嵌入式机载软件安全性分析标准、方法及工具研究综述

嵌入式软件在安全关键系统中的应用,使得保障软件安全性成为软件工程领域的研究热点之一.以典型嵌入式软件系统机载软件为基础,对机载软件安全性保障的标准、方法及工具进行综述.首先,对机载软件领域所采用的软件安全性相关的标准进行简介,并给出机载软件安全性分析框架;其次,从机载软件安全性分析框架出发,将机载软件安全性保障方法划分为3个方面,即,机载软件安全需求的提取与规约、面向标准的机载软件开发、机载软件安全需求验证.对这3个方面的现有研究工作以及工业应用进行了综述;然后,针对当前适航标准的要求对机载软件安全性保证过程中软件安全证据的收集方面的研究工作进行了总结;最后,提出机载软件安全性领域存在的挑战和未来的研究方向.     

Requirements for programming languages in safety and security software standards

The use of modern programming languages can improve software quality. Two standards which require high quality are examined to understand how the use of programming languages is specified with the objective of satisfying safety and security requirements. Differences are noted in the two standards (ITSEC for security, UK Def Std 00–55 for safety) and suggestions are made to improve these standards.     

An overview of guidance documents for software in metrological applications

The quality characteristics of metrological software are required by national or regional legislation, e.g., in legal metrology, or for safety critical applications, or by various standards such as software product quality standards (ISO/IEC 91261) or laboratory competence standards (ISO/IEC 170252).The parties involved are interested in getting a clear guidance for software quality requirements and validation methods. In already developed guidance documents different software quality issues, software lifecycle phases and consequences of risk evaluation for software malfunction or fraud are addressed to different extents.This paper provides a comparison of approaches with the aim to support the parties involved in understanding both the common points and the differences.     

核电厂安全级仪控设备的商品级软件鉴定初论

对于结构简单、功能单一的安全级数字化仪控设备中所包含的商品级软件,特别是已经完成设计开发的软件,要求软件设计方按照相关标准实施软件的设计开发过程以及验证与确认过程是不现实的。论述了安全级数字化仪控设备中所包含的商品级软件的鉴定方法,重点介绍了IEC标准和EPRI报告中相关的鉴定方法。通过对商品级软件进行安全评价,并完成相关鉴定工作,以补充证明软件在规定条件下执行其预定的安全功能是可行的。这有利于我国的数字化仪控设备厂商开展软件的鉴定工作。     

Revised standard addresses design requirements for computers usedin nuclear power-plant safety systems

The IEEE Nuclear Engineering Committee has standards that address hardware issues. The IEEE Computer Society has standards addressing software. The P-7-4.3.2, IEEE standard criteria for digital computers in safety systems of nuclear power generating stations, which brings together standards from both groups to address the integration of computer hardware and software with noncomputer hardware, is discussed. P-7-4.3.2 is being developed to show the interrelationship of software and hardware requirements as they apply throughout the development process. The influence of system design development on system quality, system qualification, and system integrity, are described     

面向软件安全性需求分析过程的追踪模型

追踪性即关联一些制品及其中各种相关要素的机制或能力。安全关键系统开发不仅包括一般系统的开发过程,更重要的是必需要有独立的安全性分析,建立并验证系统的安全性需求。目前针对安全性分析过程的追踪性研究较少。安全相关标准如ARP-4761和DO 178C等提供了安全性分析过程的指导意见,然而其由于涉及的概念和方法很多,因此在实际应用和研究中常会忽略对一些关键信息的追踪。此外,软件安全性需求分析不仅应考虑系统到软件的安全性分析,还应考虑软件到系统的安全性分析。面向软件安全性需求分析过程建立安全性相关信息的双向追踪,有助于了解安全性需求的前因后果,为验证工作和影响分析提供便利。参照标准,构建面向软件安全性需求分析过程的追踪模型。     

Software and hardware certification of safety-critical avionic systems: A comparison study

To ensure the safety of avionic systems, civil avionic software and hardware regulated by certification authorities must be certified based on applicable standards (e.g., DO-178B and DO-254). The overall safety integrity of an avionic system, comprising software and hardware, should be considered at the system level. Thus, software and hardware components should be planned, developed and certified in a unified, harmonized manner to ensure the integral safety of the entire avionic system. One of the reasons for the high development costs of avionic systems complying with standards may be a lack of sufficient understanding of how to employ these standards efficiently. Therefore, it is important to understand the similarities and differences between DO-178B and DO-254 to effectively manage the processes required by these standards, to minimize cost, and to ultimately ensure the safety of the entire avionic system. Thus, the goal of this paper is to compare various aspects of DO-178B and DO-254 comprehensively. The paper may serve as a useful supplementary material for the practitioner to understand the rationales behind and the differences between two main standards used in avionic industries.     

Using argumentation to evaluate software assurance standards

ContextMany people and organisations rely upon software safety and security standards to provide confidence in software intensive systems. For example, people rely upon the Common Criteria for Information Technology Security Evaluation to establish justified and sufficient confidence that an evaluated information technology product’s contributions to security threats and threat management are acceptable. Is this standard suitable for this purpose?ObjectiveWe propose a method for assessing whether conformance with a software safety or security standard is sufficient to support a conclusion such as adequate safety or security. We hypothesise that our method is feasible and capable of revealing interesting issues with the proposed use of the assessed standard.MethodThe software safety and security standards with which we are concerned require evidence and discuss the objectives of that evidence. Our method is to capture a standard’s evidence and objectives as an argument supporting the desired conclusion and to subject this argument to logical criticism. We have evaluated our method by case study application to the Common Criteria standard.ResultsWe were able to capture and criticise an argument from the Common Criteria standard. Review revealed 121 issues with the analysed use of the standard. These range from vagueness in its text to failure to require evidence that would substantially increase confidence in the security of evaluated software.ConclusionOur method was feasible and revealed interesting issues with using a Common Criteria evaluation to support a conclusion of adequate software security. Considering the structure of similar assurance standards, we see no reason to believe that our method will not prove similarly valuable in other applications.     

基于PLC的声响玩具噪声自动测试仪

基于欧洲玩具安全标准对玩具噪声测试的要求,结合PLC控制技术和步进电机的工作原理,对研制的声响玩具噪声自动测试仪的结构设计、工作原理、硬件配置、软件程序和功能特性进行了详细的论述,并对实现的测试方法进行了重点阐述,指出此噪声自动测试仪可以实现一次定位、多项测量,并满足多个标准的测试要求.     

Software for protection system of VR-1 training reactor

The article deals with the software for a new protection system of the VR-1 training reactor which consists of the independent power protection and the operational power measuring systems. Both systems are computer-based, and they are diverse in sensors, hardware and software. They are responsible for nuclear safety of the reactor, so the quality requirements for their software are strict. The software was developed in accordance with nuclear standards. During the development, both software products were carefully tested, and after the integration of hardware/software, they were validated with the simulation of input signals and the checking of their responses.     

分散控制系统(DCS)项目组态设计注意要点

分散控制系统厂家执行项目设计主要包括三大部分:DCS硬件设计、DCS组态设计、DCS网络安全设计;组态设计内容主要包括数据库设计、人机界面设计、控制逻辑设计。本文从组态软件组成总体要求、组态软件选型配置标准及工程项目实施各阶段组态总体规范与要求说明三方面进行阐述,以建立相应的组态设计执行标准,提高项目组态标准化,保障项目组态的安全。     

Medical device standards' requirements for traceability during the software development lifecycle and implementation of a traceability assessment model

Developing safety critical software is a complex process. Due to the fact that medical device software failure can lead to catastrophic consequences, numerous standards have been developed which govern software development in the medical device domain. Risk management has an important role in medical device software development as it is important to ensure that safe software is developed. Demonstrating traceability of requirements right throughout the medical device software development and maintenance lifecycles is an important part of demonstrating that ‘safe’ software has been produced through adopting defined processes. Consequently, medical device standards and guidelines emphasise the need for traceability.This paper outlines the extent and diversity of traceability requirements within medical device standards and guidelines, and identifies the requirements for traceability through each phase of the software development lifecycle. The paper also summarises the findings obtained when a lightweight assessment method (Med-Trace), which we created, based upon the traceability practices within these standards, was implemented in two SME organisations. Finally we highlight how the findings indicate a lack of guidance as to what is required when implementing and maintaining a traceability process.     

煤矿安全监控系统实际应用问题探讨

就新型煤矿安全监控系统中所研究和解决的几个实际应用问题进行了论述,如采用高速以太网+现场总线网络的传输方式来提高传输速度;改进和扩展传输协议以提高数据精度;采用屏蔽、隔离、滤波、接地和软件处理变频干扰;将部分井下硬件设备内的固化参数在井上上位机软件中进行定义;优化采集数据的存储方式。结果表明,这些问题的解决,提高了监控系统的实用性,达到并高于最新的国家安全标准。     

Modeling safety and airworthiness (RTCA DO-178B) information: conceptual model and UML profile

Several safety-related standards exist for developing and certifying safety-critical systems. System safety assessments are common practice and system certification according to a standard requires submitting relevant system safety information to appropriate authorities. The RTCA DO-178B standard is a software quality assurance, safety-related standard for the development of software aspects of aerospace systems. This research introduces an approach to improve communication and collaboration among safety engineers, software engineers, and certification authorities in the context of RTCA DO-178B. This is achieved by utilizing a Unified Modeling Language (UML) profile that allows software engineers to model safety-related concepts and properties in UML, the de facto software modeling standard. A conceptual meta-model is defined based on RTCA DO-178B, and then a corresponding UML profile, which we call SafeUML, is designed to enable its precise modeling. We show how SafeUML improves communication by, for example, allowing monitoring implementation of safety requirements during the development process, and supporting system certification per RTCA DO-178B. This is enabled through automatic generation of safety and certification-related information from UML models. We validate this approach through a case study on developing an aircraft’s navigation controller subsystem.     

安全关键软件术语推荐和需求分类方法

安全关键软件需求中的相关知识大多需要手工提取,既费时又费力。近年来,人工智能技术逐渐被应用于安全关键软件设计与开发过程中,以减少工程师的手工劳动,缩短软件开发的生命周期。文中提出了一种安全关键软件术语推荐和需求分类方法,为安全关键软件需求规约提供了基础。首先,基于词性规则和依存句法规则对候选术语进行提取,通过术语相似度计算和聚类方法对候选术语进行聚类,将聚类结果推荐给工程师;其次,基于特征提取方法和分类方法将安全关键软件需求自动分为功能、安全性、可靠性等需求;最后,在AADL(Architecture Analysis and Design Language)开源建模环境OSATE中实现了原型工具TRRC4SCSTool,并基于工业界案例需求、安全分析与认证标准等构建实验数据集进行了实验验证,证明了所提方法的有效性。     

Gas burner control using microprocessors

The application of microprocessors to the direct supervision of industrial gas burners offers several advantages over existing technology. The achievement of adequate safety standards poses particular design problems which are not conveniently solved by multiple-channel redundancy. A hierarchical multiple-burner control system is described in which hardware and software combine to achieve required levels of safety. The architecture permits comprehensive facilities for reading out information on the state of the various burners, both locally and at a remote location. In hazardous or noisy environments a fibre-optic link can be used for remote communication.     

工业级软件执行核电厂A类功能的适用性分析

由于对核电厂执行A类安全功能的软件要求极高,必须遵守核质保体系的开发要求,如HAF 003和IEC 60880等,市场上这类软件较少.对此,核电用户将目光转向基于工业标准IEC 61508-3开发的软件.这些软件有着良好的应用经验,但是其开发和鉴定过程并不严格依据核电领域的相关标准.因此,这类工业级软件是否有足够高的可...     

双MCU功能安全型智能安全继电器设计

安全继电器是一种用于工业设备的安全控制模块,在工业现场起到保护人员生命财产安全的作用,在工业安全领域,有着极为广泛的应用。阐述了目前国内安全继电器市场应用的现状:安全标准,国家政策法规滞后,功能安全认证门槛较高,核心部件强制导向继电器依赖于进口。通过对功能安全基础标准IEC 61508和机械安全标准ISO 13849进行深入研究,针对国产安全继电器品牌性价比不高、功能安全认证困难的痛点,提出了一种性价比极高的智能型安全继电器的技术方案。借助普通单片机的I/O控制、信号采集,以及软件诊断,实现了使用普通继电器就能满足安全继电器的安全要求和安全等级的需求,降低了成本。对功能安全的认证流程、要求及工作内容进行了简单的梳理,为国内功能安全认证提供了借鉴。     

在用煤矿安全监控系统评测软件的设计

针对煤矿安全监控系统在实际应用中存在性能指标不能完全符合相关标准和规范的问题,提出了一种在用煤矿安全监控系统评测软件的设计方案,分析了该评测软件的原理,详细介绍了系统信息维护模块、评测数据分析显示模块、数据同步功能模块的设计与实现,并给出了该评测软件的操作流程。该评测软件结合嵌入式在线检测装置,即可完成对煤矿安全监控系统性能指标、使用维护等方面的评测工作。