软件安全性残留风险分级评估的实例分析

评估软件安全性常用的方法有风险评估和基于可靠性模型的评估。基于上述二种方法提出了残留风险分级评估方法。该方法用失效强度和失效严重度来刻画软件的风险,较好地解决了由于测试数据按失效严重度分类后数据少而难以应用可靠性模型的问题,并用实例说明了新方法的可行性。     

安全性苛求系统中关于软件安全性评价的研究

安全性苛求系统由于其行为直接关系人身和大宗财产的安全，需要有一个安全性定量指标来反映系统中计算机软件的安全性品质，由于安全性苛求系统的软件在开发时规定要采取一系列可靠性和安全性措施，到形成产品后，软件内部缺陷的暴露都是一些小概率事件，如果仅仅依靠测试数据进行安全性定量评估，由于测试开销的限制，依据似感不不足，本文提出一种多元、多模型，多阶段进行安全性评价的方法，在系统开发和运用的不同阶段，从不同角度，利用历史和当前的数据，依靠客观和主观的判断，对系统的安全性进行评价，希望较完整地反映系统的安全性。     

Stochastic software safety/reliability measurement and its application

Safety and reliability have become important software quality characteristics in the development of safety-critical software systems. However, there are so far no quantitative methods for assessing a safety-critical software system in terms of the safety/reliability characteristics. The metrics of software safety is defined as the probability that conditions that can lead to hazards do not occur. In this paper, we propose two stochastic models for software safety/reliability assessment: the data-domain dependent safety assessment model and the availability-related safety assessment model. These models focus on describing the time- or execution-dependent behavior of the software faults which can lead to unsafe states when they cause software failures. The application of one of these models to optimal software release problems is also discussed. Finally, numerical examples are illustrated for quantitative software safety assessment and optimal software release policies. This revised version was published online in June 2006 with corrections to the Cover Date.     

Assessing the risk due to software faults: estimates of failure rate versus evidence of perfection

In the debate over the assessment of software reliability (or safety), as applied to critical software, two extreme positions can be discerned: the ‘statistical’ position, which requires that the claims of reliability be supported by statistical inference from realistic testing or operation, and the ‘perfectionist’ position, which requires convincing indications that the software is free from defects. These two positions naturally lead to requiring different kinds of supporting evidence, and actually to stating the dependability requirements in different ways, not allowing any direct comparison. There is often confusion about the relationship between statements about software failure rates and about software correctness, and about which evidence can support either kind of statement. This note clarifies the meaning of the two kinds of statement and how they relate to the probability of failure-free operation, and discusses their practical merits, especially for high required reliability or safety. © 1998 John Wiley & Sons, Ltd.     

小子样统计理论及IC可靠性评估

小子样IC可靠性评估方法显得越来越重要,传统的小子样可靠性评估是基于Bayes方法,其主要特点是可充分利用先验信息进行统计推断,近年来发展的支持向量机(SVM)在小子样可靠性评估中具有独特的优势,已在软件可靠性评估和可靠性预测方面取得了重要应用.将SVM与Bayes方法相结合并应用于小子样IC的可靠性评估,将大大节省IC可靠性评估的时间,有效地提高工作效率.     

软件安全性评估方法综述

软件安全性评估的目的是评价软件是否达到系统规范所要求的安全性。该文对国内外关于软件安全性评估的方法进行了分析,将其分为风险矩阵评估、模糊评估和基于可靠性模型的评估等类别,并对上述几种方法做了相应的比较。     

Risk Assessment of Computer Controlled Systems

Software is increasingly being used to control and monitor systems for which safety and reliability are critical. When comparing software designs for such systems, an evaluation of how each design can contribute to the risk of system failure is desirable. Unfortunately, the science of risk assessment of combined hardware and software systems is in its infancy. Risk assessment of combined hardware/software systems is often based on oversimplified assumptions about software behavior.     

Evaluating testing methods by delivered reliability [software]

There are two main goals in testing software: (1) to achieve adequate quality (debug testing), where the objective is to probe the software for defects so that these can be removed, and (2) to assess existing quality (operational testing), where the objective is to gain confidence that the software is reliable. Debug methods tend to ignore random selection of test data from an operational profile, while for operational methods this selection is all-important. Debug methods are thought to be good at uncovering defects so that these can be repaired, but having done so they do not provide a technically defensible assessment of the reliability that results. On the other hand, operational methods provide accurate assessment, but may not be as useful for achieving reliability. This paper examines the relationship between the two testing goals, using a probabilistic analysis. We define simple models of programs and their testing, and try to answer the question of how to attain program reliability: is it better to test by probing for defects as in debug testing, or to assess reliability directly as in operational testing? Testing methods are compared in a model where program failures are detected and the software changed to eliminate them. The “better” method delivers higher reliability after all test failures have been eliminated. Special cases are exhibited in which each kind of testing is superior. An analysis of the distribution of the delivered reliability indicates that even simple models have unusual statistical properties, suggesting caution in interpreting theoretical comparisons     

软件可靠度的模糊故障树评定方法

软件可靠性的定量评价是软件可靠性工程的关键问题之一,采用故障树方法对软件进行定性和定量分析,提出了两类情况下对影响软件可靠性的主次因素划分及其模糊权重的计算方法。在此基础上,建立多级模糊评价模型,提出了增广和聚合算法,并给出了软件可靠度算式。选择某型航空装备软件进行了测试实例分析,实验结果表明了该方法评价结构的合理性与评价算法的有效性,适用于软件质量及开发过程控制的工程实践。     

C++ in safety critical systems

The safety and reliability of software is influenced by the choice of implementation language and the choice of programming idioms. C++ is gaining popularity as the implementation language of choice for large software projects because of its promise to reduce the complexity and cost of their construction. But is C++ an appropriate choice for such projects? An assessment of how well C++ fits into recent software guidelines for safety critical systems is presented along with a collection of techniques and idioms for the construction of safer C++ code.     

基于用例的软件复杂度估算及应用

用例驱动是RUP开发过程的要素之一。研究基于用例的软件复杂度,对于项目规模估算、进度控制和度量、评估都具有积极的意义。讨论了在用例驱动的软件开发过程中如何获取、量化用例层次上的软件复杂度的方法,概括了其研究的意义,并根据它对软件可靠性相关指标参数的影响,探讨基于用例的软件可靠性度量分析方法的改进。     

基于用例的软件复杂度估算及应用

用例驱动是RUP开发过程的要素之一。研究基于用例的软件复杂度，对于项目规模估算、进度控制和度量、评估都具有积极的意义。讨论了在用例驱动的软件开发过程中如何获取、量化用例层次上的软件复杂度的方法，概括了其研究的意义，并根据它对软件可靠性相关指标参数的影响，探讨基于用例的软件可靠性度量分析方法的改进。     

基于加速剖面的软件防危性验证测试方法

在严格区分软件防危性和可靠性的基础上,提出一种基于加速剖面的软件防危性验证测试方法。该方法通过系统性的防危分析,构建软件加速剖面,根据重要性取样原理求得测试加速因子,能在减少测试代价的同时实现对软件防危性指标的高可信验证测试。     

Benchmarking Kappa: Interrater Agreement in Software Process Assessments

Software process assessments are by now a prevalent tool for process improvement and contract risk assessment in the software industry. Given that scores are assigned to processes during an assessment, a process assessment can be considered a subjective measurement procedure. As with any subjective measurement procedure, the reliability of process assessments has important implications on the utility of assessment scores, and therefore the reliability of assessments can be taken as a criterion for evaluating an assessment's quality. The particular type of reliability of interest in this paper is interrater agreement. Thus far, empirical evaluations of the interrater agreement of assessments have used Cohen's Kappa coefficient. Once a Kappa value has been derived, the next question is “how good is it?” Benchmarks for interpreting the obtained values of Kappa are available from the social sciences and medical literature. However, the applicability of these benchmarks to the software process assessment context is not obvious. In this paper we develop a benchmark for interpreting Kappa values using data from ratings of 70 process instances collected from assessments of 19 different projects in 7 different organizations in Europe during the SPICE Trials (this is an international effort to empirically evaluate the emerging ISO/IEC 15504 International Standard for Software Process Assessment). The benchmark indicates that Kappa values below 0.45 are poor, and values above 0.62 constitute substantial agreement and should be the minimum aimed for. This benchmark can be used to decide how good an assessment's reliability is.     

安全关键软件防危性评测方法研究

分析军用软件的高可靠性要求及军用安全关键软件防危性评测的必要性,确定防危性评估指标.提出利用基于重要性采样及加速测试技术下的软件防危性测试数据,建立小子样条件下基于贝叶斯估计的软件防危性评测方法.以非齐次泊松过程(NHPP)软件可靠性评估模型为例,利用自助法采样确定模型参数的验前分布,利用贝叶斯估计进行参数的验后计算得到模型估计值,联合测试加速度因子计算得到软件实际事故率评估值.算例分析表明,该评测过程具有一定合理性和可行性.     

Software Reliability—Status and Perspectives

It is essential to assess the reliability of digital computer systems used for critical real-time control applications (e.g., nuclear power plant safety control systems). This involves the assessment of the design correctness of the combined hardware/software system as well as the reliability of the hardware. In this paper we survey methods of determining the design correctness of systems as applied to computer programs.     

高可靠软件的可靠性评估技术

研究了高可靠软件的可靠性评估技术,给出了失效数据稀少情况下的软件可靠性模型.假设高可靠软件的可靠性测试过程中发生失效是独立同分布的稀有事件,从理论上分析了极值统计理论用于软件可靠性评估的可行性,建立了软件可靠性极值统计模型,讨论了模型的参数估计方法和假设检验方法.     

Survey of reliability and availability prediction methods from the viewpoint of software architecture

Many future software systems will be distributed across a network, extensively providing different kinds of services for their users. These systems must be highly reliable and provide services when required. Reliability and availability must be engineered into software from the onset of its development, and potential problems must be detected in the early stages, when it is easier and less expensive to implement modifications. The software architecture design phase is the first stage of software development in which it is possible to evaluate how well the quality requirements are being met. For this reason, a method is needed for analyzing software architecture with respect to reliability and availability. In this paper, we define a framework for comparing reliability and availability analysis methods from the viewpoint of software architecture. Our contribution is the comparison of the existing analysis methods and techniques that can be used for reliability and availability prediction at the architectural level. The objective is to discover which methods are suitable for the reliability and availability prediction of today’s complex systems, what are the shortcomings of the methods, and which research activities need to be conducted in order to overcome these identified shortcomings. The comparison reveals that none of the existing methods entirely fulfill the requirements that are defined in the framework. The comparison framework also defines the characteristics required of new reliability and availability analysis methods. Additionally, the framework is a valuable tool for selecting the best suitable method for architecture analysis. Furthermore, the framework can be extended and used for other evaluation methods as well.     

舰船装备软件构件可靠性评估方法

为了解决对当前大型舰船装备软件构件可靠性评估不够直观详细,构件的性能参数缺乏足够的测试数据。针对以上问题进行研究,提出针对舰船装备软件构件的可靠性评估方法、分析和综合评价的工具。本文提出了一种针对舰船装备软件构件可靠性评估方法,接着对其评估过程进行介绍。最后,在开发出的可靠性评估工具上对方法进行验证,它可以实现软件可靠性早期预计以及可靠性分析的自动化实施。该软件可以极为方便的帮助软件可靠性工程师实现舰船装备软件构件可靠性早期预计分析工作,具有重要的工程意义。     

某通讯监控系统可靠性分配与验证

本文在探讨各种软件可靠性分析方法的基础上,利用基于软件复杂性因子的分配方法对某通讯监控系统进行了可靠性指标分配与验证,详细介绍了特定系统可靠性分配的一般分析方法与其实现过程,其它类似系统亦可参照使用。