO/IEC 25010:2011 [Internet]. ISO. 2019 [cited 2023 Jul 14]. Available from: https://www.iso.org/standard/35733.html
IEEE (1012–2004), the Draft standard for software verification and validation IEEE P1012/D12.
IEEE 1012-2016 [Internet]. IEEE Standards Association. IEEE SA; [cited 2023 June 14]. Available from: https://standards.ieee.org/ieee/1012/5609/
B.Geary. Software quality testing: The parameters, methodologies, and tools [Internet]. Andplus.com. [cited 2023 Jul 14]. Available from: https://www.andplus.com/blog/software-quality-testing.
ISO.org. [cited 2023 Jun 11]. Available from: https://www.iso.org/ISO-IEC-17025-testing-and-calibration.
SWGDE “Establishing a Quality Management System for a Digital and Multimedia Organization under ISO,” 2021.
ISO 25000 standards [Internet]. Iso25000.com. [cited 2023 Jul 14]. Available from:https://iso25000.com/index.php/en/iso-25000-standards.
ISO - ICS [Internet]. ISO. 2019 [cited 2023 Jul 14]. Available from: http://www.iso.org/iso/iso_catalogue/
www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=44407.