-
5701.通过DO-178C和DO-278A认证的关键安全软件
[信息传输、软件和信息技术服务业] [2013-09-30]
The RTCA has recently released DO-178C and DO-278A as new certification guidance for the production of airborne and ground-based air traffic management software, respectively. Additionally, RTCA special committee SC-205 has also produced, at the same time, five other companion documents. These documents are RTCA DO-248C, DO-330, DO-331, DO- 332, and DO-333. These supplements address frequently asked questions about software certification, provide guidance on tool qualification requirements, and illustrate the modifications recommended to DO-178C when using model-based software design, object oriented programming, and formal methods. The objective of this paper is to first explain the relationship of DO-178C to the former DO-178B in order to give those familiar with DO- 178B an indication of what has been changed and what has not been changed. With this background, the relationship of DO-178C and DO-278 to the new DO-278A document for ground-based software development is shown. Last, an overview of the new guidance contained in the tool qualification document and the three new supplements to DO-178C and DO-278A is presented. For those unfamiliar with DO-178B, this paper serves to provide an entry point to this new certification guidance for airborne and ground-based CNS/ATM software certification.
关键词:电子信息;软件;关键安全;认证;DO-178C;DO-278A
-
5702.软件架构原则
[信息传输、软件和信息技术服务业] [2013-09-28]
1. Understand the role of software architecture within the software design phase 2. Become familiar with architectural tasks and problem solving during architecture 3. Understand the importance and role of architectural views in software architecture 4. Become familiar with the software architecture process 5. Become familiar with the concept of architecture evaluation.
关键词:电子信息;软件;架构;原则
-
5703.使用NOP随机插入的多样化软件堆栈
[信息传输、软件和信息技术服务业] [2013-09-28]
Software monoculture is a significant liability from a computer security perspective. Single attacks can ripple through networks and affect large numbers of vulnerable systems. A simple but unusually powerful idea to solve this problem is to use artificial diversity in software systems. After discussing the design space of introducing artificial diversity, we present an in-depth performance analysis of our own technique: randomly inserting non-alignment NOP instructions. We observe that this technique has a moderate performance impact and demonstrate its real world applicability by diversifying a full system stack.
关键词:电子信息;软件;堆栈
-
5704.面向主题的软件设计方法和抽象状态机的方法
[信息传输、软件和信息技术服务业] [2013-09-28]
In [32, Appendix] we have shown that the system which implements the Subject-oriented approach to Business Process Modeling (S-BPM) has a precise semantical foundation in terms of Abstract State Machines (ASMs). The construction of an ASM model for the basic S-BPM concepts revealed a strong relation between S-BPM and the ASM method for software design and analysis. In this paper we investigate this relation more closely. We use the analysis to evaluate S-BPM as an approach to business process modeling and to suggest some challenging practical extension of the S-BPM system.
关键词:电子信息;软件设计;主题;抽象
-
5705.统一建模语言的软件设计
[信息传输、软件和信息技术服务业] [2013-09-28]
1. Understand the role and importance of Unified Modeling Language (UML) in software design 2. Become familiar with UML's common structural and behavioral diagrams 3. Understand the relationship between structural UML models and code 4. Understand how to model concurrency with UML.
关键词:电子信息;软件;统一建模语言
-
5706.软件工程的文化敏感因素
[信息传输、软件和信息技术服务业] [2013-09-28]
The characteristics of software engineering (SE) are changing rapidly. The following trends are easy to notice: the transfer from plan driven development to agile development, the transfer towards distributed and multicultural teams and organization structure, the increasing importance of services related to software products or software itself, transfer towards cloud implementation of information systems. Even as agile software development is encouraging active interaction inside teams and between the developers and the clients, distributed work is increasing its difficulty. The problems of distribution itself can be solved by tools and techniques, e.g. by improved version and configuration management, careful asset repository management, tools forcing the production of unified specifications, and tools supporting communication in a distributed development context. When software organizations are multicultural, one additional dimension of difficulty appears. Even in a single unit, differences in cultural background may cause problems, but the problems become emphasized especially in the case of distributed work. The same problem also appears in software related services: to an increasing extent the service chain is distributed across cultural borders. Process models are used to provide means for the better management of software engineering and services. Predefined processes force the developers to follow the given guidelines throughout the organization - regardless of the geographical location and cultural background of the employees. This is also the expectation of managers. A slightly more careful look at the real situation gives a different view: some processes are more culture sensitive than others, and the practices are "tuned" to follow the rules of the culture. This paper opens up the discussion on the cultural aspects in connection with software engineering, taking into account especially the role of national cultures.
关键词:电子信息;软件工程;跨文化;多文化的;软件生命周期过程;文化敏感性
-
5707.机器学习和基于事件的软件测试:识别不可行GUI事件序列的分类器
[信息传输、软件和信息技术服务业] [2013-09-28]
Machine learning is a technique not widely used in software testing even though the broader field of software engineering has used machine learning to solve many problems. In this chapter we present an overview of machine learning approaches for many problems in software testing, including test suite reduction, regression testing, and faulty statement identification. We also present our work using machine learning to augment automatic model-based test case generation for graphical user interfaces (GUIs). A model of the GUI is used to generate test cases, which are event sequences, to be executed on the system under test. Such models may not completely represent the GUI, and therefore may allow infeasible test cases to be generated that violate constraints in the GUI. We use two different machine learning techniques (support vector machines and grammar induction) to identify infeasible test cases (i.e., test requirements that cannot be satisfied). We demonstrate that these techniques are robus,t across different-length test cases and different GUI constraints.
关键词:电子信息;软件测试;机器学习
-
5708.软件工程设计介绍
[信息传输、软件和信息技术服务业] [2013-09-28]
1. Understand software design from the engineering perspective 2. Understand the importance of software design in developing complex products 3. Understand the issues that make software design challenging 4. Understand the software design process and differentiate between its activities 5. Become familiar with software design principles, considerations, and strategies.
关键词:电子信息;软件设计;工程
-
5709.WEB2.0设计——复杂服务机器人的集成管理和分布式软件开发
[信息传输、软件和信息技术服务业] [2013-09-28]
Current activities to improve the robot development process mostly focus on the technical aspects of robot development, including the fostering of robotic development frameworks, the integration of model driven engineering methods and tools, or the assessment of best practice components and architectures. In contrast this article highlights aspects that are orthogonal to this technical point of view: the cooperation and project management aspects of robot development processes. Distributed development and testing on a common hardware platform require remote and anytime accessibility paired with a respective resource management, high op-erability of the robot including quality management and easy deployment of new software components. In the present article a web-based integration platform for distributed development and test is presented that aims at providing an integrated solution for these requirements. It was developed in the last phase of the DESIRE project due to the urgent need for a powerful tool that would reduce the immense integration efforts within the project. The results of the practical evaluation of the web portal are given in the last section of this article.
关键词:电子信息;软件;web2.0;机器人;集成平台;分布式开发
-
5710.通过原位代码随机化来实现软件的多元化
[信息传输、软件和信息技术服务业] [2013-09-28]
The wide adoption of non-executable page protections has given rise to attacks that employ return-oriented programming (ROP) to achieve arbitrary code execution without the injection of any code. Existing defenses against ROP exploits either require source code or symbolic debugging information, or impose a significant runtime overhead, which limits their applicability for the protection of third-party applications. Aiming for a practical mitication against ROP attacks, we introduce in-place code randomization, a software diversification technique that can be applied directly on third-party software. Our method uses various narrow-scope code transformations that can be applied statically, without changing the location of basic blocks, allowing the safe randomization of stripped binaries even with partial disassembly coverage. We demonstrate how in-place code randomization can prevent the exploitation of vulnerable Windows 7 applications, including Adobe Reader, as well as the automated construction of reliable ROP payloads.
关键词:电子信息;软件;代码;多元化