嵌入式机载软件安全性分析标准_方法及工具研究综述_黄志球

ISSN1000-9825,CODENRUXUEWE-mail:jos@iscas.ac.cnJournalofSoftware,2014,25(2):200218[doi:10.13328/j.cnki.jos.004530]©.Tel/Fax:+86-10-62562563,,,,(,210016):,E-mail:zqhuang@nuaa.edu.cn,:;;;;:TP311:A:,,,,..,2014,25(2):200218.:HuangZQ,XuBF,KanSL,HuJ,ChenZ.Surveyonembeddedsoftwaresafetyanalysisstandards,methodsandtoolsforairbornesystem.RuanJianXueBao/JournalofSoftware,2014,25(2):200218(inChinese).(CollegeofComputerScienceandTechnology,NanjingUniversityofAeronauticsandAstronautics,Nanjing210016,China)Correspondingauthor:HUANGZhi-Qiu,E-mail:zqhuang@nuaa.edu.cn,:embeddedsoftware;airbornesoftwaresafety;airworthinesscertification;safetyanalysis;softwaretool,:(61272083,61100034);(CXZZ11_0218);(CXZZ11_0218):2013-05-07;:2013-09-29:201,.,,.,.,(F-22300,F-351500[1]).,,.,,,.,,,2009,AF447A330-200,,,[2];,737-800,“”,[3].,,.,(safety-critical),[4].,.,(theRadioTechnicalCommissionforAeronautics,RTCA)(DO-178B[5]DO-178C[6]).,.,,.,5:[7][8][9][10][11].,.,,,.1.2.3.4.5.,.11.1,[12].,,,.,.,,,.,[13].(softwaresafety)1979MIL-STD-1574A[14],1986,MITLeveson,[15].,,,NASA8719.13A,,,,[16];Leveson,[15];,GJB900-90[17]GJB/Z142-2004[18]202JournalofSoftwareVol.25,No.2,February2014.,,.(air-worthiness),,[19].,(safety).,(FAA)FAR(EASA)JAA(CCAC)CCAR,.,,.,.1.,FAR2x.1309.AC2x.1309,.AC20-115B[20]AC20-171[21],.AC20-148[22].,SAEARP4754/4761FAR2x.1309.RTCA/DO-178BSAEARP4754[19],AC20-115B.RTCA/DO-178CDO-178BDO-330()DO-331()DO-332()DO-333(),.,CCAR2x.1309“”.FAR2x.1309AC2x.1309ARP4754/4761AC20-115BAC20-148DO-178BDO-178CAC20-171Fig.1RelatedFARstandardandnormofsoftwaresafety1FAR1.2,,.,,,Lutz6,[23];Hauge[24];McDermid,[25];MekikondaMcCall’s,[26];McDermid,[27].[28][29][30].,,.2:203.2,,:,,,,;,,,;,,,.2,3,.23,:(1);(2);(3),3,,.Fig.2Safetyanalysisframeworkofsafetycriticalsoftware221,.,,;,.2.1,,[31].,,[32].,PerformfunctionalanalysisAssignsoftwareassurancelevelsAllocatesoftwareassuranceobjectivesDefinesoftwaresafetyrequirementstotreathazardsIdentifytosoftwarecontributiontohazardsIdentifymishaps,hazardsandfailuremodesVerifysatisfactionofsoftwaresafetyrequirementsDesign,codeandtestfunctionstomeetobjectives(2)Safetystandard-orientedsoftwaredevelopmentprocessAirbornesoftwaresafetyanalysisframework(3)Safetyrequirementverification(1)SoftwarerequirementelicitationandspecificationSafetyevidencecollectionSafetylevelallocationresultSoftwaredevelopmentprocessconformstocertificationstandardssobjectivesSafetyrequirementdescriptionSafetyrequirementsverificationprocessHazardandfailuremodesSoftwarerequirementelicitationsoftwaresafetyrequirementspecification’204JournalofSoftwareVol.25,No.2,February2014,.,,.,,.,.,,,..[33,34],.,.,.,,.:,;,.,.(preliminaryhazardanalysis,PHA)[35],,(),.(failuremodeandeffectanalysis,FMEA)[36],,.FMEA,.(hazardandoperabilitystudies,HAZOP)[37].,HAZOPHAZOPHAZOPHAZOP,.,,,.,.,,.,(eventtreeanalysis,ETA)[38,39].,,.(reliabilityblockdiagram,RBD)[40](faulttreeanalysis,FTA)[41,42]:RBD,.RBD,,.FTA.,,,.FT,,.:(dynamicfaulttree,DFT)[43];(temporalfaulttree,TFT)[44][45],TFT,;(componentfaulttree,CFT)[46](state/eventfaulttree,SEFT)[47],.,[48,49][50,51].,,.,Galileodynamicfaulttreeanalysistool[52],Relexfaulttreeanalysissoftware[53]FaultTree+[54]::205GalileoVirginia.Galileo,Gaileo:,BDD,MarkovChains;(Weibull);;;.Relexfaulttreeanalysissoftware,.Relexfaulttreeanalysistool,..FaultTree+ISOGraph,.2.2,.,3:.,,,.,.,FTASysMLUMLFHA.,,,,PetriLTLCTL.,,,[55]HAZOPFHA;[56]FTAFMEA,;[44]FTA;[57,58]FTA;[59]SysML.[60],.,,,.,,[61,62];[63]NuSCR;[64],;[65];[66].,:,,,;,,.,,.3,,.,,.,,.206JournalofSoftwareVol.25,No.2,February20143.1,(RTCA)DO-178B,.,.,,,,.,5:/[5].,,,./,,.,,.,,.,,.,,,1,A,B,C,D,E.,A,;B;CD;E.,IEC61508SIL1,SIL2,SIL3,SIL44[67].Table1SoftwarelevelofDO-178B1DO-178BLevelConditionEffectofanomalousbehaviorACatastrophicfailure“…preventcontinuedsafeflightandlanding…”BHazardous/Seversefailure“…seriousorpotentiallyfatalinjuriestoasmallnumberof