ISSN 1000-1239 CN 11-1777/TP

Table of Content

01 April 2021, Volume 58 Issue 4
Intelligent Requirements Elicitation and Modeling: A Literature Review
Wang Ye, Chen Junwu, Xia Xin, Jiang Bo
2021, 58(4):  683-705.  doi:10.7544/issn1000-1239.2021.20200740
Asbtract ( 531 )   HTML ( 74)   PDF (1693KB) ( 434 )  
Related Articles | Metrics
Requirements elicitation and modeling refer to the process of obtaining explicit or implicit requirements from the requirements text described in natural language, and constructing the corresponding models through tabular, graphical, and formulaic methods. Requirements elicitation and modeling is an extremely critical step in software development process, which paves the way for subsequent system design and implementation, improves the efficiency and quality of software development, and improves the stability and feasibility of software systems. Researchers have obtained a series of research achievements in requirements elicitation and modeling. Requirements elicitation and modeling can be generally divided into three steps: requirements knowledge extraction, requirements knowledge classification and requirements model construction. Due to the fact that traditional requirements elicitation and modeling approaches have problems in terms of accuracy and efficiency of model construction, in recent years, more and more researchers have integrated widely applicable artificial intelligence techniques with these approaches, and put forward a series of intelligent require-ments elicitation and modeling approaches, so as to make up for the deficiencies of the traditional methods. This paper focuses on the perspective of intelligent requirements elicitation and modeling, and sorts out and summarizes the research progress of requirements elicitation and modeling in recent years. The main contents include: 1)statistics and analysis of the artificial intelligence techniques applied in requirements knowledge extraction, requirements knowledge classification and requirements model construction; 2)summarizing the verification and evaluation methods used in the process of intelligent requirements elicitation and modeling; 3)summarizing the key issues of intelligent require-ments elicitation and modeling from two aspects of scientific problems and technical difficulties, and elaborating on the six research trends including integrated and dynamic model construction, mining the relationships among intelligent requirements elicitation and modeling and other software engineering activities, refining the granularity of intelligent requirements modeling, data sets construction, evaluation metrics construction and industrial practice as the possible solutions to the above problems. The future development trend of intelligent requirements elicitation and modeling research is also discussed.
An Automated Approach to Generate SysML Models from Restricted Natural Language Requirements in Chinese
Bao Yang, Yang Zhibin, Yang Yongqiang, Xie Jian, Zhou Yong, Yue Tao, Huang Zhiqiu, Guo Peng
2021, 58(4):  706-730.  doi:10.7544/issn1000-1239.2021.20200757
Asbtract ( 240 )   HTML ( 22)   PDF (6904KB) ( 212 )  
Related Articles | Metrics
Model-driven development has been gradually adopted as an important approach of designing and developing safety-critical cyber-physical systems(SC-CPSs). The requirement of SC-CPSs is often described in natural language. How to link natural language requirements and the model-driven design and development process of SC-CPSs automatically or semi-automatically is a main existing challenge. In this paper, a method named RNL2SysML is proposed for the automatic generation of SysML models from restricted natural language requirements in Chinese. Firstly, in view of the problem that glossaries need to be manually extracted, a method for extracting and recommending terms of SC-CPSs based on artificial intelligence is proposed. Secondly, in order to reduce the ambiguity of natural language requirements, a restricted natural language requirement template is proposed for requirement specification. Then, the method of transformation from natural language requirement specification to SysML model is given. Finally, based on the open source tool Papyrus, the plugin for the method proposed in this paper is implemented, and the effectiveness and practicality of the method is evaluated and proved by an industry case of the airplane air compressor system in the aviation field.
An Approach for Improving the Requirements Quality of User Stories
Wang Chunhui, Jin Zhi, Zhao Haiyan, Cui Muyuan
2021, 58(4):  731-748.  doi:10.7544/issn1000-1239.2021.20200732
Asbtract ( 137 )   HTML ( 19)   PDF (2295KB) ( 132 )  
Related Articles | Metrics
User story is a widely adopted requirements notation in agile development. Generally, user stories are written by customers or users in natural language with limited format, but there are often some defects in the writing of user stories. The typical detects include the lack of necessary information to make it difficult to understand, and the ambiguous expressions make the requirements impossible to estimate, and some stories have duplicates and conflicts. These defects affect the quality of requirements, resulting in incomplete, inconsistent, untestable, and so on. This paper proposes an automated approach for detecting the defects in user story requirements and improving the quality of user stories. First, a conceptual model of user story for defect identification is proposed. An approach based on structural analysis, syntactic analysis and semantic analysis is used for constructing the conceptual model. Secondly, 11 quality criteria are summarized from the actual cases and used to identify the defects in the user stories. An experimental study is carried out on a story set with 36 user stories and 84 scenarios. The automatic detection tool reports 173 defects, and the precision and recall of the reported results are 88.79% and 95.06%, respectively.
A User Requirements Preference Analysis Method of Mobile Applications Based on Meta-Path Embedding
Song Rui, LiTong, Dong Xin, Ding Zhiming
2021, 58(4):  749-762.  doi:10.7544/issn1000-1239.2021.20200737
Asbtract ( 135 )   HTML ( 20)   PDF (2205KB) ( 187 )  
Related Articles | Metrics
With the rapid development of the Internet and mobile application platforms, massive user data has been generated by mobile applications. Such data has become an important data source for accurately analyzing user requirements preference. Many researchers have analyzed and mined user requirements preference from user data. However, the existing studies do not link the multi-dimensional information of mobile applications, and only explore the characteristics of a few dimensions of the data. In this paper, we propose a method to analyze user requirements preferences based on meta-path embedding, which can personally recommend mobile applications for users. Specifically, we first analyze the semantic topics in the text information of mobile applications, which enriches the analysis dimension of user requirements preferences. Second, we construct a conceptual model that integrates multi-dimensional information for mobile applications, including multi-dimensional data that affects user choices. Based on the conceptual model, we design a series of meaningful meta-paths to accurately capture the semantics of user requirements preferences. Finally, we analyze user preferences based on the meta-path embedding technique to recommend personalized mobile applications for users. In this paper, we use the real data set obtained from the Apple App Store to evaluate our model, which contains 1507 mobile applications and 153501 user reviews. The experimental results show that our method outperforms the existing models in all metrics, in which the average F1-measure increases by 0.02, and the average NDCG increases by 0.1.
Automatic Trend Analysis of Mobile App Updates Based on App Changelogs
Zhong Renyi, WangChong, Liang Peng, Luo Zhong
2021, 58(4):  763-776.  doi:10.7544/issn1000-1239.2021.20200756
Asbtract ( 140 )   HTML ( 3)   PDF (2632KB) ( 87 )  
Related Articles | Metrics
Data-driven analysis on the development, maintenance, and evolution has recently become an area of active research. However, little is known to treat app changelogs as the input to explore the types of requirements that app developers pay the most attention when releasing an app, as well as trend of app development and updates. This paper reports the results of an exploratory study in which we analyze the requirements and buzzwords that dominate the changes of apps, according to a set of 6527 changes collected from 60 apps from three categories in the Apple App Store: “Travel”, “Social Networking” and “Books”. First, the performance of three supervised machine learning algorithms is evaluated to find the most suitable classifiers for the automatic classification of app changelogs. Furthermore, based on the classification results of app changelogs, characteristics and trends of app updates are revealed from two perspectives, i.e., the requirement type that app changelog items mention and the hot words in app changelog items that are labeled as a certain requirement type. The results are valuable for researchers and practitioners to have a comprehensive understanding on the current app stores from RE perspective.
Enhancing Requirements Traceability Recovery via a Graph Mining-Based Expansion Learning
Chen Lei, Wang Dandan, Wang Qing, Shi Lin
2021, 58(4):  777-793.  doi:10.7544/issn1000-1239.2021.20200733
Asbtract ( 137 )   HTML ( 16)   PDF (4010KB) ( 141 )  
Related Articles | Metrics
Requirements tracing plays an important role to manage requirements and its related artifacts through the entire software life cycle. As manually creating such trace links is time-consuming and error-prone, some information retrieval (IR) based and machine learning (ML) based solutions have been proposed. Among them, unsupervised ML methods which do not require large labeled datasets are gaining more attention. Most of these solutions model the lexical and semantic information to resolve the problem. However, we find that existing approaches typically neglect the word co-occurrence distribution and word order information of the textual artifacts, which could provide extra indications for enhancing trace links. In this paper, we propose a novel approach, named GeT2Trace, which utilizes a graph mining-based expansion learning to enhance trace links recovery. The key idea is to exploit the word co-occurrence information and the word order information via graph network, and leverage them to learn a more comprehensive and accurate artifact representation. Evaluation is conducted on five public datasets, and the results show that our approach outperforms the state-of-the-art baselines. Expanding requirements with graphic information provide new insights into the unsupervised traceability solutions, and the improved trace links confirm the usefulness and effectiveness of GeT2Trace.
A Survey of Cache-Based Side Channel Countermeasure
Wang Chong, Wei Shuai, Zhang Fan, Song Ke
2021, 58(4):  794-810.  doi:10.7544/issn1000-1239.2021.20200500
Asbtract ( 191 )   HTML ( 19)   PDF (1052KB) ( 132 )  
Related Articles | Metrics
Microarchitectural side channel attack uses microarchitecture state to stole information from victim. It breaks the isolation offered by operation system, sandbox and so on, which seriously threatens information security and private, thus it receives extensive attention from academia. Unlike other traditional side channel attacks, microarchitectural side channel attack doesn’t require physical contact, nor complex analysis device, and it only needs co-run some code with victim in some share resources. Cache-based side channel attack uses cache such as private L1 Cache and LLC (last level cache) to learn the access pattern of other application, and uses this access pattern to infer secrets. Owning to the fact that cache is widely used in modern CPU, cache-based side channel attack is the most attractive attacks. It’s still an open challenge to defense this kind of attack. In this paper, we firstly introduce the basic architecture and theory related with microarchitectural side channel especially cache-based side channel attack. Then, we consolidate existing attack methods into an attack model from attacker ability, attack steps and attack target. According to this model, we classify types of the main existing countermeasure to cache-based side channel attack, and focus on the design of the new secure cache architecture. Finally, we present the trends in countermeasure, challenge to combating them and future directions especially new cache architecture.
Cloud-Assisted Attribute-Based Searchable Encryption Scheme on Blockchain
Niu Shufen, Xie Yaya, Yang Pingping, Du Xiaoni
2021, 58(4):  811-821.  doi:10.7544/issn1000-1239.2021.20200041
Asbtract ( 186 )   HTML ( 19)   PDF (1913KB) ( 201 )  
Related Articles | Metrics
Searchable encryption technology can effectively solve the problem of searching encrypted data without decryption. In view of the fact that the existing searchable encryption technology does not consider the problem of fine-grained search permission of data users, and the problem of data security and privacy protection caused by the centralization of cloud storage in the existing searchable encryption schemes, this paper proposes a cloud-assisted attribute-based searchable encryption scheme on blockchain. In this scheme, searchable encryption technology is used to realize secure search of encrypted data on the blockchain, attribute-based encryption technology is used to realize fine-grained access control of data, and the immutability of the blockchain is used to ensure the security of keyword ciphertext. In this scheme, attribute-based encryption technology is used to encrypt keywords extracted from data files. The keyword ciphertext is uploaded to the blockchain in the form of a transaction. Keyword ciphertext and encrypted data files are stored on the semi-trusted cloud server. Based on the assumption of difficult problems, it is proved that the scheme can guarantee the security of keyword ciphertext and trapdoor. And important information related to keywords and trapdoors will not be leaked.The numerical experimental results show that the proposed scheme is more efficient in the key generation phase, trapdoor generation phase, and keyword search phase than the existing similar schemes.
A Trust-Based DDoS Discovery Approach for Encrypted Traffic in Cloud Environment
Pan Yuting, Lin Li
2021, 58(4):  822-833.  doi:10.7544/issn1000-1239.2021.20200183
Asbtract ( 98 )   HTML ( 8)   PDF (2112KB) ( 302 )  
Related Articles | Metrics
In the cloud environment, DDoS(distributed denial of service) attacks may be more covert, easier to launch and potentially larger because data flow can be encrypted. A trust-based DDoS attack discovery approach for the encrypted traffic in the cloud environment called TruCTCloud is proposed. Firstly, a trust evaluation mechanism is introduced to filter the non-attack traffic of legitimate tenants by exploiting signature of the cloud service itself with the other environmental factors, and then the sensitive information contained in legitimate tenants’ traffic is guaranteed. Secondly, a traffic classification algorithm based on the kNN(k-nearest neighbors) is proposed to detect and identify for the filtered encrypted traffic and other unencrypted traffic, where five kinds of characteristics including flow median of packets per flow, flow median of bytes per flow, percentage of correlative flow, port growth rate and source IP growth rate are introduced to construct a Ball-tree data structure of characteristics. Finally, some experiments are conducted to evaluate the proposed method in the OpenStack cloud platform. The results suggest that our method can quickly detect the abnormal traffic or early traffic of DDoS attack and effectively protect the sensitive traffic information of legitimate users from the DDoS attack.
A Runtime Information Based Defense Technique for Ethereum Smart Contract
Xiang Jie, Yang Zhemin, Zhou Shunfan, Yang Min
2021, 58(4):  834-848.  doi:10.7544/issn1000-1239.2021.20200135
Asbtract ( 129 )   HTML ( 9)   PDF (1146KB) ( 115 )  
Related Articles | Metrics
As one of the most successful applications of blockchain technology, Ethereum smart contract has been widely integrated into programs and become a common implementation scheme for decentralized applications. However, smart contract suffers from security attacks since born because of its unique financial characteristics, and fresh attack forms continue to dribble out. State-of-art research works have proposed many effective mechanisms to detect vulnerabilities in smart contract, but they all have limitations in practical, such as design only for known vulnerabilities, need to modify the contract code, and the cost on-chain is too high. Because of the immutability of smart contract, these defense techniques which aim at specific vulnerabilities cannot fix the original contract, and as a result, they can hardly work on the new attack forms. To this end, we present a runtime information based upgradable defense system for Ethereum smart contract, which provides real-time data for the off-chain attack detection by collecting kinds of runtime information. At the same time, we design an access control mechanism deployed on smart contract, which restricts the access to the contract based on the dynamic detection result, so that we can secure the contract without modifying the code. Ethereum does not provide a mechanism to recognize and intercept real-time attack transactions, So we make use of race condition to enhance the defense on the real-time attack. The evaluation results show that out defense technology is extremely effective to prevent attacks, which can achieve 100% success rate for the follow-up attacks and achieve 97.5% success rate for the first attack detected by the use of race condition.
Security Analysis of Image Encryption Algorithm Based on Block Modulation-Scrambling
Qu Lingfeng, He Hongjie, Chen Fan, Zhang Shanjun
2021, 58(4):  849-861.  doi:10.7544/issn1000-1239.2021.20200011
Asbtract ( 108 )   HTML ( 11)   PDF (9665KB) ( 63 )  
Related Articles | Metrics
Block modulation-scrambling image encryption is one of the common encryption methods for reversible data hiding in encrypted image(RDH-EI). It can effectively improve the embedding capacity of the algorithm and resist the existing ciphertext only and known plaintext attacks. For block modulation-scrambling image encryption, a key stream estimation method under known plaintext attack is proposed in this paper. First of all, the definition of image difference block is given, and it is pointed out that the ciphertext block generated by block modulation keeps the difference block unchanged with high probability. On this basis, a fast block scrambling key estimation method based on pseudo difference image construction and difference cube mean index search is proposed. The relationship between the cube mean distribution of the difference block and the block size and the accuracy of the scrambling key estimation is discussed. Finally, the possible solutions to improve the security of image encryption are given. The texture complexity and block size of the plaintext image are the main factors that affect the block scrambling key estimation accuracy and algorithm time complexity. When the block size is larger than 3×3, the accuracy of all test image block scrambling secret key estimation is more than 70%, at this time, the content information of ciphertext image is seriously leaked.
A Survey on Graph Processing Accelerators
Yan Mingyu, Li Han, Deng Lei, Hu Xing, Ye Xiaochun, Zhang Zhimin, Fan Dongrui, Xie Yuan
2021, 58(4):  862-887.  doi:10.7544/issn1000-1239.2021.20200110
Asbtract ( 347 )   HTML ( 41)   PDF (3590KB) ( 348 )  
Related Articles | Metrics
In the big data era, graphs are used as effective representations of data with the complex relationship in many scenarios. Graph processing applications are widely used in various fields to dig out the potential value of graph data. The irregular execution pattern of graph processing applications introduces irregular workload, intensive read-modify-write updates, irregular memory accesses, and irregular communications. Existing general architectures cannot effectively handle the above challenges. In order to overcome these challenges, a large number of graph processing accelerator designs have been proposed. They tailor the computation pipeline, memory subsystem, storage subsystem, and communication subsystem to the graph processing application. Thanks to these hardware customizations, graph processing accelerators have achieved significant improvements in performance and energy efficiency compared with the state-of-the-art software frameworks running on general architectures. In order to allow the related researchers to have a comprehensive understanding of the graph processing accelerator, this paper first classifies and summarizes customized designs of existing work based on the computer’s pyramid organization structure from top to bottom. This article then discusses the accelerator design of the emerging graph processing application (i.e., graph neural network) with specific graph neural network accelerator cases. In the end, this article discusses the future design trend of the graph processing accelerator.
A Consistent Hash Data Placement Algorithm Based on Stripe
Wei Zheng, Dou Yu, Gao Yanzhen, Ma Jie, Sun Ninghui, Xing Jing
2021, 58(4):  888-903.  doi:10.7544/issn1000-1239.2021.20190732
Asbtract ( 111 )   HTML ( 14)   PDF (1592KB) ( 84 )  
Related Articles | Metrics
As the carrier of data storage, distributed storage system is widely used in the field of large data. Erasure codes are widely adopted by storage systems because of their high spatial efficiency and reliable data storage. In EB-level large-scale erasure coded distributed storage system, the cost of metadata management is high, and the query efficiency of metadata such as location information affects the I/O latency and throughput. The centralized data placement algorithm, based on location information records, needs frequent access to metadata servers, resulting in performance optimization constraints. More and more centerless data placement algorithms based on Hash mapping are applied. But some problems exist in the process of node change and data recovery, such as difficult location change, a large amount of migrated data, low concurrency of data recovery and migration. This paper proposes a consistent Hash data placement algorithm based on stripe (SCHash). SCHash places data in the unit of stripe. By transforming the mapping from data block to node into the mapping process from stripe to node group, it reduces the amount of data migration in the process of node change. Thus, in the recovery process, the proportion of data migration is reduced, and the recovery speed is accelerated. On the basis of SCHash, this paper designs and implements a recovery strategy of parallel I/O scheduling based on stripe. The recovery strategy avoids the selection of the data block in the same node in I/O operation, which also enhances the degree of parallelism of I/O. Compared with the APHash algorithm, SCHash algorithm reduces the data transfer by 46.71% to 85.28% in the data recovery. The recovery rate is improved by 48.16% when the nodes are rebuilt in the stripe, and the recovery rate is increased by 138.44% when the nodes are rebuilt out of the stripe.