CN113051581A - Highly-integrated complex software security analysis method - Google Patents
Highly-integrated complex software security analysis method Download PDFInfo
- Publication number
- CN113051581A CN113051581A CN202110448125.0A CN202110448125A CN113051581A CN 113051581 A CN113051581 A CN 113051581A CN 202110448125 A CN202110448125 A CN 202110448125A CN 113051581 A CN113051581 A CN 113051581A
- Authority
- CN
- China
- Prior art keywords
- software
- safety
- control
- security
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 53
- 238000000034 method Methods 0.000 claims abstract description 49
- 230000008569 process Effects 0.000 claims abstract description 21
- 230000010354 integration Effects 0.000 claims abstract description 8
- 238000011161 development Methods 0.000 claims abstract description 6
- 230000006399 behavior Effects 0.000 claims description 39
- 230000002159 abnormal effect Effects 0.000 claims description 24
- 230000006870 function Effects 0.000 claims description 15
- 238000013461 design Methods 0.000 claims description 14
- 238000012545 processing Methods 0.000 claims description 14
- 238000004891 communication Methods 0.000 claims description 12
- 230000007547 defect Effects 0.000 claims description 10
- 230000007246 mechanism Effects 0.000 claims description 10
- 230000003993 interaction Effects 0.000 claims description 7
- 238000012937 correction Methods 0.000 claims description 6
- 230000006872 improvement Effects 0.000 claims description 6
- 230000035772 mutation Effects 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 238000004886 process control Methods 0.000 claims description 4
- 230000009118 appropriate response Effects 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000005352 clarification Methods 0.000 claims description 3
- 238000007405 data analysis Methods 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 3
- 238000004573 interface analysis Methods 0.000 claims description 3
- 238000002955 isolation Methods 0.000 claims description 3
- 238000011084 recovery Methods 0.000 claims description 3
- 238000007670 refining Methods 0.000 claims description 3
- 230000003068 static effect Effects 0.000 claims description 3
- 230000005856 abnormality Effects 0.000 claims 1
- 238000010200 validation analysis Methods 0.000 abstract 1
- 230000010485 coping Effects 0.000 description 2
- 238000012407 engineering method Methods 0.000 description 2
- 230000007613 environmental effect Effects 0.000 description 2
- 238000005070 sampling Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000000280 densification Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a highly integrated complex software security analysis method, which comprises the following steps: 1) the method in civil airworthiness standards ARP4754A and ARP4761 is adopted to carry out system security analysis and identify the security requirement of the system; 2) distributing system security requirements to software, and determining software security requirements; 3) performing security analysis on internal elements of the software from a code level; 4) software integration and validation was performed using the method in DO-178C. The invention belongs to the technical field of software security, and particularly provides a method for analyzing system security by adopting the standards of local computers ARP4754A and ARP4761 to obtain the security requirement of the system; aiming at internal elements of the software, the software is used as a system for safety analysis; a highly integrated complex software security analysis method that guarantees the implementation of software security requirements with a rigorous development process based on the DO-178C standard.
Description
Technical Field
The invention belongs to the technical field of software security, and particularly relates to a highly-integrated complex software security analysis method.
Background
Software is an important component of various equipment systems, and is combined with system hardware to complete various calculation, processing and control tasks, so that the software has a vital role in fully utilizing the performance of hardware equipment and ensuring the function, safety and reliability of equipment. With the rapid advance of informatization and modernization of equipment, the application range, scale, integration degree, safety requirement and the like of software in the equipment are greatly changed, and the software is gradually becoming highly integrated complex software. "highly integrated" means that the software is used to complete or provide multiple functions, and "complex" means that the software is scaled above a certain magnitude, and the software functions and security attributes cannot be proven by only a single software test.
Software security is the ability that a software product should have to not cause casualties, system damage, significant property damage, or risk personnel health and the environment. As an important component of an equipment system, software cannot directly endanger the safety of life, property, environment and the like, but human-computer interaction realized by the aid of the software can cause misoperation due to software failure to form danger, and for an embedded system without a human-computer interaction interface, catastrophic consequences can be caused due to the fact that the software controls the system wrongly.
At present, security analysis methods for highly integrated complex software can be mainly divided into two major categories, namely software ontology-based and system-based security analysis methods. The typical idea of the software ontology-based security analysis method is that a software engineering method must be adopted to ensure that software is developed strictly according to the engineering method, and methods such as software fault tolerance, fault tree analysis and the like are usually adopted to reduce the probability of software failure. However, the security problem cannot be completely solved by only starting from the software ontology, for example, even if the software does not fail, it may cause equipment damage by sending an improper instruction to the system. The software security problem, which relates to complex factors such as software, a system where the software resides, users, an external environment, time and the like, occurs because the software triggers system vulnerability, i.e., system requirements or design defects, to turn the system to an unsafe state. Software security is thus decoupled from the system and must be analyzed from a higher system level.
The safety analysis method based on the system locates the vulnerability of the system by technical means such as fault tree, functional hazard analysis, Markov analysis and the like, so as to solve the safety problem caused by single-point faults and predictable combined faults. However, the degree of densification of highly integrated complex software and the interaction between system components is too complex, resulting in system vulnerabilities that are difficult to fully locate and predict. If the security analysis is performed only on the system level, repeated iteration of the system is caused, and the development cost of software and the system is greatly increased. Meanwhile, the independence of the software and the interaction between the internal elements of the software are also ignored, so that the analysis is insufficient.
Disclosure of Invention
In order to solve the existing problems, the invention provides a method which adopts the standards of civil ARP4754A and ARP4761 to analyze the system security and obtain the security requirement of the system; distributing system security requirements to software, and designing a framework to analyze the software code level layer by layer; aiming at internal elements of the software, the software is used as a system for safety analysis; a highly integrated complex software security analysis method that guarantees the implementation of software security requirements with a rigorous development process based on the DO-178C standard.
The technical scheme adopted by the invention is as follows: a highly integrated complex software security analysis method comprises the following steps:
1) the method in civil airworthiness standards ARP4754A and ARP4761 is adopted to carry out system security analysis and identify the security requirement of the system;
2) distributing system security requirements to software, and determining software security requirements;
3) performing security analysis on internal elements of the software from a code level;
4) software integration and verification are performed by adopting a method in DO-178C: software integration and verification are carried out based on the DO-178C standard, the coordination among software codes and between the software codes and hardware is checked, whether the software is correct or not is verified, the safety design is realized, and the safety requirement of the software is met.
Further, the step 1) specifically comprises the following steps:
1.1) combining the system theory integrity principle, and from the system perspective, distributing the security function to each element through the overall analysis of the system security;
1.2) identifying system danger, wherein civil aircrafts are typical highly-integrated complex systems and have extremely high requirements on safety, so that the system is checked by referring to methods in civil aircrafts airworthiness standards ARP4754A and ARP4761 to identify the danger existing in the system;
1.3) after the danger existing in the system is identified, further identifying system safety related requirements and system safety constraints of a system level for preventing the danger, wherein the system safety constraints are the same as general functional requirements and only require the system to carry out certain special control, so as to avoid entering a dangerous state;
1.4) after the system safety related requirements and the system safety constraints are identified, designing a control structure to carry out preliminary control on the system according to the system safety related requirements and the system safety constraints, wherein the control structure design should meet the system safety requirements and is continuously analyzed in the design refinement, so that the control structure is improved, when the control structure is defined, a safety control interface of software must be separately defined, a set of safety mechanism is ensured to exist in the software, and the system safety cannot be influenced when the software fails;
1.5) identifying potential abnormal control behaviors, one control actuator can generally generate four types of control exceptions including failure to provide an expected control behavior, incorrect or unsafe control behavior, too late control behavior start and too early control behavior end, so that corresponding abnormal control behaviors are identified according to different control actuators, and the abnormal control behaviors identify interface control mainly concerned between systems and systems, systems and software;
1.6) finding out the reasons of the abnormal control behaviors according to the control structure, wherein the reasons of the abnormal control are divided into two types of control defects and insufficient control behaviors, and the control defects refer to that the abnormal control behaviors are caused by errors of a control algorithm, errors of a control process and insufficient coordination among actuators and are identified by checking a process control loop; inadequate control behavior means that abnormal control behavior is caused by a defect or erroneous sensor or data of the actuator itself when the process model is correct;
1.7) identifying and eliminating the constraint condition and design decision of abnormal control behavior according to the analysis of the step 1.5), further perfecting the safety requirement of the system, defining a new control structure and analyzing again.
Further, the step 2) specifically comprises the following steps:
2.1) grading the software according to the influence degree of software failure on the system safety, and determining the target required to be met in the development process of the software with different levels based on the DO-178C standard;
2.2) decomposing the identified system safety requirement, searching a safety function related to the software as the input of the software life cycle process, and further distributing the system safety requirement to the software;
2.3) further refining the system safety requirements distributed to the software, analyzing the software failure mode possibly causing system risks, the reasons for failure and the influence caused by failure, and providing corresponding improvement measures to form the software safety layer requirements;
and 2.4) forming a software level architecture according to the requirement of a software security high layer, analyzing the reasons of failure modes layer by layer according to different types of software failure modes, and providing corresponding improvement measures until the software code level.
Further, the step 3) specifically comprises the following steps:
3.1) considering from the hierarchy principle of the system theory, ensuring the independence of the software elements, regarding the software as a system to analyze the safety problem of the body of the software, considering the mutation caused by the interaction between the internal elements of the software from the aspects of the stability and the mutation principle of the system theory, and further analyzing the safety of the internal elements of the software from the code hierarchy;
3.2) analyzing the running mode and the running state and condition, searching whether conditions and potential failure risks which can cause unsafe states exist in the whole software requirement, such as conditions of out-of-order, wrong events, improper magnitude, improper polarity, unintentional commands, errors caused by environmental interference, command failure modes and the like, coping with all the unsafe state conditions and potential failure risks, and making appropriate response requirements;
3.3) fault-tolerant and failure-tolerant analysis, wherein a fault-tolerant system is used for processing most possible faults and faults which have low probability of occurrence but are dangerous, a failure-tolerant system is used for processing higher-level errors which can cause system failure, the failure tolerance requirement of software is determined according to the safety level of the software, and a redundancy strategy, conversion logic, a fault detection mechanism, an isolation mechanism and a recovery mechanism are formulated;
3.4) dangerous order processing analysis, identify can cause serious or catastrophic danger, can cause dangerous command that control ability reduce to deal with, include the hardware or software function of receiving, transmitting, starting the critical signal or dangerous order;
3.5) interface analysis, analyzing the error mode and error probability of the interface, and determining a communication method, a data coding method, an error checking method, a synchronization method and a check and error correction code method based on the error mode and error probability of the interface, and ensuring the consistency and integrity of communication protocols of both communication parties when the communication interface data is defined;
3.6) data analysis, defining various data used by software, including defining logic structures of static data, dynamic input and output data and internal generation data, listing a data list and explaining the constraint on the data; specifying data acquisition requirements, specifying characteristics, requirements and ranges of the acquired data; establishing a data dictionary to explain the source, processing and destination of data;
3.7) timing, throughput and software scale analysis, considering system resources and time constraint conditions for safety key functions, analyzing software requirements related to execution time, I/O data rate and memory/storage allocation, such as critical time, automatic safety protection time, sampling rate, memory resources and the like, and designing corresponding margins;
and 3.8) analyzing and designing the software code levels layer by layer to form a low-level requirement of software safety, then compiling the code according to the low-level requirement, and feeding back insufficient or incorrect input found in the coding process to the relevant software process for clarification or correction.
Further, the key internal elements of the safety analysis in step 3.1) include operation mode and operation state and condition, fault tolerance and failure tolerance, dangerous command processing, interface, data, timing, throughput and software scale.
By adopting the scheme, the invention has the following beneficial effects: on one hand, in the aspect of the system theory correlation principle, the invention combines a software body-based and system-based software security analysis method, provides an all-aspect software security analysis flow from a system layer to a software code layer, and effectively improves the integrity of software security requirement acquisition; on the other hand, the requirement of ensuring the software safety is realized through strict process control, safety analysis and design ideas aiming at specific software internal elements are provided, the DO-178C standard is supplemented, and the implementation of software design is ensured.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
FIG. 1 is a software system security analysis flowchart of a highly integrated complex software security analysis method according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a method for analyzing security of highly integrated complex software includes the following steps:
1) the method in civil airworthiness standards ARP4754A and ARP4761 is adopted to carry out system security analysis and identify the security requirement of the system;
2) distributing system security requirements to software, and determining software security requirements;
3) performing security analysis on internal elements of the software from a code level;
4) software integration and verification are performed by adopting a method in DO-178C: software integration and verification are carried out based on the DO-178C standard, the coordination among software codes and between the software codes and hardware is checked, whether the software is correct or not is verified, the safety design is realized, and the safety requirement of the software is met.
Wherein, the step 1) comprises the following steps:
1.1) combining the system theory integrity principle, and from the system perspective, distributing the security function to each element through the overall analysis of the system security;
1.2) identifying system danger, wherein civil aircrafts are typical highly-integrated complex systems and have extremely high requirements on safety, so that the system is checked by referring to methods in civil aircrafts airworthiness standards ARP4754A and ARP4761 to identify the danger existing in the system;
1.3) after the danger existing in the system is identified, further identifying system safety related requirements and system safety constraints of a system level for preventing the danger, wherein the system safety constraints are the same as general functional requirements and only require the system to carry out certain special control, so as to avoid entering a dangerous state;
1.4) after the system safety related requirements and the system safety constraints are identified, designing a control structure to carry out preliminary control on the system according to the system safety related requirements and the system safety constraints, wherein the control structure design should meet the system safety requirements and is continuously analyzed in the design refinement, so that the control structure is improved, when the control structure is defined, a safety control interface of software must be separately defined, a set of safety mechanism is ensured to exist in the software, and the system safety cannot be influenced when the software fails;
1.5) identifying potential abnormal control behaviors, one control actuator can generally generate four types of control exceptions including failure to provide an expected control behavior, incorrect or unsafe control behavior, too late control behavior start and too early control behavior end, so that corresponding abnormal control behaviors are identified according to different control actuators, and the abnormal control behaviors identify interface control mainly concerned between systems and systems, systems and software;
1.6) finding out the reasons of the abnormal control behaviors according to the control structure, wherein the reasons of the abnormal control are divided into two types of control defects and insufficient control behaviors, and the control defects refer to that the abnormal control behaviors are caused by errors of a control algorithm, errors of a control process and insufficient coordination among actuators and are identified by checking a process control loop; inadequate control behavior means that abnormal control behavior is caused by a defect or erroneous sensor or data of the actuator itself when the process model is correct;
1.7) identifying and eliminating the constraint condition and design decision of abnormal control behavior according to the analysis of the step 1.5), further perfecting the safety requirement of the system, defining a new control structure and analyzing again.
The step 2) specifically comprises the following steps:
2.1) grading the software according to the influence degree of software failure on the system safety, and determining the target required to be met in the development process of the software with different levels based on the DO-178C standard;
2.2) decomposing the identified system safety requirement, searching a safety function related to the software as the input of the software life cycle process, and further distributing the system safety requirement to the software;
2.3) further refining the system safety requirements distributed to the software, analyzing the software failure mode possibly causing system risks, the reasons for failure and the influence caused by failure, and providing corresponding improvement measures to form the software safety layer requirements;
and 2.4) forming a software level architecture according to the requirement of a software security high layer, analyzing the reasons of failure modes layer by layer according to different types of software failure modes, and providing corresponding improvement measures until the software code level.
The step 3) specifically comprises the following steps:
3.1) considering from the hierarchy principle of the theory of the system, guaranteeing the independence of the software elements, regarding the software as a system to analyze the safety problem of the body, considering the mutation caused by the interaction between the internal elements of the software from the perspective of the stability and the mutation principle of the theory of the system, further performing safety analysis on the internal elements of the software from the code hierarchy, wherein the key internal elements of the safety analysis comprise an operation mode, an operation state and conditions, fault tolerance and failure tolerance, dangerous command processing, an interface, data, timing, throughput and software scale;
3.2) analyzing the running mode and the running state and condition, searching whether conditions and potential failure risks which can cause unsafe states exist in the whole software requirement, such as conditions of out-of-order, wrong events, improper magnitude, improper polarity, unintentional commands, errors caused by environmental interference, command failure modes and the like, coping with all the unsafe state conditions and potential failure risks, and making appropriate response requirements;
3.3) fault-tolerant and failure-tolerant analysis, wherein a fault-tolerant system is used for processing most possible faults and faults which have low probability of occurrence but are dangerous, a failure-tolerant system is used for processing higher-level errors which can cause system failure, the failure tolerance requirement of software is determined according to the safety level of the software, and a redundancy strategy, conversion logic, a fault detection mechanism, an isolation mechanism and a recovery mechanism are formulated;
3.4) dangerous order processing analysis, identify can cause serious or catastrophic danger, can cause dangerous command that control ability reduce to deal with, include the hardware or software function of receiving, transmitting, starting the critical signal or dangerous order;
3.5) interface analysis, analyzing the error mode and error probability of the interface, and determining a communication method, a data coding method, an error checking method, a synchronization method and a check and error correction code method based on the error mode and error probability of the interface, and ensuring the consistency and integrity of communication protocols of both communication parties when the communication interface data is defined;
3.6) data analysis, defining various data used by software, including defining logic structures of static data, dynamic input and output data and internal generation data, listing a data list and explaining the constraint on the data; specifying data acquisition requirements, specifying characteristics, requirements and ranges of the acquired data; establishing a data dictionary to explain the source, processing and destination of data;
3.7) timing, throughput and software scale analysis, considering system resources and time constraint conditions for safety key functions, analyzing software requirements related to execution time, I/O data rate and memory/storage allocation, such as critical time, automatic safety protection time, sampling rate, memory resources and the like, and designing corresponding margins;
and 3.8) analyzing and designing the software code levels layer by layer to form a low-level requirement of software safety, then compiling the code according to the low-level requirement, and feeding back insufficient or incorrect input found in the coding process to the relevant software process for clarification or correction.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by the present specification, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (5)
1. A highly integrated complex software security analysis method is characterized by comprising the following steps:
1) the method in civil airworthiness standards ARP4754A and ARP4761 is adopted to carry out system security analysis and identify the security requirement of the system;
2) distributing system security requirements to software, and determining software security requirements;
3) performing security analysis on internal elements of the software from a code level;
4) software integration and verification are performed by adopting a method in DO-178C: software integration and verification are carried out based on the DO-178C standard, the coordination among software codes and between the software codes and hardware is checked, whether the software is correct or not is verified, the safety design is realized, and the safety requirement of the software is met.
2. The highly integrated complex software security analysis method according to claim 1, wherein the step 1) specifically comprises the following steps:
1.1) combining the system theory integrity principle, and from the system perspective, distributing the security function to each element through the overall analysis of the system security;
1.2) identifying system danger, checking the system by referring to methods in civil aviation airworthiness standards ARP4754A and ARP4761, and identifying the danger existing in the system;
1.3) after the danger existing in the system is identified, further identifying system safety related requirements and system safety constraints of a system level for preventing the danger, wherein the system safety constraints are the same as general functional requirements and only require the system to carry out certain special control, so as to avoid entering a dangerous state;
1.4) after the system safety related requirements and the system safety constraints are identified, designing a control structure to carry out preliminary control on the system according to the system safety related requirements and the system safety constraints, wherein the control structure design should meet the system safety requirements and is continuously analyzed in the design refinement, so that the control structure is improved, when the control structure is defined, a safety control interface of software must be separately defined, a set of safety mechanism is ensured to exist in the software, and the system safety cannot be influenced when the software fails;
1.5) identifying potential abnormal control behaviors, wherein one control actuator can generally generate four types of control abnormalities, including failure to provide expected control behaviors, error or insecurity of control behaviors, too late control behavior start and too early control behavior end, corresponding abnormal control behaviors are identified according to different control actuators, and the abnormal control behaviors identify interface control mainly concerned between systems and systems, systems and software and between software and software;
1.6) finding out the reasons of the abnormal control behaviors according to the control structure, wherein the reasons of the abnormal control are divided into two types of control defects and insufficient control behaviors, and the control defects refer to that the abnormal control behaviors are caused by errors of a control algorithm, errors of a control process and insufficient coordination among actuators and are identified by checking a process control loop; inadequate control behavior means that abnormal control behavior is caused by a defect or erroneous sensor or data of the actuator itself when the process model is correct;
1.7) identifying and eliminating the constraint condition and design decision of abnormal control behavior according to the analysis of the step 1.5), further perfecting the safety requirement of the system, defining a new control structure and analyzing again.
3. The method for analyzing the safety of the highly integrated complex software according to claim 1, wherein the step 2) specifically comprises the following steps:
2.1) grading the software according to the influence degree of software failure on the system safety, and determining the target required to be met in the development process of the software with different levels based on the DO-178C standard;
2.2) decomposing the identified system safety requirement, searching a safety function related to the software as the input of the software life cycle process, and further distributing the system safety requirement to the software;
2.3) further refining the system safety requirements distributed to the software, analyzing the software failure mode possibly causing system risks, the reasons for failure and the influence caused by failure, and providing corresponding improvement measures to form the software safety layer requirements;
and 2.4) forming a software level architecture according to the requirement of a software security high layer, analyzing the reasons of failure modes layer by layer according to different types of software failure modes, and providing corresponding improvement measures until the software code level.
4. The method for analyzing the safety of the highly integrated complex software according to claim 1, wherein the step 3) specifically comprises the following steps:
3.1) considering from the hierarchy principle of the system theory, ensuring the independence of the software elements, regarding the software as a system to analyze the safety problem of the body of the software, considering the mutation caused by the interaction between the internal elements of the software from the aspects of the stability and the mutation principle of the system theory, and further analyzing the safety of the internal elements of the software from the code hierarchy;
3.2) analyzing the running mode, the running state and the conditions, searching whether conditions and potential failure hidden dangers which can cause unsafe states exist in the whole software requirement, and making appropriate response requirements for all the conditions and potential failure hidden dangers of the unsafe states;
3.3) fault tolerance and fault tolerance analysis, determining the fault tolerance requirement of the software according to the safety level of the software, and making a redundancy strategy, a conversion logic and a fault detection, isolation and recovery mechanism;
3.4) dangerous order processing analysis, identify can cause serious or catastrophic danger, can cause dangerous command that control ability reduce to deal with, include the hardware or software function of receiving, transmitting, starting the critical signal or dangerous order;
3.5) interface analysis, analyzing the error mode and error probability of the interface, and determining a communication method, a data coding method, an error checking method, a synchronization method and a check and error correction code method based on the error mode and error probability of the interface, and ensuring the consistency and integrity of communication protocols of both communication parties when the communication interface data is defined;
3.6) data analysis, defining various data used by software, including defining logic structures of static data, dynamic input and output data and internal generation data, listing a data list and explaining the constraint on the data; specifying data acquisition requirements, specifying characteristics, requirements and ranges of the acquired data; establishing a data dictionary to explain the source, processing and destination of data;
3.7) timing, throughput and software scale analysis, for safety critical functions, taking into account system resources and time constraints, analyzing software requirements related to execution time, I/O data rates and memory/storage allocation and designing corresponding margins;
and 3.8) analyzing and designing the software code levels layer by layer to form a low-level requirement of software safety, then compiling the code according to the low-level requirement, and feeding back insufficient or incorrect input found in the coding process to the relevant software process for clarification or correction.
5. A highly integrated complex software security analysis method as claimed in claim 4, wherein the key internal elements of the security analysis in step 3.1) include operation mode and operation status and condition, fault tolerance and failure tolerance, dangerous command processing, interface, data, timing, throughput and software scale.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110448125.0A CN113051581A (en) | 2021-04-25 | 2021-04-25 | Highly-integrated complex software security analysis method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110448125.0A CN113051581A (en) | 2021-04-25 | 2021-04-25 | Highly-integrated complex software security analysis method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113051581A true CN113051581A (en) | 2021-06-29 |
Family
ID=76520367
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110448125.0A Pending CN113051581A (en) | 2021-04-25 | 2021-04-25 | Highly-integrated complex software security analysis method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113051581A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116107912A (en) * | 2023-04-07 | 2023-05-12 | 石家庄学院 | Security detection method and system based on application software |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170214701A1 (en) * | 2016-01-24 | 2017-07-27 | Syed Kamran Hasan | Computer security based on artificial intelligence |
CN109992963A (en) * | 2019-04-12 | 2019-07-09 | 长沙理工大学 | The protecting information safety method and system of a kind of electric power terminal and its embedded system |
-
2021
- 2021-04-25 CN CN202110448125.0A patent/CN113051581A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170214701A1 (en) * | 2016-01-24 | 2017-07-27 | Syed Kamran Hasan | Computer security based on artificial intelligence |
CN109992963A (en) * | 2019-04-12 | 2019-07-09 | 长沙理工大学 | The protecting information safety method and system of a kind of electric power terminal and its embedded system |
Non-Patent Citations (5)
Title |
---|
史亭文: "航空系统中的软件安全性研究", 《电脑知识与技术》, pages 51 - 54 * |
周新蕾: "软件安全性分析技术及应用", 《质量与可靠性》, pages 37 - 40 * |
赵琪 等: "基于STAMP的飞机起落架收放系统安全性分析", 《内燃机与配件》, pages 31 - 33 * |
邹树梁: "基于STAMP模型的浮动核电站小破口事故安全分析", 《南华大学学报( 自然科学版)》, pages 58 - 65 * |
阚进 等: "提高机载软件安全性的过程保证方法", 《航空电子技术》, pages 28 - 33 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116107912A (en) * | 2023-04-07 | 2023-05-12 | 石家庄学院 | Security detection method and system based on application software |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Torres-Pomales | Software fault tolerance: A tutorial | |
Dubrova | Fault-tolerant design | |
Bozzano et al. | The COMPASS approach: Correctness, modelling and performability of aerospace systems | |
Avizienis | Toward systematic design of fault-tolerant systems | |
Ghandehari et al. | An empirical comparison of combinatorial and random testing | |
CN113051581A (en) | Highly-integrated complex software security analysis method | |
Rugina et al. | An architecture-based dependability modeling framework using AADL | |
Johnson et al. | Design for validation | |
Bishop et al. | The SHIP safety case approach | |
CN112559359B (en) | S-based 2 ML security critical system analysis and verification method | |
Bishop et al. | The ship safety case approach: a combination of system and software methods | |
Hecht | Use of SysML to generate failure modes and effects analyses for microgrid control systems | |
CN107797921A (en) | The acquisition methods of embedded software universal safety demand | |
Leveson | Software safety | |
Thane | Safe and Reliable Computer Control Systems Concepts and Methods | |
Gabsi et al. | A development process for the design, implementation and code generation of fault tolerant reconfigurable real time systems | |
Dugan et al. | System-level reliability and sensitivity analyses for three fault-tolerant system architectures | |
Leveson | Building safe software | |
Wetherholt et al. | Putting safety in the software | |
Nguyen Tran et al. | Hazard Analysis Methods for Software Safety Requirements Engineering | |
Abdulhameed et al. | Software Fault Tolerance: A Theoretical Overview. | |
Leveson | Software fault tolerance in safety-critical applications | |
Gray et al. | A performance model for a distributed flight control system subject to random upsets | |
Saha et al. | Synthesizing fault tolerant safety critical systems | |
Shao et al. | Quantitative Analysis of Software Fault-tolerance Design Modes Based on Probabilistic Model Checking |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |