基于SFTA的桥接模式安全性分析

采用软件故障树分析法,通过一个应用桥接模式的实例研究在软件设计中引入设计模式对软件安全性的影响。结果表明,单纯引入桥接模式,软件的安全性约降低50%,但引入设计模式使得软件模块之间解耦合,通过加入双余量设计,可以使软件安全性提高2个数量级。该结论对安全关键软件面向对象的设计具有指导作用。     

一种结合线性时序逻辑和故障树的软件安全验证方法

嵌入式软件在安全关键领域的广泛应用使得保障软件的安全性成为学界的研究热点。故障树技术是工业界常用的传统的安全分析方法之一。然而,传统的故障树无法精确描述安全关键系统中具有时序特征的系统故障。针对此问题,给出了一种结合线性时序逻辑和故障树的安全验证方法。该方法运用线性时序逻辑对故障树进行形式化规约,从中抽取出软件安全属性并用时序逻辑公式进行描述,用以支持对安全关键软件的模型检验。最后,以某机载控制系统软件数据处理故障模块的模型检验为例,来说明该方法的有效性和可行性。     

软件可靠性稳定增长与安全性测试的故障树分析法

随着信息技术的发展,计算机应用日益广泛,软件可靠性和软件安全性越来越受到重视。本文提出软件可靠性稳定增长测试与软件安全性测定的概念,并利用故障树分析技术,详细讨论了它们在操作获取高的软件可靠性与安全性工作中的作用,描述了故障树分析方法的分析过程,最后本文分析了它的优缺点,并对该方法的可能的改进及补充进行了一些探讨。     

安全关键软件术语推荐和需求分类方法

安全关键软件需求中的相关知识大多需要手工提取,既费时又费力。近年来,人工智能技术逐渐被应用于安全关键软件设计与开发过程中,以减少工程师的手工劳动,缩短软件开发的生命周期。文中提出了一种安全关键软件术语推荐和需求分类方法,为安全关键软件需求规约提供了基础。首先,基于词性规则和依存句法规则对候选术语进行提取,通过术语相似度计算和聚类方法对候选术语进行聚类,将聚类结果推荐给工程师;其次,基于特征提取方法和分类方法将安全关键软件需求自动分为功能、安全性、可靠性等需求;最后,在AADL(Architecture Analysis and Design Language)开源建模环境OSATE中实现了原型工具TRRC4SCSTool,并基于工业界案例需求、安全分析与认证标准等构建实验数据集进行了实验验证,证明了所提方法的有效性。     

联锁逻辑模型的安全性分析

故障树分析法(FTA)用于静态分析系统失效的可能事件和状态,是分析安全苛求系统的可靠性和安全性的一种有效方法。时间Petri网(TPN)描述具有时序关系的并发系统,用于系统行为的动态建模。但利用时间Petri网无法严格证明其模型是安全的。提出了一种用于时间Petri网模型的安全性分析方法,该方法有效地结合故障树分析法和时间Petri网的各自优点,实际应用于联锁逻辑模型的安全性分析,并对不安全的模型提出修正方案。     

基于软件产品线的需求分析研究

软件产品线方法是一种面向特定领域的、大规模、大粒度的软件复用技术.在软件产品线的开发过程中,产品线需求分析是软件产品线开发的关键活动之一,软件产品线需求分析奠定了产品线构架的基础.通过分析软件产品线开发过程和软件产品线需求分析的特点,阐述了软件产品线需求分析方法以及软件产品线需求分析的实践风险.以领域分析和建模为切入点,对软件产品线的领域分析、需求建模和用例建模等关键方法和技术进行了重点的研究.     

Experimental evaluation of software development tools for safety-critical real-time systems

Since the early years of computing, programmers, systems analysts, and software engineers have sought ways to improve development process efficiency. Software development tools are programs that help developers create other programs and automate mundane operations while bringing the level of abstraction closer to the application engineer. In practice, software development tools have been in wide use among safety-critical system developers. Typical application areas include space, aviation, automotive, nuclear, railroad, medical, and military. While their use is widespread in safety-critical systems, the tools do not always assure the safe behavior of their respective products. This study examines the assumptions, practices, and criteria for assessing software development tools for building safety-critical real-time systems. Experiments were designed for an avionics testbed and conducted on six industry-strength tools to assess their functionality, usability, efficiency, and traceability. The results some light on possible improvements in the tool evaluation process that can lead to potential tool qualification for safety-critical real-time systems.     

Effective product-line testing using similarity-based product prioritization

Software and Systems Modeling - A software product line comprises a family of software products that share a common set of features. Testing an entire product-line product-by-product is infeasible...     

An elementary theory of product-line variations

The primary aim of a software product-line is to maximise reuse of software components by managing the variability in component functionalities and product configurations. Feature oriented domain analysis (FODA) diagrams are a formalism for modelling the variability in a software product-line, and are used as a tool for managing a product-line and planning its evolution. This paper presents an elementary theory of variations in a product-line, leading up to a technique for extracting FODA diagrams from legacy product-lines. The theory is elementary in the sense that it is built using very simple mathematical structures, making minimal assumptions on the structure of product-lines. Examples drawn from the automotive domain are used to illustrate the theoretical developments.     

A Basis for Analyzing Software Architecture Analysis Methods

A software architecture is a key asset for any organization that builds complex software-intensive systems. Because of an architecture's central role as a project blueprint, organizations should analyze the architecture before committing resources to it. An analysis helps to ensure that sound architectural decisions are made. Over the past decade a large number of architecture analysis methods have been created, and at least two surveys of these methods have been published. This paper examines the criteria for analyzing architecture analysis methods, and suggests a new set of criteria that focus on the essence of what it means to be an architecture analysis method. These criteria could be used to compare methods, to help understand the suitability of a method, or to improve a method. We then examine two methods—the Architecture Tradeoff Analysis Method and Architecture-level Modifiability Analysis—in light of these criteria, and provide some insight into how these methods can be improved. Rick Kazman is a Senior Member of the Technical Staff at the Software Engineering Institute of Carnegie Mellon University and Professor at the University of Hawaii. His primary research interests are software architecture, design and analysis tools, software visualization, and software engineering economics. He also has interests in human-computer interaction and information retrieval. Kazman has created several highly influential methods and tools for architecture analysis, including the SAAM and the ATAM. He is the author of over 80 papers, and co-author of several books, including “Software Architecture in Practice”, and “Evaluating Software Architectures: Methods and Case Studies”. Len Bass is a Senior Member of the Technical Staff at the Software Engineering Institute (SEI). He has written two award winning books in software architecture as well as several other books and numerous papers in a wide variety of areas of computer science and software engineering. He is currently working on techniques for the methodical design of software architectures and to understand how to support usability through software architecture. He has been involved in the development of numerous different production or research software systems ranging from operating systems to database management systems to automotive systems. Mark Klein is Senior Member of the Technical Staff of the Software Engineering Institute. He has over 20 years of experience in research on various facets of software engineering, dependable real-time systems and numerical methods. Klein's most recent work focuses on the analysis of software architectures, architecture tradeoff analysis, attribute-driven architectural design and scheduling theory. Klein's work in real-time systems involved the development of rate monotonic analysis (RMA), the extension of the theoretical basis for RMA, and its application to realistic systems. Klein's earliest work involved research in high-order finite element methods for solving fluid flow equations arising in oil reservoir simulation. He is the co-author two books: “A Practitioner's Handbook for Real-Time Analysis: Guide to Rate Monotonic Analysis for Real-Time Systems” and “Evaluating Software Architecture: Methods and Case Studies”. Anthony J. Lattanze is an Associate Teaching Professor at the Institute for Software Research International (ISRI) at Carnegie Mellon University (CMU) and a senior member of the technical staff at the Software Engineering Institute (SEI). Anthony teaches courses in CMUs Masters of Software Engineering Program in Software Architecture, Real-Time/Embedded Systems, and Software Development Studio. His primary research interest is in the area software architectural design for embedded, software intensive systems. Anthony consults and teaches throughout industry in the areas of software architecture design and architecture evaluation. Prior to Carnegie Mellon, Mr. Lattanze was the Chief of Software Engineering for the Technology Development Group at the United States Flight Test Center at Edwards Air Force Base, CA. During his tenure at the Flight Test Center, he was involved with a number of software and systems engineering projects as a software and systems architect, project manager, and developer. During this time as he was involved with the development, test, and evaluation of avionics systems for the B-2 Stealth Bomber, F-117 Stealth Fighter, and F-22 Advanced Tactical Fighter among other systems. Linda Northrop is the director of the Product Line Systems Program at the Software Engineering Institute (SEI) where she leads the SEI work in software architecture, software product lines and predictable component engineering. Under her leadership the SEI has developed software architecture and product line methods that are used worldwide, a series of five highly-acclaimed books, and Software Architecture and Software Product Line Curricula. She is co-author of the book, “Software Product Lines: Practices and Patterns,” and a primary author of the SEI Framework for Software Product Line Practice.     

Certification of software for real-time safety-critical systems: state of the art

This paper presents an overview and discusses the role of certification in safety-critical computer systems focusing on software, and partially hardware, used in the civil aviation domain. It discusses certification activities according to RTCA DO-178B “Software Considerations in Airborne Systems and Equipment Certification” and touches on tool qualification according to RTCA DO-254 “Design Assurance Guidance for Airborne Electronic Hardware.” Specifically, certification issues as related to real-time operating systems and programming languages are reviewed, as well as software development tools and complex electronic hardware tool qualification processes are discussed. Results of an independent industry survey done by the authors are also presented.     

Structuring product family requirements for<Emphasis Type="Italic"> n</Emphasis>-dimensional and hierarchical product lines

The software product-line approach (for software product families) is one of the success stories of software reuse. When applied, it can result in cost savings and increases in productivity. In addition, in safety-critical systems the approach has the potential for reuse of analysis and testing results, which can lead to a safer system. Nevertheless, there are times when it seems like a product family approach should work when, in fact, there are difficulties in properly defining the boundaries of the product family. In this paper, we draw on our experiences in applying the software product-line approach to a family of mobile robots, a family of flight guidance systems, and a family of cardiac pacemakers, as well as case studies done by others to (1) illustrate how domain structure can currently limit applicability of product-line approaches to certain domains and (2) demonstrate our progress towards a solution using a set-theoretic approach to reason about domains of what we call n-dimensional and hierarchical product families.     

ICSUT：一个IC—CAD领域的软件理解工具

软件理解一直是软件维护过程中的瓶颈问题，它需要花费维人员很多的时间和精力，随着集成电路工艺技术的进步及电路系统集成度与复杂度的增加，该领域的软件数目和软件复杂度也大幅度的提高，这更使维护领域软件的工作变得日益繁重。本文所讨论的工具，ＩＣＳＵＴ Ｓｏｆｔｗａｒｅ Ｕｎｄｅｒｓｔａｎｄｉｎｇ Ｔｏｏｌ）是一个ＩＣ－ＣＡＤ领域内的软件理解工具。它用图示的方法从四个层次；实现层、结构层、功能层、领域层来展     

Tool-Supported Verification of Product Line Requirements

A recurring difficulty for organizations that employ a product-line approach to development is that when a new product is added to an existing product line, there is currently no automated way to verify the completeness and consistency of the new product’s requirements in terms of the product line. In this paper we address the issue of requirements verification for product lines. We have implemented our approach in a requirements engineering tool called DECIMAL (DECIsion Modeling AppLication). DECIMAL is a requirements verification tool with a rich graphical user interface that automatically checks for completeness and consistency between a new product and the product line to which it belongs. The verification uses an SQL database server as the underlying analysis engine. The paper describes the tool and evaluates it in two applications: a virtual-reality, positional device-driver product line and the feature-interaction resolution problem.Research is supported in part by National Science Foundation Grants 0204139 and 0205588. An early version of this paper was presented at REPL’02 (Padmanabhan and Lutz, 2002).     

支持抽象解释的静态分析方法的形式化体系研究

在安全关键领域中,如何保证软件的安全性已经成为了一个广受关注的重要课题。静态程序分析是一类十分有效的程序自动化验证方法。基于抽象解释的静态分析技术在验证软件的非功能性安全属性上表现十分突出。可配置程序分析(Configurable Program Analysis,CPA)是一种通用静态分析方法形式化体系,旨在用一种形式化体系对静态分析的分析阶段进行建模。使用CPA对基于抽象解释的静态分析进行建模,给出如何使用CPA形式化体系描述基于抽象解释的静态分析,给出了从待分析程序到CPA形式化体系的转换规则;提供了一种在安全关键性领域中的软件正确性自动验证方法,为基于抽象解释的静态分析工具的实现提供了一种可行方案。     

CALM and Cadena: metamodeling for component-based product-line development

Large-scale software development efforts are increasingly based on product lines, a development process in which developers build the software for similar product families from reusable infrastructure and common application components. Existing software modeling approaches fail to support many product-line development activities. The Cadena platform, together with its core modeling concept, the Cadena Architecture Language with Metamodeling, addresses this deficiency by providing a highly adaptive type-centric modeling framework with robust, flexible, and extensible tool support.     

遗传算法在故障树分析中的应用

本文将遗传算法引入软件可靠性的重要技术故障树分析中 ,使得传统的故障树分析方法有了更强的科学性和实用性 ,由此着重讨论了在有多重标准的系统设计中如何运用故障树分析和遗传算法来选择最优的设计方案     

Domain modeling as a basis for building a meshing tool software product line

Meshing tools are highly complex software for generating and managing geometrical discretizations. Due to their complexity, they have generally been developed by end users – physicists, forest engineers, mechanical engineers – with ad hoc methodologies and not by applying well established software engineering practices. Different meshing tools have been developed over the years, making them a good application domain for Software Product Lines (SPLs). This paper proposes building a domain model that captures the different domain characteristics such as features, goals, scenarios and a lexicon, and the relationships among them. The model is partly specified using a formal language. The domain model captures product commonalities and variabilities as well as the particular characteristics of different SPL products. The paper presents a rigorous process for building the domain model, where specific roles, activities and artifacts are identified. This process also clearly establishes consistency and completeness conditions. The usefulness of the model and the process are validated by using them to generate a software product line of Tree Stem Deformation (TSD) meshing tools. We also present Meshing Tool Generator, a software that follows the SPL approach for generating meshing tools belonging to the TSD SPL. We show how an end user can easily generate three different TSD meshing tools using Meshing Tool Generator.     

An architecture process maturity model of software product line engineering

Software architecture has been a key research area in the software engineering community due to its significant role in creating high-quality software. The trend of developing product lines rather than single products has made the software product line a viable option in the industry. Software product line architecture (SPLA) is regarded as one of the crucial components in the product lines, since all of the resulting products share this common architecture. The increased popularity of software product lines demands a process maturity evaluation methodology. Consequently, this paper presents an architecture process maturity model for software product line engineering to evaluate the current maturity of the product line architecture development process in an organization. Assessment questionnaires and a rating methodology comprise the framework of this model. The objective of the questionnaires is to collect information about the SPLA development process. Thus, in general this work contributes towards the establishment of a comprehensive and unified strategy for the process maturity evaluation of software product line engineering. Furthermore, we conducted two case studies and reported the assessment results, which show the maturity of the architecture development process in two organizations.     

Modeling safety and airworthiness (RTCA DO-178B) information: conceptual model and UML profile

Several safety-related standards exist for developing and certifying safety-critical systems. System safety assessments are common practice and system certification according to a standard requires submitting relevant system safety information to appropriate authorities. The RTCA DO-178B standard is a software quality assurance, safety-related standard for the development of software aspects of aerospace systems. This research introduces an approach to improve communication and collaboration among safety engineers, software engineers, and certification authorities in the context of RTCA DO-178B. This is achieved by utilizing a Unified Modeling Language (UML) profile that allows software engineers to model safety-related concepts and properties in UML, the de facto software modeling standard. A conceptual meta-model is defined based on RTCA DO-178B, and then a corresponding UML profile, which we call SafeUML, is designed to enable its precise modeling. We show how SafeUML improves communication by, for example, allowing monitoring implementation of safety requirements during the development process, and supporting system certification per RTCA DO-178B. This is enabled through automatic generation of safety and certification-related information from UML models. We validate this approach through a case study on developing an aircraft’s navigation controller subsystem.