摘要
安全的现状已经清楚地表明:传统的安全理论与技术已经没有办法为任务关键系统的安全提供根本和可靠的保障,如何在灾难发生时尽量保证现有关键任务的持续、及时完成,已成为亟待解决的问题。可生存性研究就是顺应这个需求而产生的新课题。可生存性作为下一代网络安全的核心目标,目前已经成为国内外信息安全领域竞相研究的新的热点,它代表了网络安全研究发展的新方向。从网络安全的历史、现状和发展趋势来看,增强系统的可生存性,是目前应付一切攻击、入侵和破坏的最佳途径。
可生存性增强技术主要研究改善系统可生存能力的方法和技术,它是针对现有系统在入侵抵抗、识别和恢复的薄弱环节进行的增强设计和提出的对策建议。而面向生存性的应急技术是对动态的系统生存态势所进行的主动、有预见性地响应,是为了确保系统发生服务失效时,关键服务仍可继续运作,而预先制定和准备执行的一系列操作策略集。目前,面向生存性的应急技术已经成为提高系统可生存能力的一个重要研究分支,正处于“方兴未艾”阶段,现在这方面的研究文献还少见诸报,且仅局限在CMU、CERT/CC、EDI、DARPA、BBN等几个研究机构展开,许多问题还没有解决,更缺乏深入的理论研究和可实施性,大部分实现仍然停留在模拟和仿真阶段。而本文对此进行了较为系统的研究,重点基于Monitor-Analysis-Response的三级渐进控制模式来研究生存性增强的若干应急关键技术。
首先,研究了任务关键系统可生存态势的应急感知模型。提出一种基于灰关联分析的可生存态势评估模型,该评估模型首先由规范化的区间数性能指标决策矩阵入手,应用灰关联分析评估出系统的可生存性概率,然后基于“熵差”得到整个系统当前可生存态势的综合评估。而后,由评估模型得到的随机采样的非等时距可生存性评估数据序列入手,根据累加序列所呈现出“S”形或反“S”形的摆动特征,利用灰色Verhulst模型或其反函数模型预测出系统未来的生存态势值,然后基于多级残差对模型的预测精度进行修正,最后应用修正后的新模型得到直观的系统未来生存态势曲线图。
其次,研究了面向系统可生存性增强的应急分析方法。从应急调度的角度来研究保证关键服务持续、可靠运行的可生存性增强策略,提出了Criticality-Lifetime-Deadline First的生存应急调度算法。首先,基于参数灵敏度分析给出了调度参数的选取方法;然后,利用多重链表给出了算法的实现,包括服务的接受策略与服务完成/夭折策略的算法实现;最后,对应急服务的“颠簸现象”,提出了设置抢占阈值的解决方案。仿真结果表明提出的方法为关键服务的可生存性提供了保证,有效提高了整个系统的可生存能力。
再次,研究了面向系统可生存性增强的应急响应方法。以应急响应需求为背景,提出了一种基于自主配置的生存应急响应算法,解决了自主应急过程中的应急响应时间点的选择和应急资源重配的问题。首先,基于中心极限定理和假设检验理论,计算求得各关键服务在主、备服务器上的历史平均服务响应时间的置信区间;然后,根据主、备服务器上服务响应时间置信区间的5种分布情况,提出的自主应急响应算法可以为应急服务在不同的时间响应区选择合适的应急策略;最后,提出了一个可以同时满足应急响应时间和受剥夺影响的非关键服务个数最少的应急资源重配算法。整个应急配置的过程对用户透明,最大限度地保证了关键服务请求在用户期望的截止时间内完成。
最后,研究了可生存系统细粒度的应急恢复方法。首先着重研究了利用随机Petri网形式化地描述了系统及服务的几种典型的失效模型,给出了可生存系统若干可度量的恢复性指标参数的求解方法;然后,提出了基于系统级、服务级、进程级和线程级的四级递归嵌套的应急重启恢复策略,定义了重启优先级的计算方法,得到了各级重启链的构建规则;最后,利用SPNs描述了四级应急重启策略的实施过程。
Current security status quo clearly shows that traditional security theories and technologies can't provide basic and reliable guarantees for mission-critical system any more. How to ensure the critical tasks finished continuously and in time has been an urgent problem which needs to be solved. Survivability is emerging as a novel research topic to meet current application requirements. Survivability, as a core objective of the next generation network security, has become a hot research topic and represents a new research direction in network security field. Concluded from the history, status and developing trend of network security, enhancement of system survivability is the best way to cope with all the attacks, intrusions and destructions at present.
The technology of survivability enhancement mainly studies the methods and techniques for improving system survivability, which is carried out as enhancing design and advice aiming at the weak points of existing system during resistance, identify and recovery. The survivability-oriented emergency technology is to respond to dynamic system survivability situation initiatively and foresightedly, which is a series of strategy set established in advance and prepared to carry out to ensure that key services can run normally in case of service failures. At present, survivability-oriented emergency technology has become an important research branch in the field of system survivability enhancement, which is in the ascendant stages. However, current researches are still rare and limited in institutes like CMU, CERT/CC, EDI, DARPA, and BBN and so on. Many crucial questions have not been solved, and deep theoretical research and implementation are still lacks. Most realizations still stays at the stages of simulation and emulation. In this dissertation, a more systematic study has been carried out, which focus on triple class gradual control mode 'Monitor-Analysis-Response' to study several emergency key technologies for system survivability improvement.
First, emergency awareness model of mission-critical system survivability situation was studied. A quantitative evaluation model for system survivability situation based on grey relation analysis was proposed, which applied grey relation analysis to assess the best affiliate degree and survivability probability of every key service starting with normalizing interval number performance index decision-making metrics. Then, the changes of every key service's survivability situation based on network entropy difference were assessed. Finally, the synthesis evaluation for the whole network system could be gained. And that, starting with unequal interval original sampled survivability evaluation data sequence, the grey verhulst model or its inverse function based on the swaying character of S or reverse S shape presented by accumulated sequence could be chosen to forecast future survivability value of a system. Moreover, the forecast precision of model could be improved based on multilevel residual error. Finally, the new model with residue correct can be used for gaining the intuitionistic network survivability situation curve graph.
Second, the emergency analysis method for the improvement of system survivability was studied. A novel algorithm of Criticality-Lifetime-Deadline-First (CLDF) from the point view of emergency scheduling was proposed, which is a Survivable enhanced scheme. Firstly, a novel method for choosing right scheduling parameters is proposed based on the analysis of parametric sensitivity. Then, the implementation of CLDF algorithm is given using multi-linked lists, including service acceptance policy and service completion/abortion policy. Finally, in order to relieve the frequent switching or serious thrashing caused by CLDF, a feasible solution is presented to the CLDF algorithm based on the preemption threshold. The experimental results show that the proposed method can provide guarantees for survivability of critical services, especially when the system is overload, the performance can degrade gracefully, and which effectively improves the survivability of the whole system.
Third, the emergency response method for the improvement of system survivability was studied. Taking the requirements of emergency response as research background, an emergency response algorithm based on autonomic configuration was presented, which solved the choice of emergency response time and the reconfiguration of emergency resources in the process of autonomic emergency. First, based on the central limit theorem and the hypothesis testing theory, the confidence interval of each key service's history average service response time in the host server and spare server can be figured out respectively. Then, according to the five kinds of distributed situations of current service response time's confidence interval in the host server and spare server, the proposed algorithm can dynamically choose feasible emergency schemes at the right time. Finally, an emergency resource reconfiguration algorithm is proposed, which satisfies requirements of the least time of emergency response and the smallest numbers of non-critical service preempted. The whole configuration process is transparent to users and guarantees that critical services can be finished within its expected deadline by users as far as possible.
Finally, a fine-grained emergency rejuvenation method for Survivable system was studied. First of all, several typical failure models of system and service were formally described based on Petri nets, in which a number of measurable index parameters for rejuvenation were also given out. And then a four-level nested recursive emergency rejuvenation strategy was proposed based on system-level, service-level, process-level and thread-level, the computing process of rejuvenation priority is also defined and the chain of rejuvenation is obtained. Eventually, the implementation process of four-level emergency rejuvenation strategy was described using SPNs.
引文
[1]中国信息安全产品测评认证中心编著.信息安全理论与技术.北京:人民邮电出版社,2003:1-30页
[2]Lipson H F,Fisher D A.SurvivaSility-A New Technical and Business Perspective on Security.Proceedings of the 1999 workshop on New security paradigms,New York,USA,1999:33-39P
[3]Morel Benoit.Immunology and the Survivability of Mission Critical Cyber-Based Systems.Proceedings of the 4th IEEE/CMU/SEI Information Survivability Workshop(ISW-2001/2002),Vancouver,BC Canada,2001.
[4]查理-达尔文.物种起源.北京:人民日报出版社,2005:211-287页
[5]荆继武.在攻击中生存信息安全新方向-入侵容忍技术.计算机世界,2004(4):15-27页
[6]Ellison R J,Fisher D A,Linger R C,et al.Survivable Network Systems:An Emerging Discipline.Pittsburgh,Software Engineering Institute,Carnegie Mellon University,Technical Report CMU/SEI-97-TR-013,1997:19-35P
[7]Jiang T Z.A New definition of Survivability of Communication Networks.Military Communications Conference:Military Communication in a Changing World,IEEE,1991:2007-2012P
[8]Ball R E.The Fundamentals of Aircraft Combat Survivability Analysis and Design.New York:American Institute of Aeronautics and Astronautics,1985:429-548P
[9]Shi J X,Fonseka J P.Traffic-based Survivability Analysis of Telecommunications Networks.Global Telecommunications Conference,GLOBECOM '95,IEEE,1995:936-940P
[10]TlAl.2 Working Group.http://www.tl.org/tlal/al2-hom.html
[11]王东霞,窦文华.保证关键服务生存性的ATM网络资源管理.计算机研究与发展,2000,37(1):50-54页
[12]史国炜,曹烈光.SDH接入网的网络生存性研究.清华大学学报(自然科学版),2003,43(9):1269-2171页
[13]Neumann P G,Barnes A H.Survivable Computer-Communication Systems:the Problem and Working Group Recommendations,in Technical report VAL-CE-TR-92-22,Washington:US Army Research Laboratory,1993
[14]Ellison R J,Linger R C,Longstaff T.Survivable Network System Analysis:A Case Study.IEEE Software,1999.16(4):70-77P
[15]Westmark V R.A Definition for Information System Survivability.In Proceedings of the 37th Annual Hawaii International Conference on System Sciences(HICSS'04),Track 9,2004:1-10P
[16]Information Survivability Workshops.www.cert.org/research/isw.html.
[17]Organically Assured and Survivable Information System(OASIS).http://www.tolerantsystems.org.
[18]Malicious and Accidental-fault Tolerance for Intemet Applications.IST Programme RTD Research Project IST-1999-11583.http://www.maftia.org.
[19]Lipson H F,Fisher D A.Survivability-A New Technical and Business Perspective on Security.http://www.cert.org/archive/pdf/busperspec.pdf.
[20]Liu P.Research Directions in Survivable Systems and Networks.http://www.is.ac.cn/pliu-talk-beijing-2.ppt,2004
[21]Carl Landwehr.Research Direction in Intrusion Tolerant Systems.In 42nd IFIP WG Meeting,2002
[22]Ellison R J,Moore A P.Trustworthy Refinement through Intrusion-Aware Design.CMU/SEI-2003-TR-002.http://www.sei.cmu.edu/publications/docume nts/03.reports/03tr002.html
[23]Ellison R J,Moore A P.Trustworthy Refinement through Intrusion-Aware Design(TRIAD):An Overview.Proceedings of the 3~(rd) Annual High Confidence Software and Systems Conference,Baltimore,MD,2003:1-10P
[24]Richard C L,Howard F L,John M,et al.Life-Cycle Models for Survivable Systems.CMU/SEI-2002-ESC-TR-026,Boston:Carnegie Mellon University,2002
[25]Linger R C,Mead N R,and Lipson H F.Requirements Definition for Survivable Network Systems.Proceedings of the 3rd International Conference on Requirements Engineering,IEEE Computer Soc.Press,Los Alamitos,Calif,1998:14-23P
[26]Mead N R,Ellison R J,Linger R C.Survivable Network Analysis Method.http://www.cert.org/archive/pdf/OOtrO 13.pdf
[27]Zinky J A,Bakken D E,Schantz R.Architectural Support for Quality of Service for CORBA Objects.Theory and Practice of Object Systems,1997,3(1):55-73P
[28]John R,Dawn X S,Jonathan K M.Survivable Loosely Coupled Architectures.SRI International,Menlo Park,CA,Technical Report,F30602-96-C-0291,2003
[29]Matti A H,Richard D S,Carlos A U.et al.Survivability through Customization and Adaptability:the Cactus Approach,In DARPA Information Survivability Conference and Exposition(DISCEX 2000),Hilton Head,SC.,U S A,2000:294-307P
[30]Peter G N.Practical Architectures for Survivable Systems and Networks.http://www.csl.sri.com/NeumaiWsurvivability.pdf,2002
[31]Liu P.Architectures for Intrusion Tolerant Database Systems.Proceedings of the 18th Annual Computer Security Applications Conference(ACSAC'02),2002:311-320P
[32]Wang F Y,Kishor Rrivedi.SITAR:a Scalable Intrusion Tolerant Architecture for Distributed Services.Foundations of Intrusion Tolerant Systems(OASIS'03),Oasis,2003:359-362P
[33]Knight J C.The Willow Architecture,http://www.cs.virginia.edu/~jck/publications/dsn.2002.pdf.
[34]Knight J C.,Elisabeth A S.Achieving Critical System Survivability through Software Architectures.Springer-Verlag,Berlin Heidelberg,2004:51-78P
[35]Tarvainen P.Survey of the Survivability of IT Systems.Proceedings of the Ninth Nordic,2004
[36]Just J,Reynolds J.HACQIT(Hierarchical Adaptive Control of QoS for Intrusion Tolerance).In 17th Annual Computer Security Applications Conference.New York,IEEE Press,2001:64-72P
[37]宫钦,孙金伦.生存性网络空闲容量分配与自愈策略的研究.南京邮电学院学报,1998,18(3):13-16页
[38]闵应骅.网络容错和安全研究述评.计算机学报,2003,26(9):1035-1041
[39]Zhou Li-dong,Schneider FB,van Renesse R.COCA:A Secure Distributed On-line Certification Authority.ACM Transactions on Computer Systems,2002,20(4):329-368P
[40]Fisher D A,Lipso H J.Emergent Algorithms:A New Method for Enhancing Survivability in Unbounded Systems.Pittsburgh,PA:Software Engineering Institute,Carnegie Melton University,1999
[41]Lipson H F.Survivability-A New Security Paradigm for Protecting Highly Distributed Mission Critical Systems.Pittsburgh,PA:Software Engineering Institute,Carnegie Melton University,2000
[42]Easel.http://www.sei.cmu.edu/organization/programs/nss/surv-net-tech.htm
[43]Wylie J,Bigrigg M,Strunk J,et al.Survivable Information Storage Systems.IEEE Computer,2000,33(8):61-68P
[44]Hietunen M A,Schlichting R D.Using Diversity Techniques to Enhance Communication Security.ftp://ftp.cs.arizona.edu/tfol/papers/nspw.ps.
[45]Hietunen M A,Schlichting R D.Enhancing Survivability of Security Services Using Redundancy.In Proceedings of the 2001 International Conference on Dependable Systems and Networks.Gothenborg,Swden,2001:173-182P
[46]杨超,马建峰.可生存网络系统的形式化定义.电子科技,2004,(4):1-4页
[47]林雪纲,许榕生.一种信息系统生存性的量化分析框架.电子与信息学报,2006,28(9):1721-1726页
[48]林雪纲,许榕生.信息系统生存性分析模型研究.通信学报,2006,2(27):153-159页
[49]包秀国,胡铭曾,张宏莉等.两种网络安全管理系统的生存性定量分析方法.通信学报,2004,25(9):34-41页
[50]郭渊博,马建峰.分布式系统中服务可生存性的定量分析.同济大学学报,2002,30(10):1190-1193页
[51]夏春和,王继伟,赵勇等.可生存性分析方法研究.计算机应用研究,2002,19(12):28-32页
[52]王超,马建峰.可生存网络系统的构建方法.电子学报,2005,33(B12):2336-2341页
[53]刘妍,包秀国,张宏莉.基于Tabu算法提出了分布式系统的可生存性增强.计算机工程与应用,2005,41(19):128-131页
[54]张玉清,张鸿志。可生存性及紧急算法分析.通信学报,2005,26(B01):124-128页
[55]黄遵国,卢锡城,王怀民.可生存性技术及其实现框架研究.国防科技大学学报,2002,24(5):29-32页
[56]黄遵国,卢锡城,胡华平.生存能力技术及其实现案例研究.通信学报,2004,25(7):137-145页
[57]李之棠,舒承椿.基于信息冗余分散的系统可存活性研究.计算机工程与科学,2002,24(1):1-4页
[58]郭渊博,史庭俊,马建峰.一种容忍入侵结构的Z规格说明.系统仿真学报,2004,16(12):2837-2841页
[59]彭文灵,王丽娜,张焕国.基于有限自动机的网络入侵容忍系统研究.小型微型计算机系统,2005,26(8):1296-1300页
[60]CCERT.http://www.ccert.edu.cn
[61]Wang F Y,Gong F M,Sargor C.SITAR:A Scalable Intrusion Tolerance Architecture for Distributed Service.Proceedings of the 2001 IEEE Workshop on Information Assurance and Security.West Point,New York,USA:United States Military Academy,2001:38-45P
[62]Crettaz D V,Stavridou V.Intrusion-Tolerant Enclaves.IEEE International Symposium on Security and Privacy.Oakland,USA,2002:216-224P
[63]Kubiatowicz J,Bindel D,Chen Y.OceanStore:Architecture for Global-Scale Persistent Storage.Proceedings of the Ninth international Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2000).Boston,USA,2000:190-201P
[64]Cachin C,Poritz J A.Secure Intrusion-Tolerant Replication on the Internet. Proc Intl Conference on Dependable Systems and Networks(DSN'02).Washington,DC.,U S A,2002:167-176P
[65]Rabin M.Efficient Dispersal of Information for Security,Load Balancing,and Fault Tolerance.Journal of the Association for Computing Machinery,1989,36(2):335-348P
[66]Blakley G.Safeguarding Cryptographic Keys.Proc Nat'l Computer Conf.,American Federation of Information Processing Societies.Montvale,U S A,1979:313-317P
[67]Shamir A.How to Share a Secret.Communications of the ACM,1979,24(1):612-613P
[68]Santis D A,Masucci B.Multiple Ramp Schemes.IEEE Trans.Information Theory,1999,45(5):1720-1728P
[69]Herzber G A,Jarecki S,Krawczyk H,et al.Proactive Secret Sharing Or:How to Cope With Perpetual Leakage.Lecture Notes in Computer Science.Berlin:Springer-Verlag,1995:339-352P
[70]Chor B,Goldwasser S.Verifiable Secret Sharing and Achieving Simultaneity in the Presence of Faults.Proceedings of 26th IEEE Symposium on Foundations of Computer Science.Portland,1985:383-395P
[71]Wu T,Malkin M,Boneh D.Building Intrusion Tolerant Applications.Proceedings of the 8th USENIX Security Symposium.Washington,U S A,1999:79-91P
[72]Bryant S,Wang Feiyi.Aspects of Adaptive Reconfiguration in a Scalable Intrusion Tolerant System.Complexity,2004,9(2):74-83P
[73]Liu P,Jajodia S,Mccollum C D.Intrusion confinement by isolation in information systems.Journal of Computer Security,2000,8(4):243-279P
[74]Liu P,Ammann P,Jajodia S.Rewriting Histories:Recovering From Malicious Transactions.Distributed and Parallel Databases,2000,8(1):7-40P
[75]Liu P,Jing J,Luenam P,et al.The Design and Implementation of a Self-Healing Database System.Journal of Intelligent Information Systems,2004,23(3):247-269P
[76]Yu M,Liu P,Zang W Y.Multi-Version Attack Recovery for Workflow Systems.19th Annual Computer Security Applications Conference (ACSAC'03).Las Vegas,Nevada,2003:142-149P
[77]Reiter M K,Binnan K P.How to Securely Replicate Services.ACM Transactions on Programming Languages and Systems,1994,16(3):986-1009P
[78]Castro M,Liskov B.Practical Byzantine Fault Tolerance.Proceedings of the Third Symposiumon Operating Systems Design and Implementation.New Orleans,USA,1999:173-186P
[79]Reiter M K.Distributing Trust with the Rampart Toolkit.Communications of the ACM,1996,39(4):71-74P
[80]Kihlstrom K P.Moser L E,Melliar-Smith P M.The SecureRing Protocols for Securing Group Communication.In Proc 31st Hawaii International Conference on System Sciences,Kona,Hawaii,1998:317-326P
[81]Moser L E,Melliar-Smith P M.Byzantine-Resistant Total Ordering Algorithrns.Information and Computation,1999,150(1):75-111P
[82]Doudou A,Garbinato B,Guerraoui R.Abstractions for Devising Byzantine-Resilient State Machine Replication.In Proc 19th Symposium on Reliable Distributed Systems(SRDS 2000).Nuremberg,Germany,2000:144-152P
[83]Malkhi D,Merritt M,Rodeh O.Secure Reliable Multicast Protocols in a Wan.Distributed Computing,2000,13(1):19-28P
[84]Ganger G R,Khosla P K,Bakkaloglu M.Survivable Storage Systems.DARPA Information Survivability Conference and Exposition.Anaheim,USA,2001:184-195P
[85]王泳,赵波,解继丽,李志平.基于PASIS架构的高生存性存储系统,计算机应用研究,2002,19(6):11-14页
[86]王彦龙,李战怀,林伟.基于广义秘密共享方案的可生存存储系统研究.西北工业大学学报,2007,25(5):722-726页
[87]Liew C,Li W.A Framework for Characterizing Disaster-Based Network Survivability.Selected Areas in Communications,IEEE Journal,1994,12(1):52-58P
[88]Hakki C.,Cankaya S.Improved Survivability Analysis for SONET SHR.Computer Networks,1999,31(23-24):2505-2528P
[89]Chen D,Garg S.Network Survivability Performance Evaluation:a Quantitative Approach with Applications in Wireless Ad-hoc networks.Proceedings of the International Workshop on Modeling,Analysis and Simulation of Wireless and Mobile Systems.Atlanta,Georgia,U S A,2002:61-68P
[90]Jha S K,Wing J M.Survivability Analysis of Networked Systems.23rd International Conference on Software Engineering(ICSE'Ol).Toronto,2001:307-317P
[91]Kring W.A Graph Based Model for Survivability Applications.http://www.cs.uidaho.edu/krings/publications.html
[92]Jha S K,Wing J M,Linger R C.Survivability analysis of network specifications.Proceedings of Workshop on Dependability despite Malicious Faults,International Conference on Dependable Systems and Networks.New York,U S AJEEE Computer Society,2000,613-622P
[93]Knight J C.,Strunk E A,Sullivan K J.Towards a Rigorous Definition of Information System Survivability.Proceedings of the DARPA Information Survivability Conference and Exposition,Virginia.usa,2003:78-89P
[94]Dong S K,Khaja M S,Jong S P.A Framework of Survivability Model for Wireless Sensor Network.Proceedings of the First International Conference on Availability,Reliability and Security(ARES'06),2006:515-522P
[95]Gao Z X,ONG C H,TAN W K.Survivability Assessment:Modeling Dependencies in Information Systems.Proceedings of the 4th IEEE/CMU/SEI Information Survivability Workshop.Vancouver,Canada,2001:233-237P
[96]Hevner A,Linger R.The Flow-Service-Quality Framework:Unified Engineering for Large-Scale,Adaptive Systems.Proceedings of the 35th Hawaii International Conference on System Sciences.Hawaii,U S A,2002: 4006-4015P
[97]邓聚龙.灰色系统理论.武汉:华中科技大学出版社,2002
[98]刘思峰,郭天榜.灰色系统理论及应用.河南:河南大学出版社,1998
[99]张义荣,鲜明.计算机网络攻击效果评估技术研究.国防科技大学学报.2002,24(5):24-28页
[100]朱华吉,马少娟.非等时空距GM(1,1)模型在建筑物沉降预测中的应用.测绘工程,2001,10(4):39-41页
[101]Snell Q O,MiMer A,Gustafson J L.Netpipe:a network protocol independent performance evaluator.Proceedings of IASTED International Conference on Intelligent Information Management and System,1996:89-106P
[102]Liu C L,Layland J W.Scheduling Algorithms for Multiprogramming in a Hard Real-time Environment.Journal of ACM,1973,20(1):46-61P
[103]Abbott R,Garcia-Molina H.Scheduling Real-Time Transactions.ACM SIGMOD Record,1988,17(1):71-81P
[104]Jensen E D,Locke C D,Toduda H.A Time-Driven Scheduling Model for Real-time Operating Systems.Proceedings of the 6th IEEE Real-Time Systems Symposium.San Diego,California,1985:112-122P
[105]Buttazzo G,Spuri M,Sensini F.Value vs Deadline Scheduling in Overload Conditions.Proceedings of the 16th IEEE Real-Time Systems Symposium.Los Alamitos,California:IEEE Computer Society,1995:90-99P
[106]Burns A,Prasad D,Bondavalli A,et al.The Meaning and Role of Value in Scheduling Flexible Real-time Systems.Journal of Systems Architecture,2000,46(2):305-325P
[107]Biyabani S R,Stankovic J A,Ramamritham K.The Integration of Deadline and Criticalness in Hard Real-time Scheduling.Proceedings of the 9th IEEE Real-Time Systems Symposium.Huntsville,Alabama:IEEE Computer Society,1988,152-160P
[108]Lu C Y,Stankovic J A.Design and Evaluation of a Feedback Control EDF Scheduling Algorithm.Proceedings of the 20th IEEE Real-Time Systems Symposium.Phoenix,Arizona:IEEE Computer Society,1999:55-66P
[109]Huang J,Stankovic J,Towesly D,et al.Experimental Evaluation of Real-time Transaction Processing.Proceedings of the 10th IEEE Real-Time Systems Symposium.Santa Monica:IEEE Computer Society,1989:144-153P
[110]金宏,王宏安,王强,戴国忠.一种任务优先级的综合设计方法.软件学报,2003,14(3):376-382页
[111]束龙仓,王茂枚,刘瑞国.地下水数值模拟中的参数灵敏度分析.河海大学学报(自然科学版),2007,35(5):491-495页
[112]Liu J W S,Shih W K,Lin K J,et al.Imprecise Computations.Proceedings of the IEEE,1994,82(1):83-94P
[113]金宏,王宏安,王强.改进的最小空闲时间优先调度算法.软件学报,2004,15(8):1116-1123页
[114]宁家骏.三阶段实现安全管理.软件世界,2006,12,46-47页
[115]王田,杨士中.Web服务器的负荷状态检测技术.小型微型计算机系统,2005,26(3):532-535页
[116]Kim B S,Nam D S,Youn C H,et al.Resource Reconfiguration Policy based on Execution Time Estimation in Computational Grids.In:Proc the 6th International Conference on Advanced Communication Technology,IEEE,2004(2):1066-1071P
[117]Martino V D,Mililotti M.Sub-optimal Scheduling in a Grid Using Genetic Algorithms.Parallel Computing,2004.30(5-6):553-565P
[118]Buyya R,Abramson D,Giddy J.An Economy Driven Resource Management Architecture for Global Computational Power Grids.Proceedings of the 2000International Conference on Parallel and Distributed Processing Techniques and Applications(PDPTA 2000),Las Vegas,USA,2000:517-525 P
[119]Candea G,Cutler J,Fox A,et al.Reducing Recovery Time in a Small Recursive Restartable System.International Conference on Dependable System and Network(DSN'02),2002:605-614P
[120]Castelli V,Harper R E,Heidelberger P,et al.Proactive Management of Software Aging.IBM Journal of Research and Development,2001,45(2):311-332P
[121]Hong Y,Chen D,Li L,et al.Closed loop design for software rejuvenation.Proceedings of the Workshop on Self-Healing,Adaptive and Self-Managed Systems.New York,USA,ACM,2002
[122]Xie W,Hong Y,Trivedi K.Analysis of a Two-Level Software Rejuvenation Policy.Reliability Engineering and System Safety,2005,87(1):13-22P
[123]Patterson D,Brown A,Broadwell P,et al.Recovery Oriented Computing (ROC):Motivation,Definition,Techniques,and Case Studies.Berkeley USA.2002.http://roc.cs.berkeley.edu/papers/ROC_TR02-1175.pdf
[124]Candea G,Fox A.Recursive Restartability:Turning the Reboot Sledgehammer into a Scalpel.8th workshop on Hot Topics in Operating Systems.Los Alamitos,USA:IEEE Computer Society,2001:125-130P
[125]Candea G,Kawamoto S,Fujiki Y,et al.Microreboot-a Technique for Cheap Recovery.6th Symposium on Operating Systems Design and Implementation.San Francisco,CA,USA:USENIX,2004:31-44P
[126]Candea G,Cutler J,Fox A.hnproving Availability with Recusive Microreboots:a Soft-State System Case Study.Performance Evaluation Journal,2004,56(1-3):213-248P
[127]Laprie J C,Kaaniche M,Kanoun K.Modeling Computer Systems Evolutions:Non-Stationary Processes and Stochastic Petri Nets-Application to Dependability Growth.Proceedings of the Sixth International Workshop on Petri Nets and Performance Models,1995:221-230P
[128]Jiang L T,Xue G Z,Ying R D,et al.Application of stochastic petri net to system availability analysis.Journal of System Simulation,2002,14(6):796-799P
[129]王纪文.基于统计的软件系统自恢复时间阈值算法.广西师范大学(自然科学版),2008,26(1):203-206页
[130]Huang Y,Kintala C,Kolettis N,et al.Software Rejuvenation:Analysis,Module and Application.Proceedings of the 25th Sysposium on Fault Tolerant Computer System.Pasadena,CA:IEEE Computer Society,1995:381-390P
[131]Garg S,Puliafito A,Trivedi K S.Analysis of Software Rejuvenation using Markov Regenerative Stochastic Petri Net.Proceedings of ISSRE 1995.Toulouse,France:IEEE Computer Society,1995:180-187P
[132]徐建,张琨,刘凤玉.基于Linux的计算系统性能监控.南京理工大学学报(自然科学版),2007,31(5):622-627页
[133]Luenam P,Liu P.The Design of an Adaptive Intrusion Tolerant Database System.In:Proc IEEE Workshop on Intrusion Tolerant Systems,New York:IEEE Press,2002:14P
[134]孟海宁,齐勇,侯迪.基于非马尔可夫随机Petri网的软件再生建模与分析.计算机学报,2007,30(12):2212-2217页
[135]闫雪梅,王晓华,崔欣欣,赵剑峰.软件老化过程建模、预测及软件再生策略研究.北京理工大学学报,2007,27(7):625-629页
[136]游静,徐建,李千目,刘凤玉.计算系统多级抗衰技术研究.中国工程科学,2007,9(2):36-43页
[137]王湛,郭成昊,刘凤玉,张宏.神经网络在计算系统软件抗衰重启技术中的应用研究.计算机学报,2008,31(7):1268-1275页
[138]徐建,张琨,刘凤玉.软件抗衰研究综述.小型微型计算机系统,2007,28(11):1952-1958页
[139]Horn P.Autonomic Computing:IBM's perspective on the State of Information Technology.http://www.research.ibm.com/autonomic,2001.
[140]Dong X D,Hariri S,Xue L Z,et al.Autonomia:An Autonomic Computing Environment.Conference Proceedings of the 2003 IEEE International Performance,Computing,and Communications Conference.Phoenix,USA,2003:61-68P
[141]Kephart J O,Chess D M.The Vision of Autonomic Computing,Computer.2003,1(36):41-45P
[142]Salehie M,Tahwildari L.Autonomic Computing:Emerging Trends and Open Problems.ACM Sigsoft Software Engineering Notes,2005,30(4):1-7P
[143]Garlan P,Chen S W,Schmerl B,et al.Rainbow:Architecture-Based Self-Adaptation with Reusable Infrastructure.IEEE Computer,2004,37(10):46-54P
[144]Dong X D,Hariri S,Xue L Z,et al.Autonomia:An Autonomic Computing Environment.Proceedings of the 2003 IEEE International Performance,Computing,and Communications Conference,Phoenix,U S A,2003:61-68P
[145]Pertet S,Narasimlian P,Wilkes J,et al.Prato:Databases on Demand.Fourth International Conference on Autonomic Computing(ICAC'07),Jacksonville,FL,U S A,2007:70-81P