1254                                     Journal of Software  软件学报 Vol.32, No.5,  May 2021

                [38]    Shostack A. Threat Modeling: Designing for Security. John Wiley & Sons, 2014.
                [39]    Stamatis DH. Failure Mode and Effect Analysis: FMEA from Theory to Execution. 2nd ed., Milwaukee: ASQ Quality Press, 2003.
                [40]    Lindvall M, Diep M, Klein M, et al. Safety-focused security requirements elicitation for medical device software. In: Proc. of the
                     2017 IEEE 25th Int’l Requirements Engineering Conf. (RE). Piscataway: IEEE, 2017. 134−143. [doi: 10.1109/RE.2017.21]
                [41]    Friedberg I,  McLaughlin  K, Smith P,  et  al. STPA-SafeSec: Safety  and security  analysis for cyber-physical  systems. Journal of
                     Information Security and Applications, 2017,34(2):183−196. [doi: 10.1016/j.jisa.2016.05.008]
                [42]    Basiri A, Behnam N, de Rooij R, et al. Chaos engineering. IEEE Software, 2016,33(3):35−41. [doi: 10.1109/MS.2016.60]
                [43]    Tucker H, Hochstein L, Jones N, et al. The business case for chaos engineering. IEEE Cloud Computing, 2018,5(3):45−54. [doi: 10.
                     1109/MCC.2018.032591616]
                [44]    Blohowiak A, Basiri A, Hochstein L, et al. A platform for automating chaos experiments. In: Proc. of the 2016 IEEE Int’l Symp. on
                     Software Reliability Engineering Workshops (ISSREW). Piscataway: IEEE, 2016. 5−8. [doi: 10.1109/ISSREW.2016.52]
                [45]    Basiri A, Hochstein L, Jones N, et al. Automating chaos experiments in production. In: Proc. of the 2019 IEEE/ACM 41st Int‘l
                     Conf. on Software  Engineering: Software  Engineering  in Practice  (ICSE-SEIP). Piscataway: IEEE, 2019. 31−40. [doi: 10.1109/
                     ICSE-SEIP.2019.00012]
                [46]    Zhang L, Morin B, Haller P, et al. A chaos engineering system for live analysis and falsification of exception-handling in the JVM.
                     IEEE Trans. on Software Engineering, 2019, PrePrints: 1−1. [doi: 10.1109/TSE.2019.2954871]
                [47]    Simonsson J, Zhang L, Morin B, et al. Observability and chaos engineering on system calls for containerized applications in docker.
                     arXiv preprint arXiv:1907.13039, 2019.
                [48]    Salinas E. Tammy Bütow on chaos engineering. IEEE Software, 2018,35(5):125−128. [doi: 10.1109/MS.2018.3571246]
                [49]    ThoughtWorks. Technology radar vol.18. 2018. https://thoughtvorks.com/radar
                [50]    ThoughtWorks. Technology radar vol.20. 2019. https://thoughtvorks.com/radar
                [51]    Sharma B, Jayachandran P, Verma A, et al. CloudPD: Problem determination and diagnosis in shared dynamic clouds. In: Proc. of
                     the IEEE/IFIP Int’l Conf. on Dependable Systems & Networks. Piscataway: IEEE. 2013. 1−12. [doi: 10.1109/DSN.2013. 6575298]
                [52]    Bodik P, Goldszmidt M, Fox A, et al. Fingerprinting the datacenter: automated classification of performance crises. In: Proc. of the
                     5th European Conf. on Computer Systems. New York: ACM, 2010. 111−124. [doi: 10.1145/1755913.1755926]
                [53]    Cherkasova L, Kivanc O, Mi NF, et al. Automated anomaly detection and performance modeling of enterprise applications. ACM
                     Trans. on Computer Systems, 2009,27(3):1−32. [doi: 10.1145/1629087.1629089]
                [54]    Duan S, Babu S, Munagala K. Fa: A system for automating failure diagnosis. In: Proc. of the 2009 IEEE 25th Int’l Conf. on Data
                     Engineering. Piscataway: IEEE, 2009. 1012−1023. [doi: 10.1109/ICDE.2009.115]
                [55]    Kandula S, Mahajan R, Verkaik P, et al. Detailed diagnosis in enterprise networks. In: Proc. of the ACM SIGCOMM 2009 Conf. on
                     Data communication. New York: ACM, 2009. 243−254. [doi: 10.1145/1592568.1592597]
                [56]    Nguyen H, Shen Z, Tan Y, et al. FChain: Toward black-box online fault localization for cloud systems. In: Proc. of the 2013 IEEE
                     33rd Int’l Conf. on Distributed Computing Systems. Piscataway: IEEE, 2013. 21−30. [doi: 10.1109/ICDCS.2013.26]
                [57]    Kandula S, Chandra R, Katabi D. What’s going on? Learning communication rules in edge networks. ACM SIGCOMM Computer
                     Communication Review, 2008,38(4):87−98. [doi: 10.1145/1402958.1402970]
                [58]    Nguyen H, Tan Y, Gu X. Pal: Propagation-aware anomaly localization for cloud hosted distributed applications. In: Proc. of the
                     Managing Large-scale Systems via the Analysis of System Logs and the Application of Machine Learning Techniques (SLAML
                     2011). New York: ACM, 2011. 1−8. [doi: 10.1145/2038633.2038634]
                [59]    Fonseca R, Porter G, Katz RH, et al. X-trace:  A pervasive network  tracing framework. In:  Proc. of the 4th  USENIX Symp. on
                     Networked Systems Design & Implementation (NSDI 2007). USENIX, 2007. 271−284.
                [60]    Chen MY, Kiciman E, Fratkin E, et al. Pinpoint: Problem determination in large, dynamic Internet services. In: Proc. of the Int’l
                     Conf. on Dependable Systems and Networks. Piscataway: IEEE, 2002. 595−604. [doi: 10.1109/DSN.2002.1029005]
                [61]    Zhao X, Zhang Y, Lion D, et al. Lprof: A non-intrusive request flow profiler for distributed systems. In: Proc. of the 11th USENIX
                     Symp. on Operating Systems Design and Implementation (OSDI 2014). USENIX, 2014. 629−644.
                [62]    Chow M, Meisner D, Flinn J, et al. The mystery machine: End-to-end performance analysis of large-scale Internet services. In:
                     Proc. of the 11th USENIX Symp. on Operating Systems Design and Implementation (OSDI 2014). USENIX, 2014. 217−231.