面向方面可信软件过程建模方法研究
|
摘要
可信软件基于软件过程在开发或演化条件下的方法论是当前可信软件及软件工程领域国内外的关注重点。不同于普通软件,可信软件的可信性由其功能需求和非功能需求共同来体现,对可信软件需求进行研究,以及在可信软件生命周期全过程中融入可信性是实现可信软件生产及演化的一个有效途径。
在软件过程建模领域,软件演化过程建模方法已经有效地解决了软件开发及演化的通用流程架构,是一种提高软件开发与演化质量以及效率的重要方法。然而,当面对可信软件时,其对非功能需求的特殊依赖,致使我们对软件过程建模方法提出了新的需求。
依托本人主持的国家自然科学基金项目“基于演化的可信软件过程建模研究”(61262025),基于软件演化过程建模方法,使用面向方面方法,提出面向方面的可信软件过程建模方法,解决软件生命周期全过程融入可信性的问题,为可信软件的生产及演化提供可靠的软件过程模型,为实现这一目标,本文从理论、方法以及技术方面给予了全面的支持。
在理论方面,针对非功能需求对可信软件的重要性,本文首先提出了分析可信软件需求以及通过可信软件需求获取过程策略的相关理论,在此基础之上,提出了基于面向方面方法扩展软件演化过程建模方法的相关理论,在保证软件演化过程建模方法提供可重用的通用过程模型的同时,可以灵活可控地融入通过可信软件需求推导出的相关过程策略。
在方法方面,本文提出了可信软件需求获取、建模与推理方法,通过可信软件需求获取满足可信需求的过程策略。在此基础之上,提出了面向方面的可信软件过程建模方法,可信软件过程建模方法以软件演化过程建模方法为基础,依赖软件演化过程建模方法实现软件有关功能需求的过程建模,然后,使用面向方面方法将过程策略定义的可信方面通过合成机制织入软件演化过程模型,实现可信性融入软件生命周期全过程的需要,其中,重点解决了可信方面织入冲突控制及检测的问题。
在技术方面,本文开发了可信需求推理辅助工具和可信软件过程建模辅助工具,为可信软件过程建模提供技术支持。
最后,通过在两个可信软件的案例中使用本文提出的理论、方法和技术,说明本文提出的理论和方法是可行的,开发的辅助工具是有效的,可信软件过程建模方法可以通过软件生命周期全过程的可信性保证达到可信软件生产的目标。
Based on software process, engineer trustworthy software that survives trustworthy requirements and requirement evolution has been an outstanding puzzle to the trustworthy software and software engineering community. Unlike ordinary software, the trustworthiness of trustworthy software include both functional requirements and non-functional requirements. Researching on the requirements of trustworthy software, as well as integrating software trustworthiness across its life cycle is an effective way to achieve trustworthy software production and evolution.
In the field of software process modeling, the approach of modeling software evolution process proposed an effective solution for the universal software development and evolution process framework. It is a useful approach for improving the quality and efficiency through software development and evolution process. However, according to the differences of trustworthy software, new requirements were proposed in our software process modeling approach for its special dependence on non-functional requirements.
Our work is supported by the National Natural Science Foundation of China under Grant No.61262025. Based on the approach of software evolution process modeling, by using aspect-oriented approach, an approach of aspect-oriented trustworthy software process modeling is proposed. The approach integrated the software trustworthiness into its life cycle and provided a reliable software process model for the trustworthy software development and evolution. To achieve this goal, a comprehensive support in the theory, methods, and techniques were proposed.
Firstly, according to the importance of non-functional requirements for trustworthy software, a theory is presented for analysising, modeling and reasoning of truworthy software requirements.on this basis, another theory was presented for trustworthy software process modeling which is based on aspect-oriented modeling. It provided a reusable general process model and also provided a flexible and controllable way to assure trustworthiness across the software life cycle process.
Secondly, an approach of trustworthy software requirements capturing, modeling and reasoning is proposed to meet the needs of obtaining the process strategies. Based on these strategies, trustoworthy aspects were defined to be composed into the software evolution process model. This approach of aspect-oriented trustworthy software process modeling achieves the functional requirements by software evolution process modeling, and the non-functional requirements by aspects composition. Especially, aspect conflicts were solved by controlling and detection in this approach.
Thirdly, a trustworthy attribute correlation diagnose tool and a trustworthy process aided tool were developed to provide technical support for trustworthy software process modeling.
Finally, the theory, the approach and the techniques were used in the cases of two trustworthy software. Through the analysis of the cases, the theory and the approach proposed in this paper is feasible, the tools are effective. The trustworthy software process modeling approach was proved that the trustworthy software production goals can be achieved by the credibility of the whole process of the software life cycle.
在软件过程建模领域,软件演化过程建模方法已经有效地解决了软件开发及演化的通用流程架构,是一种提高软件开发与演化质量以及效率的重要方法。然而,当面对可信软件时,其对非功能需求的特殊依赖,致使我们对软件过程建模方法提出了新的需求。
依托本人主持的国家自然科学基金项目“基于演化的可信软件过程建模研究”(61262025),基于软件演化过程建模方法,使用面向方面方法,提出面向方面的可信软件过程建模方法,解决软件生命周期全过程融入可信性的问题,为可信软件的生产及演化提供可靠的软件过程模型,为实现这一目标,本文从理论、方法以及技术方面给予了全面的支持。
在理论方面,针对非功能需求对可信软件的重要性,本文首先提出了分析可信软件需求以及通过可信软件需求获取过程策略的相关理论,在此基础之上,提出了基于面向方面方法扩展软件演化过程建模方法的相关理论,在保证软件演化过程建模方法提供可重用的通用过程模型的同时,可以灵活可控地融入通过可信软件需求推导出的相关过程策略。
在方法方面,本文提出了可信软件需求获取、建模与推理方法,通过可信软件需求获取满足可信需求的过程策略。在此基础之上,提出了面向方面的可信软件过程建模方法,可信软件过程建模方法以软件演化过程建模方法为基础,依赖软件演化过程建模方法实现软件有关功能需求的过程建模,然后,使用面向方面方法将过程策略定义的可信方面通过合成机制织入软件演化过程模型,实现可信性融入软件生命周期全过程的需要,其中,重点解决了可信方面织入冲突控制及检测的问题。
在技术方面,本文开发了可信需求推理辅助工具和可信软件过程建模辅助工具,为可信软件过程建模提供技术支持。
最后,通过在两个可信软件的案例中使用本文提出的理论、方法和技术,说明本文提出的理论和方法是可行的,开发的辅助工具是有效的,可信软件过程建模方法可以通过软件生命周期全过程的可信性保证达到可信软件生产的目标。
Based on software process, engineer trustworthy software that survives trustworthy requirements and requirement evolution has been an outstanding puzzle to the trustworthy software and software engineering community. Unlike ordinary software, the trustworthiness of trustworthy software include both functional requirements and non-functional requirements. Researching on the requirements of trustworthy software, as well as integrating software trustworthiness across its life cycle is an effective way to achieve trustworthy software production and evolution.
In the field of software process modeling, the approach of modeling software evolution process proposed an effective solution for the universal software development and evolution process framework. It is a useful approach for improving the quality and efficiency through software development and evolution process. However, according to the differences of trustworthy software, new requirements were proposed in our software process modeling approach for its special dependence on non-functional requirements.
Our work is supported by the National Natural Science Foundation of China under Grant No.61262025. Based on the approach of software evolution process modeling, by using aspect-oriented approach, an approach of aspect-oriented trustworthy software process modeling is proposed. The approach integrated the software trustworthiness into its life cycle and provided a reliable software process model for the trustworthy software development and evolution. To achieve this goal, a comprehensive support in the theory, methods, and techniques were proposed.
Firstly, according to the importance of non-functional requirements for trustworthy software, a theory is presented for analysising, modeling and reasoning of truworthy software requirements.on this basis, another theory was presented for trustworthy software process modeling which is based on aspect-oriented modeling. It provided a reusable general process model and also provided a flexible and controllable way to assure trustworthiness across the software life cycle process.
Secondly, an approach of trustworthy software requirements capturing, modeling and reasoning is proposed to meet the needs of obtaining the process strategies. Based on these strategies, trustoworthy aspects were defined to be composed into the software evolution process model. This approach of aspect-oriented trustworthy software process modeling achieves the functional requirements by software evolution process modeling, and the non-functional requirements by aspects composition. Especially, aspect conflicts were solved by controlling and detection in this approach.
Thirdly, a trustworthy attribute correlation diagnose tool and a trustworthy process aided tool were developed to provide technical support for trustworthy software process modeling.
Finally, the theory, the approach and the techniques were used in the cases of two trustworthy software. Through the analysis of the cases, the theory and the approach proposed in this paper is feasible, the tools are effective. The trustworthy software process modeling approach was proved that the trustworthy software production goals can be achieved by the credibility of the whole process of the software life cycle.
引文
[Alexander 03] Alexander, I. Misuse cases help to elicit non-functional requirements. Computer and Control Engineering Journal,2003,14(1):40-45.
[Amoroso 94] Amoroso, E., Taylor, C., Watson, J. Weiss, J. A process-oriented methodology for assessing and improving software trustworthiness. In the Proceedings of the 2nd ACM Conference on Computer and Communications Security (CCS'94),1994:39-50.
[Amyot 03]Amyot, D., Mussbacher, G. URN:Towards a new standard for the visual description of requirements. Telecommunications and beyond:The Broader Applicability of SDL and MSC, Springer Berlin Heidelberg,2003:21-37.
[Amyot 11]Amyot, D., Mussbacher, G. User Requirements Notation:The First Ten Years, The Next Ten Years (Invited Paper). Journal of Software,2011,6 (5):747-768.
[Amyot 13]Amyot, D. Goal and Aspect-oriented Business Process Engineering. http://www.cs.mcgill.ca/-joerg/SEL/AOM_Bellairs_2013_-_Schedule_files/Daniel.pdf. [Baier 08] Baier C., Katoen, J. P. Principles of Model Checking. The MIT Press, Cambridge, London,2008.
[Bergmans 03] Bergmans, L. Towards detection of semantic conflicts between crosscutting concerns. In ECOOP:AAOS'03:The first workshop on Analysis of Aspect-Oriented Software, Darmstadt, Germany, July,212003.
[Bergmans 04] Bergmans, L., Aksit, M. Principles and design rationale of composition filters, in Aspect-Oriented Software Development. Addison-Wesley,2004:63-95.
[Bernstein 66] Bernstein A.J. Analysis of programs for parallel processing. IEEE Transactions on Electronic Computer,1966, EC-15 (5):757-763.
[Bernstein 05] Bernstein, L., Yuhas, C. Trustworthy systems through quantitative software engineering, Vol.1. Wiley-IEEE Computer Society Press:New York, Silver Spring MD,2005.
[Beznosov 04] Beznosov, K., Kruchten, P. Towards Agile Security Assurance. In the Proceedings of the New Security Paradigms Workshop (NSPW'2004), White Point Beach, NS, ACM,2004:47-54.
[Boehm 94]Boehm, B., Bose, P., Horowitz, E., Lee, M. Software Requirements as Negotiated Win Conditions. In the Proceedings of ICRE'94, IEEE Computer Society Press,1994:74-83.
[Boehm 95]Boehm, B., Bose, P., Horowitz, E., Lee, M. Software Requirements Negotiation and Renegotiation Aids:A Theory-W Based Spiral Approach. In the Proceedings of ICSE'95, IEEE Computer Society Press,1995:243.
[Boehm 96]Boehm, B., In, H. Identifying quality-requirement conflicts. Software, IEEE,1996, 13 (2):25-35.
[Boehm 98]Boehm, B., Egyed, A., Port, D., Shah, A., Kwan, J., Madachy, R. A Stakeholder Win-Win Approach to Software Engineering Education. Annals of Software Engineering 6, no. 1-4,1998:295-321.
[Boehm 06]Boehm. B. The future of software processes. In the Unifying the Software Process Spectrum, Lecture Notes Computer Science, Springer,2006:10-24.
[Castro 02] Castro, J., Kolp, M., Mylopoulos, J. Towards requirements-driven information systems engineering:the Tropos project. Information systems,2002,27(6):365-389.
[陈03]陈火旺,王戟,董威.高可信软件工程技术.电子学报,2003,31(12A):]933-1938.
[Chen 11]Chen, S. M., Sanguansat, K. Analyzing fuzzy risk based on a new fuzzy ranking method between generalized fuzzy numbers. Expert Systems with Applications,38, 2011:2163-2171.
[Cheng 07]Cheng, B. H., Atlee, J.M. Research directions in requirements engineering. Future of Software Engineering, IEEE Computer Society,2007:285-303.
[Choe 13]Choe, Y. prop2chf.py. CSCE 625:Introduction to Machine Learning, http://faculty.cs.tamu.edu/ioerger/cs625-fall11/prop2cnf.py.
[Chung 95]Chung, L., Nixon, B.A. Dealing with non-functional requirements:three experimental studies of a process-oriented approach. In proceedings of 17th International Conference on Software Engineering (ICSE),1995:25-25
[Chung 99]Chung, L., Nixon, B.A., Yu, E., Mylopoulos, J. Non-Functional Requirements in Software Engineering. International Series in Software Engineering, Springer, Heidelberg,1999, 5:476.
[Chung 06]Chung, L., Supakkul, S. Representing nFRs and fRs:A goal-oriented and use case driven approach. Software Engineering Research and Applications, Springer Berlin Heidelberg, 2006,3647:29-41.
[Chung 09]Chung, L., do Prado Leite, C.S. On non-functional requirements in software engineering. Conceptual modeling:Foundations and applications, Springer Berlin Heidelberg, 2009:363-379.
[CMU 03]CMU. Systems Security Engineering Capability Maturity Model SSE-CMM:Model Description Document, Version 3.0,2003.
[Constantinides 99] Constantinides, C.A., Bader, A., Elrad, T. An Aspect-Oriented Design Framework for Concurrent Systems. In the Proceedings of the ECOOP'99 Workshop on Aspect-Oriented Programming, Lisbon, Portugal,1999:302-311.
[Curtis 92] Curtis, W., Kellner, M. I., Over, J. Process Modelling. Communications of the ACM-Special issue on analysis and modeling in software development,1992,35 (9):75-90. [Cysneiros 04] Cysneiros, L.M., do Prado Leite, J.C.S. Nonfunctional requirements:from elicitation to conceptual models. IEEE Transactions on Software Engineering,2004,30 (5): 328-350.
[代11]代飞.基于EPMM的软件演化过程模型验证.云南大学博士学位论文,2011,6.
[Dardenne 93] Dardenne, A., van Lamsweerde, A., Fickas, S. Goal-directed requirements acquisition. Science of Computer Programming,1993,20(1,2):3-50.
[de Sousa 03] de Sousa, G.M.C., Castro, J. Towards a Goal-Oriented Requirements Methodology Based on the Separation of Concerns Principle. In WER2003 (Workshop em Engenharia de Requisitos),2003,11:223-239.
[Dinkelaker 12] Dinkelaker, T., Erradi, M., Ayache, M. Using aspect-oriented state machines for detecting and resolving feature interactions. Computer Science and Information Systems, 2012,9(3):1045-1074.
[丁11]丁博,王怀民,史殿习,李骁.一种支持软件可信演化的构件模型.软件学报,2011,22(1):17-27.
[DoD 85]DoD (Department of Defense). Department of Defense Trusted Computer System Evaluation Criteria (TCSEC). DoD 5200.28-STD. http://www.cerberussystems.com /INFOSEC/stds/d520028.htm,1985,12.
[DoD 00]DoD (Department of Defense). Standard Practice for System Safety (MIL-STD-882D). http://www.system-safety.org/Documents/MIL-STD-882D.pdf,2000,2.
[Douence 02] Douence, R., Fradet, P., Sudholt, M. A framework for the detection and resolution of aspect interactions. In Generative Programming and Component Engineering, Springer Berlin Heidelberg,2002:173-188.
[Douence 04] Douence, R., Fradet, P., Sudholt, M. Composition, reuse and interaction analysis of stateful aspects. In the Proceedings of the 3rd international conference on Aspect-oriented software development, ACM,2004:141-150.
[Durr 05]Durr, P., Staijen, T., Bergmans, L., Aksit, M. Reasoning about semantic conflicts between aspects. In EIWAS'05:The 2nd European Interactive Workshop on Aspects in Software,2005:10-18.
[Durr 07]Durr, P., Bergmans, L., Aksit, M. Static and dynamic detection of behavioral conflicts between aspects. In Runtime Verification. Springer Berlin Heidelberg,2007:38-50.
[Elahi 11]Elahi, G., Yu, E. A Semi-Automated Decision Support Tool for Requirements Trade-off Analysis. In the Proceedings of the 35th IEEE Annual Computer Software and Application Conference (COMPSAC'35),2011:466-475.
[Ericson 05] Ericson C. A. Hazard Analysis Techniques for System Safety. Wiley-Interscience, John Wiley & Sons, INC., Publication, Hoboken, New Jersey,2005.
[Filman 06] Filman, R.E., Elrad, T., Clarke, S., Aksit, M.莫倩,王恺,刘冬梅,袁臻译.面向方面的软件开发(Aspect-oriented software development).机械工业出版社,2006.[付10]付志涛.面向方面的软件演化过程研究,硕士学位论文.云南大学,2010,6.
[Guan 08]Guan, L., Li, X., Hu, H., Lu, J. A Petri net-based approach for supporting aspect-oriented modeling. Frontiers of Computer Science in China,2008,2(4):413-423.
[Hall 02a]Hall, A., Chapman, R. Correctness by construction:Developing a Commercial Secure System. IEEE Software,2002,1:18-25.
[Hall 02b]Hall, A. Correctness by Construction:Integrating Formality into a Commercial Development Process. FME 2002:Formal Methods-Getting IT Right, LNCS 2391, Springer Verlag,2002:224-233.
[Harland 05] Harland, D. M., Ralph L. Space Systems Failures:Disasters and Rescues of Satellites, Rockets and Space Probes. Springer-Verlag, New York,2005.
[Harrison 02] Harrison, W., Ossher, H., Tarr, P., Harrison, W. Asymmetrically vs. symmetrically organized paradigms for software composition. IBM Research Report,2002.
[Hasselbring 06] Hasselbring,W., Reussner, R. Toward trustworthy software systems. Computer, 2006,39(4):91-92.
[Herrmann 08] Herrmann, A., Paech, B. MOQARE:misuse-oriented quality requirements engineering. Requirement Engineering,2008,13(1):73-86.
[Holt 12]Holt, J., Perry, S.A., Brownsword, M. Model-based Requirements Engineering. The Institution of Engineering and Technology, London, United Kingdom,2012.
[Horkoff 10] Horkoff, J., Yu, E. Finding solutions in goal models:an interactive backward reasoning approach. Conceptual Modeling-ER 2010, Springer Berlin Heidelberg,2010:59-75.
[Horkoff 12] Horkoff, J. Iterative, Interactive Analysis of Agent-Goal Models for Early Requirements Engineering, Doctoral dissertation. University of Toronto,2012.
[Howard 02] Howard, M., Leblanc, D. Writing Secure Code. Microsoft Press,2002.
[Howard 06] Howard, M., Lipner, S. The Secure Development Life-cycle. Microsoft Press, 2006.
[胡10]胡宝清.模糊理论基础(第二版).武汉大学出版社,2010.
[Humphrey 00] Humphrey, W. S. The Personal Software Process, Technical Report CMU/SEI-2000-R-022. http://www.sei.cmu.edu/reports/00tr022.pdf,2000,11.
[Huth 04]Huth, M. Ryan, M. Logic in Computer Science:Modelling and Reasoning about Systems (Second Edition). Cambridge University Press,2004.
[IEC 90]IEC. International Electrotechnical Vocabulary-Chapter 191:Dependability (IEC 60050-191 Ed.2.0),1990.
[In 02]In, H.P., Olson, D., Rodgers, T. Multi-criteria preference analysis for systematic requirements negotiation. In the Proceedings of the COMPSAC'02,2002:887-892.
[In 04]In, H.P., Olson, D. Requirements Negotiation Using Multi-Criteria Preference Analysis. Journal of Universal Computer Science,2004,10(4):306-325.
[ISO/IEC 11] ISO, IEC. ISO/IEC 25010:Systems and software engineering-Systems and software Quality Requirements and Evaluation (SQuaRE)-System and software quality models,2011,3.
[Jacobson 04] Jacobson, I., Ng, P. W. Aspect-Oriented Software Development with Use Cases (Addison-Wesley Object Technology Series). Addison-Wesley Professional,2004.
[金08]金芝,刘磷,金英.软件需求工程:原理和方法.科学出版社,2008.
[康12]康雁,何婧,林英,秦江龙.软件需求工程.科学出版社,2012.
[Kellens 06] Kellens, A., Mens, K., Brichau, J., Gybels, K. Managing the evolution of aspect-oriented software with model-based pointcuts. In ECOOP 2006-Object-Oriented Programming, Springer Berlin Heidelberg,2006:501-525.
[Kiczales 01] Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J. Griswold, W.G. An overview of AspectJ. In European Conference on Object-Oriented Programming (ECOOP), 2001:327-353.
[Kniesel 06] Kniesel, G., Bardey, U. An analysis of the correctness and completeness of aspect weaving. In the proceedings of the 13th Working Conference on Reverse Engineering (WCRE'06), IEEE,2006,10:324-333.
[Kniesel 09] Kniesel, G. Detection and resolution of weaving interactions. Transactions on Aspect-Oriented Software Development, Springer Berlin Heidelberg,2009:135-186. [Li 08] Li, T. An Approach to Modelling Software Evolution Processes. Springer-Verlag, Berlin, 2008.
[李05]李鸿吉.模糊数学基础及实用算法.科学出版社,2005.
[Littlewood 00] Littlewood, B., Strigine, L. Software reliability and dependability:a roadmap. In:Finkelstein, A. (Ed.). The Future of SE, ICSE'22, IEEE,2000:175-188.
[Liu 01]Liu, L.D., Yu, E., Yu, Y.J. OME (Organization Modelling Environment). http://www.cs.toronto.edu/km/GRL/.
[刘08]刘克,单志广,王戟,何积丰,张兆田,秦玉文.“可信软件基础研究”重大研究计划综述.中国科学基金,2008,22(3):145-151.
[刘13]刘金卓.基于符号化模型检测的软件演化过程模型验证.云南大学博士学位论文,2013,6.
[Loucopoulos] Loucopoulos, P., Karakostas, V. System requirements engineering. McGraw-Hill,1995.
[陆02]陆钟万.面向计算机科学的数理逻辑(第二版).科学出版社.2002,1.
[Mairiza 11] Mairiza D., Zowghi D. Constructing a Catalogue of Conflicts among Non-functional Requirements. Evaluation of Novel Approaches to Software Engineering, Communications in Computer and Information Science, Springer,2011,230:31-44.
[Miller 06] Miller, A., Mclean, J., Saydjari, O., Voas, J. Compsac panel session on trustworthy computing. COMPSAC'06:Proceedings of 30th Annual International Computer Software and Applications Conference, Chicago IL, vol.1. IEEE Computer Society:Silver Spring MD, September 2006; 31.
[Molderez 12] Molderez, T., Meyers, B., Janssens, D., Vangheluwe, H. Towards an aspect-oriented language module:aspects for petri nets. In the Proceedings of the seventh workshop on Domain-Specific Aspect Languages, ACM,2012,3:21-26.
[Moser 11]Moser, T., Winkler, D., Heindl, M., Biffl, S. Requirements Management with Semantic Technology:An Empirical Study on Automated Requirements Categorization and Conflict Analysis. Advanced Information Systems engineering Lecture Notes in Computer Science,2011,6741:3-17.
[Muschevici 10] Muschevici, R., Clarke, D., Proenca, J. Feature petri nets. In the Proceedings of the 14th International Software Product Line Conference (SPLC 2010),2010,2.
[Mylopoulos 92] Mylopoulos, J., Chung, L., Nixon, B. A. Representing and using nonfunctional requirements:A process-oriented approach. IEEE Transactions on Software Engineering,1992, 18(6).483-497.
[Nagy 05]Nagy, I., Bergmans, L., Aksit, M. Composing aspects at shared join points. In the Proceedings of International Conference NetObjectDays (NODe2005), Lecture Notes in Computer Science,2005:69-84.
[Neumann 04] Neumann, P.G. Principled assuredly trustworthy composable architectures, Project Report, Computer Science laboratory, SRI International,2004.
[Nichols 12] Nichols, W., Tasistro, A., Vallespir, D. et al. TSP Symposium 2012 Proceedings, Special Report CMU/SEI-2012-SR-0I5. http://www.sei.cmu.edu/reports/12sr015.pdf,2012, 11.
[NSS2 05]NSS2. Software 2015:A National Software Strategy to Ensure U.S. Security and Competitiveness, http://www.cnsoftware.org/nss2report/,2005,4.
[Nuseibeh 00] Nuseibeh, B., Easterbrook, S. Requirements engineering:a roadmap. Proceedings of the Conference on the Future of Software Engineering, ACM,2000:35-46.
[Odgers 99] Odgers, B., Thompson, S. Aspect-Oriented Process Engineering (ASOPE). In the Proceedings of the Workshop on Object-Oriented Technology,Springer_Verlag, London, UK, 1999:295-299.
[Osterweil 87] Osterweil, L.J. Software processes are software too. In the Proceedings of the 9th International Conference on Software Engineering (ICSE'87), Monterey CA. ACM:New York, March-April 1987:2-13.
[Osterweil 97a] Osterweil, L.J. Software processes are software too, revisited:An invited talk on the most influential paper of ICSE 9. In the Proceedings of the 19th International Conference on Software Engineering (ICSE'97). Berlin:Springer-Verlag,1997:540-548.
[Osterweil 97b] Osterweil, L.J. Improving the quality of software quality determination processes. In R. Boisvert, editor, The Quality of Numerical Software:Assessment and Enhancement. Chapman & Hall, London,1997.
[Park 07]Park, C., Choi, H., Lee, D., Kang, S., Cho, H., Sohn, J. Knowledge-Based AOP Framework for Business Rule Aspects in Business Process, ETRI Journal,2007,29 (4): 477-488.
[Pawlak 05] Pawlak, R., Duchien, L., Seinturier, L. CompAr:Ensuring safe around advice composition. In Formal Methods for Open Object-Based Distributed Systems, Springer Berlin Heidelberg,2005:163-178.
[Princeton 07] Princeton University, zChaff 2007.3.12. http://www.princeton.edu/-chaff /zchaff.html.
[Robert 90] Robert M. G. Entropy and Information Theory. Springer-Verlag,1990. [Robertson 99] Robertson, S., Robertson, J. Mastering the Requirements Process. ACM Press, 1999.
[Robertson 06] Robertson, J. Mastering the Requirements Process,2/E. Pearson Education India, 2006.
[Robinson 97] Robinson, W., Volkov, S. A Meta-Model for Restructuring Stakeholder Requirements. In the Proceedings of the 19th International Conference on Software Engineering, IEEE Computer Society Press, Botson, USA,1997,5:140-149.
[Roubtsova 05] Roubtsova, E. E., Aksit, M. Extension of Petri Nets by Aspects to Apply the Model Driven Architecture Approach. In the Proceedings of the 1st International Workshop on Aspect-Based and Model-Based Separation of Concerns in Software Systems (ABMB), Nuremberg, Germany,2005,1:1-15.
[Sebastiani 04] Sebastiani, R., Giorgini, P., Mylopoulos, J. Simple and minimum-cost satisfiability for goal models. Advanced Information Systems Engineering, Springer Berlin Heidelberg,2004:20-35.
[Schauerhuber 07] Schauerhuber, A., Schwinger, W., Kapsammer, E., Retschitzegger, W., Wimmer, M., Kappel, G. A survey on aspect-oriented modeling approaches. Relatorio tecnico, Vienna University of Technology,2007.
[Schmidt 03] Schmidt, H. Trustworthy components-compositionality and prediction. The Journal of Systems and Software,2003,65:215-225.
[SecureChange 09] SecureChange project, http://www.securechange.eu/.2009-2012. [Secure Software 05] Secure Software Inc. The CLASP Application Security Process. http://www.ida.liu.se/-TDDC90/papers/clasp_external.pdf,2005.
[Shayler 00] Shayler, D. Disasters and Accidents in Manned Spaceflight. Springer-Verlag, London,2000.
[沈10]沈昌详,张焕国,王怀民,王戟等.可信计算的研究与发展.中国科学:信息科学,2010,40(2):139-166.
[Sourceforge 13] Sourceforge, PIPE2 (Platform Independent Petri Net Editor Beta). http://pipe2.sourceforge.net/
[孙04]孙东川,林福永.系统工程引论.北京:清华大学出版社,2004.
[Sutton Jr 06] Sutton Jr, S. M. Aspect-oriented software development and software process. Unifying the Software Process Spectrum, Springer Berlin Heidelberg,2006:177-191.
[汤10]汤永新,刘增良.软件可信性度量模型研究进展.计算机工程与应用,2010,46(27):12-16.
[陶11]陶红伟.基于属性的软件可信性度量模型研究.博士学位论文.上海:华东师范大学,2011.
[TCG 07]Trusted Computing Group (TCG),2007. TCG Specification Architecture Overview, revision 1.4. http://www.trustedcomputinggroup.org.
[Tessier 04] Tessier, F., Badri, L., Badri, M. Towards a formal detection of semantic conflicts between aspects:A model-based approach. In the Proceedings of the 5th Aspect-Oriented Modeling Workshop in conjunction with UML 2004,2004.
[Trustie 09] Trustie. Software Trustworthiness Classification Specification (TRUSTIE-STC v 1.0),2009, http://www.trustie.net/.
[van den Berg 05] Van den Berg, K.G., Conejero, J.M., Chitchyan, R. AOSD ontology 1.0-public ontology of aspect-orientation. Technical Report D9 AOSD-Europe-UT-01, AOSD-Europe.2005.
[van Lamsweerde 98] van Lamsweerde, A., Darimont, R., Letier, E. Managing conflicts in goal-driven requirements engineering. IEEE Transactions on Software Engingeering,1998, 24(1):908-926.
[van Lamsweerde 01] van Lamsweerde, A. Goal-oriented requirements engineering:a guided tour. In proceedings of the Fifth IEEE International Symposium on Requirements Engineering, 2001:249-262.
[王06]王怀民,唐扬斌,尹刚,李磊.互联网软件的可信机理.中国科学E辑:信息科学,2006,36(10):1156-1169.
[Wehrmeister 07] Wehrmeister, M.A., Freitas, E.P., Pereira, C.E., Wagner, F.R. An Aspect-Oriented Approach for Dealing with Non-Functional Requirements in a Model-Driven Development of Distributed Embedded Real-Time Systems. In the Proceedings of 10th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC'07),2007,5:428-432.
[Wei 12]Wei, B., Jin, Z., Zowghi, D., Yin, B. Automated reasoning with goal tree models for software quality requirements. In the proceedings of 2012 IEEE 36th International Conference on Computer Software and Applications Workshops (COMPSACW),2012:373-378.
[吴06]吴哲辉.Petri网导论.机械工业出版社,2006.
[Xu 06]Xu, D.X. Nygard, K.E. Threat-driven modeling and verification of secure software using aspect-oriented Petri nets. IEEE Transactions on Software Engineering,2006,32(4): 265-278.
[Yang 09]Yang, Y., Wang Q. Li, M.S. Process trustworthiness as a capability indicator for measuring and improving software trustworthiness. In the Proceedings of International Conference on Software Process (ICSP'09), Vancouver, Canada. Springer:2009:389-401.
[Yu 97]Yu, E.S.K. Towards modeling and reasoning support for early-phase requirements engineering. In the Proceedings of the Third IEEE International Symposium on Requirements Engineering,1997,1:226-235.
[Yu 09]Yu, Y., Niu, N., Gonzalez-Baixauli, B., Mylopoulos, J., Easterbrook, S., do Prado Leite, J. C. S. Requirements Engineering and Aspects. Design Requirements Engineering:A Ten-Year Perspective, Springer Berlin Heidelberg,2009:432-452.
[袁05]袁崇义.Petri网原理与应用.电子工业出版社,2005.
[Zadeh 65]Zadeh, L. A. Fuzzy sets. Information and Control,1965,8(3):338-353.
[Zadeh 75]Zadeh, L.A. The concept of a linguistic variable and its application to approximate reasoning-Ⅰ. Information Science,1975,8(3):199-249.
[Zave 97]Zave, P. Classification of research efforts in requirements engineering. ACM Computing Surveys,1997,29 (4):315-321.
[Zhang 12]Zhang, H., Kitchenham, B., Jeffery, R. (2012). Toward trustworthy software process models:an exploratory study on transformable process modeling. Journal of Software: Evolution and Process 2012,24(7):741-763.
[张09]张瞩熹,李仁杰,王怀民.一个面向方面的可信软件开发平台TSCE.计算机应用研究,2009,26(5):1743-1745.
[Zhu 12]Zhu, M.X., Luo, X.X., Chen, X.H., Wu, D.D. A non-functional requirements tradeoff model in Trustworthy Software. Information Sciences,2012,191:61-75.
[Amoroso 94] Amoroso, E., Taylor, C., Watson, J. Weiss, J. A process-oriented methodology for assessing and improving software trustworthiness. In the Proceedings of the 2nd ACM Conference on Computer and Communications Security (CCS'94),1994:39-50.
[Amyot 03]Amyot, D., Mussbacher, G. URN:Towards a new standard for the visual description of requirements. Telecommunications and beyond:The Broader Applicability of SDL and MSC, Springer Berlin Heidelberg,2003:21-37.
[Amyot 11]Amyot, D., Mussbacher, G. User Requirements Notation:The First Ten Years, The Next Ten Years (Invited Paper). Journal of Software,2011,6 (5):747-768.
[Amyot 13]Amyot, D. Goal and Aspect-oriented Business Process Engineering. http://www.cs.mcgill.ca/-joerg/SEL/AOM_Bellairs_2013_-_Schedule_files/Daniel.pdf. [Baier 08] Baier C., Katoen, J. P. Principles of Model Checking. The MIT Press, Cambridge, London,2008.
[Bergmans 03] Bergmans, L. Towards detection of semantic conflicts between crosscutting concerns. In ECOOP:AAOS'03:The first workshop on Analysis of Aspect-Oriented Software, Darmstadt, Germany, July,212003.
[Bergmans 04] Bergmans, L., Aksit, M. Principles and design rationale of composition filters, in Aspect-Oriented Software Development. Addison-Wesley,2004:63-95.
[Bernstein 66] Bernstein A.J. Analysis of programs for parallel processing. IEEE Transactions on Electronic Computer,1966, EC-15 (5):757-763.
[Bernstein 05] Bernstein, L., Yuhas, C. Trustworthy systems through quantitative software engineering, Vol.1. Wiley-IEEE Computer Society Press:New York, Silver Spring MD,2005.
[Beznosov 04] Beznosov, K., Kruchten, P. Towards Agile Security Assurance. In the Proceedings of the New Security Paradigms Workshop (NSPW'2004), White Point Beach, NS, ACM,2004:47-54.
[Boehm 94]Boehm, B., Bose, P., Horowitz, E., Lee, M. Software Requirements as Negotiated Win Conditions. In the Proceedings of ICRE'94, IEEE Computer Society Press,1994:74-83.
[Boehm 95]Boehm, B., Bose, P., Horowitz, E., Lee, M. Software Requirements Negotiation and Renegotiation Aids:A Theory-W Based Spiral Approach. In the Proceedings of ICSE'95, IEEE Computer Society Press,1995:243.
[Boehm 96]Boehm, B., In, H. Identifying quality-requirement conflicts. Software, IEEE,1996, 13 (2):25-35.
[Boehm 98]Boehm, B., Egyed, A., Port, D., Shah, A., Kwan, J., Madachy, R. A Stakeholder Win-Win Approach to Software Engineering Education. Annals of Software Engineering 6, no. 1-4,1998:295-321.
[Boehm 06]Boehm. B. The future of software processes. In the Unifying the Software Process Spectrum, Lecture Notes Computer Science, Springer,2006:10-24.
[Castro 02] Castro, J., Kolp, M., Mylopoulos, J. Towards requirements-driven information systems engineering:the Tropos project. Information systems,2002,27(6):365-389.
[陈03]陈火旺,王戟,董威.高可信软件工程技术.电子学报,2003,31(12A):]933-1938.
[Chen 11]Chen, S. M., Sanguansat, K. Analyzing fuzzy risk based on a new fuzzy ranking method between generalized fuzzy numbers. Expert Systems with Applications,38, 2011:2163-2171.
[Cheng 07]Cheng, B. H., Atlee, J.M. Research directions in requirements engineering. Future of Software Engineering, IEEE Computer Society,2007:285-303.
[Choe 13]Choe, Y. prop2chf.py. CSCE 625:Introduction to Machine Learning, http://faculty.cs.tamu.edu/ioerger/cs625-fall11/prop2cnf.py.
[Chung 95]Chung, L., Nixon, B.A. Dealing with non-functional requirements:three experimental studies of a process-oriented approach. In proceedings of 17th International Conference on Software Engineering (ICSE),1995:25-25
[Chung 99]Chung, L., Nixon, B.A., Yu, E., Mylopoulos, J. Non-Functional Requirements in Software Engineering. International Series in Software Engineering, Springer, Heidelberg,1999, 5:476.
[Chung 06]Chung, L., Supakkul, S. Representing nFRs and fRs:A goal-oriented and use case driven approach. Software Engineering Research and Applications, Springer Berlin Heidelberg, 2006,3647:29-41.
[Chung 09]Chung, L., do Prado Leite, C.S. On non-functional requirements in software engineering. Conceptual modeling:Foundations and applications, Springer Berlin Heidelberg, 2009:363-379.
[CMU 03]CMU. Systems Security Engineering Capability Maturity Model SSE-CMM:Model Description Document, Version 3.0,2003.
[Constantinides 99] Constantinides, C.A., Bader, A., Elrad, T. An Aspect-Oriented Design Framework for Concurrent Systems. In the Proceedings of the ECOOP'99 Workshop on Aspect-Oriented Programming, Lisbon, Portugal,1999:302-311.
[Curtis 92] Curtis, W., Kellner, M. I., Over, J. Process Modelling. Communications of the ACM-Special issue on analysis and modeling in software development,1992,35 (9):75-90. [Cysneiros 04] Cysneiros, L.M., do Prado Leite, J.C.S. Nonfunctional requirements:from elicitation to conceptual models. IEEE Transactions on Software Engineering,2004,30 (5): 328-350.
[代11]代飞.基于EPMM的软件演化过程模型验证.云南大学博士学位论文,2011,6.
[Dardenne 93] Dardenne, A., van Lamsweerde, A., Fickas, S. Goal-directed requirements acquisition. Science of Computer Programming,1993,20(1,2):3-50.
[de Sousa 03] de Sousa, G.M.C., Castro, J. Towards a Goal-Oriented Requirements Methodology Based on the Separation of Concerns Principle. In WER2003 (Workshop em Engenharia de Requisitos),2003,11:223-239.
[Dinkelaker 12] Dinkelaker, T., Erradi, M., Ayache, M. Using aspect-oriented state machines for detecting and resolving feature interactions. Computer Science and Information Systems, 2012,9(3):1045-1074.
[丁11]丁博,王怀民,史殿习,李骁.一种支持软件可信演化的构件模型.软件学报,2011,22(1):17-27.
[DoD 85]DoD (Department of Defense). Department of Defense Trusted Computer System Evaluation Criteria (TCSEC). DoD 5200.28-STD. http://www.cerberussystems.com /INFOSEC/stds/d520028.htm,1985,12.
[DoD 00]DoD (Department of Defense). Standard Practice for System Safety (MIL-STD-882D). http://www.system-safety.org/Documents/MIL-STD-882D.pdf,2000,2.
[Douence 02] Douence, R., Fradet, P., Sudholt, M. A framework for the detection and resolution of aspect interactions. In Generative Programming and Component Engineering, Springer Berlin Heidelberg,2002:173-188.
[Douence 04] Douence, R., Fradet, P., Sudholt, M. Composition, reuse and interaction analysis of stateful aspects. In the Proceedings of the 3rd international conference on Aspect-oriented software development, ACM,2004:141-150.
[Durr 05]Durr, P., Staijen, T., Bergmans, L., Aksit, M. Reasoning about semantic conflicts between aspects. In EIWAS'05:The 2nd European Interactive Workshop on Aspects in Software,2005:10-18.
[Durr 07]Durr, P., Bergmans, L., Aksit, M. Static and dynamic detection of behavioral conflicts between aspects. In Runtime Verification. Springer Berlin Heidelberg,2007:38-50.
[Elahi 11]Elahi, G., Yu, E. A Semi-Automated Decision Support Tool for Requirements Trade-off Analysis. In the Proceedings of the 35th IEEE Annual Computer Software and Application Conference (COMPSAC'35),2011:466-475.
[Ericson 05] Ericson C. A. Hazard Analysis Techniques for System Safety. Wiley-Interscience, John Wiley & Sons, INC., Publication, Hoboken, New Jersey,2005.
[Filman 06] Filman, R.E., Elrad, T., Clarke, S., Aksit, M.莫倩,王恺,刘冬梅,袁臻译.面向方面的软件开发(Aspect-oriented software development).机械工业出版社,2006.[付10]付志涛.面向方面的软件演化过程研究,硕士学位论文.云南大学,2010,6.
[Guan 08]Guan, L., Li, X., Hu, H., Lu, J. A Petri net-based approach for supporting aspect-oriented modeling. Frontiers of Computer Science in China,2008,2(4):413-423.
[Hall 02a]Hall, A., Chapman, R. Correctness by construction:Developing a Commercial Secure System. IEEE Software,2002,1:18-25.
[Hall 02b]Hall, A. Correctness by Construction:Integrating Formality into a Commercial Development Process. FME 2002:Formal Methods-Getting IT Right, LNCS 2391, Springer Verlag,2002:224-233.
[Harland 05] Harland, D. M., Ralph L. Space Systems Failures:Disasters and Rescues of Satellites, Rockets and Space Probes. Springer-Verlag, New York,2005.
[Harrison 02] Harrison, W., Ossher, H., Tarr, P., Harrison, W. Asymmetrically vs. symmetrically organized paradigms for software composition. IBM Research Report,2002.
[Hasselbring 06] Hasselbring,W., Reussner, R. Toward trustworthy software systems. Computer, 2006,39(4):91-92.
[Herrmann 08] Herrmann, A., Paech, B. MOQARE:misuse-oriented quality requirements engineering. Requirement Engineering,2008,13(1):73-86.
[Holt 12]Holt, J., Perry, S.A., Brownsword, M. Model-based Requirements Engineering. The Institution of Engineering and Technology, London, United Kingdom,2012.
[Horkoff 10] Horkoff, J., Yu, E. Finding solutions in goal models:an interactive backward reasoning approach. Conceptual Modeling-ER 2010, Springer Berlin Heidelberg,2010:59-75.
[Horkoff 12] Horkoff, J. Iterative, Interactive Analysis of Agent-Goal Models for Early Requirements Engineering, Doctoral dissertation. University of Toronto,2012.
[Howard 02] Howard, M., Leblanc, D. Writing Secure Code. Microsoft Press,2002.
[Howard 06] Howard, M., Lipner, S. The Secure Development Life-cycle. Microsoft Press, 2006.
[胡10]胡宝清.模糊理论基础(第二版).武汉大学出版社,2010.
[Humphrey 00] Humphrey, W. S. The Personal Software Process, Technical Report CMU/SEI-2000-R-022. http://www.sei.cmu.edu/reports/00tr022.pdf,2000,11.
[Huth 04]Huth, M. Ryan, M. Logic in Computer Science:Modelling and Reasoning about Systems (Second Edition). Cambridge University Press,2004.
[IEC 90]IEC. International Electrotechnical Vocabulary-Chapter 191:Dependability (IEC 60050-191 Ed.2.0),1990.
[In 02]In, H.P., Olson, D., Rodgers, T. Multi-criteria preference analysis for systematic requirements negotiation. In the Proceedings of the COMPSAC'02,2002:887-892.
[In 04]In, H.P., Olson, D. Requirements Negotiation Using Multi-Criteria Preference Analysis. Journal of Universal Computer Science,2004,10(4):306-325.
[ISO/IEC 11] ISO, IEC. ISO/IEC 25010:Systems and software engineering-Systems and software Quality Requirements and Evaluation (SQuaRE)-System and software quality models,2011,3.
[Jacobson 04] Jacobson, I., Ng, P. W. Aspect-Oriented Software Development with Use Cases (Addison-Wesley Object Technology Series). Addison-Wesley Professional,2004.
[金08]金芝,刘磷,金英.软件需求工程:原理和方法.科学出版社,2008.
[康12]康雁,何婧,林英,秦江龙.软件需求工程.科学出版社,2012.
[Kellens 06] Kellens, A., Mens, K., Brichau, J., Gybels, K. Managing the evolution of aspect-oriented software with model-based pointcuts. In ECOOP 2006-Object-Oriented Programming, Springer Berlin Heidelberg,2006:501-525.
[Kiczales 01] Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J. Griswold, W.G. An overview of AspectJ. In European Conference on Object-Oriented Programming (ECOOP), 2001:327-353.
[Kniesel 06] Kniesel, G., Bardey, U. An analysis of the correctness and completeness of aspect weaving. In the proceedings of the 13th Working Conference on Reverse Engineering (WCRE'06), IEEE,2006,10:324-333.
[Kniesel 09] Kniesel, G. Detection and resolution of weaving interactions. Transactions on Aspect-Oriented Software Development, Springer Berlin Heidelberg,2009:135-186. [Li 08] Li, T. An Approach to Modelling Software Evolution Processes. Springer-Verlag, Berlin, 2008.
[李05]李鸿吉.模糊数学基础及实用算法.科学出版社,2005.
[Littlewood 00] Littlewood, B., Strigine, L. Software reliability and dependability:a roadmap. In:Finkelstein, A. (Ed.). The Future of SE, ICSE'22, IEEE,2000:175-188.
[Liu 01]Liu, L.D., Yu, E., Yu, Y.J. OME (Organization Modelling Environment). http://www.cs.toronto.edu/km/GRL/.
[刘08]刘克,单志广,王戟,何积丰,张兆田,秦玉文.“可信软件基础研究”重大研究计划综述.中国科学基金,2008,22(3):145-151.
[刘13]刘金卓.基于符号化模型检测的软件演化过程模型验证.云南大学博士学位论文,2013,6.
[Loucopoulos] Loucopoulos, P., Karakostas, V. System requirements engineering. McGraw-Hill,1995.
[陆02]陆钟万.面向计算机科学的数理逻辑(第二版).科学出版社.2002,1.
[Mairiza 11] Mairiza D., Zowghi D. Constructing a Catalogue of Conflicts among Non-functional Requirements. Evaluation of Novel Approaches to Software Engineering, Communications in Computer and Information Science, Springer,2011,230:31-44.
[Miller 06] Miller, A., Mclean, J., Saydjari, O., Voas, J. Compsac panel session on trustworthy computing. COMPSAC'06:Proceedings of 30th Annual International Computer Software and Applications Conference, Chicago IL, vol.1. IEEE Computer Society:Silver Spring MD, September 2006; 31.
[Molderez 12] Molderez, T., Meyers, B., Janssens, D., Vangheluwe, H. Towards an aspect-oriented language module:aspects for petri nets. In the Proceedings of the seventh workshop on Domain-Specific Aspect Languages, ACM,2012,3:21-26.
[Moser 11]Moser, T., Winkler, D., Heindl, M., Biffl, S. Requirements Management with Semantic Technology:An Empirical Study on Automated Requirements Categorization and Conflict Analysis. Advanced Information Systems engineering Lecture Notes in Computer Science,2011,6741:3-17.
[Muschevici 10] Muschevici, R., Clarke, D., Proenca, J. Feature petri nets. In the Proceedings of the 14th International Software Product Line Conference (SPLC 2010),2010,2.
[Mylopoulos 92] Mylopoulos, J., Chung, L., Nixon, B. A. Representing and using nonfunctional requirements:A process-oriented approach. IEEE Transactions on Software Engineering,1992, 18(6).483-497.
[Nagy 05]Nagy, I., Bergmans, L., Aksit, M. Composing aspects at shared join points. In the Proceedings of International Conference NetObjectDays (NODe2005), Lecture Notes in Computer Science,2005:69-84.
[Neumann 04] Neumann, P.G. Principled assuredly trustworthy composable architectures, Project Report, Computer Science laboratory, SRI International,2004.
[Nichols 12] Nichols, W., Tasistro, A., Vallespir, D. et al. TSP Symposium 2012 Proceedings, Special Report CMU/SEI-2012-SR-0I5. http://www.sei.cmu.edu/reports/12sr015.pdf,2012, 11.
[NSS2 05]NSS2. Software 2015:A National Software Strategy to Ensure U.S. Security and Competitiveness, http://www.cnsoftware.org/nss2report/,2005,4.
[Nuseibeh 00] Nuseibeh, B., Easterbrook, S. Requirements engineering:a roadmap. Proceedings of the Conference on the Future of Software Engineering, ACM,2000:35-46.
[Odgers 99] Odgers, B., Thompson, S. Aspect-Oriented Process Engineering (ASOPE). In the Proceedings of the Workshop on Object-Oriented Technology,Springer_Verlag, London, UK, 1999:295-299.
[Osterweil 87] Osterweil, L.J. Software processes are software too. In the Proceedings of the 9th International Conference on Software Engineering (ICSE'87), Monterey CA. ACM:New York, March-April 1987:2-13.
[Osterweil 97a] Osterweil, L.J. Software processes are software too, revisited:An invited talk on the most influential paper of ICSE 9. In the Proceedings of the 19th International Conference on Software Engineering (ICSE'97). Berlin:Springer-Verlag,1997:540-548.
[Osterweil 97b] Osterweil, L.J. Improving the quality of software quality determination processes. In R. Boisvert, editor, The Quality of Numerical Software:Assessment and Enhancement. Chapman & Hall, London,1997.
[Park 07]Park, C., Choi, H., Lee, D., Kang, S., Cho, H., Sohn, J. Knowledge-Based AOP Framework for Business Rule Aspects in Business Process, ETRI Journal,2007,29 (4): 477-488.
[Pawlak 05] Pawlak, R., Duchien, L., Seinturier, L. CompAr:Ensuring safe around advice composition. In Formal Methods for Open Object-Based Distributed Systems, Springer Berlin Heidelberg,2005:163-178.
[Princeton 07] Princeton University, zChaff 2007.3.12. http://www.princeton.edu/-chaff /zchaff.html.
[Robert 90] Robert M. G. Entropy and Information Theory. Springer-Verlag,1990. [Robertson 99] Robertson, S., Robertson, J. Mastering the Requirements Process. ACM Press, 1999.
[Robertson 06] Robertson, J. Mastering the Requirements Process,2/E. Pearson Education India, 2006.
[Robinson 97] Robinson, W., Volkov, S. A Meta-Model for Restructuring Stakeholder Requirements. In the Proceedings of the 19th International Conference on Software Engineering, IEEE Computer Society Press, Botson, USA,1997,5:140-149.
[Roubtsova 05] Roubtsova, E. E., Aksit, M. Extension of Petri Nets by Aspects to Apply the Model Driven Architecture Approach. In the Proceedings of the 1st International Workshop on Aspect-Based and Model-Based Separation of Concerns in Software Systems (ABMB), Nuremberg, Germany,2005,1:1-15.
[Sebastiani 04] Sebastiani, R., Giorgini, P., Mylopoulos, J. Simple and minimum-cost satisfiability for goal models. Advanced Information Systems Engineering, Springer Berlin Heidelberg,2004:20-35.
[Schauerhuber 07] Schauerhuber, A., Schwinger, W., Kapsammer, E., Retschitzegger, W., Wimmer, M., Kappel, G. A survey on aspect-oriented modeling approaches. Relatorio tecnico, Vienna University of Technology,2007.
[Schmidt 03] Schmidt, H. Trustworthy components-compositionality and prediction. The Journal of Systems and Software,2003,65:215-225.
[SecureChange 09] SecureChange project, http://www.securechange.eu/.2009-2012. [Secure Software 05] Secure Software Inc. The CLASP Application Security Process. http://www.ida.liu.se/-TDDC90/papers/clasp_external.pdf,2005.
[Shayler 00] Shayler, D. Disasters and Accidents in Manned Spaceflight. Springer-Verlag, London,2000.
[沈10]沈昌详,张焕国,王怀民,王戟等.可信计算的研究与发展.中国科学:信息科学,2010,40(2):139-166.
[Sourceforge 13] Sourceforge, PIPE2 (Platform Independent Petri Net Editor Beta). http://pipe2.sourceforge.net/
[孙04]孙东川,林福永.系统工程引论.北京:清华大学出版社,2004.
[Sutton Jr 06] Sutton Jr, S. M. Aspect-oriented software development and software process. Unifying the Software Process Spectrum, Springer Berlin Heidelberg,2006:177-191.
[汤10]汤永新,刘增良.软件可信性度量模型研究进展.计算机工程与应用,2010,46(27):12-16.
[陶11]陶红伟.基于属性的软件可信性度量模型研究.博士学位论文.上海:华东师范大学,2011.
[TCG 07]Trusted Computing Group (TCG),2007. TCG Specification Architecture Overview, revision 1.4. http://www.trustedcomputinggroup.org.
[Tessier 04] Tessier, F., Badri, L., Badri, M. Towards a formal detection of semantic conflicts between aspects:A model-based approach. In the Proceedings of the 5th Aspect-Oriented Modeling Workshop in conjunction with UML 2004,2004.
[Trustie 09] Trustie. Software Trustworthiness Classification Specification (TRUSTIE-STC v 1.0),2009, http://www.trustie.net/.
[van den Berg 05] Van den Berg, K.G., Conejero, J.M., Chitchyan, R. AOSD ontology 1.0-public ontology of aspect-orientation. Technical Report D9 AOSD-Europe-UT-01, AOSD-Europe.2005.
[van Lamsweerde 98] van Lamsweerde, A., Darimont, R., Letier, E. Managing conflicts in goal-driven requirements engineering. IEEE Transactions on Software Engingeering,1998, 24(1):908-926.
[van Lamsweerde 01] van Lamsweerde, A. Goal-oriented requirements engineering:a guided tour. In proceedings of the Fifth IEEE International Symposium on Requirements Engineering, 2001:249-262.
[王06]王怀民,唐扬斌,尹刚,李磊.互联网软件的可信机理.中国科学E辑:信息科学,2006,36(10):1156-1169.
[Wehrmeister 07] Wehrmeister, M.A., Freitas, E.P., Pereira, C.E., Wagner, F.R. An Aspect-Oriented Approach for Dealing with Non-Functional Requirements in a Model-Driven Development of Distributed Embedded Real-Time Systems. In the Proceedings of 10th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC'07),2007,5:428-432.
[Wei 12]Wei, B., Jin, Z., Zowghi, D., Yin, B. Automated reasoning with goal tree models for software quality requirements. In the proceedings of 2012 IEEE 36th International Conference on Computer Software and Applications Workshops (COMPSACW),2012:373-378.
[吴06]吴哲辉.Petri网导论.机械工业出版社,2006.
[Xu 06]Xu, D.X. Nygard, K.E. Threat-driven modeling and verification of secure software using aspect-oriented Petri nets. IEEE Transactions on Software Engineering,2006,32(4): 265-278.
[Yang 09]Yang, Y., Wang Q. Li, M.S. Process trustworthiness as a capability indicator for measuring and improving software trustworthiness. In the Proceedings of International Conference on Software Process (ICSP'09), Vancouver, Canada. Springer:2009:389-401.
[Yu 97]Yu, E.S.K. Towards modeling and reasoning support for early-phase requirements engineering. In the Proceedings of the Third IEEE International Symposium on Requirements Engineering,1997,1:226-235.
[Yu 09]Yu, Y., Niu, N., Gonzalez-Baixauli, B., Mylopoulos, J., Easterbrook, S., do Prado Leite, J. C. S. Requirements Engineering and Aspects. Design Requirements Engineering:A Ten-Year Perspective, Springer Berlin Heidelberg,2009:432-452.
[袁05]袁崇义.Petri网原理与应用.电子工业出版社,2005.
[Zadeh 65]Zadeh, L. A. Fuzzy sets. Information and Control,1965,8(3):338-353.
[Zadeh 75]Zadeh, L.A. The concept of a linguistic variable and its application to approximate reasoning-Ⅰ. Information Science,1975,8(3):199-249.
[Zave 97]Zave, P. Classification of research efforts in requirements engineering. ACM Computing Surveys,1997,29 (4):315-321.
[Zhang 12]Zhang, H., Kitchenham, B., Jeffery, R. (2012). Toward trustworthy software process models:an exploratory study on transformable process modeling. Journal of Software: Evolution and Process 2012,24(7):741-763.
[张09]张瞩熹,李仁杰,王怀民.一个面向方面的可信软件开发平台TSCE.计算机应用研究,2009,26(5):1743-1745.
[Zhu 12]Zhu, M.X., Luo, X.X., Chen, X.H., Wu, D.D. A non-functional requirements tradeoff model in Trustworthy Software. Information Sciences,2012,191:61-75.