Interventions for long-term software security: Creating a lightweight program of assurance techniques for developers

Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build: systems that are ever more important to ever more people. We propose that a series of lightweight interventions, six hours of facilitated workshops delivered over three months, can improve a team's motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved. The interventions were developed after an Appreciative Inquiry and Grounded Theory survey of security professionals to find out what approaches work best. We tested the interventions in a participatory action research field study where we delivered the workshops to three software development organizations and evaluated their effectiveness through interviews beforehand, immediately afterwards, and after twelve months. We found that the interventions can be effective with teams with limited or no security experience and that improvement is long-lasting. This approach and the learning points arising from the work here have the potential to be applied in many development teams, improving the security of software worldwide.     

能源互联网内多类设备协同运行的能量管理系统软件设计

针对能源互联网中的海量分布式设备和电动汽车的需求，利用C#和Java编程语言设计并开发面向能源互联网的能量管理系统。该系统采用典型B/S 架构，以Asp.Net动态网页开发技术和数据库技术为核心，由云端后台算法、云端服务器的MySQL数据库、前端的网页三大部分构成。详细介绍了软件平台的系统框架，分为上下两层。其中，上层为日前-实时协同的多时间尺度能量管理系统模块，下层包含分布式设备协调控制子系统和电动汽车协调控制子系统。最后，通过仿真算例分析，能量管理系统能对海量的分布式设备和电动汽车进行优化调度，验证了该软件的可移植性、有效性和实用性。     

基于RSI的工业机器人开放式控制系统设计

为提高工业机器人的柔性化及智能化水平,同时满足数据的实时共享、监控,使控制系统具有可扩展性与可移植性,设计了一种基于x86平台和RSI的工业机器人开放式控制系统。引入RSI后可载入应用程序包,实现PC工控机与KUKA机器人系统的实时性数据交换。运用模块化设计思路,针对硬件系统,制定软件系统平台的各功能模块,配合Windows操作系统的数据处理能力,在保证工业机器人实时性的前提下,实现了功能的扩展性和增减性。该系统在KUKA工业机器人力反馈实验平台上进行了可行性验证,试验表明,此开放式控制系统的实时响应性良好,满足预期控制要求。     

基于ISIGHT的安全气囊盖板结构优化设计方法研究

选取某款弱化沟槽呈“H”形的聚碳酸酯/丙烯腈?丁二烯?苯乙烯共聚物(PC/ABS)合金材质安全气囊盖板为研究对象，并构建了其有限元仿真模型，对比有限元力学仿真分析结果与理论计算值验证了该有限元仿真模型的可靠性；通过ISIGHT软件集成Catia和ANSYS，选取安全气囊盖板弱化沟槽的横向长度、深度，纵向长度、深度4个参数作为设计变量，选取弱化沟槽横向最大应力与纵向最大应力作为响应变量，分析了设计变量对响应变量的贡献度分布特征并采用NSGA遗传算法对响应变量多目标优化。结果表明,横向长度、纵向深度对横向最大应力为负贡献度，横向深度、纵向长度为正贡献度；横向深度、纵向长度对纵向最大应力为负贡献度，横向长度、纵向深度为正贡献度；在合理范围内，4个参数值的优化设计，实现了横向最大应力提高和纵向最大应力降低的多目标优化，有效减少了安全气囊盖板爆破时产生的碎屑量，提升了产品的安全性能。     

基于ANSYS FLUENT的超深井长距离膏体充填管道输送模拟研究

为研究超深井长距离膏体充填管道自流输送问题,根据云南某矿山实际充填管路采用Gambit建立三维数值模型,用ANSYS FLUENT软件进行数值模拟计算,以水平管道和弯管为例研究了不同配比、浓度和流量下的管道压力、流速变化规律和管道阻力损失之间的关系。通过井下工业环管的压力监测系统,统计分析矿山井下实际管道压力监测值,井下实际监测结果和采用ANSYS FLUENT软件三维数值模拟研究结果较为接近,表明ANSYS FLUENT软件模拟超深井长距离膏体充填管道输送是可行的,研究结果可为矿山实现超深井、长距离、大倍线条件下膏体充填管道输送提供技术支持。     

A data‐centric framework for debugging highly parallel applications

Contemporary parallel debuggers allow users to control more than one processing thread while supporting the same examination and visualisation operations of that of sequential debuggers. This approach restricts the use of parallel debuggers when it comes to large scale scientific applications run across hundreds of thousands compute cores. First, manually observing the runtime data to detect error becomes impractical because the data is too big. Second, performing expensive but useful debugging operations becomes infeasible as the computational codes become more complex, involving larger data structures, and as the machines become larger. This study explores the idea of a data‐centric debugging approach, which could be used to make parallel debuggers more powerful. It discusses the use of ad hoc debug‐time assertions that allow a user to reason about the state of a parallel computation. These assertions support the verification and validation of program state at runtime as a whole rather than focusing on that of only a single process state. Furthermore, the debugger's performance can be improved by exploiting the underlying parallel platform because the available compute cores can execute parallel debugging functions, while a program is idling at a breakpoint. We demonstrate the system with several case studies and evaluate the performance of the tool on a 20 000 cores Cray XE6. Copyright © 2013 John Wiley & Sons, Ltd.     

新型硫酸法C_4烷基化工艺的模拟

提出了一种新型硫酸法C4烷基化生产工艺,丁烯原料在气相状态下进入反应器,与液相异丁烷、浓硫酸混合后,部分丁烯溶于液相,在液相中进行反应;通过控制反应器的压力,部分液相吸收反应热而汽化,使反应温度基本稳定;经气液分离、酸烃分离及产品分馏后,气相丁烯、异丁烷、浓硫酸分别构成循环。采用Aspen Plus过程模拟软件对新工艺过程进行模拟计算的结果表明,在反应器进口压力0.2 MPa、压降4.5 k Pa的条件下,反应器进出口温度均在7.2℃左右,可通过调节反应器压力实现温度的控制;反应器进口液相中烷烯质量比为145∶1,可减少副反应的发生;与传统硫酸法C4烷基化工艺相比,新工艺耗电量可降低30%。     

An industrial case study on variability handling in large enterprise software systems

ContextEnterprise software systems (e.g., enterprise resource planning software) are often deployed in different contexts (e.g., different organizations or different business units or branches of one organization). However, even though organizations, business units or branches have the same or similar business goals, they may differ in how they achieve these goals. Thus, many enterprise software systems are subject to variability and adapted depending on the context in which they are used.ObjectiveOur goal is to provide a snapshot of variability in large scale enterprise software systems. We aim at understanding the types of variability that occur in large industrial enterprise software systems. Furthermore, we aim at identifying how variability is handled in such systems.MethodWe performed an exploratory case study in two large software organizations, involving two large enterprise software systems. Data were collected through interviews and document analysis. Data were analyzed following a grounded theory approach.ResultsWe identified seven types of variability (e.g., functionality, infrastructure) and eight mechanisms to handle variability (e.g., add-ons, code switches).ConclusionsWe provide generic types for classifying variability in enterprise software systems, and reusable mechanisms for handling such variability. Some variability types and handling mechanisms for enterprise software systems found in the real world extend existing concepts and theories. Others confirm findings from previous research literature on variability in software in general and are therefore not specific to enterprise software systems. Our findings also offer a theoretical foundation for describing variability handling in practice. Future work needs to provide more evaluations of the theoretical foundations, and refine variability handling mechanisms into more detailed practices.     

On the probability distribution of faults in complex software systems

ContextThere are several empirical principles related to the distribution of faults in a software system (e.g. the Pareto principle) widely applied in practice and thoroughly studied in the software engineering research providing evidence in their favor. However, the knowledge of the underlying probability distribution of faults, that would enable a systematic approach and refinement of these principles, is still quite limited.ObjectiveIn this paper we study the probability distribution of faults detected during verification in four consecutive releases of a large-scale complex software system for the telecommunication exchanges. This is the first such study analyzing closed software system, replicating two previous studies for open source software.MethodWe take into consideration the Weibull, lognormal, double Pareto, Pareto, and Yule–Simon probability distributions, and investigate how well these distributions fit our empirical fault data using the non-linear regression.ResultsThe results indicate that the double Pareto distribution is the most likely choice for the underlying probability distribution. This is not consistent with the previous studies on open source software.ConclusionThe study shows that understanding the probability distribution of faults in complex software systems is more complicated than previously thought. Comparison with previous studies shows that the fault distribution strongly depends on the environment, and only further replications would make it possible to build up a general theory for a given context.     

基于多线结构光的弱纹理物体形貌测量方法

大多数现有的主流结构光测量装置在被测物体的表面上投射单条激光,通过移动装置实现物体表面的扫描重建。为了实现物体表面的在线快速重建,将多线结构光和双目立体视觉理论相结合,设计了一种新的三维测量方法。提出了一种结合形态滤波和Zhang-Suen细化算法的光条骨架提取方法和基于光条序列关系的光条匹配算法,并通过极线约束实现光条上特征点的精确匹配。通过实验验证了方法的有效性,相对误差在3%以内。