CN110134599A - A kind of system architecture misdeed verification method and device - Google Patents
A kind of system architecture misdeed verification method and device Download PDFInfo
- Publication number
- CN110134599A CN110134599A CN201910384389.7A CN201910384389A CN110134599A CN 110134599 A CN110134599 A CN 110134599A CN 201910384389 A CN201910384389 A CN 201910384389A CN 110134599 A CN110134599 A CN 110134599A
- Authority
- CN
- China
- Prior art keywords
- model
- component
- misdeed
- hierarchical
- automata
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present invention provides a kind of system architecture misdeed verification method and device.This method comprises: establishing the component misdeed model of system using Architecture Analysis and design language AADL, the component misdeed model is the system of systems model comprising component error note;The component misdeed model is mapped as hierarchical automata, the hierarchical automata is formalized model;Use hierarchical automata described in Promela language description;The security attribute input model detection instrument Spin to be verified that the hierarchical automata of the Promela language description and linear time temporal logic are defined is verified, and confirms whether the system of systems model has the security attribute of verifying.The present invention solves the problems, such as that component faults impact analysis correctness is difficult to ensure in avionics system architecture security evaluation process.
Description
Technical field
The present invention relates to aerospace designs field more particularly to a kind of system architecture misdeed verification methods and dress
It sets.
Background technique
What the safety of airborne electronic equipment system referred to that system has do not cause aircrew and passenger's injures and deaths, airborne equipment and
Aircraft damage, property loss or the ability for not jeopardizing personnel health and environment.For the system architecture of design, how efficiently
Ground is influenced on failure and processing is analyzed and verified, and the accuracy and efficiency for promoting safety evaluation is that the field is urgently to be resolved
One of hot issue.
Avionics system is Safety-Critical System, system built-in type software, hardware platform and the mechanical system of control
Interaction is complicated between system.For the security requirement of the development process of aircraft and airborne system, software, hardware, international automatic machine
Society of Engineers (Society of Automotive Engineers International, SAE International) hair
Cloth civil aircraft airborne system and device security evaluation process guide and method (number SAE ARP4761).It will in standard
The a part of security assessment procedure as system development process, including function risk assessment, rudimentary system safety evaluation,
Security of system is assessed, altogether because of links such as analyses.Evaluation process identifies the system with execution aircraft function since conceptual design
Relevant harm, and derive security requirement, verifying design terminates after meeting security requirement.It is often used failure mould in the process
Formula impact analysis (Failure Mode Effects and Analysis, FMEA), failure tree analysis (FTA) (Failure Tree
Analysis, FTA) the methods of carry out system components failure and its influence assessed, above-mentioned conventional method point
Analysis process is complex and has a large amount of repeated works, relies primarily on designer to the experience point of design documentation and system model
Analysis.For complicated avionics system, comprising a large amount of crosslinking component, and intercouple between subsystem, manual analysis method
Heavy workload, process can break down omission or interactive relation is obscured, it is difficult to quickly and accurately obtain analysis result and iteration frame
Structure design.
Summary of the invention
Goal of the invention: it is correct to solve component faults impact analysis in avionics system architecture security evaluation process
The problem of property is difficult to ensure.
In a first aspect, providing a kind of system architecture misdeed verification method, comprising:
The component misdeed model of system is established using AADL, the component misdeed model is to include component mistake
The system of systems model of annotation;
The component misdeed model is mapped as hierarchical automata, the hierarchical automata is form
Change model;
Use hierarchical automata described in Promela language description;
The safety to be verified that the hierarchical automata of the Promela language description and linear time temporal logic are defined belongs to
Property input model detection instrument Spin is verified, and confirms whether the system of systems model has the security attribute of verifying.
Further, the component misdeed model that system is established using Architecture Analysis and design language AADL, packet
It includes:
The architecture that system is described using AADL, obtains architectural model;The architectural model includes each group
Part and its between connection;
Use the error model attachment thing wrong to the type of error of various components, initiation in the architectural model
Part, error propagation and wrong relevant information are annotated, and the component misdeed model is obtained.
It is further, described that the component misdeed model is mapped as hierarchical automata, comprising:
It is sequence automatic machine by component misdeed model conversion;
According to the connection relationship between the system component by the sequence composition of automata be hierarchical automaton.
It is further, described to use hierarchical automata described in Promela language description, comprising:
The state, event and the condition of guarding of the hierarchical automaton are converted to the variable of Promela description;
Define the message interacting channel of Promela description;
The state transition of the hierarchical automaton is converted to the process function of Promela description.
Further, by the hierarchical automata of the Promela language description and linear time temporal logic define to
Verifying security attribute input model detection instrument Spin is verified, and confirms whether the system of systems model has the peace of verifying
Full attribute, comprising:
The system security attribute of expectation verifying is defined using linear time temporal logic;
By the hierarchical automata of the Promela language description and security attribute input model detection instrument to be verified
Spin is verified.
Second aspect provides a kind of system architecture misdeed verifying device, comprising:
Module is established, for establishing the component misdeed model of system, the component misdeed model using AADL
For the system of systems model comprising component error note;
Mapping block, for the component misdeed model to be mapped as hierarchical automata, the level is certainly
Motivation Model is formalized model;
Describing module, for using hierarchical automata described in Promela language description;
Confirmation module, for defining the hierarchical automata of the Promela language description and linear time temporal logic
Security attribute input model detection instrument Spin to be verified verified, confirm whether the system of systems model has verifying
Security attribute.
Further, the module of establishing includes:
It describes unit and obtains architectural model for describing the architecture of system using AADL;The architecture
Model include each component and its between connection;
Annotation unit, for use error model attachment to the type of error of various components in the architectural model,
Event, error propagation and the wrong relevant information for causing mistake are annotated, and the component misdeed model is obtained.
Further, the mapping block includes:
Converting unit, for being sequence automatic machine by component misdeed model conversion;
Assembled unit, for according to the connection relationship between the system component by the sequence composition of automata be level
Automatic machine.
Further, the describing module includes:
Converting unit, for the state, event and the condition of guarding of the hierarchical automaton to be converted to Promela description
Variable;The state transition of the hierarchical automaton is converted to the process function of Promela description;
Definition unit, for defining the message interacting channel of Promela description.
The third aspect provides a kind of computer-readable storage medium, instruction, the finger is stored on the storage medium
The step of enabling the method that first aspect is realized when being executed by processor.
The utility model has the advantages that
This method is related to a kind of system architecture misdeed verification method and device, first against system function requirement
And security objectives, establish architectural model;Then, the misdeed of component and caused is described using error model attachment
Failure influences, and uses hierarchical automaton as intermediate state, realizes architecture misdeed model by transfer algorithm
Formalized description;Finally, realizing the verification of correctness of security requirement by model inspection.It is applied to airborne electronic equipment system
Safety analysis process, is able to verify that whether the component erroneous effects of architecture Design and counter-measure meet the safety of system
Property target, promotes the accuracy and efficiency of safety evaluation.
Detailed description of the invention
Fig. 1 is the schematic diagram of architecture misdeed validation framework provided in an embodiment of the present invention;
Fig. 2 is the schematic diagram of component misdeed model description provided in an embodiment of the present invention;
Fig. 3 is component misdeed illustraton of model provided in an embodiment of the present invention;
Fig. 4 is the schematic diagram of the system architecture model of Promela description provided in an embodiment of the present invention;
Fig. 5 is the schematic diagram of verification result provided in an embodiment of the present invention.
Specific embodiment
The frame of this method modeling and verifying is as shown in Figure 1.Frame first against system function requirement, security objectives,
Design and develop the system architecture model comprising component error note;Then application construction algorithm is by architectural model form
Change is converted to hierarchical automaton, and uses Promela language description;System of systems is verified finally by model checking tools Spin
Whether structure energy model meets security requirement, is such as unsatisfactory for, and provides counter-example and realizes location of mistake, provides for system Iterative Design
Foundation.
The embodiment of the present invention by establish system architecture model, modelling component misdeed, formalized description conversion,
The mechanism such as model inspection realize the Formal Verification of security attribute, are provided with for the component misdeed analysis of avionics system
Power is supported.
The specific embodiment of each component part of this method are as follows:
The modeling of 1 component misdeed
AADL is the architecture modeling standard language of embedded system, describes the level of system software and hardware component
Structure.AADL defines three types component: component software executes platform assembly, system component.Component software include thread,
The submodels such as sets of threads, process, data, the architecture of the types of applications software for including in description system;Execute platform
Component includes the submodels such as processor, memory, equipment, bus, the architecture of each hardware module for describing composition system;
Syntagmatic and hierarchical structure of the system component for soft and hardware component in abstract system, establish the architecture of system.Component
Using the external interface of characterizing definition in statement, component realize in using the interface between connection series component, description component it
Between behavior interaction, use stream description inter-module information transmit.
In order to support the fault modeling of embedded system, SAE International to extend AADL standard, increase mistake
Model attachment (Error Model Annex) carries out the attributes such as type of error, event, the propagation of architectural model of system
Annotation, newest released version are EMV2.EMV2 introduces the classification of type of error concept identification mistake, supports in three abstraction levels
Architecture misdeed modeling: (1) in modeling the error source of failure and its by propagate to other assemblies or operation ring
The influence in border;(2) malfunction caused by the event and misdeed that the mistake inside modelling component occurs;(3) from subsystem
The angle of system is combined system mistake behavior abstract, builds to the subordinate relation for the subsystem error that the system failure includes
Mould.In addition, EMV2 introduces type of error concept to identify different types of fault, failure and propagation.AADL description
EMV2 model as shown in Fig. 2, define type of error, error condition, error propagation receive and outgoing interface, modeled error row
For state transition caused by combinations of states and mistake.The graphic representation of model is as shown in figure 3, subsystem Sub2 receives mistake
Error1 spreads out of mistake Error2.
The formalization of 2 architectural models is converted
AADL is the unified language for modeling software architecture of system engineering, has the characteristics that grammer is simple, graphical, expansible, is used
To describe and the hierarchical structure of each component part of analysis system and connection interaction.Formalization method can be realized to it is semantic more
Accurate description, and AADL belongs to high-rise modeling language, the natural language description constraint and detailed semanteme formalized using half, this
Body lacks verifying analysis means.In order to realize Formal Verification and the analysis of architecture, use hierarchical automata as
Intermediate state realizes the conversion for arriving Promela language.
Define 1: sequence automatic machine (Sequential Automata, SA) may be defined as following four-tuple SA=(σ,
S0,λ,δ)。
σ is the finite state set in SA;
S0It is unique original state;
λ is state transition set, and λ is special composite construction, can be indicated with five-tuple, t ∈ λ=(sr, ev, g, ac,
Td), sr is source state, and ev is the event sets of triggering migration, and g is the condition of guarding of migration, and ac is the action lists executed, td
It is dbjective state;
Indicate the transition relationship set between each state;
Define 2: hierarchical automaton (Hierarchical Automata, HA), is formed by sequence composition of automata, table
Show the nesting and the contents such as concurrently of state in system.HA can be expressed as a five-tuple, HA=(F, E, ρ, Λ).
F is the finite aggregate with the SA of non-intersecting state set;
E is one group of limited event sets;
Tree is constructed for F set by refining function ρ, wherein the root automatic machine of existence anduniquess, each non-root is certainly
Motivation has a parent status, and does not have cyclic structure;
Λ=∪A∈FλAIt is the state transition set in hierarchical automaton.
AADL description system architecture misdeed model describe system each component units and its between mutually close
System, and EMV2 model is introduced for each component, the attributes such as annotation type of error, event, propagation can pass through following transformation rule structure
It is made as hierarchical automata.
Algorithm 1: the hierarchical automaton construction algorithm of architecture misdeed
Input: the system architecture misdeed model of AADL description
Output: hierarchical automata
Step 1: it is sequence automatic machine by the misdeed model conversion of each component, it first will be fixed in error behavior
The error condition (state) of justice is mapped as state in the σ set of sequence automatic machine SA, and wherein initial mode is mapped as S0,
Indicate original state;Then the error condition automatic machine migration (transitions) of component is mapped as to the shape of sequence automatic machine
State migrates set λ, and wherein sr is the mapping of source error condition, ev be the received error propagation of component (in propagation) and
The mapping of the internal event (events) of definition, g be the type of error that causes of error propagation interface or component internal event whether
The mapping of type is defined, ac is the movement that component propagates that wrong (in propagation) is executed outward, and td is target error shape
The mapping of state;All error conditions of component and the compound mapping of migration are the transition relationship set between each state of sequence automatic machine
δ。
Step 2: built-up sequence automatic machine is hierarchical automaton, and whole sequence automatic machines that step 1 is converted are collected into not
Intersection set F;The outside propagation of all components mistake (out propagation) is defined as event sets E;It refines letter
Number ρ is the mapping function of inter-module inclusion relation and component error condition, and SA is mapped to (parallel) automatic machine with tree form
In set;Inter-module mistake propagates (out propagation) outward and inwardly receives error propagation (in propagation)
Matching forms the transition relationship Λ of each SA in hierarchical automaton.
3 component misdeed security verifications
Formalization method is a kind of method of mathematics, using sequential logic, automatic machine, Petri network scheduling theory, can standardize ground
Verify the computer system model of multiple fields.Model inspection is one of authentication policy of formalization method, is establishing system mould
On the basis of type, the desired property of system is described using temporal logic formula, passes through explicit state search or implicit fixed point meter
It calculates to verify mode/proposition property of finite state concurrent system, provides counter-example for wrong properties, realize location of mistake.
SPIN (Simple Promela Interpreter) is the model checking tools developed by AT&T Labs, has good calculation
Method design and efficient detectability are cited as the prize of ACM Excellent Software system.SPIN tool uses Promela Language Modeling pair
As system, the property of expectation verifying is expressed based on LTL (Linear Temporal Logic, linear time temporal logic).
By architecture misdeed model form specification at Promela model is converted into after hierarchical automaton, realize
The model inspection of SPIN tool inputs.The method that it is converted is as follows:
Algorithm 2: hierarchical automaton is converted to Promela and describes algorithm
Input: hierarchical automaton SEHA
Output: the system model of Promela description
Each state Sx (x is status number) is defined as bit type in σ set in the sequence automatic machine HA that step 1:SEHA includes
Variable FSx indicates to be activated when mistake occurs for the state when equal to 1;It enumerates (mtype) and defines each state variable MSx, indicate shape
Purpose process identification (PID) message is sent between state process in channel;
Step 2: by set E in SEHA and comprising HA in ev set in event Ey (y is Case Number) be defined as bit
Type variable BEy indicates event when being equal to 1;
Step 3: by set Λ in SEHA and comprising HA in g set in guard condition Gz (z is condition number) definition
For bit type variable BGz, indicate that condition is true when equal to 1;
Step 4: defining the channel (chan) of inter-process messages interaction, transmitting type of message is the state piece that step 1 defines
It lifts type (mtype);
Step 5: state Sx being converted into corresponding process (proctype) function Statex one by one and is defined, process process is
Indivisible atomic unit executes, and uses atomic key prefix.To each state, all migration letters in Λ and λ are traversed
Number t ∈ (λ ∪ Λ)=(sr, ev, g, ac, td), as td be equal to current state generate receive message (?), activate corresponding states FSx
=1;As sr be equal to current state generate send message (!), adding corresponding migration event and guarding condition is decision condition
(BEy==1&&BGz==1), as td be combined state, need to based on priority solve conflict, successively activate dbjective state (contain
Parallel state);The movement in ac is executed, the event of error propagation and the condition of guarding are set to true (BEy=1, BGz=1), triggering
Error propagation.
By the architecture misdeed model form specification of AADL description at being converted into Promela after hierarchical automaton
The system model of description, code snippet are as shown in Figure 4.By the LTL with property to be verified of the system model of Promela description
Formula Input Technology detection instrument Spin, emulation obtain the other assemblies mistake caused by component faults, obtain after executing Property Verification
Can be as shown in Figure 5 as a result, judging whether system meets the attribute of verifying.
Architecture misdeed verification method the present invention is based on model is by the system knot of research object during MDA
Structure model is introduced into safety evaluation process, is analyzed and is organically combined with model inspection, promotes the degree of automation of verification process,
Whether effective confirmation system meets security requirement to the processing of component misdeed.
This method has the advantage that
1) measured unified language for modeling software architecture AADL describes the hierarchical structure of system software and hardware component, makes
The attributes such as the type of error of component, event, propagation are annotated with error model attachment (Error Model Annex), clearly
It is clear, system architecture is accurately described.
2) the system architecture model comprising misdeed is established using error model attachment, by architecture design and safety
Property analysis organically combine.
3) use hierarchical automaton as intermediate state, application construction algorithm realizes the automatic conversion to Promela model,
The architecture modeling and formalization high conversion efficiency, reusability of system are good.
4) whether application form method meets peace using model checking tools Spin verifying system architecture energy model
Full property requirement, analytic process are accurate, efficient.
The operation troubles of avionics system may cause catastrophic consequence, it is necessary to carry out as early as possible to architecture Design
Assessment, analytic unit misdeed influence the security objectives for whether meeting system with counter-measure.This method can be verified in advance
The misdeed and influence of system components, are confirmed whether to meet security requirement, improve architecture security demand and test
The efficiency and accuracy of card are effective supplements to conventional method.
Claims (10)
1. a kind of system architecture misdeed verification method characterized by comprising
The component misdeed model of system, the component misdeed model are established using Architecture Analysis and design language AADL
For the system of systems model comprising component error note;
The component misdeed model is mapped as hierarchical automata, the hierarchical automata is formalization mould
Type;
Use hierarchical automata described in Promela language description;
The security attribute to be verified that the hierarchical automata of the Promela language description and linear time temporal logic are defined is defeated
Enter model checking tools Spin to be verified, confirms whether the system of systems model has the security attribute of verifying.
2. the method according to claim 1, wherein described established using Architecture Analysis and design language AADL is
The component misdeed model of system, comprising:
The architecture that system is described using AADL, obtains architectural model;The architectural model include each component and
Connection between it;
Using error model attachment to the type of error of various components, the event for causing mistake, mistake in the architectural model
Misinformation is broadcast and wrong relevant information is annotated, and obtains the component misdeed model.
3. according to the method described in claim 2, it is characterized in that, described be mapped as level for the component misdeed model
Automaton model, comprising:
It is sequence automatic machine by component misdeed model conversion;
According to the connection relationship between the system component by the sequence composition of automata be hierarchical automaton.
4. according to the method described in claim 3, it is characterized in that, described automatic using level described in Promela language description
Machine model, comprising:
The state, event and the condition of guarding of the hierarchical automaton are converted to the variable of Promela description;
Define the message interacting channel of Promela description;
The state transition of the hierarchical automaton is converted to the process function of Promela description.
5. according to the method described in claim 4, it is characterized in that, by the hierarchical automaton mould of the Promela language description
The security attribute input model detection instrument Spin to be verified that type and linear time temporal logic define is verified, and confirms the system
Whether system model has the security attribute of verifying, comprising:
The system security attribute of expectation verifying is defined using linear time temporal logic;
By the hierarchical automata of the Promela language description and security attribute input model detection instrument Spin to be verified
It is verified.
6. a kind of system architecture misdeed verifies device characterized by comprising
Module is established, for establishing the component misdeed model of system using Architecture Analysis and design language AADL, described group
Part misdeed model is the system of systems model comprising component error note;
Mapping block, for the component misdeed model to be mapped as hierarchical automata, the hierarchical automaton
Model is formalized model;
Describing module, for using hierarchical automata described in Promela language description;
Confirmation module, for by the hierarchical automata of the Promela language description and linear time temporal logic define to
Verifying security attribute input model detection instrument Spin is verified, and confirms whether the system of systems model has the peace of verifying
Full attribute.
7. device according to claim 6, which is characterized in that the module of establishing includes:
It describes unit and obtains architectural model for describing the architecture of system using AADL;The architectural model
Including each component and its between connection;
Annotation unit, for using error model attachment to the type of error of various components, initiation in the architectural model
Event, error propagation and the wrong relevant information of mistake are annotated, and the component misdeed model is obtained.
8. device according to claim 7, which is characterized in that the mapping block includes:
Converting unit, for being sequence automatic machine by component misdeed model conversion;
Assembled unit, for according to the connection relationship between the system component that the sequence composition of automata is automatic for level
Machine.
9. device according to claim 8, which is characterized in that the describing module includes:
Converting unit, for the state, event and the condition of guarding of the hierarchical automaton to be converted to the change of Promela description
Amount;The state transition of the hierarchical automaton is converted to the process function of Promela description;
Definition unit, for defining the message interacting channel of Promela description.
10. a kind of computer-readable storage medium, instruction is stored on the storage medium, which is characterized in that described instruction
The step of any one of claim 1-5 the method is realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910384389.7A CN110134599B (en) | 2019-05-09 | 2019-05-09 | System architecture error behavior verification method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910384389.7A CN110134599B (en) | 2019-05-09 | 2019-05-09 | System architecture error behavior verification method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110134599A true CN110134599A (en) | 2019-08-16 |
CN110134599B CN110134599B (en) | 2023-06-23 |
Family
ID=67576776
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910384389.7A Active CN110134599B (en) | 2019-05-09 | 2019-05-09 | System architecture error behavior verification method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110134599B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111274699A (en) * | 2020-01-19 | 2020-06-12 | 北京航空航天大学 | SmartIflow-based AADL (architecture analysis and design language) model security analysis method |
CN111679646A (en) * | 2020-04-28 | 2020-09-18 | 华东师范大学 | Formalization-based automobile electronic system safety target confirmation method |
CN112306476A (en) * | 2020-11-03 | 2021-02-02 | 中国航空工业集团公司西安航空计算技术研究所 | Embedded system security modeling method |
CN112416336A (en) * | 2020-11-11 | 2021-02-26 | 北京京航计算通讯研究所 | Software architecture design method for aerospace embedded system |
CN112559359A (en) * | 2020-12-22 | 2021-03-26 | 华东师范大学 | Based on S2ML safety critical system analysis and verification method |
WO2024095270A1 (en) * | 2022-11-03 | 2024-05-10 | Codium Ltd. | System and method of software behavior analysis |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102880548A (en) * | 2012-09-18 | 2013-01-16 | 西北工业大学 | AADL (Architecture Analysis and Design Language) reliability model generation method based on behavior description |
US20140208287A1 (en) * | 2013-01-18 | 2014-07-24 | Harbin Institute Of Technology | Energy Consumption Simulation and Evaluation System for Embedded Device |
US20170169149A1 (en) * | 2015-12-15 | 2017-06-15 | International Business Machines Corporation | System design using accurate performance models |
CN108376221A (en) * | 2018-02-27 | 2018-08-07 | 哈尔滨工业大学 | A kind of software system security verification and appraisal procedure based on AADL model extensions |
CN108491196A (en) * | 2018-02-07 | 2018-09-04 | 南京航空航天大学 | A kind of graphical behaviour modeling methods of AADL |
CN109634600A (en) * | 2018-10-30 | 2019-04-16 | 西安电子科技大学 | A kind of code generating method based on security extension SysML and AADL model |
-
2019
- 2019-05-09 CN CN201910384389.7A patent/CN110134599B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102880548A (en) * | 2012-09-18 | 2013-01-16 | 西北工业大学 | AADL (Architecture Analysis and Design Language) reliability model generation method based on behavior description |
US20140208287A1 (en) * | 2013-01-18 | 2014-07-24 | Harbin Institute Of Technology | Energy Consumption Simulation and Evaluation System for Embedded Device |
US20170169149A1 (en) * | 2015-12-15 | 2017-06-15 | International Business Machines Corporation | System design using accurate performance models |
CN108491196A (en) * | 2018-02-07 | 2018-09-04 | 南京航空航天大学 | A kind of graphical behaviour modeling methods of AADL |
CN108376221A (en) * | 2018-02-27 | 2018-08-07 | 哈尔滨工业大学 | A kind of software system security verification and appraisal procedure based on AADL model extensions |
CN109634600A (en) * | 2018-10-30 | 2019-04-16 | 西安电子科技大学 | A kind of code generating method based on security extension SysML and AADL model |
Non-Patent Citations (4)
Title |
---|
QIANXIN WEI,JIAN JIAO,TINGDI ZHAO: "Flight control system failure modeling and verification based on SPIN", 《SCIENCEDIRECT》 * |
刘建军等: "基于AADL的机载设备***可靠性建模", 《航空计算技术》 * |
张频等: "UML模型检测方法的研究", 《计算机应用》 * |
李东民,李静,林华锋: "基于故障树分析的嵌入式***AADL模型可靠性分析方法", 《计算机科学》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111274699A (en) * | 2020-01-19 | 2020-06-12 | 北京航空航天大学 | SmartIflow-based AADL (architecture analysis and design language) model security analysis method |
CN111679646A (en) * | 2020-04-28 | 2020-09-18 | 华东师范大学 | Formalization-based automobile electronic system safety target confirmation method |
CN112306476A (en) * | 2020-11-03 | 2021-02-02 | 中国航空工业集团公司西安航空计算技术研究所 | Embedded system security modeling method |
CN112306476B (en) * | 2020-11-03 | 2023-04-14 | 中国航空工业集团公司西安航空计算技术研究所 | Embedded system security modeling method |
CN112416336A (en) * | 2020-11-11 | 2021-02-26 | 北京京航计算通讯研究所 | Software architecture design method for aerospace embedded system |
CN112416336B (en) * | 2020-11-11 | 2023-04-28 | 北京京航计算通讯研究所 | Software architecture design method for aerospace embedded system |
CN112559359A (en) * | 2020-12-22 | 2021-03-26 | 华东师范大学 | Based on S2ML safety critical system analysis and verification method |
CN112559359B (en) * | 2020-12-22 | 2024-03-22 | 华东师范大学 | S-based 2 ML security critical system analysis and verification method |
WO2024095270A1 (en) * | 2022-11-03 | 2024-05-10 | Codium Ltd. | System and method of software behavior analysis |
Also Published As
Publication number | Publication date |
---|---|
CN110134599B (en) | 2023-06-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110134599A (en) | A kind of system architecture misdeed verification method and device | |
Bozzano et al. | The COMPASS approach: Correctness, modelling and performability of aerospace systems | |
Abdulkhaleq et al. | A comprehensive safety engineering approach for software-intensive systems based on STPA | |
Lahtinen et al. | Model checking of safety-critical software in the nuclear engineering domain | |
Huang et al. | Complete model-based equivalence class testing | |
Clark et al. | A study on run time assurance for complex cyber physical systems | |
Backes et al. | Requirements analysis of a quad-redundant flight control system | |
Bochot et al. | Model checking flight control systems: The Airbus experience | |
US20190179727A1 (en) | Automatic setting of multitasking configurations for a code-checking system | |
Grunske et al. | Automatic generation of analyzable failure propagation models from component-level failure annotations | |
Singh et al. | Software reliability early prediction in architectural design phase: Overview and Limitations | |
Peleska et al. | Model-based testing for avionic systems proven benefits and further challenges | |
Laurent | Using formal methods and testability concepts in the avionics systems validation and verification (v&v) process | |
Buzhinsky et al. | Model-checking detailed fault-tolerant nuclear power plant safety functions | |
CN107808020A (en) | Based on the computer interlocking software exploitation of formalized model exploitation with realizing system | |
Heitmeyer | Formal methods for specifying, validating, and verifying requirements. | |
Grunske et al. | Specification and evaluation of safety properties in a component-based software engineering process | |
Pakonen et al. | Verification of fault tolerant safety I&C systems using model checking | |
Sinha et al. | Reliability and availability prediction of embedded systems based on environment modeling and simulation | |
Lawford et al. | Application of tabular methods to the specification and verification of a nuclear reactor shutdown system | |
CN112559359B (en) | S-based 2 ML security critical system analysis and verification method | |
Björkman et al. | Verification of safety logic designs by model checking | |
Zhang et al. | Test case generation from formal models of cyber physical system | |
Nagy et al. | Simulation-based Safety Assessment of High-level Reliability Models | |
US20220067239A1 (en) | Computer-implemented method and computerized device for testing a technical system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |