下载文档原格式
Chapter 1 An Introduction to Software Engineering*What is software?-Computer programs and associated documentation and Data-Two fundamental types of software product: generic products and customized products*What is software engineering?-Software engineering is an engineering discipline which is concerned with all aspects of software production*What is the difference between software engineering and computer science?-Computer science is concerned with theory and fundamentals;-software engineering is concerned with the practicalities of developing and delivering useful software*What is a software process?-A set of activities whose goal is the development or evolution of software-Generic activities in all software processes are:•Specification 、Development 、V alidation 、EvolutionChapter 4 Software Process*Software process-Software processes are the activities involved in producing and evolving a software system.-A structured set of activities required to develop a software system: specification; design and implementation; validation; evolution.-General process activities are specification, design and implementation, validation and evolution.*Software process models-Software process models are abstract representations of these processes.-Generic process models describe the organisation of software processes. Examples include the waterfall model, evolutionary development andcomponent-based software engineering.-waterfall model is only appropriate when the requirements are well-understood and changes-The waterfall model is mostly used for large systems engineering projects where a system is developed at several sites-There are two fundamental types of evolutionary development: exploratory development and throw-away prototyping-Exploratory development should start with well-understood requirements and add new features as proposed by the customer-Throw-away prototyping should start with poorly understood requirements to clarify what is really needed.- Evolutionary development is mostly used for small or medium-size interactive systems and short-lifetime systems*Iterative process models describe the software process as a cycle of activitiesChapter 5 Project management*Primary project management activities:-Proposal writing.-Project planning and scheduling.-Project costing.-Project monitoring and reviews.-Personnel selection and evaluation.-Report writing and presentations.*Project planning-Milestones are the end-point of a process activity.-Deliverables are project results delivered to customers.*Project scheduling-Organize tasks concurrently to make optimal use of workforce.-Minimize task dependencies to avoid delays caused by one task waiting for another to complete.-Graphical notations used to illustrate the project schedule: bar charts and activity networks-Activity charts show task dependencies and the critical path.-Bar charts show schedule against calendar time.Task durations and dependenciesActivity networkActivity bar chart (Gantt chart)Staff allocation vs. time chart chart*Risk management-Three related categories of risk: project risks, product risks, business risks -Project risks affect schedule or resources;-Product risks affect the quality or performance of the software beingdeveloped;-Business risks affect the organisation developing or procuring the software -The process of risk management involves several stages: Risk identification, Risk analysis, Risk planning, Risk monitoring.-Risk identification: Identify project, product and business risks;-Risk analysis: Assess the likelihood and consequences of these risks;-Risk planning: Draw up plans to avoid or minimise the effects of the risk;-Risk monitoring: Monitor the risks throughout the project;The risk management processChapter 6 Software Requirements*Types of requirement:-Functional and non-functional requirements-User requirements and system requirements*Functional and non-functional requirements-Functional requirements•Statements of services the system should provide, how the system should react to particular inputs and how the system should behave inparticular situations.-Non-functional requirements•Constraints on the services or functions offered by the system such as timing constraints, constraints on the development process, standards,etc.-The types of non-functional requirement are: product requirements,organisational requirements, external requirements.-Functional requirements set out services the system should provide.-Non-functional requirements constrain the system being developed or thedevelopment process.*In principle, requirements should be both complete and consistent.-Complete•They should include descriptions of all facilities required.-Consistent•There should be no conflicts or contradictions in the descriptions of the system facilities.Chapter 7 Requirements Engineering Processes*The requirements engineering process includes- Feasibility study, requirements elicitation and analysis, requirements specification and requirements management.Chapter 8 System Model*Different models present the system from different perspectives•External perspective showing the system’s context or environment;•Behavioural perspective showing the behaviour of the system;•Structural perspective showing the system or data architecture.*Two types of behavioural model are:•Data flow models that show how data is processed as it moves through the system;•State machine models that show the systems response to events.Chapter 11 Architectural Design*Architecture and system characteristics-performance•Localise critical operations and minimise communications. Use large rather than fine-grain components.-security•Use a layered architecture with critical assets in the inner layers.-safety•Localise safety-critical features in a small number of sub-systems.-Availability•Include redundant components and mechanisms for fault tolerance.-Maintainability•Use fine-grain, replaceable components, avoid data shareChapter 12 Distributed Systems Architectures*Distributed systems architectures-Client-server architectures•Distributed services which are called on by clients. Servers that provide services are treated differently from clients that use services.-Distributed object architectures•No distinction between clients and servers. Any object on the system may provide and use services from other objects.*Middleware is usually off-the-shelf rather than specially written software.*Layered application architecture-Presentation layer•Concerned with presenting the results of a computation to system users and with collecting user inputs.-Application processing layer•Concerned with providing application specific functionality e.g., in a banking system, banking functions such as open account, close account,etc.-Data management layer•Concerned with managing the system databases.*Thin and fat clients-Thin-client model•In a thin-client model, all of the application processing and data management is carried out on the server. The client is simplyresponsible for running the presentation software.-Fat-client model•In this model, the server is only responsible for data management. The software on the client implements the application logic and theinteractions with the system user.* Three-tier architecturesA 3-tier C/S architecture*P2P architectural models-Peer to peer architectures are decentralised architectures where there is no distinction between clients and servers.-The logical network architecture• Decentralised architectures; • Semi-centralised architectures.Decentralised p2p architectureSemi-centralised p2p architectureChapter 13 Application architectures*Important classes of application are data processing systems, transaction processing systems, event processing systems and language processing system.*Data processing systems operate in batch mode and have an input-process-output structure.Chapter 14 Object-oriented Design*Objects and object classes-Objects are entities in a software system which represent instances of real-world and system entities.-Objects are members of classes that define attribute types and operations.-Object classes are templates for objects. They may be used to create objects.-Object classes may inherit attributes and services from other object classes.*Use-case models are used to represent each interaction with the system.Chapter 16 User interface design*Human factors in interface design-Limited short-term memory•People can instantaneously remember about 7 items of information. If you present more than this, they are more liable to make mistakes.-People make mistakes•When people make mistakes and systems go wrong, inappropriate alarms and messages can increase stress and hence the likelihood ofmore mistakes.-People are different•People have a wide range of physical capabilities. Designers should not just design for their own capabilities.-People have different interaction preferences•Some like pictures, some like text.*User interface design principles*MVC approaches (Information presentation,pp.370)Figure: the MVC model of user interaction* How to design UI (Information presentation, pp. 375)Figure **.1 An input text box used by a nurseFigure **.2 system and user-oriented error messages*The UI design process-The 3 core activities in this process are:• User analysis. Understand what the users will do with the system;• System prototyping. Develop a series of prototypes for experiment;• Interface evaluation. Experiment with these prototypes with users.*Some evaluation of a user interface design should be carried out to assess its suitability.Attribute DescriptionLearnability How long does it take a new user to become producthe system?Speed of operation How well does the system response match the usepractice?Robustness How tolerant is the system of user error?Recoverability How good is the system at recovering from user erroAdaptability How closely is the system tied to a single model of w。
《计算机英语(第2版)》参考答案注:这里仅给出《计算机英语(第2版)》新增或变化课文的答案,其他未改动课文答案参见《计算机英语(第1版)》原来的答案。
Unit OneSection CPDA Prizefight: Palm vs. Pocket PCI. Fill in the blanks with the information given in the text:1. With DataViz’s Documents To Go, you can view and edit desktop documents on your PDA without converting them first to a PDA-specific ________. (format)2. Both Palm OS and Windows Mobile PDAs can offer e-mail via ________ so that new messages received on your desktop system are transferred to the PDA for on-the-go reading. (synchronization)3. The Windows Mobile keyboard, Block Recognizer, and Letter Recognizer are all ________ input areas, meaning they appear and disappear as needed. (virtual)4. Generally speaking, Windows Mobile performs better in entering information and playing ________ files while Palm OS offers easier operation, more ________ programs, better desktop compatibility, and a stronger e-mail application. (multimedia; third-party)II. Translate the following terms or phrases from English into Chinese and vice versa:1. data field数据字段2. learning curve学习曲线3. third-party solution第三方解决方案4. Windows Media Player Windows媒体播放器5. 开始按钮Start button6. 指定输入区designated input area7. 手写体识别系统handwriting-recognition system8. 字符集character setUnit ThreeSection BLonghorn:The Next Version of WindowsI. Fill in the blanks with the information given in the text:1. NGSCB, the new security architecture Microsoft is developing for Longhorn, splits the OS into two parts: a standard mode and a(n) ________ mode. (secure)2. It is reported that Longhorn will provide different levels of operation that disable the more intensive Aero effects to boost ________ on less capable PCs. (performance)3. With Longhorn’s new graphics and presentation engine, we can create and display Tiles on the desktop, which remind us of the old Active Desktop but are based on ________ instead of ________. (XML; HTML)4. The most talked-about feature in Longhorn so far is its new storage system, WinFS, whichworks like a(n) ________ database. (relational)II. Translate the following terms or phrases from English into Chinese and vice versa:1. search box搜索框2. built-in firewall内置防火墙3. standalone application独立应用程序4. active desktop 活动桌面5. mobile device移动设备6. 专有软件proprietary software7. 快速加载键quick-launch key8. 图形加速器graphics accelerator9. 虚拟文件夹virtual folder10. 三维界面three-dimensional interfaceUnit FourSection CArraysI. Fill in the blanks with the information given in the text:1. Given the array called object with 20 elements, if you see the term object10, you know the array is in ________ form; if you see the term object[10], you know the array is in ________ form. (subscript; index)2. In most programming languages, an array is a static data structure. When you define an array, the size is ________. (fixed)3. A(n) ________ is a pictorial representation of a frequency array. (histogram)4. An array that consists of just rows and columns is probably a(n) ________ array. (two-dimensional)II. Translate the following terms or phrases from English into Chinese and vice versa:1. bar chart条形图2. frequency array频率数组3. graphical representation图形表示4. multidimensional array多维数组5. 用户视图user(’s) view6. 下标形式subscript form7. 一维数组one-dimensional array8. 编程结构programming constructUnit FiveSection BMicrosoft .NET vs. J2EEI. Fill in the blanks with the information given in the text:1. One of the differences between C# and Java is that Java runs on any platform with a Java Virtual ________ while C# only runs in Windows for the foreseeable future. (Machine)2. With .NET, Microsoft is opening up a channel both to ________ in other programming languages and to ________. (developers; components)3. J2EE is a single-language platform; calls from/to objects in other languages are possiblethrough ________, but this kind of support is not a ubiquitous part of the platform. (CORBA)4. One important element of the .NET platform is a common language ________, which runs bytecodes in an Internal Language format. (runtime)II. Translate the following terms or phrases from English into Chinese and vice versa:1. messaging model消息收发模型2. common language runtime通用语言运行时刻(环境)3. hierarchical namespace分等级层次的名称空间4. development community开发社区5. CORBA公用对象请求代理(程序)体系结构6. 基本组件base component7. 元数据标记metadata tag8. 虚拟机virtual machine9. 集成开发环境IDE(integrated development environment)10. 简单对象访问协议SOAP(Simple Object Access Protocol)Unit SixSection ASoftware Life CycleI. Fill in the blanks with the information given in the text:1. The development process in the software life cycle involves four phases: analysis, design, implementation, and ________. (testing)2. In the system development process, the system analyst defines the user, needs, requirements and methods in the ________ phase. (analysis)3. In the system development process, the code is written in the ________ phase. (implementation)4. In the system development process, modularity is a very well-established principle used in the ________ phase. (design)5. The most commonly used tool in the design phase is the ________. (structure chart)6. In the system development process, ________ and pseudocode are tools used by programmers in the implementation phase. (flowcharts)7. Pseudocode is part English and part program ________. (logic)8. While black box testing is done by the system test engineer and the ________, white box testing is done by the ________. (user; programmer)II. Translate the following terms or phrases from English into Chinese and vice versa:1. standard graphical symbol标准图形符号2. logical flow of data标准图形符号3. test case测试用例4. program validation程序验证5. white box testing白盒测试6. student registration system学生注册系统7. customized banking package定制的金融软件包8. software life cycle软件生命周期9. user working environment用户工作环境10. implementation phase实现阶段11. 测试数据test data12. 结构图structure chart13. 系统开发阶段system development phase14. 软件工程software engineering15. 系统分析员system(s) analyst16. 测试工程师test engineer17. 系统生命周期system life cycle18. 设计阶段design phase19. 黑盒测试black box testing20. 会计软件包accounting packageIII. Fill in each of the blanks with one of the words given in the following list, making changes if necessary:development; testing; programmer; chart; engineer; attend; interfacessystem; software; small; userdevelop; changes; quality; board; UncontrolledIV. Translate the following passage from English into Chinese:软件工程是软件开发的一个领域;在这个领域中,计算机科学家和工程师研究有关的方法与工具,以使高效开发正确、可靠和健壮的计算机程序变得容易。
计算机科学与技术专业英语Computer Science and Technology Major计算机科学与技术专业(jìsuànjī kēxué yǔ jìshù zhuānyè) - Computer Science and Technology Major计算机科学与技术(Computer Science and Technology)是计算机科学与技术学科的核心专业,主要培养学生具有计算机科学与技术专业的基本理论、基本知识和基本技能,能够在计算机科学与技术领域从事应用与开发、设计与实施、管理与服务等工作。
Computer Science and Technology is a core major in the field of computer science and technology. It mainly focuses on cultivating students with basic theories, knowledge, and skills in computer science and technology. Graduates will be able to engage in application development, design and implementation, management, and service in the field of computer science and technology.专业课程(zhuānyè kèchéng) - Major Courses计算机科学与技术专业的课程包括但不限于以下方面:The courses of the Computer Science and Technology major include but are not limited to the following aspects:1.基础课程(basic courses):- 计算机组成原理(Computer Organization and Architecture)- 数据结构与算法(Data Structures and Algorithms)- 操作系统(Operating Systems)- 离散数学(Discrete Mathematics)- 编译原理(Compiler Design)- 计算机网络(Computer Networks)2.核心课程(core courses):- 计算机图形学(Computer Graphics)- 数据库系统(Database Systems)- 人工智能(Artificial Intelligence)- 计算机安全(Computer Security)- 软件工程(Software Engineering)- 分布式系统(Distributed Systems)3.专业选修课程(major elective courses):- 数据挖掘(Data Mining)- 机器学习(Machine Learning)- 物联网技术(Internet of Things)- 云计算(Cloud Computing)- 嵌入式系统(Embedded Systems)就业方向(jiùyè fāngxiàng) - Career Paths计算机科学与技术专业的毕业生在以下领域有广泛的就业机会: Graduates of the Computer Science and Technology major have extensive job opportunities in the following fields:- 软件开发(Software Development)- 网络安全(Network Security)- 数据分析(Data Analysis)- 人工智能与机器学习(Artificial Intelligence and Machine Learning)- 云计算与大数据(Cloud Computing and Big Data)- 嵌入式系统开发(Embedded System Development)- 网站设计与开发(Website Design and Development)- IT管理与咨询(IT Management and Consulting)以上是关于计算机科学与技术专业的简单介绍。
《软件工程(双语)》参考教材:《Software engineering》8th Edition Ian Sommervile,Pearson Education, 机械工业出版社,2006参考书目:1、Software Engineering Theory and Practice(Second Edition影印版), Shari Lawrence Pfleeger,Pearson Education, 20012、《软件工程》第四版张海藩清华大学出版社,20073、软件工程,王忠群主编中国科学技术大学出版社 2009-11-14、Software engineering : a practitioner's approach / Roger S. Pressman. 6th ed. Pressman, Roger S. China Machine Press, 2008说明:斜体部分是可选讲授内容, 带星号的习题为可选。
Chapter 1(1) Introduction●Getting started with software engineering1.1Objectives1.To introduce software engineering and to explain its importance2.To set out the answers to key questions about software engineering3.To introduce ethical and professional issues and to explain why they are of concern tosoftware engineers1.2Topics covered1.FAQs about software engineering2.Professional and ethical responsibility1.3Importance of Software engineering●The economies of ALL developed nations are dependent on software.●More and more systems are software controlled●Expenditure on software represents a significant fraction of GNP (gross National product) inall developed countries.( GNP与GDP的关系是:GNP等于GDP加上本国投在国外的资本和劳务的收入再减去外国投在本国的资本和劳务的收入。
计算机专业课程名称英文翻译(计算机科学与技术(教师教育)专业的课程名称和英文名称)4 中国现代史纲要 Outline of Moderm Chinese History5 大学英语 College English6 大学体育 College PE7 心理学 Psychology8 教育学 Pedagogy9 现代教育技术 Modern Technology10 教师口语 Teachers' Oral Skill11 形势与政策 Current Situation and Policy12 大学生就业与指导 Career Guidance13 学科教学法 Course Teaching Methodology14 生理与心理健康教育 Health and Physiology Education15 环境与可持续发展 Environment and Sustainable Development16 文献检索 Literature Retrieval17 大学体育 College PE18 大学语文 College Chinese19 高等数学 Higher Mathematics20 计算机导论 Introduction to ComputerScience21 程序设计基础 Programming Foundations22 程序设计基础实验 Experimentation of ProgrammingFoundations23 线性代数 Linear Algebra24 大学物理 College Physics25 大学物理实验 Experimentation of CollegePhysics26 电路与电子技术 Circuits and Electronics27 电工与电子技术实验 Experimentation of Circuits andElectronics28 数字逻辑电路 Digital Logic Circuit29 数字逻辑电路 Experimentation of DigitalLogic Circuit30 离散数学 Discrete Mathematics31 数据结构 Data Structures32 数据结构实验 Experimentation of DataStructures33 计算机组成与系统结构 Computer Organization and Architecture34 操作系统 Operating System35 操作系统实验 Experimentation of Operating System36 计算机网络 Computer Network37 计算机网络实验 Experimentation of Computer Network38 面向对象程序设计 Object-Oriented Programming39 面向对象程序设计实验 Experimentation of Object-Oriented Programming40 汇编语言程序设计 Assembly Language41 汇编语言程序设计实验 Experimentation of Assembly Language42 概率与数理统计 Probability and Statistics43 JAVA语言 Java Language45 JAVA语言实验 Experimentation of Java Language46 数据库原理 Databases Principles47 数据库原理实验 Experimentation of Databases Pninciples48 专业英语 Discipline English49 人工智能导论 Introduction to Artificial Intelligence50 算法设计与分析 Design and Analysis Of Algorithms51 微机系统与接口 Microcomputer System and Interface52 编译原理 Compiling Principles53 编译原理实验 Experimentation of Compiling54 数学建模 Mathematics Modeling55 软件工程 Software Engineering计算机专业课程名称英文翻译下(2)(计算机科学与技术(教师教育)专业的课程名称和英文名称)56 软件工程实验 Experimentation of Software Engineering57 嵌入式系统 Embedded System58 嵌入式系统实验 Experimentation of Embedded System59 多媒体技术 Multimedia Technology60 Experimentation of Multimedia Technology61 信息系统分析与设计 Object-Oriented Analysis and Design62 UNIX操作系统分析 UNIX System Analysis63 UNIX/Linux操作系统分析 Experimentation of UNIX/Linux SystemAnalysis64 单片机原理 Principles of Single-ChipComputer65 信息安全与保密概论 Introduction to Security andm Cryptography66 Web应用技术 Applications of Web67 高级数据库应用技术Advanced Application of Database Technology68 组网技术 Technology ofBuildingNetwork69 组网技术实验 Technology of Building Network70 计算机图形学 Computer Graphics71 嵌入式接口技术 Embedded Interface72 嵌入式接口技术实验Experimentation of Embedded Interface73 数字图像处理 Digital Images Processing74 数字图像处理实验 Digital Images Processing75 网络应用软件开发 Network Application Development76 XML原理与应用 XML Principle and Application77 XML原理与应用实验 Experimentation ofXML PrincipleandApplication78 计算机系统维护 Maintenance of Computer System79 计算机系统维护实验 Experimentation of ComputerMaintenance80 网络管理技术 Network Management Technology81 网络管理技术实验 Experimentation of NetworkManagement82 数据仓库与数据挖掘 Data Storage and Data Digging83 项目管理 Project Management84 软件开发实例 Cases of Sotiware Development85 企业资源规划( ERP) Enterprise Resource Planning86 新技术 New Technology87 科研创作指导 Supervision in Science ResearchCreation88 电子商务概论 Introduction of ElectronicBusiness89 计算机辅助教学 Computer Aided Teaching另:计算机导论 Introduction to ComputerScience程序设计基础 Foundations ofProgramming电路与电子技术 Circuits and Electronics数字逻辑电路 Digital Logic Circuit离散数学 Discrete Mathematics数据结构 Data Structures计算机组成与系统结构 Computer Organization and Architecture操作系统 Operating System计算机网络 Computer Network面向对象程序设计 Object-Oriented Progjamming数据库原理 Databases Principles。
介绍软件工程英语作文An Introduction to Software Engineering Objectives To introduce software engineering and to explain its importance To set out the answers to key questions about software engineering To introduce ethical and professional issues and to explain why they are of concern to software engineers T opics covered FAQs about software engineering Professional and ethical responsibility Software engineering The economies of ALL developed nations are dependent on software.More and more systems are software controlled Software engineering is concerned with theories,methods and tools for professional software development.Expenditure on software represents a significant fraction of GNP in all developed countries.Software costs Software costs often dominate computer system costs.The costs of software on a PC are often greater than the hardware cost.Software costs more to maintain than it does to develop.For systems with a long life,maintenance costs may be several times development costs.Software engineering is concerned with cost-effective software development.FAQs about software engineering What is software?What is software engineering?What is the difference between software engineering and computer science?What is the difference between software engineering and system engineering?What is a software process?What is a software process model?FAQs about software engineering What are the costs of software engineering?Whatare software engineering methods?What is CASE(Computer-Aided Software Engineering)What are the attributes of good software?What are the key challenges facing software engineering?What issoftware?Computer programs and associated documentation such as requirements,design models and user manuals.Software products may be developed for a particular customer or may be developed for a general market.Software products may be Generic-developed to be sold to a range of different customers e.g.PC software such as Excel or Word.Bespoke(custom).。
STATISTICAL COMMISSION and COMMISSION OF THE ECONOMIC COMMISSION FOR EUROPE EUROPEAN COMMUNITIES CONFERENCE OF EUROPEAN STATISTICIANS EUROSTATJoint ECE/Eurostat Work Session onStatistical Data Confidentiality Working Paper No. 13 (Thessaloniki, Greece, 8-10 March 1999) English onlyTopic (ii): software and computing developmentsCRYPTOGRAPHIC TECHNIQUES IN STATISTICAL DATA PROTECTIONSubmitted by Universitat Rovira I Virgili, Spain1Contributed paperI.INTRODUCTION1.The production of official statistics can be regarded as a process with three main steps: data collection, data processing and data dissemination. New information technologies have a twofold impact on the above steps:• Excluding security problems, electronic information is clearly much more convenient to collect, process and disseminate than paper-based information.• When security is considered, unprotected electronic information can be searched, copied, counterfeited or deleted by intruders much more easily than unprotected paper-based information.2.The above remarks explain that an increasing amount of research in official statistics is devoted to protecting information, so that the advantages of using new technologies can be enjoyed without jeopardizing statistical confidentiality. In Buzzigoli and Giusti (1998), a distinction is made between two basic concepts for statistical confidentiality:SDC: Statistical Disclosure Control (SDC) techniques can be defined as the set of methods to reduce the risk of disclosing information on individuals, businesses or other organizations. Such methods are only related to the dissemination step and are usually based on restricting the amount of information released (see Willenborg and De Waal (1996) for more detail).SDP: Statistical Data Protection (SDP) is a more general concept which takes into account all three steps of production. SDP is multidisciplinary and draws on computer science (data security), statistics and operations research.3.Cryptography, the science that deals with the design of encryption or cipher systems, can help solving several problems in SDP that are not addressed by SDC. This paper will elaborate on cryptographic solutions for SDP problems. Section II deals with problems related to the data collection 1Prepared by Josep Domingo-Ferrer and Josep M. Mateo-Sanz (Universitat Rovira I Virgili) and Ricardo X. Sánchez del Castillo (University of Barcelona).GE.98-step. Issues connected with the data processing step are addressed in Section III. Section IV has to do with data dissemination. Section V is a conclusion.II.CRYPTOGRAPHY AND DATA COLLECTION4.Traditionally, secure handling of raw respondent data has been dependent on legal non-disclosure agreements signed by the data collectors, who are very often people temporarily hired for a given survey. The fact that raw respondent data can actually be seen by the data collector (or even worse by an intruder) is the most prominent security problem in traditional data collection. Legal security measures alone do not suffice. Therefore, the following are desirable objectives:• To prevent the data collector (and of course any unauthorized person) from seeing clear respondent data. See Subsection A.• To thoroughly suppress the role of the data collector by carrying out data collection remotely over the Internet. See Subsection B.A.Hiding data from the collector5. A possibility that becomes realistic with the current state of technology would be the following protocol:Protocol 11.The data collector handles a laptop to the respondent2.The respondent enters his/her answers to the questions of the survey.3.The answers are encrypted by the laptop using the public encryption key of the NSI conductingthe survey, so that only the NSI will be able to decrypt them using its corresponding private key (see Note 1). The NSI public key can be prerecorded in the laptop or can even be published in the newspaper and typed by the respondent in real time.Note 1. In a public-key cryptosystem (Diffie and Hellman 1976), each user u has a key pair (PK u, SK u), where the public key PK u is publicly known and the private key SK u is only known to u. A message encrypted under the public key can only be correctly decrypted under the private key. In this way, everybody is able to send secret messages to u, since PK u is public and SK u is only known to u. Normally, some kind of certification is assumed to guarantee that PK u is really u's public key. RSA (Rivest, Shamir and Adleman 1978) is the best known public-key cryptosystem.B.Suppressing the collector6.An alternative way to eliminate the security risks associated to the data collector is to suppress its role completely. In fact, the respondent can answer a survey without the physical presence of the data collector. In that scenario, the respondent could use his/her own home computer to supply his/her answers; the answers would be encrypted by the home computer (using public-key cryptography as described in Protocol 1) and then sent to the NSI via Internet. Some randomization would probably be needed to prevent a wiretapper from identifying the clear responses from the encrypted responses.III.CRYPTOGRAPHY AND DATA PROCESSING7.Since NSIs are committed to statistical confidentiality, unprotected confidential data areassumed to be processed, transferred and stored in a secure environment. This poses several problems:• How should unprotected respondent data be stored? How to transfer non-disclosure-protected data between the various locations of a NSI? Is it possible to use an open network such as the Internet to interconnect these locations?• Does the NSI commitment to statistical confidentiality preclude the use of external untrusted subcontractors to perform computations on confidential data?• In the ``data-shop'' context, how to handle requests by customers who wish to have some statistical computations done on a confidential data set? Since unprotected data cannot be exported and disclosure-protected data do not yield exact statistics, should computation always be carried out by the NSI?Encryption can be very helpful for solving the above problems and is already explicitly mentioned by recent statistical laws (e.g. Draft Statistical Law of Catalonia, 1998).A.Storage and transfer of non-disclosure-protected data8.Secure storage can be achieved by keeping confidential data files encrypted. Particular encryption transformations can be chosen to minimize the storage space needed, to maximize encryption/decryption speed or even to allow some operations to be performed directly on encrypted data (see Subsection B). Secure distribution of confidential data normally requires all communicating parties to have cryptographic facilities and certified public encryption keys. In Polemi and Kokolakis (1998), a solution for the connection of NSIs with each other and with the outside world is sketched.B.Delegation of computing and data9.The need for delegating statistical data arises when the data owner (e.g. NSI) must have its data handled by an untrusted external party, who can be either a customer or a subcontractor. The following are two practical applications:Example 1. A computing delegation problem appears whenever a (small) company wants to use external computing facilities to do some calculations on corporate confidential data. A very common variant of this situation is a medical research team using a (insecure) university mainframe for processing confidential healthcare records. The reason for using external facilities may be the complexity of the calculations but also the huge size of the data set. ♦Example 2. Data delegation problems appear in the interaction between public administrations at several levels. For example, municipalities cooperate with NSIs in statistical data collection. In return, municipalities would like to be able to analyze the whole collected data set (pooled from all municipalities). But only NSIs are usually authorized to hold nation-wide individual census data. A similar problem occurs in any federal-like structure (European Union, U.S.A., Germany, etc.). Member states cooperate with federal agencies in collecting data from individuals, companies, etc. In return, states would like to be able to analyze data at a federal level. A secure solution in both scenarios above is for the organization owning the whole data set to perform (probably for free) the analyses requested by the cooperating organizations. But then the data owning organization becomes a bottleneck and is forced to waste time and resources in uninteresting tasks. A better solution would be for the data owner to delegate data in a secure way and reduce its role in subsequent analyses to a minimum. ♦10. A secure solution to delegation must satisfy two basic requirements:• Data secrecy. The data owner does not want the data handler (the untrusted party performing the computations) to learn the confidential data being processed.• Computation verifiability. The data owner wants to make sure that the computations performed by the data handler are correct. Note that, in computing delegation, the data handler might deviate from the computation requested by the owner; in data delegation, such deviation makes no sense (the data handler is interested in the result), but an overflow may occur which cannot be detected by the handler, since data are encrypted.11.Diké is a prototype that implements secure delegation based on the above ideas. For data secrecy, Diké relies on homomorphic encryption transformations (privacy homomorphisms or PHs for short, see Rivest, Adleman and Dertouzos (1978)) that allow some operations to be carried out by the untrusted data handler directly on encrypted data. Two PHs are currently implemented in Diké: RSA (Rivest, Shamir and Adleman 1978) and a PH described in Domingo-Ferrer (1997), which will be denoted by JD. RSA allows multiplication and test for equality to be carried out on encrypted data. JD allows full arithmetic (addition/subtraction, multiplication and “fraction division”) on encrypted data. For computation verifiability, Diké relies on parity checking. See Domingo-Ferrer, Sánchez del Castillo and Castilla (1998) and Domingo-Ferrer and Sánchez del Castillo (1997) for more detailed descriptions of Diké.C. Ad-hoc schemes for encrypted data processing12.Ad-hoc encryption transformations (Blakley and Meadows 1985) (Ahituv, Lapid and Neumann 1987) do allow to perform restricted treatments on encrypted data. Specifically, solutions for updating encrypted balances are discussed in Ahituv, Lapid and Neumann (1987); the following situations are considered:a) Add an encrypted data element C1 (last balance) to a plaintext P2 (the updating transaction) withouthaving to decipher the encrypted balance. The result of decrypting C1 + P2 should yield P1+P2, where P1 is the plaintext corresponding to C1. The proposed solution consists of adding a key X to the initial balance; to decipher the current balance, at any stage, it suffices to subtract X.b) Add encrypted data C1 to other encrypted data C2 without having to decipher either data before theaddition. The result of decrypting C1+C2 should yield P1+P2, where P i is the plaintext corresponding to C i. Several solutions are examined:• To encrypt P i, compute C i = P i + X, where X is a key and the addition is modular. To decrypt the n-th balance, n must be recorded because nX must be subtracted from the current encrypted balance.• Use an additive privacy homomorphism to encrypt P i. This solution allows the ciphertextsC i to be added.• Consider several keys X1,...,X m, which are used in turn to encrypt P1,..., P m, ... Encryption consists of modulo adding the plaintext and the key.13.The proposed solutions are restricted to performing additions on encrypted data; complete arithmetic is not considered. In the first two solutions, knowledge of a single plaintext-ciphertext pair allows to determine the key X. The authors of Ahituv, Lapid and Neumann (1987) discard the third solution with the argument that additive privacy homomorphisms can be broken using a chosen-ciphertext attack (yet this attack assumes that the plaintexts for a chosen set of ciphertexts can be determined!). The fourth solution requires a long random key if knowledge of several plaintext-ciphertext pairs is to be tolerated; besides, it becomes complex to keep track of which keys should be subtracted to decrypt an encrypted balance.IV.CRYPTOGRAPHY AND DATA DISSEMINATION14.Data dissemination is the kingdom of SDC. In principle, statistical disclosure control techniques suffice to provide adequate protection. However, encryption techniques and more precisely secure electronic commerce can add value to data dissemination. Two aspects will be mentioned here:• Secure electronic transactions• Copyright protectionA.Secure electronic transactions15.Data dissemination has traditionally been done for free. However, NSIs might want to charge users for queries to on-line statistical databases. This could allow NSIs to offer better and more specialized services. Payments for accessing on-line statistical information have the following characteristics:a) They should be electronic, possibly made over the Internet;b) They should be secure;c) They should be inexpensive and fast. The reason is that their value is typically low (probably lessthan 1 euro). Such low-value payments are known as micropayments.16. A number of proposals for micropayment systems assume repeated payments (such as pay-per-view); examples of these are CAFE Phone Ticks (Pedersen 1996), µ-i KP (Hauser, Steiner and Waidner 1996), NetBill (Cox, Tygar and Sirbu, 1995), Millicent (Millicent 1997) and MiniPay (MiniPay 1998). Both CAFE and µ-i KP use one-way hash functions to implement micropayments.17.We next give an overview of µ-i KP following Asokan, Janson, Steiner and Waidner (1997).µ-i KP is the micropayment proposal for i KP, which in turn is an ancestor of the de facto electronic payment standard SET (SET 1997), jointly developed by VISA and MasterCard. Let f(x) be a one-way function, i.e. a function such that it is difficult to find the value x given the value y=f(x). Given such a one-way function, the payer (user) will randomly choose a seed value X and recursively compute:A0(X)=XA i+1(X)= f(A i(X))The values A0,... ,A n-1 are known as coupons and enable the payer to make n micropayments of a fixed value v to one payee (the NSI). First, the payer forwards A n and v to the payee in an authenticated manner; authentication can be achieved by sending these values to the payee as the payload of a regular i KP payment. The payee ensures, possibly via its bank, that A n does in fact correspond to a good hash preimage chain that can be used for subsequent micropayments. The micropayments are then carried out by revealing components of the chain A n-1, A n-2, ..., A0 successively to the payee. To clear the payments, the payee presents the partial chainA i,... ,A j (0 ≤ i < j ≤ n)to its bank in return for a credit of value v(j-i).18.The overhead of the setup phase is justified only when it is followed by several repeated micropayments. However, nonrepeated payments are also to be taken into account: a user may wish to perform a single query on a statistical database. µ-i KP solves this problem with a broker. An isolated micropayment from payer P to payee Q is carried out by P, who makes one or more micropayments tobroker B. Broker B then makes an equivalent micropayment to Q. In other words, a nonrepeating financial relationship between P and Q is achieved by leveraging on existing relationships between B and P and between B and Q.B.Copyright protection19.If data dissemination is a service being paid for, the disseminated data should be copyright-protected. Otherwise, a user could buy the data and then redistribute them freely.20.Fingerprinting is a technique which allows to track redistributors of electronic information. Given an original item of information, a t-uple of marks is probabilistically selected. A mark is a piece of the information item of which two slightly different versions exist (for statistical information, a mark can be created by slightly perturbing a figure). At the moment of selling a copy of the item, the merchant (NSI) selects one of the two versions for each mark; in other words, the NSI hides a t-bit word in the information, where the i-th bit indicates which version of the data is being used for the i-th mark. Usually, it is assumed that two or more dishonest buyers can only locate and delete marks by comparing their copies (Marking Assumption (Boneh and Shaw 1995)).21.Classical fingerprinting schemes (Blakley, Meadows and Purdy 1986) (Boneh and Shaw 1995) are symmetrical in the sense that both the merchant and the buyer know the fingerprinted copy. Even if the merchant succeeds in identifying a dishonest buyer, her previous knowledge of the fingerprinted copies prevents her from using them as a proof of redistribution in front of third parties. To overcome that problem, recent fingerprinting proposals are asymmetric, so that only the buyer knows the fingerprinted copy. For recent proposals on fingerprinting, see Domingo-Ferrer (1999).V.CONCLUSION22.Cryptography has been shown to be useful in all three stages of statistical production. In data collection, it helps to reduce or eliminate the confidentiality risks related to the data collector. In data processing, cryptography is useful for data storage and transmission; further, certain encryption transformations can allow confidential data to be processed directly in encrypted form in untrusted, maybe subcontracted, environments. Finally, cryptographic techniques are the cornerstone of secure electronic commerce, which may contribute to fund and develop statistical data dissemination. AcknowledgmentThis work was partly supported by the Spanish CICYT under grant no. TEL98-0699-C02-02 and by the Statistical Institute of Catalonia under a research contract.ReferencesN. Ahituv, Y. Lapid and S. Neumann (1987) “Processing encrypted data”, in Communications of the ACM, vol. 30, pp. 777-780.N. Asokan, P. A. Janson, M. Steiner and M. Waidner (1997) “The state of the art in electronic payment systems”, IEEE Computer, Sep. 1997, pp. 28-35.G. R. Blakley and C. Meadows (1985) “A database encryption scheme which allows the computationof statistics using encrypted data”, in Proceedings of the IEEE Symposium on Research inSecurity and Privacy, New York: IEEE CS Press, pp. 116-122.G. R. Blakley, C. Meadows and G. B. Purdy (1986) “Fingerprinting long forgiving messages”, inAdvances in Cryptology-CRYPTO'85 (Lecture Notes in Computer Science 218), Berlin: Springer-Verlag, pp. 180-189.D. Boneh and J. Shaw (1995) “Collusion-secure fingerprinting for digital data”, in Advances inCryptology-CRYPTO'95 (Lecture Notes in Computer Science 963), Berlin: Springer-Verlag, pp.452-465. Also in IEEE Transactions on Information Theory, vol. IT-44, pp. 1897-1905, Sep.1998.L. Buzzigoli and A. Giusti (1998) “Some introductory remarks on statistical disclosure control”, in Pre-proceedings of NTTS'98, pp. 217-224.B. Cox, J. D. Tygar and M. Sirbu (1995) “NetBill security and transaction protocol”, in Proceedings ofFirst Usenix Electronic Commerce Workshop, Berkeley CA: Usenix, pp. 77-88.W. Diffie and M. E. Hellman (1976) “New directions in cryptography”, IEEE Transactions on Information Theory, vol. IT-22, pp. 644-654.J. Domingo-Ferrer (1997) “Multi-application smart cards and encrypted data processing”, Future Generation Computer Systems, vol. 13, pp. 65-74.J. Domingo-Ferrer and R. X. Sánchez del Castillo (1997) “An implementable scheme for secure delegation of computing and data”, in Information Security-ICICS'97 (Lecture Notes in ComputerScience 1334), Berlin: Springer-Verlag, pp. 445-451.J. Domingo-Ferrer, R. X. Sánchez del Castillo and J. Castilla (1998) “Diké: A prototype for secure delegation of statistical data”, in Proceedings of SDP'98, Amsterdam: IOS Press (to appear).J. Domingo-Ferrer (1999) “Anonymous fingerprinting based on committed oblivious transfer”, Proceedings of Public Key Cryptography'99 (Lecture Notes in Computer Science), Berlin: Springer-Verlag (to appear).R. Hauser, M. Steiner and M. Waidner (1996) “Micro-payments based on i KP”, Research Report 2791, IBM Research./Technology/Security/publications/1996/HSW96.ps.gzMillicent, /MiniPay, /mpayT. Pedersen (1996) “Electronic payments of small amounts”, in Security Protocols (Lecture Notes in Computer Science 1189), Berlin: Springer-Verlag, pp. 59-68.D. Polemi and G. Kokolakis (1998) “A secure network of European Statistical Offices over theInternet”, in Proceedings of SDP'98, Amsterdam: IOS Press (to appear).R. L. Rivest, L. Adleman and M. L. Dertouzos (1978) “On data banks and privacy homomorphisms”, in Foundations of Secure Computation, New York: Academic Press, pp. 169-179.R. L. Rivest, A. Shamir and L. Adleman (1978) “A method for obtaining digital signatures and public-key cryptosystems”, Communications of the ACM, vol. 21, pp. 120-126.Secure Electronic Transaction (SET) specification (version 1.0) developed by Mastercard and Visa (May 1997). L. Willenborg and T. de Waal (1996) Statistical Disclosure Control in Practice, New York: Springer-Verlag.。
