可信软件非功能需求形式化表示与可满足分析
作者:
基金项目:

国家自然科学基金(61262025,61502413,61379032,61262024);云南省自然科学基金(2012FB118,2012FB119);云南省教育厅科学研究基金(2015Z020);云南省软件工程重点实验室开放基金(2015SE202,2012SE308);云南大学"中青年骨干教师培养计划"专项经费;云南大学高水平创新团队"软件工程创新团队"专项经费


Formal Analysis to Non-Functional Requirements of Trustworthy Software
Author:
  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [65]
  • |
  • 相似文献
  • |
  • 引证文献
  • | |
  • 文章评论
    摘要:

    可信软件的可信性由其功能需求和非功能需求共同来体现,其中,非功能需求的实现是可信软件获得用户对其行为实现预期目标能力的信任程度的客观依据.针对可信软件的重要性以及对可信软件的迫切需求,在可信软件的早期需求工程阶段,提出可信软件非功能需求驱动的过程策略选取方法.首先,对可信软件需求进行定义,提出由功能需求和非功能需求中的可信关注点构成可信需求,非可信关注点的非功能需求则定义为软目标,用于表达质量需求,基于模糊集合论和信息熵对可信软件非功能需求进行排序并获取可信关注点和软目标.在此基础上,提出可信软件非功能需求驱动的过程策略选取方法.传统的软件早期需求工程阶段的目标是为了获取满足需求的技术及设计决策,与此不同,本文对可信软件非功能需求进行分析的目标是获取过程策略,从过程角度解决可信软件生产问题.由于非功能需求间复杂的相关关系,尤其是因为存在冲突关系,故提出了基于可满足性问题求解方法推理过程策略的方法,选取满足可信软件非功能需求的过程策略.最后,通过第三方可信认证中心软件的案例,说明所提出方法的可行性.

    Abstract:

    The trustworthiness of software is determined by both its functional requirements and non-functional requirements. Especially, the non-functional requirements are the determinants of the trustworthy software that show how it achieves the users' desired goals. Considering the importance of trustworthy software and the urgent needs for it, an approach to obtaining process strategies for trustworthy software in the early phase of requirements engineering is proposed. Firstly, the definition of trustworthy software requirements is defined as the combination of the trustworthiness requirements and the quality requirements. Trustworthiness requirements are defined as both functional requirements and trustworthiness concerns. Quality requirements are defined as soft goals. Then, based on fuzzy set theory and information entropy, acquisition method of trustworthiness concerns and soft goals is proposed. On this basis, process strategies for obtaining framework are proposed. Unlike the traditional early-phase requirements engineering which focuses on technical and design decisions, the aim of this study is to make process decisions to support trustworthy software development. In addition, to address the conflict relationships of the non-functional requirements, a reasoning method is developed for solving satisfiability problems of non-functional requirements in trustworthy software. Finally, through analyzing a trustworthy third-party certificate authority software case, feasibility of the proposed approach is described.

    参考文献
    [1] Liu K, Shan ZG, Wang J, He JF, Zhang ZT, Qin YW. Overview on major research plan of trustworthy software. Science Foundation of China, 2008,22(3):145-151 (in Chinese with English abstract). [doi: 10.3969/j.issn.1000-8217.2008.03.005]
    [2] Wang HM, Liu XD, Lang B, Xie B, Mao XG. Software trustworthiness classification specification (TRUSTIE-STC v2.0). Technical Report, School of Computer Science and Engineering, Beihang University, et al., 2009 (in Chinese).
    [3] Amoroso E, Taylor C, Watson J, Weiss J. A process-oriented methodology for assessing and improving software trustworthiness. In: Proc. of the ACM Conf. on Computer and Communications Security (CCS). 1994. 39-50. [doi: 10.1145/191177.191188]
    [4] Jin Z, Liu L, Jin Y. Software Requirements Engineering: Principles and Methods. Beijing: Science Press, 2008 (in Chinese).
    [5] Boehm B, In H. Identifying quality-requirement conflicts. Software, 1996,13(2):25-35. [doi: 10.1109/52.506460]
    [6] Tao HW. Research on the measurement models of software trustworthiness based on attributes [Ph.D. Thesis]. Shanghai: East China Normal University, 2011 (in Chinese with English abstract).
    [7] Moser T, Winkler D, Heindl M, Biffl S. Requirements management with semantic technology: An empirical study on automated requirements categorization and conflict analysis. In: Proc. of the Advanced Information Systems Engineering. LNCS 6741, 2011. 3-17. [doi: 10.1007/978-3-642-21640-4_3]
    [8] Mairiza D, Zowghi D. Constructing a catalogue of conflicts among non-functional requirements. In: Proc. of the Evaluation of Novel Approaches to Software Engineering, Communications in Computer and Information Science, Vol.230. Springer-Verlag, 2011. 31-44. [doi: 10.1007/978-3-642-23391-3_3]
    [9] Boehm B, Bose P, Horowitz E, Lee M. Software requirements as negotiated win conditions. In: Proc. of the ICRE'94. IEEE Computer Society Press, 1994. 74-83. [doi: 10.1109/ICRE.1994.292400]
    [10] Boehm B, Bose P, Horowitz E, Lee M. Software requirements negotiation and renegotiation aids: A theory—W based spiral approach. In: Proc. of the ICSE'95. New York: IEEE Computer Society Press, 1995. 243.
    [11] Boehm B, Egyed A, Port D, Shah A, Kwan J, Madachy R. A stakeholder win-win approach to software engineering education. Annals of Software Engineering, 1998,6(1-4):295-321. [doi: 10.1023/A:1018988827405]
    [12] Robinson W, Volkov S. A meta-model for restructuring stakeholder requirements. In: Proc. of the 19th Int'l Conf. on Software Engineering. Botson: IEEE Computer Society Press, 1997. 140-149. [doi: 10.1145/253228.253255]
    [13] In HP, Olson D, Rodgers T. Multi-Criteria preference analysis for systematic requirements negotiation. In: Proc. of the COMPSAC 2002. 2002. 887-892. [doi: 10.1109/CMPSAC.2002.1045118]
    [14] In HP, Olson D. Requirements negotiation using multi-criteria preference analysis. Journal of Universal Computer Science, 2004, 10(4):306-325.
    [15] Dardenne A, van Lamsweerde A, Fickas S. Goal-Directed requirements acquisition. Science of Computer Programming, 1993, 20(1,2):3-50. [doi: 10.1016/0167-6423(93)90021-G]
    [16] van Lamsweerde A, Darimont R, Letier E. Managing conflicts in goal-driven requirements engineering. IEEE Trans. on Software Engingeering, 1998,24(1):908-926. [doi: 10.1109/32.730542]
    [17] Mylopoulos J, Chung L, Nixon B. Representing and using nonfunctional requirements: A process-oriented approach. IEEE Trans. on Software Engineering, 1992,18(6):483-497. [doi: 10.1109/32.142871]
    [18] Chung L, Nixon BA. Dealing with non-functional requirements: Three experimental studies of a process-oriented approach. In: Proc. of the 17th Int'l Conf. on Software Engineering (ICSE). New York: ACM, 1995. 25-25.
    [19] Chung L, Nixon BA, Yu E, Mylopoulos J. Non-Functional requirements in software engineering. In: Victor RB, ed. Proc. of the Int'l Series in Software Engineering. New York: Springer-Verlag, 1999. 476.
    [20] Chung L, do Prado Leite JCS. On non-functional requirements in software engineering. In: Proc. of the Conceptual Modeling: Foundations and Applications. Berlin, Heidelberg: Springer-Verlag, 2009. 363-379. [doi: 10.1007/978-3-642-02463-4_19]
    [21] Yu E. Towards modeling and reasoning support for early-phase requirements engineering. In: Proc. of the 3rd IEEE Int'l Symp. on Requirements Engineering. 1997. 226-235. [doi: 10.1109/ISRE.1997.566873]
    [22] Castro J, Kolp M, Mylopoulos J. Towards requirements-driven information systems engineering: The Tropos project. Information Systems, 2002,27(6):365-389. [doi: 10.1016/S0306-4379(02)00012-1]
    [23] Amyot D, Mussbacher G. URN: Towards a new standard for the visual description of requirements. In: Proc. of the Telecommunications and Beyond: The Broader Applicability of SDL and MSC. Berlin, Heidelberg: Springer-Verlag, 2003. 21-37. [doi: 10.1007/3-540-36573-7_2]
    [24] Zhu MX, Luo XX, Chen XH, Wu DD. A non-functional requirements tradeoff model in trustworthy software. Information Science, 2012,191:61-75. [doi: 10.1016/j.ins.2011.07.046]
    [25] Wei B, Jin Z, Zowghi D, Yin B. Automated reasoning with goal tree models for software quality requirements. In: Proc. of the 2012 IEEE 36th Int'l Conf. on Computer Software and Applications Workshops (COMPSACW). 2012. 373-378. [doi: 10.1109/ COMPSACW.2012.73]
    [26] Sebastiani R, Giorgini P, Mylopoulos J. Simple and minimum-cost satisfiability for goal models. In: Proc. of the Advanced Information Systems Engineering. Berlin, Heidelberg: Springer-Verlag, 2004. 20-35. [doi: 10.1007/978-3-540-25975-6_4]
    [27] Giorgini P, Mylopoulos J, Sebastiani R. Goal-Oriented requirements analysis and reasoning in the tropos mehtodology. Engineering Applications of Artificial Intelligence, 2005,18(2):159-171. [doi: 10.1016/j.engappai.2004.11.017]
    [28] Horkoff J, Yu E. Finding solutions in goal models: an interactive backward reasoning approach. In: Proc. of the Conceptual Modeling (ER 2010). Berlin, Heidelberg: Springer-Verlag, 2010. 59-75. [doi: 10.1007/978-3-642-16373-9_5]
    [29] Horkoff J. Iterative, interactive analysis of agent-goal models for early requirements engineering [Ph.D. Thesis]. University of Toronto, 2012.
    [30] DoD (department of defense). Department of defense trusted computer system evaluation criteria (TCSEC). DoD 5200.28-STD. 1985. http://www.cerberussystems.com/INFOSEC/stds/d520028.htm
    [31] IEC. Int'l electrotechnical vocabulary—Chapter 191: Dependability. IEC 60050-191 Ed.2.0, 1990.
    [32] Howard M, Leblanc D. Writing Secure Code. Microsoft Press, 2002.
    [33] Howard M, Lipner S. The Secure Development Life-cycle. Microsoft Press, 2006.
    [34] Trusted Computing Group (TCG). TCG specification architecture overview. Revision 1.4. 2007. http://www.Trustedcomputing group.org
    [35] Littlewood B, Strigine L. Software reliability and dependability: A roadmap. In: Proc. of the Conf. on the Future of Software Engineering. IEEE, 2000. 175-188. [doi: 10.1145/336512.336551]
    [36] Schmidt H. Trustworthy components—Compositionality and prediction. The Journal of Systems and Software, 2003,65:215-225. [doi: 10.1016/S0164-1212(02)00045-6]
    [37] Neumann PG. Principled assuredly trustworthy composable architectures. Project Report, Computer Science Laboratory, SRI Int'l, 2004.
    [38] NSS2. Software 2015: A national software strategy to ensure U.S. security and competitiveness. 2005. http://www.cnsoftware.org/ nss2report/
    [39] Bernstein L, Yuhas C. Trustworthy Systems Through Quantitative Software Engineering. Vol.1, New York: Wiley-IEEE Computer Society Press, 2005.
    [40] Hasselbring W, Reussner R. Toward trustworthy software systems. Computer, 2006,39(4):91-92. [doi: 10.1109/MC.2006.142]
    [41] Miller A, Mclean J, Saydjari O, Voas J. Compsac panel session on trustworthy computing. In: Proc. of the 30th Annual Int'l Computer Software and Applications Conf. (COMPSAC 2006), Vol.1. IEEE Computer Society, 2006. [doi: 10.1109/COMPSAC. 2006.36]
    [42] Yang Y, Wang Q, Li MS. Process trustworthiness as a capability indicator for measuring and improving software trustworthiness. In: Proc. of the Int'l Conf. on Software Process (ICSP 2009). Vancouver: Springer-Verlag, 2009. 389-401. [doi: 10.1007/978-3- 642-01680-6_35]
    [43] Trustie. Software trustworthiness classification specification (TRUSTIE-STC v 1.0). 2009. http://www.trustie.net/
    [44] ISO, IEC. ISO/IEC 25010: Systems and software engineering—Systems and software quality requirements and evaluation (SQua RE)—System and software quality models. 2011.
    [45] In HP, Olson D. Requirements negotiation using multi-criteria preference analysis. Journal of Universal Computer Science, 2004, 10(4):306-325. [doi: 10.3217/jucs-010-04-0306]
    [46] Zadeh L. A fuzzy sets. Information and Control, 1965,8(3):338-353. [doi: 10.1016/S0019-9958(65)90241-X]
    [47] Hu BQ. Fuzzy Theroy (V2). Wuhan: Wuhan University Press, 2010 (in Chinese).
    [48] Chen SM, Sanguansat K. Analyzing fuzzy risk based on a new fuzzy ranking method between generalized fuzzy numbers. Expert Systems with Applications, 2011,38:2163-2171. [doi: 10.1016/j.eswa.2010.08.002]
    [49] Zhang X, Liao HZ, Li T, Xu J, Zhang QR, Qian Y. Software security measurement based on information entropy and attack surface. Journal of Computer Applications, 2013,33(1):19-22,48 (in Chinese with English abstract). [doi: 10.3724/SP.J.1087.2013.00019]
    [50] Zhang X, Li T, Xie ZW, Dai F, Liu JZ. A Petri net based model for trustworthy software process composition. In: Proc. of the 37th IEEE Computer Software and Applications Conf. on Workshop (COMPSACW). 2013. 108-114. [doi: 10.1109/COMPSACW.2013. 37]
    [51] Nuseibeh B, Easterbrook S. Requirements engineering: A roadmap. In: Proc. of the Conf. on the Future of Software Engineering. ACM Press, 2000. 35-46. [doi: 10.1145/336512.336523]
    [52] Princeton University. zChaff 2007.3.12. 2007. http://www.princeton.edu/~chaff /zchaff.html
    [53] Choe Y. prop2chf.py. CSCE 625: Introduction to machine learning. 2011. http://faculty.cs.tamu.edu/ioerger/cs625-fall11/prop2cnf. py
    [54] Li FL, Horkoff J, Mylopoulos J, Guizzardi RS, Guizzardi G, Borgida A, Liu L. Non-Functional requirements as qualities, with a spice of ontology. In: Proc. of the IEEE 22nd Int'l Requirements Engineering Conf. 2014. 293-302. [doi: 10.1109/RE.2014. 6912271]
    [55] Guizzardi RS, Li FL, Borgida A, Uizzardi GI, Horkoff J, Mylopoulos J. An ontological interpretation of non-functional requirements. In: Proc. of the FOIS. 2014. 344-357. [doi: 10.3233/978-1-61499-438-1-344]
    [56] Elahi G, Yu E. A semi-automated decision support tool for requirements trade-off analysis. In: Proc. of the 35th IEEE Annual Computer Software and Application Conf. (COMPSAC'35). 2011. 466-475. [doi: 10.1109/COMPSAC.2011.67]
    [57] Burgess C, Krishna A, Jiang L. Towards optimising non-functionalrequirements. In: Proc. of the Int'l Conf. on Quality Software. 2009. 269-277. [doi: 10.1109/QSIC.2009.42]
    [58] Yin B, Jin Z, Zhang W, Zhao HY, Wei B. Finding optimal solution for satisficing non-functional requirements via 0-1 programming. In: Proc. of the COMPSAC 2013. 2013. 415-424. [doi: 10.1109/COMPSAC.2013.69]
    附中文参考文献:
    [1] 刘克,单志广,王戟,何积丰,张兆田,秦玉文.“可信软件基础研究”重大研究计划综述.中国科学基金,2008,22(3):145-151. [doi: 10. 3969/j.issn.1000-8217.2008.03.005]
    [2] 王怀民,刘旭东,郎波,谢冰,毛晓光.软件可信分级规范v2.0.技术报告,北京航空航天大学计算机学院,等,2009.
    [4] 金芝,刘璘,金英.软件需求工程:原理和方法.北京:科学出版社,2008.
    [6] 陶红伟.基于属性的软件可信性度量模型研究[博士学位论文].上海:华东师范大学,2011.
    [47] 胡宝清.模糊理论基础.第2版,武汉:武汉大学出版社,2010.
    [49] 张璇,廖鸿志,李彤,徐晶,张倩茹,钱晔.基于信息熵和攻击面的软件安全度量.计算机应用,2013,33(1):19-22,48. [doi: 10.3724/SP. J.1087.2013.00019]
    相似文献
    引证文献
引用本文

张璇,李彤,王旭,于倩,郁湧,朱锐.可信软件非功能需求形式化表示与可满足分析.软件学报,2015,26(10):2545-2566

复制
相关视频

分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2014-02-14
  • 最后修改日期:2014-11-24
  • 在线发布日期: 2015-10-10
文章二维码
您是第19938597位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号