CN104267971A - Aspect-oriented trusted software process modeling method - Google Patents

Abstract

The invention discloses an aspect-oriented trusted software process modeling method based on trusted software process strategy gain, trusted software process meta-model TEPMM, trusted software process framework and trusted aspect synthetic method. A method for obtaining process strategy and blending in the software process according to the trusted software requirements for realizing trusted software process modeling and solving the problem that the existing software process does not support the trusted software requirements.

Description

AOP believable software process modeling method

Technical field

The invention belongs to trusted software and software process modelling technical field, relate to a kind of software lifecycle process that incorporates according to trusted software Requirements acquisition process strategy and by process strategy and support the method that trusted software is produced and developed.

Background technology

Software development and evolution are centered by software process, software process is the key factor ensureing software quality, a believable software process managed can support the production of trusted software, if believable software process can develop by support software, and can the credible evolution of support software.The method that existing procedure-oriented improves software credibility comprises that process is improved one's methods, moment software development methodology and procedure quality ensuring method.The essence that process is improved one's methods promotes by control software design process the quality that software organization produces software, the model that CMMI is success the most and is widely adopted.Moment software development methodology specifies in moment the activity performing some and contribute to promoting software quality in SDLC process, such as: SDL, CbyC, CLASP, TSP, PSP, DERAF and information security engineering, reliability engineering, ease for use engineering and anti-danger engineering all add the activity contributing to promoting software quality in software process.These two kinds of methods demonstrate the vital role of software process for software quality all effectively, but, these two kinds of methods only for software quality or some software non-functional requirement (such as: security, reliability, ease for use, anti-danger etc.) process that proposes is improved or specifies specific activities, and the software meeting quality requirement is exactly not trusted software, the software only meeting some software non-functional requirement neither trusted software.In addition, by the quality meeting process itself, procedure quality ensuring method ensures that process produces the quality of software, TSM and TPMF proposed, for tolerance and improvement software trust provide a kind of method, these class methods and process are improved and moment software development methodology can complement one another.

Summary of the invention

In order to support that trusted software is produced and the needs developed, the invention provides and a kind of incorporate software process according to trusted software Requirements acquisition process strategy, realize the method for believable software process modeling, solve the problem that existing software process does not support trusted software demand.

AOP believable software process modeling method comprises the steps:

1.1 believable software process strategies obtain

The present invention, first by analyzing trusted software demand, based on trusted software Requirement Acquisition, modeling and reasoning, obtains the process strategy meeting credible demand:

1.1.1 trusted software Requirement Acquisition

The requirement definition of trusted software is the credible attribute that software stakeholder needs trusted software to possess by the present invention, comprise functional requirement and non-functional requirement, wherein, functional requirement is the hard goal of trusted software, nonfunction requirement is divided into credible focus and soft object two class, credible focus is the objective basis that trusted software obtains that user realizes the trusting degree of re-set target ability to its behavior, and focus here employs the thought that in AOP method, focus is separated.According to the difference of trusted software, credible focus is made up of different nonfunction requirement set, other nonfunction requirement set producing correlationship with credible focus constitute soft object, soft object is not the credible foundation of trusted software, but the quality of trusted software is had a certain impact, below the definition of trusted software demand is described:

Hard goal is the functional requirement of trusted software, and all functions demand of trusted software is all strictly to realize, and this is the basis of trusted software, and thus describing this by hard goal is the rigid target that trusted software realizes.Because functional requirement is all given sufficient attention all the time, correlative study is relatively abundant, therefore, only pays close attention to integrality and the correctness of functional requirement realization herein, in order to distinguish mutually with traditional function demand concepts, functional completeness and correctness are included into credible focus.

Credible focus is a subset of trusted software nonfunction requirement set, nonfunction requirement in this subset is the nonfunction requirement of the software credibility that concerns jointly determined by stakeholder, the objective capability that user meets these credible focus by software is true, thus the behavior of trusting software can realize the target of its setting.Therefore, the credible of software means that software meets a series of credible focus, if software is provided with a series of ability relevant to software trust focus, then can believe that the behavior of this software can meet the re-set target of user.This also meets the definition " software meets the trusting degree of a series of demand " of TSM (Trusted Software methodology) associated software credibility.

Soft object is the nonfunction requirement set of untrusted focus in trusted software nonfunction requirement, quality requirement for describing software (has been used for reference object-oriented modeling method in requirement engineering here and the nonfunction requirement of software has been defined as soft object (softgoal), for expressing the quality requirement of software), owing to there is complicated correlationship between software non-functional requirement, the realization of credible focus can affect soft object, if only consider the realization of credible focus, likely damage soft object, thus cause software quality to decline, the software of poor quality is absolutely not is trusted software.But, it should be noted that, high-quality software is not equal to trusted software again, software quality is defined as the degree that software meets client, user's request or expectation, the definition of software quality is also indefinite, roughly contains several key elements such as reliability, security, maintainability, performance and ease for use, although these key elements are consistent with trusted software fundamental, but trusted software clearly emphasizes the ability obtaining users to trust, and it is credible, and demand clearly customizes.Therefore, describe the nonfunction requirement of untrusted focus herein by soft object, and clearly describe the credible demand of user with credible focus.Fig. 1 describes the formation of trusted software demand.

Based on ISO/IEC25010 and relevant scholar and mechanism, comprise: standard TCSEC, IEC60090-191, TSM, mechanism Microsoft, TCG, TrustSoft, meeting DARPA ' sCHATS, NSS2, COMPSAC, ICSP, and scholar Littlewood, the trusted software nonfunction requirement that Strigine, Schmidt etc. propose, the present invention proposes trusted software nonfunction requirement decomposition model as shown in Figure 2.Trusted software nonfunction requirement is by function applicability, anti-danger safety, reliability, security, accuracy, maintainable, performance, ease for use, compatible, portable and privacy is formed, wherein, function applicability is made up of functional completeness and function accuracy again, reliability is by availability, fault-tolerance and restorability are formed, security is by traceability, confidentiality, integrality, non-repudiation and authenticity are formed, maintainable by testability, reusability, alterability, modularization and extensibility are formed, performance is made up of time performance and space performance, ease for use is made up of ease for operation and property easy to identify, compatibility is made up of biological treatability and interaction, portability is made up of adaptivity and easy installation.

Trusted software nonfunction requirement decomposition model is not unalterable, and need and different expert advice according to disparity items, decomposition model specifically should need dynamic conditioning according to trusted software; The proposition of trusted software nonfunction requirement decomposition model is in order to the credible focus of auxiliary acquisition and soft object.

In order to obtain credible focus and soft object, the present invention is based on the describing method that fuzzy set theory proposes trusted software nonfunction requirement, provide expect the nonfunction requirement assessment data of credible target by collecting trusted software stakeholder, information entropy is used to screen assessment data validity, by the assessment data of all stakeholder of Fuzzy Sorting method choosing comprehensively after Efficient Evaluation data to be generated, therefrom obtain credible focus and soft object, concrete obtain and appraisal procedure as follows:

First, using Trapezoid Fuzzy Number to describe the quantized values of trusted software nonfunction requirement, when obtaining the assessment data of software stakeholder to trusted software nonfunction requirement, using complete inessential AL (0,0,0.077,0.154; 1), inessential L (0.077,0.154,0.231,0.308; 1), less important FL (0.231,0.308,0.385,0.462; 1), neutral M (0.385,0.462,0.538,0.615; 1), more important FH (0.538,0.615,0.692,0.769; 1), important H (0.692,0.769,0.846,0.923; 1) and extremely important AH (0.846,0.923,1,1; 1) linguistic variable facilitate stakeholder to describe significance level that they assess every trusted software nonfunction requirement.

Secondly, in order to check the validity of assessment data and objectivity, the present invention is based on information entropy and proposing the inspection of credible need assessment data validity and choosing comprehensively method, specifically comprising following three steps:

Step one. construct credible need assessment data matrix A:

Wherein: for a jth stakeholder (1≤j≤m), to i-th nonfunction requirement, (nonfunction requirement is here all nonfunction requirements in trusted software nonfunction requirement decomposition model, 1≤i≤n) assessment data, namely stakeholder according to professional knowledge and previous experiences, the significance level to nonfunction requirement provides assessment data.Succinct for describing, use the column vector of the xth row formation of (1≤x≤m) representing matrix A, uses the row vector of the capable formation of y of (1≤y≤n) representing matrix A;

Step 2. the assessment data based on software stakeholder calculates entropy:

$H_j=-\underset{i=1}{\overset{n}{\mathrm{\Σ}}}{\tilde{A}}_{\mathrm{ij}}1b{\tilde{A}}_{\mathrm{ij}}=-({\tilde{A}}_{1j}\⊗1b{\tilde{A}}_{1j}\⊕{\tilde{A}}_{2j}\⊗1b{\tilde{A}}_{2j}\⊕...\⊕{\tilde{A}}_{\mathrm{nj}}\⊗1b{\tilde{A}}_{\mathrm{nj}})$

To H _jdo normalized:

${\mathrm{\θ}}_j=\frac{H_j}{1\mathrm{bn}}=-\frac{1}{1\mathrm{bn}}\underset{i=1}{\overset{n}{\mathrm{\Σ}}}{\tilde{A}}_{\mathrm{ij}}1b{\tilde{A}}_{\mathrm{ij}}$

Positively reflecting that in order to enable calculated value stakeholder provides the contribution degree of effective assessment data, using 1-θ _jrepresent its contribution degree, after again it being normalized, obtain the contribution degree of each stakeholder:

$E_j=\frac{1-{\mathrm{\θ}}_j}{m-\underset{j=1}{\overset{m}{\mathrm{\Σ}}}{\mathrm{\θ}}_j}$

Wherein: 0≤E _j≤ 1 and Σ E _j=1.E _jlarge then show that stakeholder j is relatively important and contribution is large, the credible need assessment data contributing large expert to provide are only significant.According to actual conditions, minimum threshold and max-thresholds are arranged to the contribution degree of expert, for being less than minimum threshold and the stakeholder being greater than max-thresholds, consider again obtain credible need assessment data or its assessment data provided is provided, ensure that obtained assessment data all maintains in the scope of a relative efficiency, the little stakeholder of contribution can be avoided like this to introduce unnecessary difference, cause assessment data to become unreasonable and produce wrong credible demand;

Step 3. calculate the credible need assessment data comprehensively, for above-mentioned matrix, get the mean value of (1≤y≤n) element value:

$W_i=\left(\frac{1}{m}\right)\⊗({\tilde{A}}_{i1}\⊕{\tilde{A}}_{i2}\⊕...\⊕{\tilde{A}}_{\mathrm{im}})=\frac{1}{m}\underset{j=1}{\overset{m}{\mathrm{\Σ}}}{\tilde{A}}_{\mathrm{ij}}$

W _ibe the mean value of the significance level of i-th nonfunction requirement, mean value is larger, shows that stakeholder assert that the significance level of this nonfunction requirement is higher; On the contrary, mean value is less, illustrates that each expert thinks that the significance level of nonfunction requirement is lower;

Finally, the Fuzzy Sorting method based on Chen and Sanguansat ' s sorts to the nonfunction requirement after acquisition.For one group m trusted software stakeholder (S ₁, S ₂..., S _m), they have evaluated n trusted software nonfunction requirement (C respectively ₁, C ₂..., C _n) significance level, the method based on information entropy has obtained the significance level value of every nonfunction requirement wherein :-∞ < w _i1≤ w _i2≤ w _i3≤ w _i4< ∞, and 1≤i≤n, W _isequencer procedure as follows:

Change each general fuzzy number for standard fuzzy numbers :

${W_i}^{*}=(\frac{w_{i1}}{l},\frac{w_{i2}}{l},\frac{w_{i3}}{l},\frac{w_{i4}}{l};e_{W_i})=(w_{i1}^{*},w_{i2}^{*},w_{i4}^{*};e_{W_i})$

Wherein: 1≤i≤n and 1≤j≤4.

Calculate positive and negative region with they are subordinate functions with trapezoid area:

$f_{w_i^{*}}^L=e_{W_i}\&times;\frac{(x-w_{i1}^{*})}{(w_{i2}^{*}-w_{i1}^{*})},w_{i1}^{*}\&le;x<w_{i2}^{*}$ $f_{w_i^{*}}^R=e_{W_i}\&times;\frac{(x-w_{i4}^{*})}{(w_{i3}^{*}-w_{i4}^{*})},w_{i3}^{*}\&le;x<w_{i4}^{*}$

${\mathrm{Area}}_{\mathrm{iL}}^{-}=e_{W_i}\&times;\frac{(w_{i1}^{*}+1)+(w_{i2}^{*}+1)}{2}$ ${\mathrm{Area}}_{\mathrm{iR}}^{-}=e_{W_i}\&times;\frac{(w_{i3}^{*}+1)+(w_{i4}^{*}+1)}{2}$

${\mathrm{Area}}_{\mathrm{iL}}^{+}=e_{W_i}\&times;\frac{(1+w_{i1}^{*})+(1-w_{i2}^{*})}{2}$ ${\mathrm{Area}}_{\mathrm{iR}}^{+}=e_{W_i}\&times;\frac{(1-w_{i3}^{*})+\left({1-w}_{i4}^{*}\right)}{2}$

Calculate each nonfunction requirement 's and value, they represent forward and negative sense impact respectively:

${\mathrm{XI}}_{{\tilde{A}}_i^{*}}={\mathrm{Area}}_{\mathrm{IL}}^{-}+{\mathrm{Area}}_{\mathrm{iR}}^{-}$ ${\mathrm{XD}}_{{\tilde{A}}_i^{*}}={\mathrm{Area}}_{\mathrm{iL}}^{+}+{\mathrm{Area}}_{\mathrm{iR}}^{+}$

Calculate each ranking value Score ( ):

$\mathrm{Score}\left(W_i^{*}\right)=\frac{1\&times;{\mathrm{XI}}_{W_i^{*}}+(-1)\&times;{\mathrm{XD}}_{W_i^{*}}}{{\mathrm{XI}}_{W_i^{*}}+{\mathrm{XD}}_{W_i^{*}}+(1-e_{W_i^{*}})}=\frac{{\mathrm{XI}}_{W_i^{*}}-{\mathrm{XD}}_{W_i^{*}}}{{\mathrm{XI}}_{W_i^{*}}+{\mathrm{XD}}_{W_i^{*}}+(1-e_{W_i^{*}})}$

Wherein: $\mathrm{Score}\left(W_i^{*}\right)\&Element;[-\mathrm{1,1}]$ And 1≤i≤k

ranking value larger, show that corresponding nonfunction requirement is more important, credible focus should be defined as, and for ranking value little nonfunction requirement, then should be defined as soft object.

1.1.2 believable software process strategy obtains

For the credible focus in credible demand, the present invention proposes from process control angle the process strategy realizing credible focus, simultaneously, consider the correlationship between nonfunction requirement, (also need to study the impact on other credible focus and soft object of the process strategy that realizes credible focus, based on this thought, ) software trust demand meta-model TRMM (Trustworthy Requirement Meta-Model) is proposed, the realization of credible focus and the correlationship of credible demand complexity are described, because this modeling work is a creationary job, therefore, need to set up credible Requirements Modeling knowledge base and complete credible Requirements Modeling with auxiliary modeling person,

The proposition of TRMM have references to NFR framework and i* model and has used for reference the object module backward deduction method that the people such as Sebastiani propose, and uses the concept of focus and aspect in AOP method; TRMM using credible focus as software trust target, and realizes credible focus with credible activity, and credible activity and credible activity form road believable software process strategy to other credible focus and the correlationship of soft object and the solution of conflict.Fig. 3 graphically describes trusted software demand meta-model TRMM intuitively.Below each element in TRMM is made an explanation:

Credible focus Trustworthy Concern is the nonfunction requirement in credible demand, and credible focus is realized by credible activity;

Credible movable Trustworthy Activity realizes credible focus, and according to different grain size, credible activity can be refined as trusted processes aspect or Trustworthy task aspect;

Hard goal Goal is the functional requirement in credible demand, because existing method has completed the realization of hard goal, therefore, although the hard goal of giving, but use TRMM modeling not relate to hard goal, and be only express process strategy can be synthesized in software process model to realize believable software process modeling;

Soft object Softgoal is the nonfunction requirement of untrusted focus, also quality requirement can be called, TRMM modeling needs to consider soft object as previously described, in the face of soft object may exist inhibiting effect due to trusted party, in order to ensure software quality, during trade-off process decision-making, the credible activity of Water demand is to the contribution of soft object.

Contribution Contribution describes the contribution of credible activity to credible focus and soft object, and contribution qualitative representation is: promote or destroy, and wherein promotes the forward facilitation representing credible activity; And destroy the negative sense inhibiting effect representing credible activity;

Realize Means-Ends and connect credible focus and credible activity, represent the credible active set realizing credible focus, these are credible between activity is OR relation, realizing also for connecting hard goal and basic model (software evolution process model), representing that software evolution process achieves hard goal;

Decomposing D ecomposition is credible focus, hard goal, soft object and credible activity can decompose refinement further, are AND relation between the child node after decomposition;

Synthesis Composition is used herein the synthesis concept of aspect and basic model in AOP thought, be synthesized in basic model by aspect, in TRMM, aspect is defined as credible aspect, be divided into trusted processes aspect and Trustworthy task aspect, they be process strategy according to the modular result of process different grain size, synthesis represent credible aspect is synthesized to software process model to realize believable injection.

Carrying out the early stage Requirements Modeling of trusted software based on TRMM is a kind of creationary work, and credible activity can in multiple Similar moulding project Reusability, relation between credible focus and credible activity also can Reusability, therefore, the present invention builds a knowledge base and assists modeling person to complete credible Requirements Modeling.This knowledge base is made up of credible focus storehouse and process strategy storehouse, as shown in Figure 4.Credible focus storehouse contains the credible focus of stakeholder and correspondence, and the decomposition of these credible focus.The credible activity of process strategy library storage and the contribution to credible focus and soft object thereof, select constraint stipulations to be namely select suitable process strategy according to contribution, solve the conflict relationship between trusted software nonfunction requirement.

Use the credible demand of TRMM modeling, not only can show the process strategy realizing credible focus, the more important thing is the conflict relationship described out between credible focus.The object of modeling is the process strategy meeting credible focus in order to find out entirety, but in order to weigh conflict, use satisfiability problem method for solving herein, the process strategy set that entirety meets credible focus is found out by backward deduction, if can not find, display causes ungratified contradiction, or finds satiable process strategy set when project team can accept contradiction to a certain degree.Below the algorithm generating credible demand SAT formula:

Algorithm 1.1 is credible demand SAT formula generating algorithm MakeSAT;

Original state, node restrained condition be set and contradiction grade can be accepted, software trust demand model M=(N, R) being converted to credible demand model formula φ _model, be generated as credible demand SAT formula φ

Input: M=(N, R). export: φ.

By algorithm 1.1, generating the SAT formula of credible demand model, solving to realize satisfiability problem, the present invention is based on the most frequently used satisfiability problem and solve Open-Source Tools zChaff, propose credible demand satisfiability reasoning algorithm, and developing instrument TACD assists reasoning.Below credible demand satisfiability solving algorithm:

Algorithm 1.2 is credible demand satisfiability solving algorithm Satisfiability;

Find out the status indication L (n of k the node meeting credible demand SAT formula φ _i), (i=1 ... k)

Input: M=(N, R). export: node original state Initial_Status (n _i), node solves rear state SAT_Status (n _i), node contradiction Inconsistency (n _i).

By the reasoning to credible demand satisfiability, obtain believable software process strategy, below provide the method that Kernel-based methods strategy proposes believable software process modeling.

1.2 believable software process modelings

The present invention is based on software evolution process modeling method, the process strategy obtained by trusted software Requirements Modeling and reasoning, propose the believable software process modeling method of AOP.

1.2.1 believable software process meta-model and believable software process framework

In software process field, software evolution process modeling method can carry out modeling to the software process of any software, according to above to the definition of trusted software demand, use software evolution process modeling method can the hard goal of modeling trusted software, on this basis, the present invention is based on the thought of AOP method, the credible activity realized in the process strategy of credible focus is defined as trusted processes aspect and Trustworthy task aspect according to different grain size, trusted processes aspect and Trustworthy task aspect are referred to as credible aspect, credible aspect is knitted into software evolution process, realize believable software process modeling.

Software evolution process meta-model EPMM (Software Evolution Process Meta-Model) in software evolution process modeling method is the formal tool defining software evolution process, and EPMM defines structure and the behavior of all tasks, activity, process in software evolution process formally.When the activity that software process is on the middle and senior level is refined as a software process or multiple task, the hierarchical structure of software evolution process framework just starts to be formed.The present invention uses AOP thought to expand software evolution process modeling method, definition AOP tie point model, point of contact, notice and synthesis mechanism, propose believable software process meta-model TEPMM (Trustworthy-EPMM) and the believable software process framework of AOP based on software evolution process meta-model EPMM and software evolution process framework.

Believable software process meta-model TEPMM (Trustworthy EPMM) is the instrument defining believable software process model, the model of TEPMM definition is used to be called believable software process model TEPM (TrustworthyEPM), TEPMM and TEPM is formal, provides the formal definitions of TEPMM below:

Defining 1.1 credible movable credible activities is four-tuple ta=(I, O, a L, B), wherein: I, O, L is input data structure, output data structure and the local data structure that mobile B operates, and mobile B is a software process or a set of tasks.A credible campaign definitions is a class, is called credible activity class, when credible activity performs, creates credible moving object.

If a credible activity is refined as a software process, this software process is just defined as the process notifications of trusted processes aspect, process notifications be one of the credible activity in refinement upper strata without general layout software process.If a credible campaign definitions is a set of tasks, each task is wherein defined as the task notifications of Trustworthy task aspect, task notifications be the credible activity in refinement upper strata without message task.

Trusted processes aspect inweaves at the process layer of EPMM, Trustworthy task aspect inweaves at task layer, trusted processes aspect and Trustworthy task aspect are referred to as credible aspect, and credible aspect extends to software evolution process meta-model EPMM and obtains believable software process meta-model TEPMM.

Defining 1.2 credible aspects, one, credible aspect is four-tuple tAspect=(id, ad, pc, type):

(1) id is credible aspect mark, and id ≠ 0 identifies single credible aspect, the credible aspect that id=0 mark merges;

(2) ad is notice (Advice), defines the behavior of the expansion of credible aspect or constraint basic model;

(3) pc is point of contact (Pointcut), defines the mode position that credible aspect inweaves;

(4) type be notice inweave type, comprise that order inweaves, selects to inweave, iteration inweaves and inweaves with concurrent.

Be called basic process at the software process of process layer modeling, basic process can be expanded by trusted processes aspect or retrain, and below defines trusted processes aspect:

Defining trusted processes aspect, one, 1.3 trusted processes aspect is a four-tuple tAspect _p=(id _p, ad _p, pc _p, type), wherein: id _pthe identifier of trusted processes aspect, ad _pprocess notifications, pc _pbe the set of process point of contact, type is process notifications type.

Trusted processes aspect tAspect _pid _pif be 0, representing that this trusted processes aspect has merged many aspects and obtained, if be not 0, is then single trusted processes aspect, and its value is trusted processes aspect mark in process strategy storehouse.In addition, type is the type of process notifications, and its value is corresponding order notice, selection notice, iteration notice and concurrent notification respectively.

Defining 1.4 process notifications process notifications is a five-tuple ad _p=(C, A; F,A _e, A _x):

(1) (C, A; F) be a net not having isolated element,

(2) C is the finite set of condition, be called a condition;

(3) A is movable finite set, be called an activity, the execution being called a of a or igniting;

(4) F is the finite set of arc, for c, a ∈ C, A, if (c, a) ∈ F or (a, c) ∈ F, then have a directed edge, be called arc between c and a;

(5) ad respectively _pentrance active set and outlet activity collection.If (C, A; F) a ring (c is comprised ₁, a ₁), (a ₁, c ₂) ..., (c _n, a _n), (a _n, c ₁) cause A _eand A _xcannot determine, or A _ecannot determine, or A _xcannot determine, then for the A that cannot determine _eor A _x, specify a _e∈ A is that the entrance of ring is movable, a _x∈ A is the outlet activity of ring, and at a _efront increase movable a, meets a ^.= ^.a _e, meanwhile, at a _xrear increase movable b, meets a _x ^.= ^.b, then A _e=A _e∪ { a} and A _x=A _x∪ { b}.

Process notifications is a basic petri net not having general layout, that is: the activity in process notifications does not have concession, only has after trusted processes aspect is knitted into basic process, just has concession in the process model general layout of activity wherein after braiding.The modeling of process notifications is based on fundamental block in software evolution process modeling method and process package definition, and apply white box modeling and the realization of black box modeling method, when applying white cassette method modeling, an activity in process notifications is refined as a fundamental block; And when applying black-box approach modeling, activity is refined as a process bag, hide its inner structure.

In addition, trusted processes aspect woven with clear and definite tie point, therefore, process point of contact adopt following mode of enumerating define:

Defining 1.5 process point of contacts, process point of contact is the set pc be made up of the element in basic process _p=x|x ∈ p.C ∨ x ∈ p.A ∨ x ∈ p.F}, according to condition point of contact, movable point of contact and arc point of contact three types, process point of contact is defined as:

(1) condition point of contact: { < basic process >.< condition >};

(2) movable point of contact: { the movable >} of < basic process >.<;

(3) arc point of contact: { < basic process >. (< arc starting point >, < arc terminal >) }.

The task of task layer modeling, is called basic task, and equally, basic task also can be expanded by Trustworthy task aspect or retrain, to promote the credibility producing software.Below define Trustworthy task aspect:

Defining Trustworthy task aspect, one, 1.6 Trustworthy task aspect is a four-tuple tAspect _t=(id _t, ad _t, pc _t, type), wherein: id _ttrustworthy task aspect mark, ad _ttask notifications, pc _tbe task point of contact, type describes notice ad _tinweave type.

Trustworthy task aspect tAspect _tid _tif be 0, representing that this Trustworthy task aspect has merged many aspects and obtained, if be not 0, is then identify in the single Trustworthy task aspect Trustworthy task that credible activity refinement obtains in process strategy storehouse.In addition, task notifications inweave type type respectively corresponding order to inweave and selection inweaves.

Defining 1.7 task notifications task notifications is that a 2_ asserts ad _t=({ Q ₁, { Q ₂), define the function of Trustworthy task aspect, wherein:

(1) Q ₁and Q ₂first-order Logic Formulas, { Q ₁be called precondition, define task notifications ad _tstate before execution, { Q ₂be called postcondition, define task notifications ad _tstate after execution;

(2) A (F)=({ Q ₁, { Q ₂) be that the 2-defining Trustworthy task aspect function asserts.

Task notifications is actually a 2-not with message and asserts, that is: the task notifications do not woven only defined function, does not have concession, only has and is woven in basic task by Trustworthy task aspect, when basic task receive message start to perform time, task notifications could perform thereupon.Certainly, the function of task notifications also can be decomposed into order, select or loop structure based on the refinement of software evolution process modeling method.

Define 1.8 task point of contact, task point of contact pc _tassert by the 2_ of basic task defined function the set pc formed _t=A (F) | A (F)=({ Q ₁, { Q ₂), according to front assert and after assert definition task function, task point of contact is defined as, and: 2_ asserts point of contact: { < basic task >. ({ asserts >}, { assert after < >}) } before <;

After AOP method expansion software evolution process framework, obtain believable software process framework.Believable software process framework is expanded at four levels of former framework, in mobile layer, the activity defined in process strategy is credible activity, credible activity can be refined as the task notifications of task layer and the process notifications of process layer according to the difference of granularity, is determining point of contact and is being defined as respectively after inweaving type in Trustworthy task and in trusted processes; At task layer, to the task-cycle Trustworthy task aspect braiding needing expansion, after braiding, obtain Trustworthy task; In mobile layer, to the Soft ware process implementation trusted processes aspect braiding needing expansion, after braiding, obtain trusted processes; Finally, in global layer, expansion has woven the believable software process behind credible aspect.Fig. 5 is the believable software process framework after expanding based on AOP method.

Believable software process framework neither destroys former software evolution process framework and possesses flexibility again, every one deck in new frame does not all change the basic model of former framework, that is, if do not have aspect to weave, software evolution process modeling method still can realize the modeling of software evolution process effectively, if and software has credible demand, then according to concrete credible demand enforcement aspect neatly definition and braiding, believable software process modeling can be realized.

1.2.2 credible aspect synthetic method

The core of credible aspect synthesis is synthesis mechanism, multiple credible aspect on Share interlinkage point to permeate a credible aspect according to composition rule by synthesis mechanism, then inweave the point of contact of basic model, therefore, aspect composition rule is divided into fusion rule and aspect between aspect to inweave rule.Based on aspect composition rule, the present invention proposes credible aspect synthetic method, and is divided into mixing operation according to synthetic operation and inweaves operation two class.

When multiple credible aspects need to inweave software evolution process model at same tie point in mode of the same type, first these credible aspects are permeated a credible aspect, the more credible aspect after merging is inweaved software evolution process model.

At task layer, for needs with the Trustworthy task aspect inweaving same point of contact of the same type, based on dependence analysis, be order syncretic relation and selection syncretic relation by the Task Switching of Existence dependency relationship.Below the algorithm of Trustworthy task aspect mixing operation:

Algorithm 1.3 Trustworthy task aspect mixing operation algorithm Task_Aspect_Merging

Input need in the Trustworthy task inweaved of the same type of same point of contact tAspect _t1..., tAspect _tn, analyze dependence, the task for Existence dependency relationship builds Task Dependent figure TDG, is then converted to task notifications.For the task of not having dependence, merge according to actual conditions enforcement order or select to merge:

Input: tAspect _t1=(id _t1, ad _t1, pc _t1, type ₁) ..., tAspect _tn=(id _tn, ad _tn, pc _tn, type _n).

Export: tAspect _t=(id _t, ad _t, pc _t, type), tAspect _t1=(id _t1, ad _t1, pc _t1, type ₁) ..., tAspect _tn=(id _tn, ad _tn, pc _tn, type _n).

After fusion, just only have at same point of contact in dissimilar Trustworthy task and need to inweave, now perform Trustworthy task aspect and inweave operation, inweave before the inweaving of Trustworthy task aspect is divided into, afterwards and around, corresponding task 2_ asserts that the order of function inweaves and selection inweaves respectively, inweaves algorithm as follows:

Algorithm 1.4 Trustworthy task aspect inweaves algorithm Task_Weaving

Input a basic task t=({ Q ₁, { Q ₂, M _i, M _o) and a Trustworthy task aspect tAspect _t=(id _t, ad _t, pc _t, type), at tAspect _tthe point of contact pc of definition _t=({ Q ₁, { Q ₂) place's enforcement task notifications ad _t={ ({ Q _a, { Q _b) inweave operation:

Input: t, tAspect _t. export: tt=({ Q _x, { Q _y, Mi, Mo).

During process layer modeling, first implementing mixing operation to the trusted processes aspect of the same type at each point of contact, is below the algorithm of trusted processes aspect mixing operation:

Algorithm 1.5 trusted processes aspect mixing operation algorithm Process_Aspect_Merging

For the isoschizomer trusted processes aspect tAspect inweaved of the same type _p1..., tAspect _pn, analyzing dependence, for the activity enforcement order of Existence dependency relationship and the mixing operation of selection, for not having the activity of dependence to implement concurrent mixing operation, exporting the trusted processes aspect tAspect after merging _p.There is the trusted processes aspect tAspect of different tie point in amendment _p1..., tAspect _pnpoint of contact definition:

Input: tAspect _p1=(id _p1, ad _p1, pc _p1, type ₁) ..., tAspect _pn=(id _pn, ad _pn, pc _pn, type _n).

Export: tAspect _p=(id _p, ad _p, pc _p, type), tAspect _p1=(id _p1, ad _p1, pc _p1, type ₁) ..., tAspect _pn=(id _pn, ad _pn, pc _pn, type _n).

After aspects of the same type all on each point of contact complete mixing operation, implement trusted processes aspect and inweave operation, according to the definition of process layer point of contact, inweaving of trusted processes aspect is divided into condition to inweave, activity inweaves and inweaves with arc.It is as follows that condition inweaves operative algorithm:

Algorithm 1.6 condition inweaves operative algorithm Condition_Weaving

Input basic process p=(C, an A; F,M ₀) and a trusted processes aspect tAspect _p=(id _p, ad _p, pc _p, type), by tAspect _pthe condition inweaving p inweaves operative algorithm:

Input: p, tAspect _p. export: tp=(C, A; F,M ₀).

Activity inweaves that Operation Definition movablely around inweaves operation, iteration inweaves operation and concurrently inweaves operation, and this three class inweaves and operates shown in following algorithm 1.7:

Algorithm 1.7 activity inweaves algorithm Activity_Weaving

Input basic process p=(C, an A; F,M ₀) and a trusted processes aspect tAspect _p=(id _p, ad _p, pc _p, type), by tAspect _pthe activity inweaving p inweaves operative algorithm:

Input: p, tAspect _p. export: tp=(C, A; F,M ₀).

It is as follows that arc inweaves operative algorithm:

Algorithm 1.8 arc inweaves operative algorithm Flow_Weaving

Input basic process p=(C, an A; F,M ₀) and a trusted processes aspect tAspect _p=(id _p, ad _p, pc _p, type), by tAspect _pthe arc inweaving p inweaves operative algorithm:

Input: p, tAspect _p. export: tp=(C, A; F,M ₀).

1.2.3 AOP believable software process modeling method

Based on the acquisition of believable software process strategy, believable software process meta-model TEPMM, believable software process framework and credible aspect synthetic method, the flow process of AOP believable software process modeling is as follows:

Step 1. process strategy obtains

For trusted software demand, the acquisition methods based on fuzzy set theory and information entropy is proposed, the credible Requirements Modeling method in credible demand meta-model TRMM and knowledge based storehouse is proposed with reference to NFR framework and i* model, for correlationship complicated between trusted software nonfunction requirement, based on satisfiability problem method for solving, propose the satisfiability backward deduction method of credible demand, and obtain believable software process strategy by reasoning;

The modeling of step 2. mobile layer

Credible activity modeling is implemented based on the credible activity in the believable software process strategy obtained, namely credible activity is designed in the mobile layer of believable software process, define the input of credible activity, output, local data structure and mobile, different according to control decomposing, mobile is defined as a software process or a set of tasks, and on this basis, definition trusted processes aspect and Trustworthy task aspect;

The modeling of step 3. task layer

Task layer modeling is that Trustworthy task aspect is inweaved software evolution process model.For the isoschizomer Trustworthy task aspect inweaved of the same type, first enforcement aspect mixing operation, if have dependence between the task notifications of Trustworthy task aspect, implement to merge according to dependence, if there is no dependence between task notifications, modeling person can as required in order or choice structure implement merge.For not isoschizomer or isoschizomer but dissimilar Trustworthy task aspect, enforcement aspect inweaves operation;

The modeling of step 4. process layer

Process layer modeling is that trusted processes aspect is inweaved software evolution process model.For the isoschizomer trusted processes aspect inweaved of the same type, first enforcement aspect mixing operation, if have dependence between the process notifications of trusted processes aspect, implement to merge according to dependence, if there is no dependence between process notifications, modeling person can as required in order or choice structure implement merge.For not isoschizomer or isoschizomer but dissimilar trusted processes aspect, enforcement aspect inweaves operation;

The modeling of step 5. global layer

Process layer modeling will produce new trusted processes, and therefore, global layer modeling identifies all relation of inclusion between trusted processes, software process and process.By global layer model, modeling person can grasp the change of former software evolution process model and the overall architecture of new believable software process model.Fig. 6 describes believable software process modeling procedure.

Provide the detailed introduction of believable software process modeling procedure below:

The first step of believable software process modeling is the credible activity that the process strategy inferred by credible demand determines to expand software evolution process model activity layer, and defines the input of credible activity, output, local data structure and mobile.

Algorithm 1.9 is credible movable modeling algorithm Tactivity_Modelling

The modeling of credible activity comprises definition input, output, local data structure and mobile, and mobile is decomposed into a trusted processes or a Trustworthy task set further:

Input: process strategy.

Export: credible active set TA, Trustworthy task aspect set TAspect _t, trusted processes aspect TAspect _p, A ₁.

The same with the activity in software evolution process model, credible activity can be refined as software process or set of tasks according to granularity difference, they are defined as trusted processes aspect and Trustworthy task aspect respectively, and, inweave software evolution process model at process layer and task layer respectively.

The modeling of task layer and process layer is that Trustworthy task aspect and trusted processes aspect are inweaved software evolution process model in essence.The first step of modeling process finds the credible aspect each point of contact needing inweave.If some point of contacts only have a credible aspect need to inweave, then call credible aspect based on point of contact definition and inweave algorithm; If there is multiple credible aspect to need to inweave same point of contact, for the isoschizomer credible aspect inweaved of the same type, call credible aspect blending algorithm, the credible aspect ensuring dependence is complete and correctly inweave software evolution process model; For the credible aspect that isoschizomer is dissimilar, call credible aspect based on point of contact definition equally and inweave algorithm.

Algorithm 1.10 task layer modeling algorithm Ttask_Modelling

The set of tasks T of Input Software evolutionary process model and Trustworthy task aspect set TAspect _t={ tAspect _t1, tAspect _t2..., tAspect _tn, (n>0), task layer modeling algorithm is by TAspect _tin all Trustworthy task aspects inweave T, generate Trustworthy task set TT:

Input: T, TAspect _t. export: TT.

Algorithm 1.11 process layer modeling algorithm Tprocess_Modeling

The software process set P of Input Software evolutionary process model and trusted processes aspect set TAspect _p={ tAspect _p1, tAspect _p2..., tAspect _pn, (n>0), process layer modeling algorithm is by TAspect _pin all trusted processes aspects inweave P, generate trusted processes set TP:

Input: P, TAspect _p. export: TP.

Contrary with software evolution process modeling procedure, the global layer modeling of believable software process modeling implements after completing mobile layer, process layer and task layer modeling.Based on not weaving the software evolution process of credible aspect and having woven the believable software process of credible aspect, world model's modeling algorithm is as follows:

Algorithm 1.12 global layer modeling algorithm Tglobal_Modelling

Input trusted processes aspect set TAspect _pwith software evolution process set P, invoked procedure layer modeling algorithm Tprocess_Modeling is by TAspect _pinweave P, generate complete or collected works' model g=(P, TP, E):

Input: P, TAspect _p.

Export: g.

Accompanying drawing explanation

Fig. 1 is the definition of trusted software demand;

Shown in Fig. 2 is trusted software nonfunction requirement decomposition model;

Shown in Fig. 3 is trusted software demand meta-model (TRMM);

Shown in Fig. 4 is credible Requirements Modeling knowledge base structure;

Shown in Fig. 5 is believable software process framework;

Shown in Fig. 6 is believable software process modeling procedure;

Shown in Fig. 7 is the credible demand model of authentication center's software;

Shown in Fig. 8 is authentication center's software trust demand first time the reasoning results;

Shown in Fig. 9 is the final the reasoning results of authentication center's software trust demand;

Shown in Figure 10 is authentication center's software process model;

Shown in Figure 11 is authentication center software DesignEvolution subprocess model.

Embodiment

The present invention is used to realize the believable software process modeling of authentication center's software.

1.1 trusted third party authentication center software

Authentication center provides network ID authentication service, be responsible for signing and issuing and managing digital certificate, be one and there is third party's trust authority that is authoritative and fairness, it is the core link of all internet safe activities, authentication center's software is as the kernel software at trusted third party authentication center, all services that authentication center provides are responsible for, to any individual or enterprise, an even area, a safe and trustworthy network environment depends on the credibility of authentication center's software, therefore, authentication center's software belongs to trusted software, to authentication center's software simulating believable software process modeling.

1.1.1 process strategy obtains

First, choose relevant 5 stakeholder of authentication center, comprising: S ₁: supervision department of authentication center, S ₂: engineering side, S ₃: authentication center expert, S ₄: software operation department, S ₅: certificate holder, carry out credible need assessment to authentication center's software, assessment data is collected as shown in table 1 below in table form:

Table 1 authentication center software trust need assessment data

For checking that each stakeholder provides the validity of credible evaluation data, calculate its entropy, wherein: supervision department of stakeholder S1 authentication center, S2 engineering side, S3 authentication center expert are relative consistent with the entropy of S4 software operation department, after sequence, result is 0.223,0.17,0.255 and 0.218 respectively, and the entropy of S5 certificate holder is relatively large, its ranking value is 0.368, show that its demand for trusted software is relatively indefinite to a certain extent, according to project team's needs, can require again to provide assessment data.

After credible evaluation data validity confirms, the Fuzzy Sorting value of every nonfunction requirement is as shown in last row in table 1, by this ranking value, nonfunction requirement Fuzzy Sorting value being greater than 0.7 is defined as credible focus, comprise: function applicability, reliability, security, maintainability and compatible, remainder has the nonfunction requirement of correlationship to be defined as soft object, comprising: performance and ease for use.

Based on credible Requirements Modeling knowledge base, credible demand meta-model TRMM modeling is used to obtain the credible demand model of authentication center's software as shown in Figure 7.Based on credible demand model, the credible demand rational formula of authentication center's software is:

φ::＝φ _Model∧φ _Initial∧φ _Constraint∧φ _{Inconsistency}

Wherein, credible demand model formula:

φ _Model::＝(SA(T ₁)→SA(T ₁₁))∧(SA(T ₁₁)→SA(ta ₁₁₁))∧(SA(T ₁₁)→SA(ta ₁₁₂))∧(SA(T ₁₁)→SA(ta ₁₁₃))

∧(SA(T ₁)→SA(T ₁₂))∧(SA(T ₁₂)→SA(ta ₁₂₁))∧(SA(T ₁₂)→SA(ta ₁₂₂))∧(PS(T ₂)→PS(ta ₂₁))

∧(PS(T ₂)→PS(ta ₂₂))∧(PS(T ₂)→PS(ta ₂₃))∧(SA(T ₃)→SA(ta ₃₁))∧(SA(ta ₃₁)→SA(ta ₃₁₃))

∧(SA(T ₃)→SA(ta ₃₂))∧(SA(ta ₃₂)→SA(ta ₃₂₁))∧(SA(ta ₃₂)→SA(ta ₃₂₂))∧(SA(ta ₃₂)→SA(ta ₃₂₃))

∧(SA(ta ₃₂)→SA(ta ₃₂₄))∧(SA(T ₃)→SA(ta ₃₃))∧(SA(ta ₃₃)→SA(ta ₃₃₁))∧(SA(ta ₃₃)→SA(ta ₃₃₂))

∧(SA(ta ₃₃)→SA(ta ₃₃₃))∧(SA(T ₃)→SA(T ₃₁))∧(SA(T ₃₁)→SA(ta ₃₁₁))∧(SA(T ₃₁)→SA(ta ₃₁₂))

∧(SA(T ₃)→SA(T ₃₂))∧(SA(T ₃₂)→SA(ta ₃₂₅))∧(SA(T ₃₂)→SA(ta ₃₂₆))∧(SA(T ₃₂)→SA(ta ₃₂₇))

∧(SA(T ₃)→SA(T ₃₃))∧(SA(T ₃₃)→SA(ta ₃₃₄))∧(SA(T ₃₃)→SA(ta ₃₃₅))∧(SA(T ₄)→SA(T ₄₁))

∧(SA(T ₄₁)→SA(ta ₄₁₁))∧(SA(T ₄)→SA(ta ₄₁))∧(SA(T ₄)→SA(ta ₄₂))∧(SA(ta ₄₂)→SA(ta ₄₂₁))

∧(SA(ta ₄₂)→SA(ta ₄₂₂))∧(SA(ta ₄₂)→SA(ta ₄₂₃))∧(SA(ta ₄₂)→SA(ta ₄₂₄))∧(SA(T ₄)→SA(ta ₄₃))

∧(SA(ta ₄₃)→SA(ta ₄₃₁))∧(SA(ta ₄₃)→SA(ta ₄₃₂))∧(SA(ta ₄₃)→SA(ta ₄₃₃))∧(SA(ta ₄₃)→SA(ta ₄₃₄))

∧(SA(T ₄)→SA(ta ₄₄))∧(SA(ta ₄₄)→SA(ta ₄₄₁))∧(SA(T ₄)→SA(ta ₄₅))∧(PS(T ₅)→PS(ta ₅₁))

∧(PS(ta ₅₁)→PS(ta ₅₁₁))∧(PS(ta ₅₁)→PS(ta ₅₁₂))∧(PS(T ₅)→PS(ta ₅₂))∧(SA(T ₁)→DE(ta ₃₂₇))

∧(SA(T ₄)→DE(ta ₃₃₅))∧(SA(T ₄)→DE(ta ₃₂₇))∧(SA(T ₄)→DE(ta ₂₁))∧(SA(T ₅)→DE(ta ₃₃₅))

∧(SA(T ₅)→DE(ta ₄₁))∧(SA(T ₅)→DE(ta ₂₁))∧(PS(S ₁)→DE(ta ₄₁))∧(PS(S ₁)→DE(ta ₄₁₁))

∧(PS(S ₁)→DE(ta ₃₃₅))∧(PS(S ₂)→DE(ta ₄₁))∧(PS(S ₂)→DE(ta ₄₁₁))

Beginning state equation:

φ _Initial::＝SA(T ₁)∧PS(T ₂)∧SA(T ₃)∧SA(T ₄)∧PS(T ₅)∧PS(S ₁)∧PS(S ₂)

State constraint formula:

φ _Constraint::＝(SA(ta ₃₂₅)∨SA(ta ₃₂₇))∧(SA(ta ₃₂₆)∨SA(ta ₃₂₇))

Contradiction hierarchy equation can be accepted:

n is node in model

Credible demand rational formula φ is inputted TACD instrument, after reasoning, obtains result as shown in Figure 8.The reasoning results display formula φ does not meet, and contradiction minor is the 28th minor SA (T ₃₂) → SA (ta ₃₂₇), namely " fault-tolerant design " this process strategy and initial demand contradiction, in node state table, record contradiction.Continue input TACD instrument after amendment formula and carry out demand reasoning, the reasoning results is presented at with clause is contradictory, respectively corresponding " Redundancy Design ", " definition minimum safe standard " and " realizing minimum password design requirement " 5 process strategies, equally, again revise formula after record contradiction, input TACD instrument carries out demand reasoning, the reasoning results display formula φ meets, as shown in Figure 9:

Now, what node state table 2 have recorded all nodes in model meets state and contradiction state, wherein, eliminates the node state not having contradiction.

Table 2 node state table

Through there is the research of the process strategy of contradiction to these 5, " fault-tolerant design " removed, because " fault-tolerant design " grievous injury function applicability and security, and " error correcting designs " and " error-preventive design " can meet fault-tolerance to a certain extent.4 remaining process strategies then retain, but need to inweave software evolution process model according to the dependence defined in process strategy, so far, are met all process strategies of credible demand, start the process model building of authentication center's software below.

1.1.2 believable software process modeling

Based on the credible demand model of authentication center's software, obtain 45 process strategies, wherein, " fault-tolerant design " compromises function applicability and security due to it, and can be made up by " error correcting designs " and " error-preventive design ", therefore, eliminate this process strategy, remain 44 process strategies, corresponding 44 credible activities, use abstract data type method for expressing to define wherein 3 credible activities below, all the other are credible, and campaign definitions is similar, omits at this.

ACTIVITY functional analysis

IMPORTS

Requirements:Requirement_Type；Design:Design_Type；

System_for_Analysis:System_Type；Analysis_Request:STRING；

EXPORTS Analysis_Report:Analysis_Report_Type；

BODY Function_analysis；

ACTIVITY functional analysis

ACTIVITY assessment safety technique

IMPORTS Technology_Options:STRING；

EXPORTS Evaluation_Report,Technology_Options:STRING；

LOCALS Authorising_Origisation:ROLE；

BODY Technology_evaluation

ACTIVITY assesses safety technique

ACTIVITY Redundancy Design

IMPORTS

Requirements:Requirement_Type；Reliability_Model:Reliability_Model_Type；

EXPORTS Design_Redundency:Design_Type；Command:STRING；

BODY Recovery_design；N_redundancy_design；Defence_design；

ACTIVITY Redundancy Design

Redundancy Design " activity decomposition is set of tasks { " recovery block design ", " design of N-version program ", " defence formula program design " }, shown in corresponding Trustworthy task aspect is defined as follows, the definition of all the other Trustworthy task aspects is similar, omits at this.

TAspect _{t_}recovery block design=(id _t, ad _t, pc _t, type)

id _p＝Recovery_design；ad _p＝({Q ₁},{Q ₂})

Q ₁=Rea (Requirements) and Rea (Reliability_Model) Q ₂=Rea (Design_Redundency) pc _p={ a2.1, a2.2.4.1, a2.2.4.2}; Type=0; / * order before inweave */

TAspect _{t_}n-version program design=(id _t, ad _t, pc _t, type)

id _p＝N_redundancy_design；ad _p＝({Q ₁},{Q ₂})

Q ₁=Rea (Requirements) and Rea (Reliability_Model) Q ₂=Rea (Design_Redundency) pc _p={ a2.1, a2.2.4.1, a2.2.4.2}; Type=0; / * order before inweave */

TAspect _{t_}defence formula program design=(id _t, ad _t, pc _t, type)

id _p＝Defence_design；ad _p＝({Q ₁},{Q ₂})

Q ₁＝Rea(Requirements)and Rea(Reliability_Model)

Q ₂＝Rea(Design_Redundency)and Rea(Command_Options)

Pc _p={ a2.1, a2.2.4.1, a2.2.4.2}; Type=0; / * order before inweave */

In above-mentioned 3 Trustworthy task aspects, control dependence between " recovery block design " and " design of N-version program ", if can perform " design of N-version program ", then do not need to perform " recovery block design ", that is: " " control " recovery block design " needs when they inweave software evolution process model at same point of contact in mode of the same type to be modeled as according to control dependence to select syncretic relation to implement to inweave operation the design of N-version program again.

" functional analysis " and " assessment safety technique " in three credible activities defined above is defined as trusted processes aspect:

TAspect _{p_}functional analysis=(id _p, ad _p, pc _p, type)

id _p＝Function_analysis；ad _p＝(C,A,F,A _e,A _x)

C={fa1, fa2}; A={ functional analysis }; F={ (fa1, functional analysis), (functional analysis, fa2) };

A _e={ functional analysis }; A _x={ functional analysis };

Pc _p={ c1}; Type=2; / * case ambient inweave operation */

TAspect _{p_}assessment safety technique=(id _p, ad _p, pc _p, type)

id _p＝Technology_evaluation；ad _p＝(C,A,F,A _e,A _x)

C={te1, te2}; A={ assesses safety technique }; F={ (te1, assessment safety technique), (assessment safety technique, te2) };

A _e={ assessment safety technique }; A _x={ assessment safety technique };

Pc _p={ c1}; Type=2; / * case ambient inweave operation */

Because " functional analysis " and " assessment safety technique " inweaves with of the same type at isoschizomer, therefore, need the dependence considered between them, by analysis, between them, have data dependence relation, " assessment safety technique " needs the result obtaining " functional analysis " just can carry out safety technique assessment, therefore, before inweaving, first to their enforcement order mixing operation, and then inweaving operation around implementation condition, the software process model obtained after having inweaved is shown in Figure 10 and 11.

Through above-mentioned to credible activity, Trustworthy task aspect, trusted processes aspect definition, and credible aspect inweave operation, obtain the global layer model after trusted-extension:

GLOBALMODELSIS_TEvolution＝(P,TP,E)

TP＝{SIS_TProcess(7),TDesign_Evolution_Package(2)}；

E＝{(SIS_TProcess(7),TDesign_Evolution_Package(2))}。

Claims (1)

1. AOP believable software process modeling method, is characterized in that, comprises the steps:

1.1 believable software process strategies obtain

By analyzing trusted software demand, based on the acquisition of trusted software nonfunction requirement, modeling and reasoning, obtain the process strategy meeting trusted software demand:

1.1.1 trusted software Requirement Acquisition

In order to obtain credible focus in trusted software nonfunction requirement and soft object, the acquisition methods of trusted software nonfunction requirement is proposed based on fuzzy set theory and information entropy, provide expect the nonfunction requirement assessment data of credible target by collecting trusted software stakeholder, information entropy is used to screen assessment data validity, by the assessment data of all stakeholder of Fuzzy Sorting method choosing comprehensively after Efficient Evaluation data to be generated, therefrom obtain credible focus and soft object, concrete acquisition methods is as follows:

First, using Trapezoid Fuzzy Number to describe the quantized values of trusted software nonfunction requirement, when obtaining the assessment data of software stakeholder to trusted software nonfunction requirement, using complete inessential AL (0,0,0.077,0.154; 1), inessential L (0.077,0.154,0.231,0.308; 1), less important FL (0.231,0.308,0.385,0.462; 1), neutral M (0.385,0.462,0.538,0.615; 1), more important FH (0.538,0.615,0.692,0.769; 1), important H (0.692,0.769,0.846,0.923; 1) and extremely important AH (0.846,0.923,1,1; 1) linguistic variable describes the significance level that software stakeholder assesses every trusted software nonfunction requirement;

Secondly, in order to check the validity of assessment data and objectivity, propose assessment data validity check and choosing comprehensively method based on information entropy, specifically comprising following three steps:

Step 1. constructs credible need assessment data matrix A:

Wherein: for a jth stakeholder (1≤j≤m) assessment data to i-th nonfunction requirement, 1≤i≤n; the column vector of the xth row formation of representing matrix A, the row vector of the capable formation of y of representing matrix A, 1≤y≤n;

Step 2. calculates entropy based on the assessment data of software stakeholder:

$H_j=-\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}{\tilde{A}}_{\mathrm{ij}}1b{\tilde{A}}_{\mathrm{ij}}=-({\tilde{A}}_{1j}\&CircleTimes;1b{\tilde{A}}_{1j}\&CirclePlus;{\tilde{A}}_{2j}\&CircleTimes;1b{\tilde{A}}_{2j}\&CirclePlus;...\&CirclePlus;{\tilde{A}}_{\mathrm{nj}}\&CircleTimes;1b{\tilde{A}}_{\mathrm{nj}})$

To H _jdo normalized:

${\mathrm{\&theta;}}_j=\frac{H_j}{1\mathrm{bn}}=-\frac{1}{1\mathrm{bn}}\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}{\tilde{A}}_{\mathrm{ij}}1b{\tilde{A}}_{\mathrm{ij}}$

Positively reflecting that in order to enable calculated value stakeholder provides the contribution degree of effective assessment data, using 1-θ _jrepresent its contribution degree, after again it being normalized, obtain the contribution degree of each stakeholder:

$E_j=\frac{1-{\mathrm{\&theta;}}_j}{m-\underset{j=1}{\overset{m}{\mathrm{\&Sigma;}}}{\mathrm{\&theta;}}_j}$

Wherein: 0≤E _j≤ 1 and Σ E _j=1; E _jlarge then show that stakeholder j is relatively important and contribution is large;

Step 3. calculates the credible need assessment data comprehensively, for above-mentioned matrix A, gets the mean value of element value:

$W_i=\left(\frac{1}{m}\right)\&CircleTimes;({\tilde{A}}_{i1}\&CirclePlus;{\tilde{A}}_{i2}\&CirclePlus;...\&CirclePlus;{\tilde{A}}_{\mathrm{im}})=\frac{1}{m}\underset{j=1}{\overset{m}{\mathrm{\&Sigma;}}}{\tilde{A}}_{\mathrm{ij}}$

W _ithe mean value of the significance level of i-th nonfunction requirement;

Finally, the Fuzzy Sorting method based on Chen and Sanguansat ' s sorts to the nonfunction requirement after acquisition; For one group m trusted software stakeholder (S ₁, S ₂..., S _m), have evaluated n trusted software nonfunction requirement (C respectively ₁, C ₂..., C _n) significance level, the method based on information entropy has obtained the significance level value mean value of every nonfunction requirement , wherein :-∞ < w _i1≤ w _i2≤ w _i3≤ w _i4< ∞, and 1≤i≤n, W _isequencer procedure as follows:

Change each general fuzzy number for standard fuzzy numbers W _i ^*:

$W_i^{*}=(\frac{w_{i1}}{l},\frac{w_{i2}}{l},\frac{w_{i3}}{l},\frac{w_{i4}}{l};e_{W_i})=(w_{i1}^{*},w_{i2}^{*},w_{i3}^{*},w_{i4}^{*};e_{W_i})$

Wherein: 1≤i≤n and 1≤j≤4;

Calculate positive and negative region with they are subordinate functions with trapezoid area:

$f_{{W_i}^{*}}^L=e_{W_i}\&times;\frac{(x-w_{i1}^{*})}{(w_{i2}^{*}-w_{i1}^{*})},w_{i1}^{*}\&le;x<w_{i2}^{*}$

$f_{{W_i}^{*}}^R=e_{W_i}\&times;\frac{(x-w_{i4}^{*})}{(w_{i3}^{*}-w_{i4}^{*})},w_{i3}^{*}\&le;x<w_{i4}^{*}$

${\mathrm{Area}}_{\mathrm{iL}}^{-}=e_{W_i}\&times;\frac{(w_{i1}^{*}+1)+(w_{i2}^{*}+1)}{2}$

${\mathrm{Area}}_{\mathrm{iR}}^{-}=e_{W_i}\&times;\frac{(w_{i3}^{*}+1)+(w_{i4}^{*}+1)}{2}$

${\mathrm{Area}}_{\mathrm{iL}}^{+}=e_{W_i}\&times;\frac{\left({1-w}_{i1}^{*}\right)+\left({1-w}_{i2}^{*}\right)}{2}$

${\mathrm{Area}}_{\mathrm{iR}}^{+}=e_{W_i}\&times;\frac{\left({1-w}_{i3}^{*}\right)+\left({1-w}_{i4}^{*}\right)}{2}$

Calculate each nonfunction requirement W _i ^*'s and value, they represent forward and negative sense impact respectively:

${\mathrm{XI}}_{{\tilde{A}}_i^{*}}={\mathrm{Area}}_{\mathrm{iL}}^{-}+{\mathrm{Area}}_{\mathrm{iR}}^{-}$

${\mathrm{XD}}_{{\tilde{A}}_i^{*}}={\mathrm{Area}}_{\mathrm{iL}}^{+}+{\mathrm{Area}}_{\mathrm{iR}}^{+}$

Calculate each W _i ^*ranking value Score (W _i ^*):

$\mathrm{Score}\left(W_i^{*}\right)=\frac{1\&times;{\mathrm{XI}}_{W_i^{*}}+(-1)\&times;{\mathrm{XD}}_{W_i^{*}}}{{\mathrm{XI}}_{W_i^{*}}+{\mathrm{XD}}_{W_i^{*}}+(1-e_{W_i^{*}})}=\frac{{\mathrm{XI}}_{W_i^{*}}-{\mathrm{XD}}_{W_i^{*}}}{{\mathrm{XI}}_{W_i^{*}}+{\mathrm{XD}}_{W_i^{*}}+(1-e_{W_i^{*}})}$

Wherein: Score (W _i ^*) ∈ [-1,1] and 1≤i≤k

W _i ^*ranking value Score (W _i ^*) larger, show that corresponding nonfunction requirement is more important, credible focus should be defined as, and for ranking value Score (W _i ^*) little nonfunction requirement, then should be defined as soft object;

1.1.2 believable software process strategy obtains

For the credible focus in trusted software demand, from process control angle, the process strategy realizing credible focus is proposed, simultaneously, consider the correlationship between nonfunction requirement, software trust demand meta-model TRMM (Trustworthy RequirementMeta-Model) is proposed, describe the realization of credible focus and the correlationship of trusted software demand complexity, meanwhile, set up credible Requirements Modeling knowledge base and complete credible Requirements Modeling with auxiliary modeling person;

This knowledge base is made up of credible focus storehouse and process strategy storehouse: credible focus storehouse contains the credible focus of stakeholder and correspondence, and the decomposition of these credible focus; The credible activity of process strategy library storage and the contribution to credible focus and soft object thereof, select constraint stipulations to be namely select suitable process strategy according to contribution, solve the conflict relationship between trusted software nonfunction requirement;

Use the credible demand of TRMM modeling, it is the process strategy meeting credible focus in order to find out entirety, but in order to weigh conflict, use satisfiability problem method for solving, the process strategy set that entirety meets credible focus is found out by backward deduction, if can not find, display causes ungratified contradiction, or finds satiable process strategy set when accepting contradiction to a certain degree; Below the algorithm generating credible demand SAT formula:

Algorithm 1.1 is credible demand SAT formula generating algorithm MakeSAT;

Original state, node restrained condition be set and contradiction grade can be accepted, software trust demand model M=(N, R) being converted to credible demand model formula φ _model, be generated as credible demand SAT formula φ

Input: M=(N, R). export: φ.

By algorithm 1.1, generate the SAT formula of credible demand model, solve to realize satisfiability problem, the formula conversion script prop2cnf.py that Open-Source Tools zChaff and YoonsuckChoe provide is solved based on satisfiability problem, propose credible demand satisfiability reasoning algorithm, and developing instrument TACD assists reasoning; Below credible demand satisfiability solving algorithm:

Algorithm 1.2 is credible demand satisfiability solving algorithm Satisfiability;

Find out the status indication L (n of k the node meeting credible demand SAT formula φ _i), (i=1 ... k)

Input: M=(N, R).

Export: node original state Initial_Status (n _i), node solves rear state SAT_Status (n _i), node contradiction Inconsistency (n _i).

By satisfiability reasoning, obtain believable software process strategy, below provide the method that Kernel-based methods strategy proposes believable software process modeling:

1.2 believable software process modelings

Based on software evolution process modeling method, the process strategy obtained by trusted software Requirements Modeling and reasoning, proposes the believable software process modeling method of AOP:

1.2.1 believable software process meta-model and believable software process framework

Based on the thought of AOP method, the credible activity realized in the process strategy of credible focus is refined as process notifications and task notifications according to different grain size, determining point of contact and be defined as respectively after inweaving type in trusted processes and in Trustworthy task, trusted processes aspect and Trustworthy task aspect are referred to as credible aspect, credible aspect is knitted into software evolution process, realizes believable software process modeling;

Believable software process modeling method proposes the believable software process meta-model TEPMM (Trustworthy-EPMM) of believable software process framework and AOP based on software evolution process framework and software evolution process meta-model EPMM;

First, believable software process framework is obtained based on AOP method expansion software evolution process framework; Believable software process framework is expanded at four levels of former framework, in mobile layer, the activity defined in process strategy is credible activity, credible activity can be refined as the task notifications of task layer and the process notifications of process layer according to the difference of granularity, is determining point of contact and is being defined as respectively after inweaving type in Trustworthy task and in trusted processes; At task layer, to needing the task-cycle Trustworthy task aspect of expansion to inweave, after inweaving, obtain Trustworthy task; At process layer, to needing the Soft ware process implementation trusted processes aspect of expansion to inweave, after inweaving, obtain trusted processes; Finally, in global layer, expansion has inweaved the believable software process behind credible aspect;

Secondly, believable software process meta-model TEPMM is obtained based on credible aspect synthetic method expansion EPMM; Credible aspect synthetic method is as follows:

1.2.2 credible aspect synthetic method

The core of credible aspect synthesis is synthesis mechanism, multiple credible aspect on Share interlinkage point to permeate a credible aspect according to composition rule by synthesis mechanism, then inweave the point of contact of basic model, therefore, aspect composition rule is divided into fusion rule and aspect between aspect to inweave rule; Based on aspect composition rule, propose credible aspect synthetic method, and be divided into mixing operation according to synthetic operation and inweave operation two class;

When multiple credible aspects need to inweave software evolution process model at same tie point in mode of the same type, first these credible aspects are permeated a credible aspect, the more credible aspect after merging is inweaved software evolution process model;

At task layer, for needs with the Trustworthy task aspect inweaving same point of contact of the same type, based on dependence analysis, be order syncretic relation and selection syncretic relation by the Task Switching of Existence dependency relationship; Below the algorithm of Trustworthy task aspect mixing operation:

Algorithm 1.3 Trustworthy task aspect mixing operation algorithm Task_Aspect_Merging

Input need in the Trustworthy task inweaved of the same type of same point of contact tAspect _t1..., tAspect _tn, analyze dependence, the task for Existence dependency relationship builds Task Dependent figure TDG, is then converted to task notifications, for the task of not having dependence, merges or select to merge according to actual conditions enforcement order:

Input: tAspect _t1=(id _t1, ad _t1, pc _t1, type ₁) ..., tAspect _tn=(id _tn, ad _tn, pc _tn, type _n).

Export: tAspect _t=(id _t, ad _t, pc _t, type), tAspect _t1=(id _t1, ad _t1, pc _t1, type ₁) ..., tAspect _tn=(id _tn, ad _tn, pc _tn, type _n).

After fusion, just only have at same point of contact in dissimilar Trustworthy task and need to inweave, now perform Trustworthy task aspect and inweave operation, inweave before the inweaving of Trustworthy task aspect is divided into, afterwards and around, corresponding task 2_ asserts that the order of function inweaves and selection inweaves respectively, inweaves algorithm as follows:

Algorithm 1.4 Trustworthy task aspect inweaves algorithm Task_Weaving

Input a basic task t=({ Q ₁, { Q ₂, M _i, M _o) and a Trustworthy task aspect tAspect _t=(id _t, ad _t, pc _t, type), at tAspect _tthe point of contact pc of definition _t=({ Q ₁, { Q ₂) place's enforcement task notifications ad _t={ ({ Q _a, { Q _b) inweave operation:

Input: t, tAspect _t.

Export: tt=({ Q _x, { Q _y, Mi, Mo).

During process layer modeling, first implementing mixing operation to the trusted processes aspect of the same type at each point of contact, is below the algorithm of trusted processes aspect mixing operation:

Algorithm 1.5 trusted processes aspect mixing operation algorithm Process_Aspect_Merging

For the isoschizomer trusted processes aspect tAspect inweaved of the same type _p1..., tAspect _pn, analyzing dependence, for the activity enforcement order of Existence dependency relationship and the mixing operation of selection, for not having the activity of dependence to implement concurrent mixing operation, exporting the trusted processes aspect tAspect after merging _p, there is the trusted processes aspect tAspect of different tie point in amendment _p1..., tAspect _pnpoint of contact definition:

Input: tAspect _p1=(id _p1, ad _p1, pc _p1, type ₁) ..., tAspect _pn=(id _pn, ad _pn, pc _pn, type _n).

Export: tAspect _p=(id _p, ad _p, pc _p, type), tAspect _p1=(id _p1, ad _p1, pc _p1, type ₁) ..., tAspect _pn=(id _pn, ad _pn, pc _pn, type _n).

After aspects of the same type all on each point of contact complete mixing operation, implement trusted processes aspect and inweave operation, according to the definition of process layer point of contact, inweaving of trusted processes aspect is divided into condition to inweave, activity inweaves and inweaves with arc; It is as follows that condition inweaves operative algorithm:

Algorithm 1.6 condition inweaves operative algorithm Condition_Weaving

Input basic process p=(C, an A; F,M ₀) and a trusted processes aspect tAspect _p=(id _p, ad _p, pc _p, type), by tAspect _pthe condition inweaving p inweaves operative algorithm:

Input: p, tAspect _p. export: tp=(C, A; F,M ₀).

Activity inweaves that Operation Definition movablely around inweaves operation, iteration inweaves operation and concurrently inweaves operation, this three class inweave operate as follows:

Algorithm 1.7 activity inweaves algorithm Activity_Weaving

Input basic process p=(C, an A; F,M ₀) and a trusted processes aspect tAspect _p=(id _p, ad _p, pc _p, type), by tAspect _pthe activity inweaving p inweaves operative algorithm:

Input: p, tAspect _p.

Export: tp=(C, A; F,M ₀).

It is as follows that arc inweaves operative algorithm:

Algorithm 1.8 arc inweaves operative algorithm Flow_Weaving

Input basic process p=(C, an A; F,M ₀) and a trusted processes aspect tAspect _p=(id _p, ad _p, pc _p, type), by tAspect _pthe arc inweaving p inweaves operative algorithm:

Input: p, tAspect _p.

Export: tp=(C, A; F,M ₀).

1.2.3 AOP believable software process modeling method

Based on the acquisition of believable software process strategy, believable software process framework and credible aspect synthetic method, the flow process of AOP believable software process modeling is as follows:

Step 1. process strategy obtains

For trusted software demand, the trusted software nonfunction requirement acquisition methods based on fuzzy set theory and information entropy is proposed, the credible Requirements Modeling method in credible demand meta-model TRMM and knowledge based storehouse is proposed with reference to NFR framework and i* model, for correlationship complicated between trusted software nonfunction requirement, based on satisfiability problem method for solving, propose the satisfiability backward deduction method of credible demand, and obtain believable software process strategy by reasoning;

The modeling of step 2. mobile layer

Credible activity modeling is implemented based on the credible activity in the believable software process strategy obtained, namely credible activity is designed in the mobile layer of believable software process, define the input of credible activity, output, local data structure and mobile, different according to control decomposing, mobile is defined as a software process or a set of tasks, and on this basis, definition trusted processes aspect and Trustworthy task aspect;

The modeling of step 3. task layer

Task layer modeling is that Trustworthy task aspect is inweaved software evolution process model; For the isoschizomer Trustworthy task aspect inweaved of the same type, first enforcement aspect mixing operation, if have dependence between the task notifications of Trustworthy task aspect, implement to merge according to dependence, if there is no dependence between task notifications, modeling person can as required in order or choice structure implement merge; For not isoschizomer or isoschizomer but dissimilar Trustworthy task aspect, enforcement aspect inweaves operation;

The modeling of step 4. process layer

Process layer modeling is that trusted processes aspect is inweaved software evolution process model; For the isoschizomer trusted processes aspect inweaved of the same type, first enforcement aspect mixing operation, if have dependence between the process notifications of trusted processes aspect, implement to merge according to dependence, if do not have dependence between process notifications, modeling person can implement to merge according to concurrent structure; For not isoschizomer or isoschizomer but dissimilar trusted processes aspect, enforcement aspect inweaves operation;

The modeling of step 5. global layer

Process layer modeling will produce new trusted processes, and therefore, global layer modeling identifies all relation of inclusion between trusted processes, software process and process; By global layer model, modeling person can grasp the change of former software evolution process model and the overall architecture of new believable software process model;

The first step of believable software process modeling is the credible activity that the process strategy inferred by credible demand determines to expand software evolution process model activity layer, and defines the input of credible activity, output, local data structure and mobile;

Algorithm 1.9 is credible movable modeling algorithm Tactivity_Modelling

The modeling of credible activity comprises definition input, output, local data structure and mobile, and mobile is decomposed into a trusted processes or a Trustworthy task set further:

Input: process strategy.

Export: credible active set TA, Trustworthy task aspect set TAspect _t, trusted processes aspect TAspect _p, A ₁.

The same with the activity in software evolution process meta-model, credible activity can be refined as software process or set of tasks according to granularity difference, they are defined as trusted processes aspect and Trustworthy task aspect respectively, and, inweave software evolution process model at process layer and task layer respectively;

The modeling of task layer and process layer is that Trustworthy task aspect and trusted processes aspect are inweaved software evolution process meta-model in essence; The first step of modeling process finds the credible aspect each point of contact needing inweave; If some point of contacts only have a credible aspect need to inweave, then call credible aspect based on point of contact definition and inweave algorithm; If there is multiple credible aspect to need to inweave same point of contact, for the isoschizomer credible aspect inweaved of the same type, call credible aspect blending algorithm, the credible aspect ensuring dependence is complete and correctly inweave software evolution process model; For the credible aspect that isoschizomer is dissimilar, call credible aspect based on point of contact definition equally and inweave algorithm;

Algorithm 1.10 task layer modeling algorithm Ttask_Modelling

The set of tasks T of Input Software evolutionary process model and Trustworthy task aspect set TAspect _t={ tAspect _t1, tAspect _t2..., tAspect _tn, (n>0), task layer modeling algorithm is by TAspect _tin all Trustworthy task aspects inweave T, generate Trustworthy task set TT:

Input: T, TAspect _t.

Export: TT.

Algorithm 1.11 process layer modeling algorithm Tprocess_Modeling

The software process set P of Input Software evolutionary process model and trusted processes aspect set TAspect _p={ tAspect _p1, tAspect _p2..., tAspect _pn, (n>0), process layer modeling algorithm is by TAspect _pin all trusted processes aspects inweave P, generate trusted processes set TP:

Input: P, TAspect _p.

Export: TP.

Contrary with software evolution process modeling procedure, the global layer modeling of believable software process modeling implements after completing mobile layer, process layer and task layer modeling; Based on not inweaving the software evolution process of credible aspect and having inweaved the believable software process of credible aspect, world model's modeling algorithm is as follows:

Algorithm 1.12 global layer modeling algorithm Tglobal_Modelling

Input trusted processes aspect set TAspect _pwith software evolution process set P, invoked procedure layer modeling algorithm Tprocess_Modeling is by TAspect _pinweave P, generate complete or collected works' model g=(P, TP, E):

Input: P, TAspect _p.

Export: g.