嵌入式机载软件安全性分析标准、方法及工具研究综述

嵌入式软件在安全关键系统中的应用,使得保障软件安全性成为软件工程领域的研究热点之一.以典型嵌入式软件系统机载软件为基础,对机载软件安全性保障的标准、方法及工具进行综述.首先,对机载软件领域所采用的软件安全性相关的标准进行简介,并给出机载软件安全性分析框架;其次,从机载软件安全性分析框架出发,将机载软件安全性保障方法划分为3个方面,即,机载软件安全需求的提取与规约、面向标准的机载软件开发、机载软件安全需求验证.对这3个方面的现有研究工作以及工业应用进行了综述;然后,针对当前适航标准的要求对机载软件安全性保证过程中软件安全证据的收集方面的研究工作进行了总结;最后,提出机载软件安全性领域存在的挑战和未来的研究方向.     

扩展SysML支持需求追踪模型的自动生成

安全关键系统广泛应用于航空、航天、核能、交通等领域,对安全性有着很高的要求。保障需求可追踪性是安全关键系统开发过程中的基本要求,也是各项安全性分析的重要前提。致力于建立需求与设计制品间的纵向追踪关系,采用模型驱动的方法来实现追踪模型的自动生成并实现追踪信息的图形化表达。首先通过配置文件的机制对SysML模型进行扩展,使用该扩展的SysML模型对需求以及设计制品进行建模用于捕获追踪信息。接着设计了一个追踪元模型用于表达以及存储追踪信息可供后期安全性分析使用,并使用模型转换技术实现从扩展的SysML模型到追踪模型的自动化生成。最后通过襟缝翼控制系统的案例来说明该方法的有效性。     

基于限定自然语言需求模板的AADL模型生成方法

随着嵌入式软件系统在汽车、核工业、航空、航天等安全关键领域的广泛应用,其失效将会导致财产的损失、环境的破坏甚至人员的伤亡,使得保障软件安全性成为系统开发过程中的重要部分.传统的安全性分析方法主要应用在软件的需求分析阶段和设计阶段,然而需求与设计之间的鸿沟却一直是软件工程领域的一大难题.正是由于这一鸿沟的存在,使得需求分析阶段的安全性分析结果难以完整详尽地反映在软件设计中,其根本原因是当前的软件需求主要通过自然语言描述,存在二义性与模糊性,且难以进行自动化处理.为了解决这一问题,本文面向构件化嵌入式软件,首先提出了一种半结构化的限定自然语言需求模板用于需求规约,能够有效降低自然语言需求的二义性与模糊性.然后,为了降低自动化处理的复杂性,采用需求抽象语法图作为中间模型实现基于限定自然语言需求模板规约的软件需求与AADL模型之间的转换,并在此过程中自动记录两者之间的可追踪关系.最后,基于AADL开源工具OSATE对本文所提方法进行了插件实现,并通过航天器导航、制导与控制系统（Guidance,Navigation andControl,GNC）进行了实例性验证.     

基于UML顺序图的安全苛求软件安全性分析

安全性分析对于确保开发出符合安全性需求的软件系统非常重要。该文从安全苛求软件的建模特点出发,分析现有的安全性分析方法和UML建模语言在安全苛求软件方面的应用及优缺点。针对UML面向安全性需求建模的不足,对顺序图增加了安全性描述方法。通过车载ATP系统的建模应用验证其可行性与有效性。     

基于系统理论过程分析的安全关键软件安全性验证方法

现代安全关键系统的功能实现越来越依赖于软件,这导致软件的安全性对系统安全至关重要,而软件的复杂性使得采用传统安全性分析方法很难捕获组件交互过程带来的危险。为保证安全关键系统的安全性,提出一种基于系统理论过程分析（STPA）的软件安全性验证方法。在安全控制结构基础上,通过构建带有软件过程模型变量的过程模型,细化分析危险行为发生的系统上下文信息,并以此生成软件安全性需求。然后通过设计起落架控制系统软件,采用模型检验技术对软件进行安全性验证。结果表明,所提方法能够在系统级层面有效识别出软件中潜在的危险控制路径,并可以减少对人工分析的依赖。     

面向用例安全关键系统开发方法研究

面向用例模型的安全性分析方法是从系统需求文档中提取用例模型,给出其安全性分析规范,并将用例模型集成为合成使用模型。利用umlsec构造型描述安全性,并实现相应的安全性验证工具进行验证,从而避免后期考虑安全性的风险与成本,提高了系统开发的质量和效率。     

面向适航标准的机载软件测试验证方法综述

机载软件测试是指机载系统中嵌入式软件执行的测试验证过程,目的是为了挖掘出软件缺陷从而提高机载系统的可靠性。随着机载嵌入式系统功能的多样化需求,软件的规模和复杂程度不断增加,同时因为其实时性、嵌入性、高可靠性等特殊性,因此对机载软件进行充分测试成为当前的一个挑战。为了满足要求,机载系统的测试需要遵循最新的适航标准DO-178C,针对机载软件生命周期过程提出了一系列目标要求和设计考虑。为此,简介了机载软件适航认证标准的发展及其测试环境;根据DO-178C对机载软件测试的各个过程从基于需求、基于模型、基于安全性分析以及软件验证的测试研究机载软件的测试验证方法,并进行小结;对相关领域的发展进行总结和展望。     

基于软件产品线的需求分析研究

软件产品线方法是一种面向特定领域的、大规模、大粒度的软件复用技术.在软件产品线的开发过程中,产品线需求分析是软件产品线开发的关键活动之一,软件产品线需求分析奠定了产品线构架的基础.通过分析软件产品线开发过程和软件产品线需求分析的特点,阐述了软件产品线需求分析方法以及软件产品线需求分析的实践风险.以领域分析和建模为切入点,对软件产品线的领域分析、需求建模和用例建模等关键方法和技术进行了重点的研究.     

基于系统理论过程分析的软件安全性需求分析与验证方法

针对传统系统理论过程分析（STPA）方法缺乏自动化实现手段、自然语言结果分析存在歧义性的问题,提出一种基于STPA的软件安全性需求分析与验证方法。首先,提取软件安全性需求,并利用算法将其转化为形式化表达式;其次,建立状态图模型来描述软件安全控制行为逻辑,并将其转化为程序可读的形式化语言;最后,采用模型检验技术进行形式化验证。结合某武器发射控制系统案例验证了方法的有效性,结果表明,该方法能够实现安全需求分析的自动化生成与形式化验证,解决了传统方法对于人工干预的依赖问题及自然语言描述问题。     

核安全级仪控系统软件开发质量管理

核安全级软件的质量关系到整个安全系统的安全性和可靠性,有效地开展软件质量管理,是保证安全级系统开发的关键,是核安全级系统自主化和国产化的重要环节。结合CAP1400保护系统的研发过程,介绍了开发过程中安全级软件的质量保证过程,重点分析了其中组织结构、标准体系、信息化支持和独立验证与确认的相关内容,为今后我国非能动核电厂安全系统的设计开发提供方便。     

Detecting safety‐related components in statecharts through traceability and model slicing

With rapid development in software technology, more and more safety‐critical systems are software intensive. Safety issues become important when software is used to control such systems. However, there are 2 important problems in software safety analysis: (1) there is often a significant traceability gap between safety requirements and software design, resulting in safety analysis and software design are often conducted separately; and (2) the growing complexity of safety‐critical software makes it difficult to determine whether software design fulfills safety requirements. In this paper, we propose a technique to address the above 2 important problems on the model level. The technique is based on statecharts, which are used to model the behavior of software, and fault tree safety analysis. This technique contains the following 2 parts, which are corresponding to the 2 problems, respectively. The first part is to build a metamodel of traceability between fault trees and statecharts, which is to bridge their traceability gap. A collection of rules for the creation and maintenance of traceability links is provided. The second part is a model slicing technique to reduce the complexity of statecharts with respect to the traceability information. The slicing technique can deal with the characteristics of hierarchy, concurrency, and synchronization of statecharts. The reduced statecharts are much smaller than their original statecharts, which are helpful to successive safety analysis. Finally, we illustrate the effectiveness and the importance of the method by a case study of slats and flaps control units in flight control systems.     

A SysML-based approach to traceability management and design slicing in support of safety certification: Framework,tool support,and case studies

ContextTraceability is one of the basic tenets of all safety standards and a key prerequisite for software safety certification. In the current state of practice, there is often a significant traceability gap between safety requirements and software design. Poor traceability, in addition to being a non-compliance issue on its own, makes it difficult to determine whether the design fulfills the safety requirements, mainly because the design aspects related to safety cannot be clearly identified.ObjectiveThe goal of this article is to develop a framework for specifying and automatically extracting design aspects relevant to safety requirements. This goal is realized through the combination of two components: (1) A methodology for establishing traceability between safety requirements and design, and (2) an algorithm that can extract for any given safety requirement a minimized fragment (slice) of the design that is sound, and yet easy to understand and inspect.MethodWe ground our framework on System Modeling Language (SysML). The framework includes a traceability information model, a methodology to establish traceability, and mechanisms for model slicing based on the recorded traceability information. The framework is implemented in a tool, named SafeSlice.ResultsWe prove that our slicing algorithm is sound for temporal safety properties, and argue about the completeness of slices based on our practical experience. We report on the lessons learned from applying our approach to two case studies, one benchmark and one industrial case. Both studies indicate that our approach substantially reduces the amount of information that needs to be inspected for ensuring that a given (behavioral) safety requirement is met by the design.     

产品溯源研究综述及前景展望

产品溯源体系建设是完善经济全球化治理架构的重要方面,对保证产品的质量和安全、保护消费者权益、促进社会发展具有重要的意义.从现有的产品溯源框架、方法和系统平台3方面对产品溯源相关研究成果进行综述.首先,从溯源信息存储、溯源深度提升、溯源模块化设计和溯源监管4个角度,对产品溯源框架进行介绍;其次,将现有产品溯源方法分为产品标识溯源方法和区块链溯源方法两个类别,并分别对各个类别的溯源方法进行详述和分析;进而,围绕在食品畜牧、供应链、数字凭证和知识产权4个应用方向,对现有的产品溯源系统平台进行介绍;最后,基于对产品溯源研究工作的综述和分析,从异构多源溯源数据管理架构、成员共享激励与可信协作机制、溯源数据安全保障、溯源实时性保障、溯源过程有效监管5个方面,对当前产品溯源面临的挑战和未来的发展前景进行分析和展望.     

面向地勘行业软件开发过程管理信息系统研究与开发

针对目前地勘行业软件开发过程信息管理缺乏规范化手段和软件运维措施落后等现状,在分析地勘行业软件开发过程管理现状和需求的基础上提出建立面向地勘行业软件开发过程管理信息系统。通过建立管理信息系统,在缩短地勘行业软件开发周期、提升开发过程资料回溯性以及提高行业软件开发过程管理和运维效率等方面取得明显进步,并通过实例验证了系统的实用性和有效性。     

Design-code traceability recovery: selecting the basic linkage properties

Traceability ensures that software artifacts of subsequent phases of the development cycle are consistent. Few works have so far addressed the problem of automatically recovering traceability links between object-oriented (OO) design and code entities. Such a recovery process is required whenever there is no explicit support of traceability from the development process. The recovered information can drive the evolution of the available design so that it corresponds to the code, thus providing a still useful and updated high-level view of the system.

Automatic recovery of traceability links can be achieved by determining the similarity of paired elements from design and code. The choice of the properties involved in the similarity computation is crucial for the success of the recovery process. In fact, design and code objects are complex artifacts with several properties attached. The basic anchors of the recovered traceability links should be chosen as those properties (or property combinations) which are expected to be maintained during the transformation of design into code. This may depend on specific practices and/or the development environment, which should therefore be properly accounted for.

In this paper different categories of basic properties of design and code entities will be analyzed with respect to the contribution they give to traceability recovery. Several industrial software components will be employed as a benchmark on which the performances of the alternatives are measured.     

一种面向方面的软件体系结构

针对软件开发过程中软件代码杂混、分散,导致软件开发过程的可追踪性差、开发效率低、代码的重用性不好、代码质量不高、软件系统的演变进化困难等问题,采用面向方面的软件开发方法研究软件体系结构,结合业务流程管理系统,来介绍基于面向方面的软件体系结构在系统需求方面实现和编织方法的开发过程。通过提取业务流程、业务活动和参业者这三个关注点,对这些需求关注独立封装,并对它们的实现进行编织．解决相互之间的信息交换,降低了业务逻辑、业务数据和业务操作实体三者间的耦合,实现业务流程的柔性管理和不同业务功能的集成。     

UML在商业系统建模中的应用

UML是一种定义良好、易于表达，功能强大且普遍适用的建模语言。它融入了软件工程领域的新思想、新方法和新技术，使用范围不仅限于支持面向对象的分析与设计，还支持从需求分析开始的软件开发的全过程，通过介绍UML在商业系统建模中的应用方法，阐述了UML的特点及商业系统中使用UML的优势。     

Medical device standards' requirements for traceability during the software development lifecycle and implementation of a traceability assessment model

Developing safety critical software is a complex process. Due to the fact that medical device software failure can lead to catastrophic consequences, numerous standards have been developed which govern software development in the medical device domain. Risk management has an important role in medical device software development as it is important to ensure that safe software is developed. Demonstrating traceability of requirements right throughout the medical device software development and maintenance lifecycles is an important part of demonstrating that ‘safe’ software has been produced through adopting defined processes. Consequently, medical device standards and guidelines emphasise the need for traceability.This paper outlines the extent and diversity of traceability requirements within medical device standards and guidelines, and identifies the requirements for traceability through each phase of the software development lifecycle. The paper also summarises the findings obtained when a lightweight assessment method (Med-Trace), which we created, based upon the traceability practices within these standards, was implemented in two SME organisations. Finally we highlight how the findings indicate a lack of guidance as to what is required when implementing and maintaining a traceability process.