- 1 -
中国科技论文在线
Research on Component Trustiness Based on Entropy
ZHANG Wenbo, TIAN Yafei, XIE Huanqing, WANG Guanghui1
(School of Information Science and Engineering,Lanzhou University,Lanzhou Gansu
730000,China)
Brief author introduction:张文博(1980 年-),男,研究生,主要研究方向 通信与信息系统
Abstract: High trustiness components are of great value, because the reuse of them can sharply
enhance the software productivity and quality. How to measure and ensure the component trustiness
becomes more important in the procedures of software development and software testing. The thesis
proposes the using of entropy to measure the component trustiness and exemplifying the specific
application steps by data processing components. For other types of software provides a theoretical
basis for the credibility of the amount and method of reference.
Key words: entropy;components;trusted computing;metrics
0 Introduction
Component technology is an important way for software reuse and aims to improve software
productivity and quality of software production. But the sharing and reusing of components are
based on how much the users believe that the components they use can performance as they
expect[1]. There is no mature measure on component trustiness until now, for the component is
various itself (including common basic components, domain components, specific application
components etc.), and get itself involved in a wide range of business services. Therefore, it is
necessary that we should find a good measure on component trustiness in a special field.
Searching on component trustiness in the “software production line for data handling”, the
sixth theme in the field of “high assurance software tools and integrated manufacturing
environment” which is one project of National 863 Program aims to ensure software trustiness
from software procedure management and the analysis and illustration on component trustiness,
two aspects. According to international standard ISO9000-4/IEC300-1, high reliable components
and the development procedure of software production line are studied in the paper, and the
measure and standard, combined with the characteristics of the data handling area, on the software
trustiness in a special field are formed. Due the author’s participation in the project, the author
proposes the method that using entropy to test the software trustiness, which has been used in
practice and performed very well.
1 The Definition of Component Trustiness
Software component, separated from specific programming language and application system ,
is reusable and self-including. Reliable component is first presented as object oriented technology
in IEEE document[2]. The trustiness of software is similar with that of component, because
software is composed by component.
The concept of software trustiness is originated from Trusted Computing. TCG states “the
system is reliable if the action and result is expectable and controllable.” [3] The trusted computing
that the fault-tolerant server specialists initiate that the service computers offer can be proved as
credible and in turn the credible also can be proved [4]. “Trustiness is dependable, usable and safe”
said Zhang Huanguo and others from Wuhan University [5]. Therefore, trustiness has no a general
- 2 -
中国科技论文在线
definition, and we have to choose the key characteristics of trustiness, combining with a special
area features.
2 The Measurement Framework and Principles of Component
Trustiness
As software is intangible, it is defined from three aspects: feature attributes factors which
degrade and damage the function of software and the method used to prove its function[]. We
can see the definition from the following table:
The three aspects of trustiness
For the feature of data handling component, we put more emphasis on reliability and
availability which are measured by the credible data as the leading indicator of component
trustiness.
Credible data which must be recorded in the component developing procedure includes
process evidence and test evidence (the evidence framework is as ). The former is recorded
during development process while the later in the testing environment. Only when both of them
reach the trustiness requirement, the component trustiness is guaranteed and this component could
be submitted as a kind of resource and be used in practice.
1:Requirement Analysis 2:Requirement Review 3:Component Design
4:Design Review 5:Component Coding 6:Component Testing 7:Trustiness Assess
- 3 -
中国科技论文在线
Software development process
In the development process, there are five important procedures which require credible
evidence to be offered. They are needs analysis, needs assessment, component design, design
assessment, component coding. The following key data should be included in every procedure:
Requirements: aptitude process capability, planned workload, actual workload, planned progress,
actual progress, staff capability, needs change, needs assessment conclusion, defect density
assessment, defect removal efficiency.
Design: planned workload, actual workload, planned progress, actual progress, staff
capability, design change, design assessment conclusion, defect density assessment, defect
removal efficiency.
Coding: planned workload, actual workload, planned progress, actual progress, coding staff
capability, needs change, unit testing intensity, code size, and code maintainability.
Testing: planned workload, actual workload, planned progress, actual progress, testing staff
capability, testing tool support, testing defect trend.
Process audit: The trend of unqualified process.
The following key data should be included in testing procedure:
Testing needs: testing principle, testing requirement.
Testing plan: testing process, testing method, testing tool, testing environment.
Testing process record: functional test, performance test, security test, and reliability test.
Testing conclusion: testing type, testing full-degree illustration, the residual defect list.
In the application, we use “debug management” software for processing evidence record and
component testing tool for testing evidence record, strictly following the credible framework
template.
How do the evaluators to assess the component trustiness in every procedure with the above
evidences? Software development is an evolutionary process, and every step is to work out the
purpose of the last one. For inevitable deviation, we can use probability to show how much the
deviation is. For example, to what extent do the needs analyst and the guest have an efficient
communication and remove ambiguities, and to what extent the needs description meets the guest’
aim; whether the needs description is fully understood by the system analyst and the design plan
meets with the former; Whether the programmers can figure out the design plan and have the
ability to make the plan come true. In the component development process, the result of every step
is to reflect the aim of its last one, so we can only test the deviation from the former to the later.
- 4 -
中国科技论文在线
The test only can be done afterwards and a little one-sided., because competent trustiness is built
in developing procedures. Therefore, testing component trustiness, we emphasis on process
evidence. If the process evidence of software is marked down, and the testing result is good,
according to the different weights of them, the general trustiness of this software still is low.
3 Quantitative Indicators of Reliability
Every system consists of a few elements which have some uncertainties themselves, so
system uncertainty is the weighted average of elements uncertainty.
The concept of entropy is originated from Shannon's information theory[8], and used to
characterize the randomness or uncertainty of the whole system. Using a formula expressed as:
Entropy =∑pi log pi (1)
The value of entropy presents the average amount of information of uncertainty. Searching
on the nature of trust, we find it is very proper to use entropy as the trustiness testing standard.
According to the definition of trust, a system is credible, if its performance and result always
are expectable and controllable. Trust level is the coincidence degree between function of the
object and expectancy of the subject. Components, even the whole computer system is like a
function, and an ascertained input must produce an ascertained output, so the coincidence degree
between the function and the expectancy can be transformed as the understanding level on
operation system. Just as I trust you, which means I understand you fully.
It is the extent that I understand you decides how much I will trust you. For the same way, to
what extent does the subject understand the object, decides the subject’s trust on the object. The
more the subject knows about the object, the more the former trust the later. if program proof
theory can be used to analysis the software program source code and prove it accurate, the
trustiness is “1”, that is to say the software is understood and trusted completely. If the inner
structure and developing detail of software are not given, and the result of black box testing is
different with what the software boasted, the trustiness is “0” which means the software is
understood very little and its performance is unpredictable and uncontrollable. According to
analysis on scores that process evidence and testing evidence get, trustiness of other type software
should be between them.
Now we investigate the condition to which the user know about the component development
and testing process, and use probability to show the level of uncertainty.
The weighted average of all the probabilities is the whole component entropy. Entropy and
trustiness present negative correlation. The bigger component entropy is, the lower trustiness is.
We can classify trustiness according to component entropy.
4 Measure Method and Classification of Component Trustiness
The component, involving the topic of data processing, should have a strong process during
data processing, and its realized function point is very clear and definite. So, the key function
point should be teased out (that is to make sure the granularity of function point as needed), while
testing component trustiness. Then the tree diagram should be drawn as , according to every
step’s trustiness assessment in Ⅱ.
The “pi” stands for trustiness assessment of every step, and is calculated by formula 1.
Because all the trustiness value follows the same formula, it is possible to reveal the differences of
component trustiness and classify them.
- 5 -
中国科技论文在线
The calculating tree of trustiness
5 Operation Examples of Measure Method
A component which will be used to get the exchange rate in finance, is needed be developed
as the guest requests. Followed the steps below, the trustiness of this procedure for its last one is
analyzed with the trust evidence and developing record.
Customer needs description needs analysis document design
document code implementation tseting result
Phase Ⅰ: Customer demand is the origination of component, and even tiny deviation
between them could be magnified in the following phases. So it is very important to make sure the
customer needs description as clear and definite as possible, and the customer should be asked to
provide a customer needs description in writing, which can be used as a part of trust evidence.
Then experts will figure out the value of p1 on the basis of this customer needs description and
needs analysis document.
In this case, the customer needs description is that the function of this component is to a
model which can acquire exchange rate through data analysis. After communicating with the
customer, the developer can write down the needs analysis as this component can get the dollar
exchange rate against the currencies of several key nations(about 21 kinds of currencies),which
should be determined by the customer, then ask for client confirmation.
Phase Ⅱ: Component design (dollar exchange rate against RMB)
Component interfaces design: The transfer of components is mainly the XML-based data
exchange in the stage of data processing software for production line, so the input parameters and
output parameters provided by component not only support the common JAVA type parameters
but also provide the XML Support. Component method is showed as follow:
1 /**
* Get the exchange rate of RMB to US dollar on an appointed day
* @param an appointed day (format:YYYY-MM-DD)
* @return
*/
public String getExchangeRate (String date) throws Exception;
2 /**
* Get the exchange rate of RMB to US dollar on an appointed period
* @param fDate starting date(format:YYYY-MM-DD)
- 6 -
中国科技论文在线
* @param data finished (format:YYYY-MM-DD)
* @return exchange rate
*/
public String[] getExchangeRate(String fDate, String tDate) throws Exception;
1 /**
* require specified date,dollar exchange rate against RMB
* @param date appointed date (format:YYYY-MM-DD)
* @return exchange rate
*/
public String getExchangeRate (String date) throws Exception;
2 /**
* require specified period,dollar exchange rate against RMB
* @param fDate start date (format:YYYY-MM-DD)
* @param tDate end date (format:YYYY-MM-DD)
* @return exchange rate
*/
public String [] getExchangeRate(String fDate, String tDate) throws Exception;
Component interfaces description: there are mainly two parts: component-function
description and component-interfaces-transfer description (as and show) the former,
including the type, classification, function description, restriction, and trustiness description
(testing method)is used to search and review this component; while the later, introducing how
components are transferred and mainly involving class name, method name, input parameters
and output parameters, and others, is applied to components automatic assembly.
The function description of component
- 7 -
中国科技论文在线
The interface description of component
Class design: China: get dollar exchange rate against RMB
Based interface definition methods:
String getExchangeRate (String date) throws Exception;
String [] getExchangeRate (String fDate, String tDate) throws Exception;
String getExchangeRateFromXml (String xmlContent) throws Exception
Phase Ⅲ code implementation (partly)
serviceLocator = new FXWSServiceLocator();
dateFormat = new SimpleDateFormat(dateFormatString);
serviceLocationURL = new URL(serviceLocation);
Date _date = (date);
Calendar calStartDate = ();
Calendar calEndDate = ();
(_date);
(_date);
FXWS fxws = (serviceLocationURL);
String exchangeRate = (currency, calStartDate, calEndDate);
DocumentBuilder db=().newDocumentBuilder();
Document doc = (new ByteArrayInputStream(
("utf-8")));
Element root = ();
NodeList integerList = ("frbny:DataSet");
Element series = (Element) (0);
NodeList obsList = ("frbny:Obs");
for (int i = 0; i < (); i ++) {
Element obs = (Element)(i);
return
- 8 -
中国科技论文在线
("frbny:OBS_VALUE").item(0).getTextContent();
}
return null;
Phase Ⅳ Testing:
Functional test: prove the accurateness of code by test case
Functional description: test result: PASS
Functional description
tester approvers time 2009-6-4
test phase functional test
test case ChinaImpl>
loading
instruction
().getName()
expected
output
".
"
test result PASS
Fault
description
Severe error( ) some error( ) general error( ) advise ( )
Functional
description
modified
condition
description
easers : time:
Performance test:
Use Unit-level performance testing tool (e. g. NTime), do performance test with test case
Use code efficiency of testing tools (e. g. AQTime) to calculate the code execution time;
Large amounts of data test: when software is handling large amounts of data or the
performance after loading large anounts of data, the test method is to use various means to
simulate the amount of data generated business and take the necessary operation.
Analog high-volume data tool: DataFactory
Execution time analysis
Choose Execution Time Analysis and perform Profile, in the view of Profiling, JUnit tab will
show the functional test result, while the Execution Statistics tab execution time analysis result of
every formula or method. As below ():
The analysis of executing time
- 9 -
中国科技论文在线
With the analysis result, this component performance can be assessed, and the component
performance bottleneck can be found and then optimized.
Memory Analysis
Choose Memory Analysis and execute Profile, in the view of Profiling, Object Allocations
tab shows the analysis results of memory distribution. As below ()
The analysis of memory allocation
Safety test (ignoring results)
Create test case to check security vulnerabilities, such as SQL injection, a buffer overflow
attack so.
Analyze code with code scanning tools and avoid security loopholes.
Other tests: use test tools (ignoring results)
Memory leak: is it necessary to check if java has some memory leak?
Deadlock detection: JLint, Bandera
Code style defects, common style defects detect: Findbugs,Checkstyle,PMD
With the specified evidence and documents of every step, appraisal experts can calculate the
value of Pi and then follow the above methods and steps and get the entropy as the value of
component trustiness.
Notice: the entropy only can provide the relative value of trustiness. For example, the value
of some components trustiness is 5, and other one is 7, then the former is more reliable than the
later. The value of component trustiness has no actual meaning. So we should strictly follow the
unified standards and tools to record and test all the evidence and then classify them.
6 Conclusions
Based on the essence of component trustiness, the study finds out its indicator, entropy, and
states clearly the methods used to calculate the entropy. Even though this method is explored in
the field of data processing for software production line, it also can be applied to measure the
trustiness in other fields on software. If some kinds of software require high performance, it is
useful to analyze factors which affect the performance and assess their uncertainty. The entropy of
the software performance is evaluated by the weighted average of all the uncertainty and
performance of the software is measurable.
- 10 -
中国科技论文在线
Reference
[1]Xie Bing,Wang Yasha, Li Ge,et al. Asset and Process Management for Software Reuse[M]. Beijing:Tsinghua
University ,2008.
[2] ,. Component-based Software Engineering and the Issue of Trust[J]. Proceedings of
the 22nd International Conference on Software Engineering. Limerick, Ireland, June, 2000:p661-664.
[3] Trusted Computing Group. TCG Specification Archi2 textures Overview[S].
[4]Avizienis A,Laprie J C,Randell B,et al. Basic Concepts and Taxonomy of Dependable and Secure Computing
[J]. IEEE Transaction on Dependable and Secure Computing, 2004, 1 (1):p11-33.
[5] Zhang Huanguo,Luo of Trusted Computing Research[J].Journal of Wuhan University
(Natural Science Edition) Vol. 52 No. 5 Oct. 2006:p513-518.
[6]A Avizienis,J Laprie,B Concepts of Dependability[R].LAAS-CNRS,N01145,.
[7]Loana Rus,Seija Komi Sirvio, . High Dependability Computing Program Software Dependability
Properties[J]:A Survey of Definitions,Measures and Center,University of
Maryland,2003(5):p42-56.
[8] , A mathematical theory of communication [J],Bell . vol. 27, July, 1948: p379-423.
基于信息熵的构件可性度研究
张文博,田亚菲,解欢庆,王光辉
(兰州大学 信息科学与工程学院 甘肃兰州 730000)
摘要:高可信构件组成的资源库是宝贵的财富,构件的复用会大幅度提高软件生产的效率和
质量。如何在软件开发和测试过程中保障和度量构件的可信性显得尤为重要。本文提出了利
用信息熵度量构件可信性的方法并以数据处理构件为例阐述了该方法的具体运用步骤,为其
它类型软件的可信度量提供了理论依据和方法参考。
关键词: 信息熵;构件;可信计算;度量
中图分类号:TP31
