安全关键软件防危性评测方法研究

分析军用软件的高可靠性要求及军用安全关键软件防危性评测的必要性,确定防危性评估指标.提出利用基于重要性采样及加速测试技术下的软件防危性测试数据,建立小子样条件下基于贝叶斯估计的软件防危性评测方法.以非齐次泊松过程(NHPP)软件可靠性评估模型为例,利用自助法采样确定模型参数的验前分布,利用贝叶斯估计进行参数的验后计算得到模型估计值,联合测试加速度因子计算得到软件实际事故率评估值.算例分析表明,该评测过程具有一定合理性和可行性.     

一种结合线性时序逻辑和故障树的软件安全验证方法

嵌入式软件在安全关键领域的广泛应用使得保障软件的安全性成为学界的研究热点。故障树技术是工业界常用的传统的安全分析方法之一。然而,传统的故障树无法精确描述安全关键系统中具有时序特征的系统故障。针对此问题,给出了一种结合线性时序逻辑和故障树的安全验证方法。该方法运用线性时序逻辑对故障树进行形式化规约,从中抽取出软件安全属性并用时序逻辑公式进行描述,用以支持对安全关键软件的模型检验。最后,以某机载控制系统软件数据处理故障模块的模型检验为例,来说明该方法的有效性和可行性。     

基于测试的安全软件的安全性评估

安全软件的失效可能带来灾难性的后果或重大经济损失,因此,科学地评估安全软件的安全性十分必要。本文介绍了软件分级安全性的基本概念和贝叶斯模型,重点讨论了如何应用测试结果定量评估安全关键软件的安全性的方法,最后给出了一个铁路信号控制安全软件的安全性评价实例。     

软件安全性3M评价模型复杂度因子的研究

安全苛求系统需要防范意外事件造成对人的生命、大宗财产或环境的损害。因此,对安全苛求软件的测试、安全性评价非常重要。多元、多模型、多阶段的3M评价法能够利用后续测试得到的信息不断对评价因子进行修正,提高了评价的准确性。该文对软件致险缺陷估计模型作了某些改进,然后着重对复杂度因子作了一些研究。     

A mathematical modeling framework for software reliability testing†

Software reliability testing refers to various software testing activities that are driven to achieve a quantitative reliability goal given a priori or lead to a quantitative reliability assessment for the software under test. In this paper we develop a modeling framework for the software reliability testing process, comprising a simplifying model and a generalized model. In both models the software testing action selection process and the defect removal mechanism are explicitly described. Both the discrete-time domain and the continuous-time domain are involved. The generalized model is more accurate or realistic than the simplifying model since the former avoids the assumption that defects are equally detectable and the assumption that defects are removed upon being detected. However simulation examples show that the simplifying model really captures some of essential features of the software testing process after a short initial testing stage. The modeling framework is practically realistic, mathematically rigorous, and quantitatively precise. It demonstrates that the relationship between software testing and delivered software reliability, which was poor understood, can well be formulated and quantified. Rigorous examinations show that several common assumptions adopted in software reliability modeling, including the independence assumption, the exponentiality assumption, and the NHPP assumption, are theoretically false in general. This paper sets a good starting point to further formalize and quantify the software testing process and its relation to delivered software reliability.     

Reliability growth modeling and optimal release policy under fuzzy environment of an N-version programming system incorporating the effect of fault removal efficiency

Failure of a safety critical system can lead to big losses.Very high software reliability is required for automating the working of systems such as aircraft controller and nuclear reactor controller software systems.Fault-tolerant softwares are used to increase the overall reliability of software systems.Fault tolerance is achieved using the fault-tolerant schemes such as fault recovery (recovery block scheme),fault masking (N-version programming (NVP)) or a combination of both (Hybrid scheme).These softwares incorporate the ability of system survival even on a failure.Many researchers in the field of software engineering have done excellent work to study the reliability of fault-tolerant systems.Most of them consider the stable system reliability.Few attempts have been made in reliability modeling to study the reliability growth for an NVP system.Recently,a model was proposed to analyze the reliability growth of an NVP system incorporating the effect of fault removal efficiency.In this model,a proportion of the number of failures is assumed to be a measure of fault generation while an appropriate measure of fault generation should be the proportion of faults removed.In this paper,we first propose a testing efficiency model incorporating the effect of imperfect fault debugging and error generation.Using this model,a software reliability growth model (SRGM) is developed to model the reliability growth of an NVP system.The proposed model is useful for practical applications and can provide the measures of debugging effectiveness and additional workload or skilled professional required.It is very important for a developer to determine the optimal release time of the software to improve its performance in terms of competition and cost.In this paper,we also formulate the optimal software release time problem for a 3VP system under fuzzy environment and discuss a the fuzzy optimization technique for solving the problem with a numerical illustration.     

Optimal software release scheduling based on artificial neural networks

The determination of the optimal software release schedule plays an important role in supplying sufficiently reliable software products to actual market or users. In the existing methods, the optimal software release schedule was determined by assuming the stochastic and/or statistical model called software reliability growth model. In this paper, we propose a new method to estimate the optimal software release timing which minimizes the relevant cost criterion via artificial neural networks. Recently, artificial neural networks are actively studied with many practical applications and are applied to assess the software product reliability. First, we interpret the underlying cost minimization problem as a graphical one and show that it can be reduced to a simple time series forecasting problem. Secondly, artificial neural networks are used to estimate the fault-detection time in future. In numerical examples with actual field data, we compare the new method based on the neural networks with existing parametric methods using some software reliability growth models and illustrate its benefit in terms of predictive performance. A comprehensive bibliography on the software release problem is presented. This revised version was published online in June 2006 with corrections to the Cover Date.     

安全关键软件术语推荐和需求分类方法

安全关键软件需求中的相关知识大多需要手工提取,既费时又费力。近年来,人工智能技术逐渐被应用于安全关键软件设计与开发过程中,以减少工程师的手工劳动,缩短软件开发的生命周期。文中提出了一种安全关键软件术语推荐和需求分类方法,为安全关键软件需求规约提供了基础。首先,基于词性规则和依存句法规则对候选术语进行提取,通过术语相似度计算和聚类方法对候选术语进行聚类,将聚类结果推荐给工程师;其次,基于特征提取方法和分类方法将安全关键软件需求自动分为功能、安全性、可靠性等需求;最后,在AADL(Architecture Analysis and Design Language)开源建模环境OSATE中实现了原型工具TRRC4SCSTool,并基于工业界案例需求、安全分析与认证标准等构建实验数据集进行了实验验证,证明了所提方法的有效性。     

Imperfect debugging models with fault introduction rate for software reliability assessment

In general it is considered to be unrealistic in software reliability modelling to assume that the faults detected by software testing are perfectly removed without introducing new faults. In this paper we propose two software reliability assessment models with imperfect debugging by assuming that new faults are sometimes introduced when the faults originally latent in a software system are corrected and removed during the testing phase. It is assumed that the fault detection rate is proportional to the sum of the numbers of faults remaining originally in the system and faults introduced by imperfect debugging. These two models are described by a nonhomogeneous Poisson process. Several quantitative measures for reliability assessment are derived, and the maximum likelihood estimations of unknown model parameters are presented. Finally, numerical examples of software reliability analysis based on these two models are shown.     

Allocation and analysis of reliability: multiple levels: system, subsystem, and module

We model the reliability allocation and prediction process across a hierarchical software system comprised of modules, subsystems, and system. We experiment in modeling complex reliability software systems using several software reliability models to test the feasibility of the process and to evaluate the accuracy of the models for this application. This is a subject deserving research and experimentation because this type of system is implemented in safety-critical projects, such as National Aeronautics and Space Administration (NASA) flight software modules, that we use in our experiments. Given the reliability requirement of a software system in the software planning or design stage, we predict each module’s reliability and their relationships (e.g., reliability interactions among modules, subsystems, and system), Our critical interfaces and components are failure-mode sequences and the modules that comprise these sequences, respectively. In addition, we evaluate how sensitive the achievement of reliability goals is to predicted component reliabilities that do not meet expectations.     

基于AADL的失效概率分配及安全性评估方法

当代航空系统是复杂的安全关键信息物理融合系统（cyber-physical system，简称CPS）.失效概率分配是民用航空系统及设备初步系统安全性评估过程的重要工作，AADL（architecture analysis and design language）适用于航电系统的设计开发，对AADL模型实施失效概率分配和安全性评估是不可或缺的.提出了基于AADL的失效概率分配方法，可将系统失效概率分配给子构件，作为其安全性需求.该方法综合考虑系统架构设计、模型复杂度和严酷度（severity）等级.通过结合失效概率分配方法和确定性随机Petri网（deterministic stochastic Petri-net，简称DSPN），进一步提出了基于AADL的安全性评估方法，将系统的AADL模型转换为DSPN模型，以计算子构件的失效概率，并评估子构件是否满足安全性需求，直到设计出满足安全性目标的架构模型.最后给出了失效概率分配方法与安全性评估方法的实现算法和工具结构，并通过将所提出的方法应用到飞行控制系统，表明所提方法能够有效地完成失效概率分配和安全性评估.     

软件安全性研究综述

软件是安全性关键的软件密集型系统(比如综合航电系统)的一个重要安全因子,软件安全性已逐渐成为软件工程和安全工程交又领域的研究热点之一。对软件安全性的内涵与外延进行了剖析,给出了软件安全性定义。讨论了软件安全性的度量模型。着重从软件工程的视角对软件安全性的开发过程、设计方案、评估方法与认证技术等现状进行了综述,并探讨了软件安全性的研究方向。     

安全苛求软件的安全性混沌分析

对软件安全性的研究大多基于概率的或随机过程的软件可靠性理论,但是首先安全性并不等同于可靠性,再则可靠性概念在21世纪随科技的发展也在演化。在研究安全苛求软件及其失效的特征的基础上,使用混沌的方法研究其安全性具有合理性。采用嵌入空间的技术可从时间序列中重构出具有系统特征的相平面和吸引子,由此可以预测危险。铁路联锁软件是典型的安全苛求软件,安全性的混沌分析将有助于实施高效的铁路联锁软件的现场测试。     

联锁逻辑模型的安全性分析

故障树分析法(FTA)用于静态分析系统失效的可能事件和状态,是分析安全苛求系统的可靠性和安全性的一种有效方法。时间Petri网(TPN)描述具有时序关系的并发系统,用于系统行为的动态建模。但利用时间Petri网无法严格证明其模型是安全的。提出了一种用于时间Petri网模型的安全性分析方法,该方法有效地结合故障树分析法和时间Petri网的各自优点,实际应用于联锁逻辑模型的安全性分析,并对不安全的模型提出修正方案。     

安全性苛求系统中关于软件安全性评价的研究

安全性苛求系统由于其行为直接关系人身和大宗财产的安全，需要有一个安全性定量指标来反映系统中计算机软件的安全性品质，由于安全性苛求系统的软件在开发时规定要采取一系列可靠性和安全性措施，到形成产品后，软件内部缺陷的暴露都是一些小概率事件，如果仅仅依靠测试数据进行安全性定量评估，由于测试开销的限制，依据似感不不足，本文提出一种多元、多模型，多阶段进行安全性评价的方法，在系统开发和运用的不同阶段，从不同角度，利用历史和当前的数据，依靠客观和主观的判断，对系统的安全性进行评价，希望较完整地反映系统的安全性。     

基于软件完整性级别的软件可靠性度量选取框架

选取合适的软件可靠性度量,对于软件质量保证及项目管理有着重要意义。现有的软件可靠性度量选取方法没有考虑软件完整性级别这个重要的设计属性。完整性级别表示软件特性的取值范围,该范围对将系统风险保持在可容忍的限度内是必需的,其对软件可靠性水平有显著影响。提出了一种基于完整性级别的可靠性度量选取框架:首先给出基于完整性级别的度量选取体系;然后在选取体系的基础上,给出相应的度量选取方法;最后,将提出的度量选取框架应用于ISO/IEC 9126质量模型中的外部软件可靠性度量,根据度量的特点将每种度量不同程度(基本、条件及参考)地推荐给不同的完整性级别。实例表明,基于完整性级别的度量选取技术是系统且有效的,所推荐的度量可以满足软件尤其是安全关键软件在不同完整性级别上的需求。     

Reliability analysis and optimal version-updating for open source software

Context

Although reliability is a major concern of most open source projects, research on this problem has attracted attention only recently. In addition, the optimal version-dating for open source software considering its special properties is not yet discussed.

Objective

In this paper, the reliability analysis and optimal version-updating for open source software are studied.

Method

A modified non-homogeneous Poisson process model is developed for open source software reliability modeling and analysis. Based on this model, optimal version-updating for open source software is investigated as well. In the decision process, the rapid release strategy and the level of reliability are the two most important factors. However, they are essentially contradicting with each other. In order to consider these two conflicting factors simultaneously, a new decision model based on multi-attribute utility theory is proposed.

Results

Our models are tested on the real world data sets from two famous open source projects: Apache and GNOME. It is found that traditional software reliability models provide overestimations of the reliability of open source software. In addition, the proposed decision model can help management to make a rational decision on the optimal version-updating for open source software.

Conclusion

Empirical results reveal that the proposed model for open source software reliability can describe the failure process more accurately. Furthermore, it can be seen that the proposed decision model can assist management to appropriately determine the optimal version-update time for open source software.     

使用基于脚本的故障注入测试安全苛求软件

由于安全性苛求软件直接关系人身和大宗财产的安全,为此需要对软件进行严格的安全性测试。提出了一个基于脚本语言的故障注入方法以期得到新的测试手段。此方法通过在故障环境下运行安全苛求软件检验其是否容错和故障安全,结果显示软件测试覆盖率和揭错能力均有增强。该系统可进一步提高安全苛求软件测试自动化水平和测试效率。     

The determination of optimal software release times at different confidence levels with consideration of learning effects

As most software reliability models do not clearly explain the variance in the mean value function of cumulative software errors, they might not be effective in deducing the confidence interval regarding the mean value function. In such cases, software developers cannot estimate the possible risk variation in software reliability by using the randomness of the mean value function, thus reducing the decision‐making reliability when determining an optimal software release time. In this paper, the method of stochastic differential equations is used to build a software reliability model, which is validated based on practical data previously used in six published papers. Moreover, the estimation of the parameters of the proposed model, which can be defined as the autonomous error‐detected factor and the learning factor, is also illustrated, and the results of model validation empirically confirm that the proposed model is able to account for a fairly large portion of the variance of the mean value function. Additionally, the confidence intervals of the mean value function regarding software faults are employed to assist software developers in determining the optimal release times at different confidence levels. Finally, a numerical example is given to verify the effectiveness of the proposed model. Copyright © 2008 John Wiley & Sons, Ltd.