基于S曲线模型的航空装备嵌入式软件量化安全评估

J4 ›› 2014, Vol. 36 ›› Issue (03): 469-474.

基于S曲线模型的航空装备嵌入式软件量化安全评估

王洪坡1,2,周红建1,王洪雷2

（1.95899部队软件测评中心，北京 100076；2.93619部队自动化站，天津 301716）

收稿日期:2012-09-27 修回日期:2013-01-07 出版日期:2014-03-25 发布日期:2014-03-25

Quantitative safety evaluation of aviation equipment
embedded software based on S-curve model

WANG Hongpo1,2,ZHOU Hongjian1,WANG Honglei2

(1.Software Testing Center,Troop 95899，Beijing 100076;2.Automatic Station,Troop 93619,Tianjin 301716,China)

Received:2012-09-27 Revised:2013-01-07 Online:2014-03-25 Published:2014-03-25

摘要/Abstract

摘要：

软件测试是航空装备嵌入式软件生命周期中的重要环节，如何评估软件测试的效果是一个难题。以软件测试为基础，讨论了航空装备嵌入式软件的生命周期过程中安全缺陷出现的规律，认为它的安全缺陷同样满足S曲线。引入了AML建模理论，基于软件测试数据，建立了某航空嵌入式软件的S曲线模型，预测了软件的总安全缺陷数。对AML理论进行了拓展，讨论了转折点的选取原则。最后，通过卡方检验和预测检验的方法，验证了预测模型与测试数据的匹配性。检验结果表明，AML模型能够很好地模拟实际测试情况，一定程度上消除了数据随机性的影响，其模型具有一定可信度，能够用于航空装备嵌入式软件的安全性分析。

关键词: 航空装备嵌入式软件;S曲线模型;安全缺陷发掘;量化

Abstract:

Software testing is an important phase during the lifetime of aviation equipment embedded software. It is difficult to evaluate the effect of software testing. Based on software testing，discusses the occurrence law of the safety defect existing in aviation equipment embedded software. It is believable that the occurrence law of the embedded software also satisfies the Scurve rule. AML model is introduced to build up the Scurve model of a kind of aviation equipment embedded software based on the defect data gathered during the software testing period. The total defect number of the software is predicted. Finally, ChiSquire verification and prediction error metric are applied to verify the goodness of fit of the software defects. Results show that AML model can model the real safety defects finding process. It eliminates the effects of randomness of the data, so the model is reliable. The predicting data can be trusted to some extent. It can be used to model and analyze the safety of aviation equipment embedded software.

Key words: aviation equipment embedded software;Scurve model;safety defects explore;quantitative

王洪坡1,2,周红建1,王洪雷2. 基于S曲线模型的航空装备嵌入式软件量化安全评估[J]. J4, 2014, 36(03): 469-474.

WANG Hongpo1,2,ZHOU Hongjian1,WANG Honglei2. Quantitative safety evaluation of aviation equipment
embedded software based on S-curve model [J]. J4, 2014, 36(03): 469-474.

参考文献

［1］Zhu Hong. Discussion on improving the twentyfirst century computer science and software industry development strategy of software quality assurance software security［EB/OL］.［20100901］. http://www2.ccw.com.cn/1995/37/135973.html.(in Chinese)
［2］Defense Industry Daily. F22 squadron shot down by the International date line［EB/OL］.［20070301］.http://defenseindustrydaily.com/ F22squadroshotdownbytheInternationalDateLine 03087/.
［3］Wang Qing, Wu Shujian, Li Mingshu. Software defect prediction［J］. Journal of Software, 2008,19(7):15651580.(in Chinese)
［4］Rescorla E. Security holes…Who cares? ［C］∥Proc of the 12th USENIX Security Symposium, 2003:7590.
［5］Joh H C, Kim J, Malaiya Y K. Vulnerability discovery modeling using Weibull distribution［C］∥Proc of the 19th Symposium on Software Reliability Engineer, 2008:299300.
［6］Alhazmi O H，Malaiya Y K. Quantitative vulnerability assessment of systems software［C］∥Proc of Annual Reliability and Maintainability Symposium,2005:615620.
［7］Alhazmi O H, Malaiya Y K, Ray I. Measuring, analyzing and predicting security vulnerabilities in software systems［J］. Computers & Security, 2007,26(3):219228.
［8］Alhazmi O H， Malaiya Y K. Application of vulnerability discovery models to major operating systems［J］.IEEE Transactions on Reliability, 2008,57(1):13581364.
［9］Alhazmi O H， Malaiya Y K. Modeling the vulnerability discovery process［C］∥Proc of the 16th IEEE International Symposium on Software Reliability Engineering (ISSRE’05), 2005:129138.
［10］Wang Hongpo，Zhou Hongjian，Wang Honglei. Quantitative safety analysis of a kind of embedded software［C］∥Proc of IEEE International Conference on Computer Science and Automation Engineering,2011:391397.
［11］Zeng Fuping, Jin Huiliang, Lu Minyan. Study on software detect patterns［J］. Computer Science, 2011,38(2):127130.(in Chinese)
［12］Guo Lina, Yang Yang. A classfication algorithm of detect prediction for software modules based on fuzzy support vector machine［J］. Journal of Nanjing University(Natural Sciences), 2012,48(2):221227.(in Chinese)
［13］Zhao Liang, Hou Jinbao. Software fault prediction on the file and package level［J］. Journal of Tsinghua University(Science and Technology),2011,51(S1):14721476.(in Chinese)
［14］Musa J. Software reliability engineering［M］. New York:McGrawHill, 1999.
［15］GJB/Z102—97，Software reliability and safety design criteria［S］. Beijing：the commission of Science, Technology and Industry for National Defense of the PRC，1997.(in Chinese)
［16］Draft Standard IEC 61508, Functional safety of electrical/electronic/programmable electronic safetyrelated systems［S］. Geneva:International Electrotechnical Commission, 1998.
［17］Madan B B, GosevaPopstojanova K, Vaidyanathan K, et al. A method for modeling and quantifying the security attributes of intrusion tolerant systems［J］. Performance Evaluation, 2004,56(14):167186.
附中文参考文献：
［1］朱鸿. 提高软件质量保障软件安全—探讨21世纪计算机科学与软件产业发展战略［EB/OL］.［20100901］.http://www2.ccw.com.cn/1995/37 /135973.html.
［3］王青，伍书剑，李明树. 软件缺陷预测技术［J］.软件学报，2008,19(7):15651580.
［11］曾福萍，靳慧亮，陆民燕. 软件缺陷模式的研究［J］.计算机科学，2011,38(2):127130.
［12］郭丽娜，杨杨.一种基于模糊支持向量机软件模块缺陷检测算法［J］.南京大学学报（自然科学版），2012,48(2):221227.
［13］赵亮，侯金宝.文件和包层次的软件缺陷预测［J］. 清华大学学报(自然科学版)，2011, 51(S1):14721476.
［15］GJB/Z102—97，软件可靠性和安全性设计准则［S］.北京：国防科学技术工业委员会，1997.