• Volume 31,Issue 1,2020 Table of Contents
    Select All
    Display Type: |
    • >Review Articles
    • Blockchain as a Service: Next Generation of Cloud Services

      2020, 31(1):1-19. DOI: 10.13328/j.cnki.jos.005891

      Abstract (7250) HTML (4594) PDF 1.85 M (10726) Comment (0) Favorites

      Abstract:Known as the core technology of bitcoin, blockchain is a distributed ledger technology, which is decentralizated, open, tamper-resistant, and autonomous. BaaS (blockchain as a service) takes blockchain as infrastructure and provides many services satisfying the user requirements. BaaS has become the focus of the cloud computing. This study discusses the architecture of BaaS and the preliminary design of each module, referring to the corresponding researches of BaaS and the current related enterprise projects. It is also analyzed that the characteristics of related technologies while integrating cloud computing with BaaS and the possible threat model is given. At last, the future prospects of BaaS are analyzed after investigating the current BaaS applications. In summary, this study aims to provide a full-knowledge and a reference architectural model of BaaS.

    • Defect Comprehension Research: Present, Problem and Prospect

      2020, 31(1):20-46. DOI: 10.13328/j.cnki.jos.005887

      Abstract (4366) HTML (4499) PDF 2.36 M (7207) Comment (0) Favorites

      Abstract:Defect comprehension is the study of establishing a complete cognitive process for the defect itself and its derivatives. Because of the coherence of debugging and the incomprehensibility of information under the assumption of perfect bug understanding, through analysis of defect propagation process and the relationship between defects, research on key information detection and understanding information expression, extraction, and expression of understandable information for different scenarios and different needs of defect research, ultimately achieving the goal of optimizing defect analysis results and assisting the reuse and accumulation of defect knowledge in debugging process becomes inevitable. This study starts from the problem of knowledge fragmentation between location and repair, considers the essence of defect understanding research, clarifies the lack of knowledge mining and interoperability in the process of defect handling. Through the summary of engineering examples and the analysis of literature results, the research directions and technical methods in the field of defect comprehension are summarized, the characteristics and difficulties in the study of defect comprehension are discussed, the existing problems in the study and the future research directions are considered, and the research trend of defect comprehension is prospected.

    • Survey on Construction of Code Knowledge Graph and Intelligent Software Development

      2020, 31(1):47-66. DOI: 10.13328/j.cnki.jos.005893

      Abstract (6796) HTML (4694) PDF 1.88 M (11627) Comment (0) Favorites

      Abstract:The intelligent software development is migrating from simple code retrieval to semantic empowered automatic code generation. Traditional semantic representation cannot effectively support the semantic interaction among people, machines, and code. It becomes an urgent task to design a set of machine-readable semantic representation. In tThis paper, westudy firstly points out that code knowledge graph forms the basis to realize the intelligent software development, and then analyzes the new features and new challenges of intelligent software development based on code knowledge graph in the era of big data. Next, we review the research progress is reviewed both in intelligent software development and in code knowledge graph. It is noted that the current research of intelligent software development is still at a preliminary stage. Existing studies of knowledge graph mainly focus on open-domain knowledge graph, and they cannot be directly applied to code and software development domain. Therefore, we discuss the new research trends of code knowledge graph are discussed in detail from five aspects, including namely modeling and representation, construction and refinement, storage and evolution management, semantic understanding, and intelligent application, which are essential to meet the various types of demands of the intelligent software development.

    • Survey on Generating Adversarial Examples

      2020, 31(1):67-81. DOI: 10.13328/j.cnki.jos.005884

      Abstract (6433) HTML (8333) PDF 1.53 M (13723) Comment (0) Favorites

      Abstract:Recently, deep learning has been widely used in image classification and image recognition, which has achieved satisfactory results and has become the important part of AI applications. During the continuous exploration of the accuracy of models, recent studies have proposed the concept of "adversarial examples". By adding small perturbations to the original samples, it can greatly reduce the accuracy of the original classifier and achieve the purpose of anti-deep learning, which provides new ideas for deep learning attackers, and also puts forward new requirements for defenders. On the basis of introducing the origin and principle of generating adversarial examples, this paper summarizes the research and papers on generating adversarial examples in recent years, and divides these algorithms into two categories:entire pixel perturbation and partial pixel perturbation. Then, the secondary classification criteria (targeted and not targeted, black-box test and white-box test, visible and invisible) were used for secondary classification. At the same time, the MNIST data set is used to validate the methods, which proves the advantages and disadvantages of the various methods. Finally, this paper summarizes the challenges of generating adversarial examples and the direction of their development, and also discusses the future of them.

    • Overview on Mechanized Theorem Proving

      2020, 31(1):82-112. DOI: 10.13328/j.cnki.jos.005870

      Abstract (5134) HTML (4607) PDF 2.76 M (10020) Comment (0) Favorites

      Abstract:Modern society is now being increasingly computerized. Computer-related failures could result in severe economic loss. Mechanized theorem proving is an approach to ensuring stricter correctness, and hence high trustworthiness. First, the logical foundations and key technologies of mechanized theorem proving are discussed. Specifically, first-order logic and resolution-based technology, natural deduction and Curry-Howard correspondence, three logics of programming including first-order programming logic and its variant, FloydHoare logic, and logic for computable functions, hardware verification technology based on higher-order logic, and program constructions and refinement are analyzed, as well as the relationship and evolvement between them. Then key design features of the mainstream proof assistants are compared, and the development and implementation of several representative provers are discussed. Next their applications in the fields of mathematics, compiler verification, operating-system microkernel verification, and circuit design verification are analyzed. Finally, mechanized theorem proving is summarized and challenges and future research directions are put forward.

    • Survey on Cost-sensitive Learning Method

      2020, 31(1):113-136. DOI: 10.13328/j.cnki.jos.005871

      Abstract (4557) HTML (5918) PDF 2.21 M (10272) Comment (0) Favorites

      Abstract:Classification is one of the most important tasks in machine learning. Conventional classification methods aim to attain low recognition error rate and assume the same loss from different kinds of misclassifications. However, in the applications such as the doorlocker system based on face recognition, software defect prediction and multi-label learning, different kinds of misclassification will lead to different losses. This requires the learning methods to pay more attention to the samples with high-cost misclassification, and thus make the total misclassification losses minimized. To deal with this issue, cost-sensitive learning has received the considerable attention from the researchers. This study takes the theoretical foundation of cost-sensitive learning as the focal point to analyze and survey its main models and the typical applications. At last, the difficulty and probable development trend of cost-sensitive learning are discussed.

    • Survey on Storage and Optimization Techniques of HDFS

      2020, 31(1):137-161. DOI: 10.13328/j.cnki.jos.005872

      Abstract (5761) HTML (5201) PDF 2.27 M (8812) Comment (0) Favorites

      Abstract:As an append-only and read optimized open-source distributed file system, HDFS (Hadoop distributed file system) provides portability, high fault-tolerance, and massive horizontal scalability. Over the past decade, HDFS has been widely used for big data storage, and it manages various data, such as text, graph, key-values, etc. Moreover, big data systems based on or compatible with HDFS have been prevalent in many application scenarios such as complex SQL analysis, ad-hoc queries, interactive analysis, key-value storage, and iterative computation. HDFS has been the universal underlying file system to store massive data and support manifold analytical applications. Therefore, it is of great significance to optimizing the storage performance and data access efficiency of HDFS. In this study, the principles and features of HDFS are summarized and a survey on storage and optimization techniques of HDFS is carried out from three dimensions, including logic file structure, hardware, and application scenarios. It is also proposed that storage over heterogeneous hardware, workload-guided adaptive storage optimization, and storage optimization combined with machine learning technologies could be the most appealing research directions in the future.

    • Real-time Interactive Analysis on Big Data

      2020, 31(1):162-182. DOI: 10.13328/j.cnki.jos.005886

      Abstract (4960) HTML (5294) PDF 1.88 M (8202) Comment (0) Favorites

      Abstract:Real-time interactive analysis focuses on multi-object and multi-perspective analysis tasks. By employing a multiple userdatabase interaction process, interactive analysis is able to provide a more comprehensive understanding of the analytic task. Comparing to traditional database where queries are issued and answered in a single interaction, interactive analysis emphasizes on the responses time of the query and timeliness of the results. Real-time interactive analysis has been extensively studied in recently years. In this survey, comprehensive review is provided on the theoretical foundation, data models, and systems of the real-time interactive analysis.

    • Research Development of Abnormal Traffic Detection in Software Defined Networking

      2020, 31(1):183-207. DOI: 10.13328/j.cnki.jos.005879

      Abstract (4701) HTML (4481) PDF 2.28 M (8252) Comment (0) Favorites

      Abstract:Software defined networking (SDN) is new network architecture. SDN separates control layer from data layer and opens network interfaces to realize centralized network control and improve the scalability and the programmability of the network. But SDN is also facing a lot of network security threats. Abnormal traffic detection technologies can protect the network against malicious traffic attacks. This paper presents a comprehensive survey on the abnormal traffic detection of SDN. The possible network attacks on data plane and control plane are overviewed. Abnormal traffic detection frameworks on application plane, control plane, and intermediate platform are introduced and analyzed. The mechanisms of abnormal traffic identification, load balancing, abnormal traffic traceback, and abnormal traffic mitigation are discussed. The future work direction of SDN abnormal traffic detection is pointed out at the end.

    • Research on Blockchain-based Interdomain Security Solutions

      2020, 31(1):208-227. DOI: 10.13328/j.cnki.jos.005867

      Abstract (6382) HTML (4425) PDF 1.91 M (9880) Comment (0) Favorites

      Abstract:Much attention has been paid to the security of interdomain routing system. It is crucial to achieve the origin validation of Internet resource and multi-domain collaboration. By virtue of the natural attributes of blockchain including decentralization, tamperresistant, and traceability, blockchain technology can act as the basis of Internet resource certification and trust establishment among multiple Internet domains. Firstly, the vulnerabilities of interdomain routing system and the dilemma of existing interdomain security proposals are analyzed including difficulty in deployment, complexity in management, centralized trust mechanism, etc. Secondly, based on the introduction of the basic concept of blockchain, the technical ideals of blockchain-based interdomain security solutions are pointed out, and an up-to-date review of blockchain-based interdomain security solutions is conducted from 3 aspects:interdomain routing authentication, intelligent interdomain management, and DDoS defense and mitigation. Finally, the advantages of blockchain-based interdomain security solutions are summarized and corresponding challenges are analyzed from the perspectives of scalability, deployment, and security, and the development outlook of blockchain technology used in the field of interdomain routing security is highlighted.

    • Categorization of Covert Channels and Its Application in Threat Restriction Techniques

      2020, 31(1):228-245. DOI: 10.13328/j.cnki.jos.005878

      Abstract (3839) HTML (5526) PDF 1.66 M (7925) Comment (0) Favorites

      Abstract:Covert channels are communication channels that allow secret transfer of information between two malicious processes by modifying the value or modulating the timing behavior of shared resources. Shared resources in covert communications vary according to the underlying covert channels. Initially, covert storage channels and covert timing channels are widely existed in information systems. More recently, the focus has shifted towards three new kinds of covert channels, namely, covert hybrid channels, covert behavior channels, and air-gap covert channels. This study surveys existing techniques for constructing covert channels that have been reported in literature, especially the covert channels that are presented in recent years. First, the definition, history, and key elements of covert channels are introduced. Covert channel analysis is also included. Second, a categorization technique is proposed for these covert channels based on the shared resources and channel characteristics. The traditional and new covert channel attack techniques are systematically analyzed based on the seven key elements of the covert channels. Third, the countermeasures for covert channels aforementioned are also demonstrated to restrict the threat brought by covert channels and to provide guidelines for future works. Finally, the challenges and problems on covert channels are provided.

Current Issue


Volume , No.

Table of Contents

Archive

Volume

Issue

联系方式
  • 《Journal of Software 》
  • 主办单位:Institute of Software, CAS, China
  • 邮编:100190
  • 电话:010-62562563
  • 电子邮箱:jos@iscas.ac.cn
  • 网址:https://www.jos.org.cn
  • 刊号:ISSN 1000-9825
  •           CN 11-2560/TP
  • 国内定价:70元
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063