开源IaaS云服务软件平台的分析与比较

作为一种新兴的计算模式,云计算已经由最初的理论探索,逐渐进入了理论、技术与实际应用共同发展的阶段。开源云平台项目的研究与发展在其中起到了重要作用。迄今为止,使用开源IaaS云平台搭建自己的公共云或私有云,已经成为很多学术机构和商业企业信息管理、信息服务和技术研究中经济而有效的解决方案。为了评价和选择合适的IaaS云平台,根据NIST云模型,从体系结构、资源抽象和控制技术、云服务管理、安全策略、社区规模及活跃度和基本情况等多个方面 抽象出详细指标,对4个具有代表性的开源IaaS云平台软件进行了研究、分析和比较。     

基于椭圆曲线加密且支持撤销的属性基加密方案

在云终端用户资源受限的场景中,传统属性基加密方案中存在着计算开销大以及不能实现实时撤销的不足。为了实现云端数据安全高效的共享,提出了一种基于椭圆曲线加密（ECC）算法且支持细粒度撤销的属性基加密方案。该方案使用计算较轻量级的椭圆曲线上的标量乘法代替传统属性基加密方案中计算开销较大的双线性配对,以降低系统中用户在解密时的计算开销,提高系统的效率,使方案更适用于资源受限的云终端用户场景。利用表达能力更强和计算更高效的有序二元决策图（OBDD）结构来描述用户定义的访问策略,以减少嵌入密文中的冗余属性来缩短密文长度。为每个属性建立一个由拥有该属性用户组成的属性组,并为组内每个成员生成唯一的用户属性组密钥。当发生属性撤销时,利用最小子集覆盖技术为组内剩余成员生成新的属性组,实现实时的细粒度属性撤销。安全分析表明,所提方案具有选择明文攻击不可区分性、前向安全性和后向安全性;性能分析表明,所提方案在访问结构表达和计算能力上优于（t,n）门限秘密共享方案和线性秘密共享方案（LSSS）,其解密计算效率满足资源受限的云终端用户的需求。     

逼真生成表格式数据的非时间属性关联模型

针对数据仿真过程中表格数据属性间关联难的问题,提出一种刻画表格数据中非时间属性间关联特征的H模型。首先,从数据集中提取评价主体和被评价主体关键属性,进行两重频数统计,得到关于关键属性的4个关系对;然后,计算各关系对的最大信息系数（MIC）来评估各关系对的相关性,并采用拉伸指数分布（SE）对各关系对进行关系拟合;最后,设置评价主体和被评价主体的数据规模,根据拟合出的关系计算出评价主体的活跃度和被评价主体的流行度,通过活跃度总和等于流行度总和建立关联,得到非时间属性关联的H模型。实验结果表明,利用H模型能有效地刻画真实数据集中非时间属性间的关联特征。     

自相似活跃子网前缀空间的路由查找

IP地址查询是路由器的基本工作，活跃IP和子网前缀地址空问是重尾分布且自相似的，而针对这种重尾分布的IP地址和前缀可以用于对路由查找进行统计优化．文章分析并验证了活跃IP地址空间的特点和子网前缀空间分形自相似特性，活跃IP的子网前缀在不同的聚类规模上的次序统计量服从Pareto分布，主干路由表项的次序统计量也近似服从Pareto分布．该文提出了一种基于活跃度排序的路由逐次查找算法——SOSL，对IP地址查询进行了优化，在该文的模拟实验中，活跃路由表的规模、刷新周期和活跃度判定下限间存在一些对数线性关系，使得作者可以以很小的活跃路由表来实现全部路由查找需求的99％；为SOSL实现中最关键的活跃路由表排序问题提出了一个基于计数器溢出的方案，复杂度为O（1）．对比发现该文的算法与TCAM结合能够提高TCAM的效率，高效地控制活跃路由表的规模，易于硬件实现．     

在线软件生态系统用户活跃度的经验研究

为了以更少的成本来满足用户的需求,软件公司开始借助第三方开发者建立软件生态系统.提出了度量软件生态系统的用户活跃度的问题,对软件生态系统用户活跃度进行建模,设计层级结构的指标体系.从研究系统层面的用户活跃度为主要目标,分析用户行为,把用户群体的行为作为活跃度的判定依据.定义软件生态系统的具体指标:应用吸引力,用户忠诚度,用户流动性等.进行了案例研究,基于大量用户行为数据,进行服务异常监控和趋势分析.     

基于本体和粗糙集理论的网格服务发现算法

针对网格服务发现的查全率、查准率效率较低的现状,基于本体技术和粗糙集理论,设计了一个服务发现算法OGSDA-RS,在服务匹配之前先进行3步预处理操作：规范化请求服务,根据请求服务对发布服务进行不相关属性约减和依赖属性约减。实验结果表明,与UDDI和OWL-S相比,服务发现的查全率、查准率要高出50%~75%,而且当发布服务的规模较小时,效率比OWL-S最高能高出 2.7倍。     

基于软件通信体系结构的波形属性管理技术

阐述了软件无线电波形的特点及系统结构,对波形属性的控制管理方法进行了研究,设计实现了基于软件通信体系结构(SCA)的波形属性管理技术,组件之间使用属性管理器作为属性操作接口,为配置和查询属性提供灵活方便的通用接口实现.实验结果表明,该技术可以满足所有SCA资源和设备组件中属性管理的请求操作,解决了属性管理与其它操作夹杂在一起、耦合度高的问题,从而提高了组件的可重用性、可移植性和可维护性.     

开源软件自动化评估证据框架

互联网上已形成了规模巨大、种类丰富的开源软件资源。如何准确、快速地判断一个开源项目的各种可信属性是否满足需求是当前软件工程领域研究的热点。深入分析已有开源软件评估模型,总结互联网上软件质量相关的各种信息,提出了面向开源软件的可信评估证据框架,并基于该框架构建了一种开源软件可信证据查询平台。利用该平台能够极大地提高评估效率,用户可以准确、快速、全面地了解相关软件项目的各种信息。最后,以一个知名开源软件证实了该证据框架及证据查询平台的可行性。     

Linux的核心在于服务

越来越多的开源商业公司活跃在国内市场上,开源系统平台被越来越多地采用在关键应用上,让我们对开源软件和服务的未来充满信心。     

基于循环神经网络的缺陷报告分派方法

随着开源软件项目规模的不断增大,人工为缺陷报告分派合适的开发人员（缺陷分派）变得越来越困难.而不合适的缺陷分派往往会严重影响缺陷修复的效率,为此迫切需要一种缺陷分派辅助技术帮助项目管理者更好地完成缺陷分派任务.当前,大部分研究工作都基于缺陷报告文本以及相关元数据信息分析来刻画开发者的特征,忽略了对开发者活跃度的考虑,使得对具有相似特征的开发者进行缺陷报告分派预测时表现较差.本文提出了一个基于循环神经网络的深度学习模型DeepTriage,一方面利用双向循环网络加池化方法提取缺陷报告的文本特征,一方面利用单向循环网络提取特定时刻的开发者活跃度特征,并融合两者,利用已修复的缺陷报告进行监督学习.在Eclipse等四个不同的开源项目数据集上的实验结果表明,DeepTriage较同类工作在缺陷分派预测准确率上有显著提升.     

基于社区软件外包服务过程的质量评价方法

Outsourcing software development to the community developers is a promising model to help reduce software development cost and improve development efficiency. In this paper, we present a method to evaluate the quality of service in the managing such community-based software outsourcing process. In the community-based software outsourcing service, a customer (e.g., a software company) firstly releases the requirement and design specifications of a software system to the community, then the community helps to decompose the whole development tasks into a set of fine-grained tasks (including programming, designing test cases, testing, etc) and allocate them to community developers (programmers, testers, project managers, etc). These service providers work to fulfill the tasks and submit results to the community. In this service, quality is quite important and it is necessary to evaluate the quality of both final submitted software entities and various development activities, to ensure that all the initial requirements have been completely and correctly accomplished. In our quality evaluation method, there are three types of objects whose service quality need to be evaluated, i.e., products, behaviors and people. Specifically speaking, they are the deliverables (codes, testcases, test records) submitted by each service provider, the development process, and various community developers, respectively. For each type of the objects, we designed five dimensions of quality indicators, i.e. time and efficiency, price and cost, quality of service content, resources and conditions, reputation and risk. A set of refined quality indicators is designed for each of the five dimensions. Aiming at each quality indicator, we put forward the corresponding measurement method, i.e., quantitatively calculating the value of each quality indicator based on the original data automatically collected from the community platform and some subjective evaluation opinions from customers. Then, traditional AHP method is adopted to calculate the total quality of each service object (products, behavior and people) by accumulating all the quality indicators together. A prototype is developed to support above evaluation process and exhibit the results of quality evaluation. Results of the quality evaluation will help to: (1) monitor the execution of community-based software outsourcing service and to obtain up-to-date quality information; (2) find quality deficiencies timely and take remedial measures against them; (3) guide better selection of community developers ased on their historical quality records.     

Open source software and the algorithm visualization community

Algorithm visualizations are widely viewed as having the potential for major impact on computer science education, but their quality is highly variable. We report on the software development practices used by creators of algorithm visualizations, based on data that can be inferred from a catalog of over 600 algorithm visualizations. Since nearly all are free for use and many provide source code, they might be construed as being open source software. Yet many AV developers do not appear to have used open source best practices. We discuss how such development practices might be employed by the algorithm visualization community, and how they might lead to improved algorithm visualizations in the future. We conclude with a discussion of OpenDSA, an open-source project that builds on earlier progress in the field of algorithm visualization and hopes to use open-source procedures to gain users and contributors.     

Taupe: Visualizing and analyzing eye-tracking data

Program comprehension is an essential part of any maintenance activity. It allows developers to build mental models of the program before undertaking any change. It has been studied by the research community for many years with the aim to devise models and tools to understand and ease this activity. Recently, researchers have introduced the use of eye-tracking devices to gather and analyze data about the developers’ cognitive processes during program comprehension. However, eye-tracking devices are not completely reliable and, thus, recorded data sometimes must be processed, filtered, or corrected. Moreover, the analysis software tools packaged with eye-tracking devices are not open-source and do not always provide extension points to seamlessly integrate new sophisticated analyses. Consequently, we develop the Taupe software system to help researchers visualize, analyze, and edit the data recorded by eye-tracking devices. The two main objectives of Taupe are compatibility and extensibility so that researchers can easily: (1) apply the system on any eye-tracking data and (2) extend the system with their own analyses. To meet our objectives, we base the development of Taupe: (1) on well-known good practices, such as design patterns and a plug-in architecture using reflection, (2) on a thorough documentation, validation, and verification process, and (3) on lessons learned from existing analysis software systems. This paper describes the context of development of Taupe, the architectural and design choices made during its development, and its documentation, validation and verification process. It also illustrates the application of Taupe in three experiments on the use of design patterns by developers during program comprehension.     

Web service API recommendation for automated mashup creation using multi-objective evolutionary search

Modern software development builds on external Web services reuse as a promising way that allows developers delivering feature-rich software by composing existing Web service Application Programming Interfaces, known as APIs. With the overwhelming number of Web services that are available on the Internet, finding the appropriate Web services for automatic service composition, i.e., mashup creation, has become a time-consuming, difficult, and error-prone task for software designers and developers when done manually. To help developers, a number of approaches and techniques have been proposed to automatically recommend Web services. However, they mostly focus on recommending individual services. Nevertheless, in practice, service APIs are intended to be used together forming a social network between different APIs, thus should be recommended collectively. In this paper, we introduce a novel automated approach, called SerFinder, to recommend service sets for automatic mashup creation. We formulate the service set recommendation as a multi-objective combinatorial problem and use the non-dominated sorting genetic algorithm (NSGA-II) as a search method to extract an optimal set of services to create a given mashup. We aim at guiding the search process towards generating the adequate compromise among three objectives to be optimized (i) maximize services historical co-usage, (ii) maximize services functional matching with the mashup requirements, and (iii) maximize services functional diversity. We perform a large-scale empirical experiment to evaluate SerFinder on a benchmark of real-world mashups and services. The obtained results demonstrate the effectiveness of SerFinder in comparison with recent existing approaches for mashup creation and services recommendation. The statistical analysis results provide an empirical evidence that SerFinder, significantly outperforms four state-of-the-art widely-used multi-objective search-based algorithms as well as random search.     

无服务器计算技术研究综述

随着云计算的发展以及传统行业的转型，不断提高的技术要求与日益旺盛的市场需求使传统的应用软件开发模式面临挑战。同时，人们正在探索新一代的更经济、更有潜力的云服务模式。无服务器计算依托容器技术，提供了高并发、高兼容的特性，为开发者隐藏了底层服务器的细节，同时采取了更经济的按调用次数或时间计费的服务运营模式，引起了广泛的关注。首先，介绍无服务器计算的概念，并介绍其系统架构与技术特性。然后，介绍无服务器计算在科研、开源社区与工业届的研究现状。随后，列举无服务器计算在众多应用领域的实施案例。最后，阐述无服务器计算技术当前面临的挑战。     

Virtual communities as a resource for the development of OSS projects: the case of Linux ports to embedded processors

Open source software (OSS) projects represent a new paradigm of software creation and development based on hundreds or even thousands of developers and users organised in the form of a virtual community. The success of an OSS project is closely linked to the successful organisation and development of the virtual community of support. The main objective of this article is to analyse the activity of virtual communities. Social network analysis is employed to analyse Linux ports to embedded processors as a case study to achieve this aim. The obtained results confirm the necessity of structuring the virtual community with a selection of active developers and core members to promote community activity and attract peripheral users, expanding the impact of the underlying software. The obtained result will be useful for the software industry migrating to the open source software paradigm.     

基于策略的可控服务发现与动态路由模型

如何改进现有服务发现模型使之适应动态可变的服务运行环境并选择最符合用户需求的Web服务正在引起研究领域关注.提出了一种基于策略的可控服务发现与动态路由模型(P-WSDRM).该模型支持抽象服务、服务实例和服务发现者的属性定义,支持携带属性描述信息的服务发布与发现,引入了策略判定机制,支持服务发现者基于已定义的策略进行服务发现和实例路由.目前已经于Linux平台和目录服务实现了该模型的一个原型系统.     

属性群签名的可信服务选择方案

面向服务计算(service-oriented computing,SOC)的一个基本内容就是选择和组合服务以直接支持指定用户的需求或提供附加服务,这些需求往往是细粒度的.现有的服务选择方法要么没有考虑要么是从粗粒度上考虑服务间的信任关系.我们提出一个新的可信服务选择方法:基于属性群签名的可信服务选择方案(TSS-ABGS).该方案将功能属性相同的可选服务组成一个属性群,当请求者向该群发出包含属性集的选择请求时,满足属性集要求的群成员返回一个签名,请求者通过群管理员开放签名者并与之建立可信关系而达到可信服务选择的目的.该方法具有可跟踪性和防共谋.     

Cloud service selection using cloud service brokers: approaches and challenges

Cloud computing users are faced with a wide variety of services to choose from. Consequently, a number of cloud service brokers (CSBs) have emerged to help users in their service selection process. This paper reviews the recent approaches that have been introduced and used for cloud service brokerage and discusses their challenges accordingly. We propose a set of attributes for a CSB to be considered effective. DifFerent CSBs' approaches are classified as either single service or multiple service models. The CSBs are then assessed, analyzed, and compared with respect to the proposed set of attributes. Based on our studies, CSBs with multiple service models that support more of the proposed effective CSB attributes have wider application in cloud computing environments.     

On the usefulness of ownership metrics in open-source software projects

ContextCode ownership metrics were recently defined in order to distinguish major and minor contributors of a software module, and to assess whether the ownership of such a module is strong or shared between developers.ObjectiveThe relationship between these metrics and software quality was initially validated on proprietary software projects. Our objective in this paper is to evaluate such relationship in open-source software projects, and to compare these metrics to other code and process metrics.MethodOn a newly crafted dataset of seven open-source software projects, we perform, using inferential statistics, an analysis of code ownership metrics and their relationship with software quality.ResultsWe confirm the existence of a relationship between code ownership and software quality, but the relative importance of ownership metrics in multiple linear regression models is low compared to metrics such as the number of lines of code, the number of modifications performed over the last release, or the number of developers of a module.ConclusionAlthough we do find a relationship between code ownership and software quality, the added value of ownership metrics compared to other metrics is still to be proven.