CN106528407A - Embedded software security automation verification system and verification method thereof - Google Patents

Embedded software security automation verification system and verification method thereof Download PDF

Info

Publication number
CN106528407A
CN106528407A CN201610908949.0A CN201610908949A CN106528407A CN 106528407 A CN106528407 A CN 106528407A CN 201610908949 A CN201610908949 A CN 201610908949A CN 106528407 A CN106528407 A CN 106528407A
Authority
CN
China
Prior art keywords
software
security
module
verification
test
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610908949.0A
Other languages
Chinese (zh)
Other versions
CN106528407B (en
Inventor
周汉清
黄燕冰
江志炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Aero Polytechnology Establishment
Original Assignee
China Aero Polytechnology Establishment
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Aero Polytechnology Establishment filed Critical China Aero Polytechnology Establishment
Priority to CN201610908949.0A priority Critical patent/CN106528407B/en
Publication of CN106528407A publication Critical patent/CN106528407A/en
Application granted granted Critical
Publication of CN106528407B publication Critical patent/CN106528407B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses an embedded software security automation verification system and a verification method thereof. According to the technical scheme, double verification of software security is realized in combination with a model checking-based formal verification technology and a model-based software test technology. The automation verification system disclosed by the invention comprises four parts, which are a software demand modeling module, a security verification rule database, a formal verification module, and a security test module respectively. The software demand modeling module comprises two sub-modules, wherein the ICD modeling module describes a software external cross-linking environment, and the formal modeling module describes a software internal behavior. The security verification rule database is constructed and used for storing security verification rules. The formal verification module is constructed and used for performing model verification on a software demand based on the security verification rules and a model detection algorithm. The software detection module comprises two modules, wherein the test case generation module is used for generating an executable security case, and a test case translation module performs format conversion on the generated case.

Description

A kind of embedded software security automatic Verification system and its verification method
Technical field
The present invention is a kind of embedded software security automatic Verification system and its verification method, belongs to software security Analysis field.
Background technology
Embedded software is extensively applied in fields such as Aero-Space, and increasing function is realized using software.In recent years, With the raising of software complexity, caused by software failure, faults frequent occurs, therefore ensures the security of embedded software Become the study hotspot of field of software engineering in recent years.American-European mature experience shows that it is to carry to carry out software security analysis work Rise the effective ways of software quality, groundwork includes the extraction of embedded software demand for security and stipulations, towards the embedding of standard Enter formula software development, embedded software demand for security and verify three partial contents.
Embedded software requirements verification is the key link in safety analysis, and Formal Verification and software test are embedded The main method of formula software security requirements verification.Both approaches cut both ways, and Formal Verification can be in software requirement analysis Model leak is found with the early stage of design, is shortened the R&D cycle, and can be excavated by multiple controls by Formal Verification Data interaction, temporal constraint between function, the software requirement defect that concurrently the complex logic relation such as combination causes.But form The change method complexity of itself proposes very high requirement to engineering staff so that current popularization at home is using extremely difficult. Additionally, the analysis of Formal Verification to as if software model, it is impossible to find software model with implement it is inconsistent and caused Software defect.At home, software test remains the maximally effective means improved to software security, and software test is generally being ground The middle and later periods of system carries out, and tested software is run in being installed in real hardware device, can not only find out the local of code realization The minor details problem such as method fault, moreover it is possible to find out due to software realize with model logically away from and caused great peace Full sex chromosome mosaicism.But the coverage rate in software test procedure due to test case is limited, it is difficult to test of the limit to whole system, and The operation of Safety-Critical System is generally relevant with external environment condition, and which performs, and tests extremely difficult, therefore Method for testing software can not fundamentally ensure the security of system.
At present, formalization verification method due to theoretical property it is stronger, the less development in embedded software development process.And it is right In software test, although have partial test platform to occur, but popularity is relatively low.Mostly by the way of manual testing, for Complicated software systems, testing efficiency are low, and cannot find software issue caused by concurrent, multi-functional conflict of multimode etc..
The content of the invention
The present invention is exactly designed there is provided a kind of embedded software for deficiency present in above-mentioned prior art Security automatic Verification system and its verification method, its objective is according to the characteristics of Formal Verification and software test and complementation Property, both technological means are blended, with reference to domestic project reality and manufacture claim, Essential Elements Of Analysis and engineering limit is considered System, proposes a kind of kind embedded software security automatic Verification system for meeting domestic Development Status and its verification method, carries High country's embedded software requirements verification level.
The purpose of the present invention is achieved through the following technical solutions:
Technical solution of the present invention proposes a kind of embedded software security automatic Verification system, it is characterised in that:Should System includes:
A software requirement modeling modules (1), its function are the ICD files and requirements specification pair according to software to be verified Software to be verified carries out formalized description, forms software requirement model file, and the software requirement modeling module (1) includes:
ICD MBMs (2), its function are the outside crosslinking environment of description running software to be verified, including setting with outside Crosslinking relation, bus type and communication protocol between standby, forms ICD model datas;
Software form MBM (3), its function are on the basis of ICD model datas, using UML and OCL forms Change the internal act that language describes software to be verified, including state transition and function logic, ultimately form software requirement model text Part;
In the software requirement modeling module (1), ICD MBMs (2) are connected with software form MBM (3), by ICD MBMs (2) transmit ICD model datas to software form MBM (3);
B security verification rule databases (4), its function is storage security proof rule, and provide inquiry, matching, The interface for updating, safeguarding;
C-shaped formula authentication module (5), respectively with software requirement modeling module (1) and security verification rule database (4) Connection, from software requirement modeling module (1) to Formal Verification module (5) transmitting software demand model file, is tested by security Card rule database (4) provides the foundation of checking, i.e. security verification rule to Formal Verification module (5), and the form is chemically examined The function of card module (5) is based on the security verification rule in security verification rule database (4), to software requirement modeling The software requirement model file that module (1) is formed carries out Formal Verification, forms Formal Verification result;
D security test modules (6), respectively with software requirement modeling module (1), security verification rule database (4) It is connected with Formal Verification module (5), providing software from software requirement modeling module (1) to security test module (6) needs Model file is sought, and security verification rule is provided from security verification rule database (4) to security test module (6), by Formal Verification module (5) provides Formal Verification result to security test module (6), the security test module (6) Function is that the software requirement model file of basis and Formal Verification result and security verification rule generate test case simultaneously Use-case form conversion is carried out by translation, to adapt to the needs of different test execution platforms, the security test module (6) is wrapped Include:
Test cases technology module (7), its function are the test cases for generating XML format;
Test case translation module (8), its function receive the test of the XML format that Test cases technology module (7) is generated Use-case, and the test case of other forms is transcribed into, other forms include natural language form, script form.
Technical solution of the present invention also proposes the verification method for above-mentioned embedded software security automatic Verification system, It is characterized in that:The step of the method, is as follows:
Step one, by the outside crosslinking environment to running software to be verified, close including the crosslinking between external equipment The description of system, bus type and communication protocol, sets up ICD model datas;
Step 2, on the basis of ICD model datas, using the internal rows of OCL Formal Language Descriptions software to be verified For including state transition and function logic, setting up software requirement model file;
Step 3, by existing software failure reason, conclusion forms security verification rule, sets up security verification rule Database;Step 4, based in security verification rule database security verification rule, software requirement model file is entered Row Formal Verification, obtains Formal Verification result;
Step 5, generation XML regular according to software requirement model file, Formal Verification result and security verification The security test use-case of form;
Step 6, the security test use-case to XML format enter row format conversion, generate use required during test execution Example form.
Advantages of the present invention with good effect is:
(1) the security automatic Verification system built using technical solution of the present invention, combines Formal Verification and soft Part tests two methods, and realizing carries out Formal Verification in development early stage to software requirement model, is developing the middle and later periods, is being soft Part test compensate for the deficiency of existing single method, enhance the adequacy of checking there is provided test case;
(2) the security automatic Verification system built using technical solution of the present invention greatly reduces the use door of user Sill, it is easy to promote, UML the and OCL Formal Languages adopted in software requirement modeling module are that association area practitioner is universal The technology of grasp, the rated personnel of checking system is without the need for grasping complicated Formal Verification algorithm;
(3) the security automatic Verification system built using technical solution of the present invention realizes Formal Verification and safety Property Test cases technology automation, user need to only build software requirement model file and select adopt security verification rule Then, verify that work is automatically performed by system;
(4) in the security automatic Verification system that technical solution of the present invention builds, security verification rule database is carried Go out, the accumulation and use for engineering experience provides practicable method, is conducive to setting up the neck with independent intellectual property right Domain fail data storehouse, by the continuous accumulation of empirical data, constantly strengthens to the directive function that the later stage develops;
(5) the security automatic Verification system that technical solution of the present invention builds reduces engineering construction difficulty, to complexity Control software of sending out obtain good result when being modeled;
(6) formalization of the security automatic Verification system that technical solution of the present invention builds based on security verification rule Checking is more targeted, it is to avoid using Space Explosion problem caused by the method for exhaustive traversal;
(7) the preset bar of Formal Verification result that the security automatic Verification system that technical solution of the present invention builds is obtained Clearly, input numerical value is precisely, operable, can implement for part, artificial reproduction and plays back when being easy to pinpoint the problems;
(8) UML during security automatic Verification system modelling that technical solution of the present invention builds using standard models language Speech, meets related national military standard standard, the model of structure is used directly in software requirement analysis and design, it is to avoid multiple weight Rebuild mould;
(9) the security automatic Verification system that technical solution of the present invention builds employs identical in Requirements Modeling and builds Mould element, Formal Verification and security test to as if with consolidation form software requirement model, it is possible to writing General Formal Verification algorithm and Test cases generation algorithm, therefore the method can be applied to each field embedded software peace In full property checking, with good versatility.
Description of the drawings
Fig. 1 is the block diagram of the security automatic Verification system that technical solution of the present invention builds
Fig. 2 is software requirement modeling module construction flow chart in technical solution of the present invention
Fig. 3 is to be crosslinked environment and interface diagram in technical solution of the present invention outside software
Fig. 4 is formalized description example of the state diagram based on OCL in technical solution of the present invention
Fig. 5 is the formation of security verification rule database in technical solution of the present invention and uses process
Fig. 6 is the Model Detection Algorithm example in technical solution of the present invention based on security verification rule
Fig. 7 is the demand model example in technical solution of the present invention after status function association
Specific embodiment
Technical solution of the present invention is further described below with reference to drawings and Examples:
Referring to shown in accompanying drawing 1, the embedded software security automatic Verification system described in technical solution of the present invention, which is special Levy and be:The system includes:
A software requirement modelings module 1, its function are treated according to the ICD files and requirements specification of software to be verified Checking software carries out formalized description, forms software requirement model file, and the software requirement modeling module 1 includes:
ICD MBMs 2, its function are the outside crosslinking environment of description running software to be verified, including with external equipment Between crosslinking relation, bus type and communication protocol, form ICD model datas;
Software form MBM 3, its function are, on the basis of ICD model datas, to be retouched using OCL Formal Languages The internal act of software to be verified is stated, including state transition and function logic, software requirement model file is ultimately formed;
In the software requirement modeling module 1, ICD MBMs 2 are connected with software form MBM 3, are modeled by ICD Module 2 transmits ICD model datas to software form MBM 3;
Referring to shown in accompanying drawing 2, software requirement modeling module 1 be modeling tool based on SafeTrip by following steps come Realize, wherein:
The modeling procedure of ICD MBMs 2 is:
1. as shown in figure 3, by taking aero-engine control software as an example, building outside crosslinking environmental model, detailed process is such as Under:
1.1 use modeling tool, draw software place to be verified system and the system being attached thereto,;
1.2 connect software under testing place system and other systems according to ICD files using bus;
1.3 interface messages for preparing bus, interface message include two parts:A part is interface communication information, i.e., outside Crosslinking interface model be directed to the various common interface type between software and outside cross-linking apparatus (such as ARINC 429, CAN, from Dissipate amount, analog quantity etc.) communication format and content, mainly including the baud needed for interface name, interface type, bus communication Rate, routing addressing, priority, transfer rate etc..Another part is the constraints of input/output interface.According to software requirement text Shelves, specify each interface itself and logic each other, Timing Constraints.Logical condition mainly include with, or, non-, mutual exclusion Deng.Sequential condition includes preamble, postorder, concurrent, time delay, calendar scheduling.
2 build bus transfer data model, and detailed process is as follows:
On the basis of outside crosslinking environmental model, bus data is split into into Frame and frame variable.And describe in detail The attribute of Frame and frame variable.Bus data has transmission direction, transmission week comprising one or more Frames, Frame The attributes such as phase, data frame length.Each data frame packet contain multiple frame variables, frame variable have types of variables (integer, floating type, Character type etc.), the attribute such as length.
The modeling procedure of software form MBM 3 is:
1. internal data element and interface data element are built
Interface data element and internal data element are the discernible variables with physical significance of software inhouse, such as high Degree, speed, Thrust Level Angel, are the operation objects of follow-up function model and state transition model, and variable's attribute includes description thing The information of reason meaning, such as data unit, resolution ratio, error, valid interval, interface data element describe the external interaction of software Behavior, is obtained by the mapping of bus transfer data model, and the frame variable of the first two short type such as in Frame can map Into the Height interface data elements for representing height, mapping expression formula is:Height=Var1<<8+Var2.Here mapping table What is shown is the mapping of value, and mapping relations adopt mathematic(al) representation, can adopt the instruments such as MuParser to support based on multiple when realizing The mapping and parsing of miscellaneous computing, except completing the mapping of value, when interface data element obtains the logical sums such as the cycle of Frame Sequence information, and these information are introduced into into the intermediate result in software inhouse model, when internal data element is processed by software inhouse Constitute with temporary variable, obtain from requirement documents;
The mode for building interface data element and internal data element is:Newly-built corresponding unit is selected in SafeTrip instruments Element, then the data unit of configuration element, resolution ratio, error, valid interval, next configure the data of the data element association Frame variable, and the corresponding relation of data element and frame variable is described using MuParser expression formulas.
2. referring to the formalization State transition model shown in accompanying drawing 4, based on UML state diagrams and OCL
There are interface data element and internal data element, can be using the state diagram in standard UML to running software State is modeled with mode, is built State transition model, in order to carry out safety analysis, is needed using OCL object constraint languages Saying carries out formalized description to the state transfer in state diagram, and in standard UML, the syntax format of state transfer is:Event name is [alert Dharma part]/manual expression formula ^ transmission clause, OCL is to the formalization extension of state diagram mainly including following several respects:
Change events.Change events are referred to if the variable in a Boolean expression changes so that the expression formula Value correspondingly change, so as to meet the event of some conditions.Different from Alert condition, when an event occurs, Alert condition is only Calculate once, if condition is false, state transfer will not occur.When change events occur, Alert condition may block, etc. State transition is carried out after Alert condition meets;
Alert condition.OCL expression formulas can be used for the description of state Alert condition, and it is that triggering transfer occurs to describe position In square brackets after event;
Manual expression formula argument.Action in state diagram is called and transmission event comprising operation, it usually needs carry ginseng Number, in order to meet the needs of safety analysis, parameter needs clearly to specify argument herein, and can not use parameter.At this time, it may be necessary to Argument is specified clearly using OCL expression formulas;
Send clause.State diagram migration manual expression formula indicates that (Obj State occurs to turn when state transfer is activated During shifting), object itself needs the action for performing.Sometimes object oneself can perform all of function, need the help of other objects, So as to object is accomplished by sending messages to other objects.Now need using transmission clause.And OCL can be used for description and send son The destination object of sentence;
3. Function-layer Model
After being modeled to the state of running software, Function Decomposition is proceeded by, build software function hierarchical model.With In engine as a example by Digital electronic control system core engine software, software function can be decomposed into engine control and failure monitoring Function, engine control function can be further broken into fuel oil control, wicket gate control, switch control rule.And failure monitor function Signal self-inspection, monitor loop can be decomposed into and disappeared and breathe heavily function;
During using SafeTrip modeling tool constructing function hierarchical models, in functional hierarchy MBM, add one by one The functional module that Function Decomposition is obtained, is each functional module addition title, Function Identification.Then connect father's work(using connecting line Energy and subfunction, closure are to point to subfunction by father's function.
4. status function association is set up
After the completion of Function Decomposition, need to set up the incidence relation of function and state, the function after decomposition is multipair with state Many relations, may have multiple functions concurrently to perform in same state, same function is possibly be present in multiple different states, After carrying out functional status association, it is allowed to the software failure that the complex logic such as audit function combinations of states characteristic causes.Function and shape The incidence relation of state described in Software Requirement Specification, wherein, it is desirable to state and mode when describing running software State, CSCI ability needs describe each function corresponding with state.SafeTrip there is provided by state relation function and by Function association state two ways, the incidence relation described according to Software Requirement Specification during concrete structure, by right mouse Key clicks on state relation software function, it is also possible to click function association application state by right key.
5. the formalization functional mode based on UML operation diagrams and OCL
Software function is modeled using UML and OCL object constraint lanaguages, realizes the shape to software inhouse handling process Formulaization is described.In order to carry out safety analysis, functional mode is split as into software outer input interface (Input)-function treatment Process (Process)-this three requirement elements of outside output interface (Output) (being abbreviated as IPO), when constituting running software Dynamic stale link.Any one link (i.e. outer input interface, function treatment process, outside output interface) in stale link Break down, through the transmission of stale link, be finally likely to cause software that failure occurs, and then impact is produced on system.
The outer input interface of function and outside output interface are chosen simultaneously from interface data element and internal data element It is associated.Function treatment process is represented using the activity diagram in UML, similar with the state diagram in State transition model, is adopted OCL object constraint lanaguages are extended to activity diagram:
Specified object instance.The object instance for performing a certain activity is specified using OCL expression formulas, and using method is similar to shape The destination object sent in clause in state;
Decision condition and synchronous condition description.Using method is similar to Alert condition in state diagram above;
Specified actual parameter.Using method is similar with state diagram.
B security verifications rule database 4, its function is storage security proof rule, and provides inquiry, matching, more Newly, the interface safeguarded;
The building mode of security verification rule database 4 is with reference to shown in Fig. 5:
Firstly, it is necessary to fail data is collected, what data source was found in mainly including model number software safety analysis project Software failure modes;Software self-test, third-party testing, model identification test and appraisal, the software issue that finds in sizing assessment process; In software test procedure is carried out, the demand defect found in the development process obtained when exchanging with software developer;And Other retrievable accident case data, such as outfield take a flight test process discovery problem, the typical thing of the association area having occurred and that Therefore case (Deutsche Lufthansa AG's airplane crash, the crash of U.S.'s Mars probes etc.).
After obtaining fail data, needs are analyzed the failure cause to find initiation problem.Next, with UAL As a example by No. 751 airliner airplane crashes, the process for obtaining security verification rule is illustrated.This time airplane crash reason be take off before deicing it is not thorough Bottom, aircraft icing comes off causes engine surge, and pilot attempts to reduce throttle so as to reduce engine surge, but be equipped with aircraft From dynamicthrust recovery system, thrust increase is made to exacerbate severity of injuries on the contrary.After obtaining failure phenomenon, it is necessary first to losing Effect reason is summarized, the profound failure mechanism contained in excavating failure cause so that the security for ultimately forming is tested Card rule is applicable in the security requirement analysis work of all types of softwares.The analysis found that, the profound level of problem is former Because being that the multiple functions in system reboot state give different values to same variable, cause assignment conflict.Next, to this Failure mechanism is further expanded, and according to UML state diagrams, there may be concurrent state, in multiple concurrent states in state diagram The situation that multiple functions conflict to same occurrences assignment is likely to occur, assignment conflict expands to whole system by single status Multiple concurrent state during system operation.Following security verification rule is obtained finally:" in whole system running, exist many Individual function is exported to a variable simultaneously, causes assignment conflict ".Using said method accumulation security verification rule, its Middle part divider is then as follows:The value of input interface data element is defeated for the exceptional value outside valid interval, output interface data element Go out data rate the whole valid interval of input interface data element, same is not covered more than bus transfer rate, function treatment Multiple conditions of moving out of individual state are while satisfaction, the complete value area of the non-coverage condition variable of the multiple jump conditions of moving out of state Between, there is inaccessible state in state diagram, before migration, after state and migration, state is different to the imparting of same variable in state diagram Value etc..The failure contained in above-mentioned security verification rule may initiating system it is dangerous, be subsequently carry out model inspection and The foundation of security test.
For the ease of data base querying, matching, update and safeguard, the security verification rule that obtains of analysis is carried out point Class:It is the failure of function input interface, the failure of fuction output interface fails, standalone feature, combination function failure, state failure respectively Deng.Ultimately form security verification rule database.Meanwhile, can as needed to right in the business scope analyzed As again constructing system hierarchical tree, such as aircraft system can be divided into navigation system, flight control system, hydraulic system etc., and each system may be used To be further divided into subsystem.Finally, can be by security verification regular with specific system relationship, in order to inquire about use.
C-shaped formula authentication module 5, is connected with software requirement modeling module 1 and security verification rule database 4 respectively, From software requirement modeling module 1 to 5 transmitting software demand model file of Formal Verification module, by security verification regular data Storehouse 4 provides the foundation of checking, i.e. security verification rule to Formal Verification module 5, and the function of the Formal Verification module 5 is Based on the security verification rule in security verification rule database 4, the software requirement formed to software requirement modeling module 1 Model file carries out Formal Verification, forms Formal Verification result;
The building mode of Formal Verification module 5 is as follows:
What software security was automatically analyzed realizes that process is the semanteme for every security verification rule, using computer One Model Detection Algorithm of programming.Model Detection Algorithm is carried out to demand model time according to the semanteme of security verification rule Go through, algorithm is according to the information such as sequential relationship, Rule of judgment, jump condition, value valid interval, the software requirement model to complexity Static scanning is carried out, the dangerous failure mode of the be possible to initiating system specified in finding out security verification rule;
In demand model building process, it is consistent to the method for different software inside and outside behavior description, the mould for being obtained Type is the unambiguous formalized model that the modeling element for adopting builds.During security verification Rule, acquisition Independent mark is adopted per rule, and the semanteme of analysis rule is also unambiguous.2 points of the above ensure that implementation model is detected The versatility of the feasibility of algorithm and algorithm;
Next, " in whole system running, there are multiple functions while exporting to a variable, cause As a example by assignment conflict " analysis rule, the implementation method for providing Model Detection Algorithm describes and realizes the false code of algorithm;
Model Detection Algorithm is described:
The first step, by ergodic state model, finds concurrent state in system, there may be multigroup and hair-like in system State, needs algorithm following to each group of applying;
Second step, by the status function incidence relation in demand model, the work(run when traveling through out each state similarly hereinafter Energy;
3rd step, by functional mode, finds the input/output interface data element of each function;
4th step, checks for multiple functions and has identical output interface data element;
5th step, to the function with identical output interface data element, checks the assignment to output interface data element Whether operation may occur simultaneously.In checking multiple functional modes, the activity from activity diagram starting point to interface assignment operation place Path on decision condition whether may occur simultaneously.False code is as shown in Figure 6.
During model inspection, need to the security verification rule for finding software failure and the state for producing failure Stored with function, need to need generation targeted according to these security verification rules when security test use-case is generated Test case, further confirm that whether model has carried out effective modification, it is to avoid the appearance of failure.
D security test modules (6), respectively with software requirement modeling module 1, security verification rule database 4 and shape Formula authentication module 5 is connected, and provides software requirement model text from software requirement modeling module 1 to security test module (6) Part, provides security verification rule from security verification rule database 4 to security test module (6), by Formal Verification Module 5 provides Formal Verification result to security test module (6), and the function of the security test module (6) is basis Software requirement model file and Formal Verification result and security verification rule are generated test case and are carried out by translation Use-case form is changed, and to adapt to the needs of different test execution platforms, the security test module (6) includes:
Test cases technology module (7), its function are the test cases for generating XML format;
Test case translation module (8), its function receive the test of the XML format that Test cases technology module (7) is generated Use-case, and the test case of other forms is transcribed into, other forms include natural language form, script form.
The implementation of Test cases technology module (7) is:
The security automatic Verification system of technical solution of the present invention structure can be seen that according to Requirements Modeling process above System adoption status figure descriptive system life cycle, various states and state transition that representation system has, and affect system The event of state, essentially describes system from a state to the controlling stream of another state change migration.In each state Service logic is described using activity diagram, there may be multiple functions, and state diagram can be divided into region in a state, and Region includes the sub- state for exiting or currently performing again.Illustrate that assembled state at a time can be while reach many sub- shapes State.After state and function are associated, the final illustraton of model of formation.Accompanying drawing 7 is a simple demand model figure, first First, use state figure describes system each state, and including state 1 and state 2, wherein, state 1 is an assembled state, bag Containing two concurrent sub- states, it is state 1-1 and state 1-2 respectively.Wherein, one or more use activities of each state relation The function of figure description, in figure, state 1-1 is associated with function 1 and function 2, and state 1-2 is associated with function 3, and state 2 is associated with function 4。
When generating security test use-case, the method for test example based on state diagram and activity diagram is combined, security is surveyed Example on probation includes two classes, is general security test use-case respectively and has the security that is directed to based on security verification rule Test case.
The generation method of universal safety test case:First, when carrying out state verification, using based on state diagram generation side State diagram with hierarchical structure is converted to individual layer state diagram by method first, is then traveled through using breadth first traversal algorithm whole Individual state diagram, it is ensured that each state is traversed, this generates multiple test scenes.Each state can be used as a checkout area Scape, the activity diagram of the multiple functions of associating in state represent all of tested sequence of operation of this scene.The behaviour of each function It is exactly a test cases to make sequence.Next using the method for generating test case based on activity diagram, generate security test Use-case.General security test use-case is generated using said method.
Security test case generation method based on security verification rule:First, model inspection is being carried out in step 3 During survey, the security verification rule and the state being located and function for causing software failure is stored.When generating use-case, structure first Make prerequisite and reach dbjective state, then the implication according to security verification rule, traversal activity diagram produces test case.
The implementation of test case translation module (8) is:
By security test use-case generation module, the test case of XML format, security use-case translation module is generated Work be mainly into row format replace.In State transition model and activity diagram, transition condition adopts interface data element and interior Portion's data element is described.Thus, the operation object in the XML format use-case of generation is also interface data element and internal number According to element.As each interface data element in Requirements Modeling and internal data element have two class names, it is artificial respectively Discernible variable name and English variable name, and English variable name meets script variable naming specification.This is just use-case lattice Formula conversion provides scheme that can be feasible.Test case includes multiple steps, and each step includes two key elements, is behaviour respectively Make time and operation of this moment to variable.The work of security use-case translation module is the requirement according to object format, to XML Time and variable in use-case operates into row format and replaces.When translating into the use-case for manually performing, variable name is replaced with manually Variable name, when translating into the use-case of test script form, is replaced with English variable name by discernible variable name.Translate into other During the XML use-cases of form, retain former variable name, tissue is re-started to use-case form.
The step of verification method of above-mentioned embedded software security automatic Verification system, is as follows:
SafeTrip modeling tools, Formal Verification module and security test module installation and deployment are at same On the PC of 7 systems of Windows, oracle database is adopted when security verification rule database is realized, single number is deployed in According on server, PC is connected using netting twine with data server.
Step one, the SafeTrip modeling softwares for opening PC, according to ICD modeling procedures mentioned above, build ICD moulds Type, forms ICD model datas;
Step 2, on the basis of ICD model datas, using the internal rows of OCL Formal Language Descriptions software to be verified For including state transition and function logic, setting up software requirement model file;
Step 3, opening data server, by existing software failure reason, conclusion forms security verification rule, deposits It is placed in oracle database;
Step 4, the safety in Formal Verification module, in importing software requirement model file and oracle database Property proof rule, carry out Formal Verification to software requirement model file, obtain Formal Verification result;
Step 5, open Test cases technology module, import software requirement model file, Formal Verification result and Security verification rule in oracle database, generates the security test use-case of XML format;
Step 6, the security test use-case to XML format enter row format conversion, generate use required during test execution Example form.Including the natural language use-case required for manually performing, the pin required for the testing tool platform based on test script Other XML format use-cases and other forms that this language format use-case, embedded emulation automatic test platform need are used Example.
The test case generated in step 7, execution step six, carries out software test to being verified software.

Claims (2)

1. a kind of embedded software security automatic Verification system, it is characterised in that:The system includes:
A software requirement modeling modules (1), its function are to be tested according to the ICD files and requirements specification of software to be verified Card software carries out formalized description, forms software requirement model file, and the software requirement modeling module (1) includes:
ICD MBMs (2), its function are the outside crosslinking environment of description running software to be verified, including with external equipment it Between crosslinking relation, bus type and communication protocol, form ICD model datas;
Software form MBM (3), its function are on the basis of ICD model datas, using OCL Formal Language Descriptions The internal act of software to be verified, including state transition and function logic, ultimately forms software requirement model file;
In the software requirement modeling module (1), ICD MBMs (2) are connected with software form MBM (3), are built by ICD Mould module (2) transmits ICD model datas to software form MBM (3);
B security verification rule databases (4), its function is storage security proof rule, and provide inquiry, matching, renewal, The interface of maintenance;
C-shaped formula authentication module (5), is connected with software requirement modeling module (1) and security verification rule database (4) respectively Connect, from software requirement modeling module (1) to Formal Verification module (5) transmitting software demand model file, by security verification Rule database (4) provides the foundation of checking, i.e. security verification rule, the Formal Verification to Formal Verification module (5) The function of module (5) is based on the security verification rule in security verification rule database (4), to software requirement modeling mould The software requirement model file that block (1) is formed carries out Formal Verification, forms Formal Verification result;
D security test modules (6), respectively with software requirement modeling module (1), security verification rule database (4) and shape Formula authentication module (5) is connected, and provides software requirement mould from software requirement modeling module (1) to security test module (6) Type file, provides security verification rule from security verification rule database (4) to security test module (6), by form Change authentication module (5) Formal Verification result, the function of the security test module (6) is provided to security test module (6) It is that software requirement model file and Formal Verification result and the security verification rule of basis is generated and test case passed through Translation carries out use-case form conversion, and to adapt to the needs of different test execution platforms, the security test module (6) includes:
Test cases technology module (7), its function are the test cases for generating XML format;
Test case translation module (8), its function receive the test case of the XML format that Test cases technology module (7) is generated, And the test case of other forms is transcribed into, other forms include natural language form, script form.
2. the verification method of embedded software security automatic Verification system described in claim 1 is used for, it is characterised in that:Should The step of method, is as follows:
Step one, by the outside crosslinking environment to running software to be verified, including the crosslinking relation between external equipment, total The description of line type and communication protocol, sets up ICD model datas;
Step 2, on the basis of ICD model datas, using the internal act of OCL Formal Language Descriptions software to be verified, wrap State transition and function logic is included, software requirement model file is set up;
Step 3, by existing software failure reason, conclusion forms security verification rule, sets up security verification regular data Storehouse;
Step 4, based in security verification rule database security verification rule, software requirement model file is carried out Formal Verification, obtains Formal Verification result;
Step 5, generation XML format regular according to software requirement model file, Formal Verification result and security verification Security test use-case;
Step 6, the security test use-case to XML format enter row format conversion, generate use-case lattice required during test execution Formula.
CN201610908949.0A 2016-10-19 2016-10-19 A kind of embedded software safety automatic Verification system and its verification method Active CN106528407B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610908949.0A CN106528407B (en) 2016-10-19 2016-10-19 A kind of embedded software safety automatic Verification system and its verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610908949.0A CN106528407B (en) 2016-10-19 2016-10-19 A kind of embedded software safety automatic Verification system and its verification method

Publications (2)

Publication Number Publication Date
CN106528407A true CN106528407A (en) 2017-03-22
CN106528407B CN106528407B (en) 2019-01-25

Family

ID=58332559

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610908949.0A Active CN106528407B (en) 2016-10-19 2016-10-19 A kind of embedded software safety automatic Verification system and its verification method

Country Status (1)

Country Link
CN (1) CN106528407B (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107463147A (en) * 2017-08-22 2017-12-12 北京天诚同创电气有限公司 PLC program development approach and device
CN107748713A (en) * 2017-09-04 2018-03-02 中国航空工业集团公司西安飞行自动控制研究所 A kind of software verification method based on emulation testing use-case
CN107797921A (en) * 2017-09-07 2018-03-13 北京航空航天大学 The acquisition methods of embedded software universal safety demand
CN108229182A (en) * 2017-11-29 2018-06-29 北京广利核系统工程有限公司 Utilize the method and system of information isomorphism verification picture configuration
CN109002555A (en) * 2018-08-09 2018-12-14 郑州市景安网络科技股份有限公司 A kind of ICP puts on record method, apparatus, equipment and readable storage medium storing program for executing
CN109491919A (en) * 2018-11-28 2019-03-19 中电科西北集团有限公司 A kind of method for testing software and test platform
CN110674473A (en) * 2019-09-12 2020-01-10 中国民航大学 Safety key software safety verification method based on STPA
CN111143212A (en) * 2019-12-24 2020-05-12 中国航空工业集团公司西安飞机设计研究所 Functional logic function library verification method under module integrated software architecture
CN112147967A (en) * 2019-06-27 2020-12-29 北京新能源汽车股份有限公司 Automatic generation method and device for scene test case of automobile controller
CN112464174A (en) * 2020-10-27 2021-03-09 华控清交信息科技(北京)有限公司 Method and device for verifying multi-party secure computing software and device for verifying
CN112612241A (en) * 2020-12-15 2021-04-06 中国航空综合技术研究所 Safety analysis method for software of field programmable logic device of aviation equipment
CN112631918A (en) * 2020-12-25 2021-04-09 坤泰车辆系统(常州)有限公司 Software automation test verification method
CN112711532A (en) * 2020-12-29 2021-04-27 中国航空工业集团公司西安飞机设计研究所 Automatic test method for undercarriage partition software
CN113569419A (en) * 2021-08-02 2021-10-29 西安航天动力研究所 Rapid generation system and method for three-dimensional assembly model of liquid rocket engine
CN113778449A (en) * 2021-08-31 2021-12-10 西南电子技术研究所(中国电子科技集团公司第十研究所) Avionics interface data adaptation conversion system
CN113791776A (en) * 2021-08-03 2021-12-14 中国电子科技集团公司第三十研究所 Method, system, device and storage medium for verifying concurrency capable of bidirectional conversion
CN114238084A (en) * 2021-11-30 2022-03-25 中国航空综合技术研究所 Embedded software security analysis method and system based on SysML

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1011274A (en) * 1996-06-19 1998-01-16 Nec Corp Communication software design verifying system
US20050166167A1 (en) * 2004-01-22 2005-07-28 Nec Laboratories America, Inc. System and method for modeling, abstraction, and analysis of software
CN101950271A (en) * 2010-10-22 2011-01-19 中国人民解放军理工大学 Modeling technology-based software security test method
CN104375842A (en) * 2014-12-05 2015-02-25 中国人民解放军理工大学 Adaptive software UML (unified modeling language) modeling and formal verification method
CN105975269A (en) * 2016-05-03 2016-09-28 北京航空航天大学 Process model-based demand verification method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1011274A (en) * 1996-06-19 1998-01-16 Nec Corp Communication software design verifying system
US20050166167A1 (en) * 2004-01-22 2005-07-28 Nec Laboratories America, Inc. System and method for modeling, abstraction, and analysis of software
CN101950271A (en) * 2010-10-22 2011-01-19 中国人民解放军理工大学 Modeling technology-based software security test method
CN104375842A (en) * 2014-12-05 2015-02-25 中国人民解放军理工大学 Adaptive software UML (unified modeling language) modeling and formal verification method
CN105975269A (en) * 2016-05-03 2016-09-28 北京航空航天大学 Process model-based demand verification method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
卜磊: ""混成系统形式化验证"", 《软件学报》 *
周汉清等: ""嵌入式软件仿真测试环境实时脚本技术的研究"", 《航空标准化与质量》 *

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107463147A (en) * 2017-08-22 2017-12-12 北京天诚同创电气有限公司 PLC program development approach and device
CN107748713A (en) * 2017-09-04 2018-03-02 中国航空工业集团公司西安飞行自动控制研究所 A kind of software verification method based on emulation testing use-case
CN107797921A (en) * 2017-09-07 2018-03-13 北京航空航天大学 The acquisition methods of embedded software universal safety demand
CN107797921B (en) * 2017-09-07 2020-08-04 北京航空航天大学 Method for acquiring universal security requirement of embedded software
CN108229182B (en) * 2017-11-29 2021-11-23 北京广利核系统工程有限公司 Method and system for verifying picture configuration by using information isomorphism
CN108229182A (en) * 2017-11-29 2018-06-29 北京广利核系统工程有限公司 Utilize the method and system of information isomorphism verification picture configuration
CN109002555A (en) * 2018-08-09 2018-12-14 郑州市景安网络科技股份有限公司 A kind of ICP puts on record method, apparatus, equipment and readable storage medium storing program for executing
CN109002555B (en) * 2018-08-09 2022-05-17 郑州市景安网络科技股份有限公司 ICP recording method, device, equipment and readable storage medium
CN109491919A (en) * 2018-11-28 2019-03-19 中电科西北集团有限公司 A kind of method for testing software and test platform
CN112147967A (en) * 2019-06-27 2020-12-29 北京新能源汽车股份有限公司 Automatic generation method and device for scene test case of automobile controller
CN110674473A (en) * 2019-09-12 2020-01-10 中国民航大学 Safety key software safety verification method based on STPA
CN110674473B (en) * 2019-09-12 2023-01-17 中国民航大学 Safety key software safety verification method based on STPA
CN111143212A (en) * 2019-12-24 2020-05-12 中国航空工业集团公司西安飞机设计研究所 Functional logic function library verification method under module integrated software architecture
CN111143212B (en) * 2019-12-24 2023-06-23 中国航空工业集团公司西安飞机设计研究所 Functional logic function library verification method under module integrated software architecture
CN112464174B (en) * 2020-10-27 2023-09-29 华控清交信息科技(北京)有限公司 Method and device for verifying multi-party security computing software and device for verification
CN112464174A (en) * 2020-10-27 2021-03-09 华控清交信息科技(北京)有限公司 Method and device for verifying multi-party secure computing software and device for verifying
CN112612241B (en) * 2020-12-15 2021-09-28 中国航空综合技术研究所 Safety analysis method for software of field programmable logic device of aviation equipment
CN112612241A (en) * 2020-12-15 2021-04-06 中国航空综合技术研究所 Safety analysis method for software of field programmable logic device of aviation equipment
CN112631918A (en) * 2020-12-25 2021-04-09 坤泰车辆系统(常州)有限公司 Software automation test verification method
CN112631918B (en) * 2020-12-25 2024-04-23 坤泰车辆系统(常州)有限公司 Method for automatic test and verification of software
CN112711532B (en) * 2020-12-29 2023-10-20 中国航空工业集团公司西安飞机设计研究所 Automatic testing method for undercarriage partition software
CN112711532A (en) * 2020-12-29 2021-04-27 中国航空工业集团公司西安飞机设计研究所 Automatic test method for undercarriage partition software
CN113569419B (en) * 2021-08-02 2023-08-08 西安航天动力研究所 Rapid generation system and method for three-dimensional final assembly model of liquid rocket engine
CN113569419A (en) * 2021-08-02 2021-10-29 西安航天动力研究所 Rapid generation system and method for three-dimensional assembly model of liquid rocket engine
CN113791776A (en) * 2021-08-03 2021-12-14 中国电子科技集团公司第三十研究所 Method, system, device and storage medium for verifying concurrency capable of bidirectional conversion
CN113791776B (en) * 2021-08-03 2023-05-26 中国电子科技集团公司第三十研究所 Bidirectional-convertible concurrency verification method, system, equipment and storage medium
CN113778449B (en) * 2021-08-31 2023-12-19 西南电子技术研究所(中国电子科技集团公司第十研究所) Avionic interface data adaptation conversion system
CN113778449A (en) * 2021-08-31 2021-12-10 西南电子技术研究所(中国电子科技集团公司第十研究所) Avionics interface data adaptation conversion system
CN114238084A (en) * 2021-11-30 2022-03-25 中国航空综合技术研究所 Embedded software security analysis method and system based on SysML
CN114238084B (en) * 2021-11-30 2024-04-12 中国航空综合技术研究所 SysML-based embedded software security analysis method and system

Also Published As

Publication number Publication date
CN106528407B (en) 2019-01-25

Similar Documents

Publication Publication Date Title
CN106528407A (en) Embedded software security automation verification system and verification method thereof
CN1703703B (en) Device and method for checking railway logical software engines for commanding plants, particularly station plants
CN103001328B (en) Fault diagnosis and assessment method of intelligent substation
Wang et al. Integrating model checking with SysML in complex system safety analysis
Zhou et al. A class of general transient faults propagation analysis for networked control systems
CN106598848A (en) Keyword-driven airborne software automatic test method and system
CN103646104A (en) Hard real-time fault diagnosis method and system
US8103914B2 (en) Test file generation device and test file generation method
Agrawal et al. Leveraging artifact trees to evolve and reuse safety cases
Lamperti et al. Diagnosis of active systems by semantic patterns
Vierhauser et al. Towards a model-integrated runtime monitoring infrastructure for cyber-physical systems
Pataricza et al. UML-based design and formal analysis of a safety-critical railway control software module
Dridi et al. System of systems engineering: meta-modelling perspective
CN106339553A (en) Method and system for reconstructing flight control of spacecraft
zu Hörste et al. Modelling functionality of train control systems using petri nets
Gario et al. Fail-safe testing of safety-critical systems: a case study and efficiency analysis
CN103400050A (en) Multiple-user cooperative nuclear reactor risk determining method and system
Van Den Berg et al. Designing cyber-physical systems with aDSL: A domain-specific language and tool support
Liu et al. The testability modeling and model conversion technology based on multi-signal flow graph
CN106354930A (en) Adaptive reconstruction method and system for spacecraft
Arcaini et al. Model-Based Testing for MAPE-K adaptation control loops
CN112214912A (en) External automatic test system and airborne equipment test method
Iliasov et al. Formal verification of railway interlocking and its safety case
Riedl et al. A LAnguage for REconfigurable dependable Systems: Semantics & Dependability Model Transformation
Garro et al. RAMSAS4Modelica: a Simulation-driven Method for System Dependability Analysis centered on the Modelica language and related tools

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant