CN106020826B - A kind of safe case modeling method based on template - Google Patents
A kind of safe case modeling method based on template Download PDFInfo
- Publication number
- CN106020826B CN106020826B CN201610346291.9A CN201610346291A CN106020826B CN 106020826 B CN106020826 B CN 106020826B CN 201610346291 A CN201610346291 A CN 201610346291A CN 106020826 B CN106020826 B CN 106020826B
- Authority
- CN
- China
- Prior art keywords
- template
- safe case
- safe
- case
- demonstration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/20—Software design
- G06F8/22—Procedural
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The safe case modeling method based on template that the present invention relates to a kind of, the described method comprises the following steps: carrying out domain analysis to safe case, extracts the concept, relationship and constraint of safe case;Safe case is modeled, establishes safe case meta-model storage in the database;Safe case template storage is established in the database according to meta-model, including safety demonstration template, System describe template, security requirement template, hazard analysis template and risk management template;Constraint rule is established to safe case template and is stored in the database;It calls safe case template to write safe case from database, carries out safety demonstration.The method instructs related personnel to carry out safety demonstration to system and write to safe case;Avoid the imperfection for describing to generate when safe case;Ambiguity caused by the safe case of natural language description is alleviated, and then completely, clearly shows safe case.
Description
Technical field
The present invention relates to field of computer technology more particularly to a kind of safe case modeling methods based on template.
Background technique
Safety-Critical System refers to that the failure of system may cause forfeiture, important property loss or the ring of human life
The system that border is destroyed.In aerospace field, many Safety-Critical System depended softwares are to realize target.With the correlation of software
Technology is more and more mature, and the application of Airborne Software is also more and more.Software security derives from system.Software potentially contributes to increase
The safety of strong system, it is also possible to system is set in precarious position, to reduce the safety of system.
It is the ability that software operation does not cause harm to the system that MIL-STD-882D, which defines software security,.NASA
8719.13A defines software security and refers in software life-cycle, application security engineering technology, it is ensured that software is taken actively
Measure improve security of system, it is ensured that the mistake of security of system has been reduced to its influence and can be controlled in a risk and can connect
In the level received.Leveson points out that software security refers to that ensuring that software executes in system context not will lead to system
The characteristic of unacceptable risk.Software security derives from system.Software potentially contributes to the safety of enhancing system, also has
System may be set in precarious position, to reduce the safety of system.Therefore, it when studying software security, does not imply that
Whether software itself is safety that is safe, and referring to the system using the software, that is, refer to software operation when do not cause be
The ability of system harm.
The software systems of many country's all regulation Safety-Critical Systems must could be used by stringent safety certification.For
The safety of certifying software, many security critical industrial departments (such as national defense industry, aircraft industry, nuclear industry and railway
Industry) use the method for " safe case " all to prove the safety of system.
In the 1970s, Britain proposes, one kind is mandatory, should be readily appreciated that and rationally effectively prove security of system
Method -- safe case, safety demonstration activity output result is submitted according to passing in principle for " who advocate, who certification " -- safety
Case meets all kinds of evidences of security target to show.Safe case is negative by first party (system design, exploitation and operating agency)
Duty is worked out, and is collected by document, the report etc. that generate during designing system, manufacture, integrate and safeguard etc., is whole
Reason and analysis, help the side of assessment to fully understand the reliability and safety of system.Therefore safe case is to complete security evaluation
Important evidence, safety demonstration become assessment side and know the evaluated safe confidence in side as most important part in safe case
Important way.At present to none the unified definition of safe case, definition for safe case, different field has not it
Same definition.In military aviation field, Defence Standard DS 00-55 points out that safe case includes: that (1) definition system configuration (2) is retouched
It states demand for security, target and attribute (3) description system design (4) and the reasons why designing equipment and system airworthiness (packet is provided
Include the design to equipment and system change) (5) be described in detail airworthiness evidence (including analysis, test, result of examination etc.)
(6) it identifies to reach the limitation of the security level of requirement and regulation.
At present on the representation method of safe case mainly include the following types:
(1) free text representation
Early stage commonly uses the form of free text to indicate safe case, such as Fig. 1 is from a true industrial department
Safe use-case in a segment, expose many defects of free text description.It is its sentence expression meaning first
It is indefinite, and sentence structure is chaotic, so that different people may have different understanding for its safe case indicated, therefore
Safety demonstration represented by it can have ambiguity and ambiguity.In addition, though target or evidence addition should be quoted,
Its information, but cross reference present in text is described in detail, the main process of argumentation will disperse, to influence safety demonstration
Statement.Also, free text also lacks the description to many information: the contextual information of such as goal decomposition, specific term
Explanation etc..Due to having the feature of its inorganization of text and confusion by oneself, also many troubles can be brought for the management of safe case.
(2) Toulmin representation
Nineteen fifty, Toulmin give a conceptual frame and graphical sysmbol to indicate the structure of safe case.It should
Method is made of 3 elements: (target indicates the property of system or subsystem by Data (data prove required evidence), Claim
Matter) and Warrant (according to connecting evidence and target, showing how evidence supports target).This method, which highlights, " to be needed to discuss
Difference between the target of card " and " the fact that discuss target ", therefore symbol " according to " is introduced to indicate the thing of support target
It is real.
(3) target structural representation
GSN (target structural representation) is the most common method for indicating safe case, it both can be clearly
Three elements (target, the process of argumentation, evidence) for representing safe case, may also indicate that out between this three element relationship (such as
How individual demand is supported how security target is supported by safe evidence, Yi Jiding by specific security target
Justice specific context in demonstration).The general objective G1 of safe case is that " all identifiable harm are all eliminated or effectively
Mitigate ".C1 and C2 is the context-descriptive of the target, according to the demonstration strategy that parallelogram indicates, is broken down into 3 sons
Target G2, G3, G4, then three sub-goals are proved respectively, finally obtain evidence Sn1 required for proving target G1 and
Sn2。
In the prior art of safe case modeling at present, there are many problems.Being first should in safe case
There is no unified regulation in the content of description, therefore content is different on describing safe case.Followed by not to safe case
One complete description method, current textual and patterned description method are provided, also bring structure it is chaotic, can not be complete
The problems such as describing safe case.And in the description of safe case also without any constraint rule so that its there are ambiguity,
The problems such as ambiguity.In addition, also writing safe case without safety demonstration guide for method user carries out safety demonstration with this.
Summary of the invention
In view of above-mentioned analysis, the present invention is intended to provide a kind of safe case modeling method based on template, for avoiding
The imperfection generated when safe case is described;Mitigate ambiguity caused by the safe case of natural language description, and then completely,
Clearly show safe case.
The purpose of the present invention is mainly achieved through the following technical solutions:
A kind of safe case modeling method based on template, which comprises the following steps:
Step S1, domain analysis is carried out to safe case, extracts the concept, relationship and constraint of safe case;
Step S2, safe case is modeled according to domain analysis, establishes safe case meta-model, and be stored in database
In;
Step S3, safe case template, including safety demonstration template, System describe mould are established according to safe case meta-model
Plate, security requirement template, hazard analysis template and risk management template, storage is in the database;
Step S4, constraint rule is established to safe case casting formwork and stores in the database;
Step S5, safe case template is called to carry out safety demonstration from database.
The step S1 is further included steps of
The concept and definition of safe case are investigated, analyze the concept of safe case, its component part and its it
Between relationship, constraint.
Safe case meta-model described in step S2 further comprises:
Security target, demonstration strategy, system, security requirement, harm, risk bearing entity.
Safe case template described in step S3 further comprises:
Safety demonstration template, System describe template, security requirement template, hazard analysis template, risk management template.
The safety demonstration template be used for describe safe case core -- safety demonstration further comprises: pass through demonstration
Safe general objective is decomposed into sub-goal by strategy, then is decomposed respectively to sub-goal, until safe evidence can be supported directly
Sub-goal.
The safety demonstration template includes:
Security target domain, evidence domain and demonstration strategy domain.
Constraint rule described in step S4 further comprises:
It provides keyword, adds semantic rules, the specific form of expression of design language realizes semi-structured description.
The step S5 further comprises:
Safety demonstration template is called from database, carries out security target decomposition;
Calling system description template carries out System describe;
Security requirement, hazard analysis, risk management template is called to carry out safety analysis correlation specification;
To establish safe case model.
The present invention has the beneficial effect that:
The safe case modeling method based on template that the invention discloses a kind of, according to safe case specification and its about
Beam rule, provides a kind of safety demonstration method, and system development and maintenance personnel is instructed to carry out safety demonstration to corresponding software;Refer to
Guiding systems exploitation and maintenance personnel write safe case, avoid the imperfection for describing to generate when safe case;Mitigate
Ambiguity caused by natural language description safe case, and then completely, clearly show safe case.The template is advantageous
In to system progress safety Design, maintenance and verifying.
Other features and advantages of the present invention will illustrate in the following description, also, partial become from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by written explanation
Specifically noted structure is achieved and obtained in book, claims and attached drawing.
Detailed description of the invention
Attached drawing is only used for showing the purpose of specific embodiment, and is not to be construed as limiting the invention, in entire attached drawing
In, identical reference symbol indicates identical component.
Fig. 1 is the flow chart of specific embodiment of the invention the method.
Specific embodiment
Specifically describing the preferred embodiment of the present invention with reference to the accompanying drawing, wherein attached drawing constitutes the application a part, and
Together with embodiments of the present invention for illustrating the principle of the present invention.
The specific embodiment of the invention discloses a kind of safe case modeling method based on template, specifically includes following step
It is rapid:
Step S1, obtain safe case, domain analysis carried out to safe case, extract the concept of safe case, relationship and
Constraint;
Specifically, the concept and definition of safe case are investigated, analyze concept, its component part of safe case
Relationship, constraint between and its.
Step S2, safe case is modeled according to domain analysis, establishes safe case meta-model, and be stored in database
In, including entities such as security target, demonstration strategy, system, security requirement, harm, risks.
Step S3, safe case template is established according to safe case meta-model and stored in the database, including discuss safely
Demonstrate,prove template, System describe template, security requirement template, hazard analysis template and risk management template.
Specifically include following sub-step:
Safe case template part 1-safety demonstration template is established, as shown in table 1:
Table 1
The safety demonstration template be used for describe safe case core -- safety demonstration further comprises:
Safe general objective is decomposed into sub-goal by demonstration strategy, then sub-goal is decomposed respectively, until safety
Evidence can directly support sub-goal.
The safety demonstration template includes: security target domain, evidence domain and demonstration strategy domain.
The domain Objective Section is security target domain, is described for the various aspects to security target, such as:
Security target numbers (Object NO), goal description (Object Description), goal constraint (Object
Constraints) indicate that the constraint condition of target, goal hypothesis (Object Assumption) expression carry out the target
Assuming that, explanation of the target context (Object Context) to term and scene in target, decomposition field
(Decomposition Section).Wherein decomposition field mainly describes the information that next step decomposition is carried out to the target, mainly has
Decomposition type (Decomposition Type) indicates that the goal decomposition is sub-goal or evidence, strategy number (Strategy
NO), policy depiction (Strategy Des), policy contexts (Strategy Context) are to make solution to the term in strategy
The sub-goal release, decomposed numbers (Sub-Objectives NO) and the evidence of the target is supported to number (Evidences NO).
Evidence Section is evidence domain, and the information of the evidence of target is supported in description.It is numbered including evidence
The number (Objective-support NO) of (Evidence NO), evidence title (Evidence Name), the target supported
Indicate its can directly support which target, evidence structure (Evidence Structure) indicates should be by which inside the evidence
A few part compositions, the evidence (Source Artifacts) from which product.
Safe case template part 2-System describe template is established, as shown in table 2,
Table 2
The System describe template includes the general introduction to whole system, in order to better understand safety demonstration, wrap
It includes:
Safety Level, to describe the security level of system, value range is 1~5, respectively represents disaster, danger
Danger, serious, heavier, lighter and without influence, value is smaller, and security level is higher;
System Activities refers to the activity to be carried out in systems life cycle.Potential Hazards
Analysis refers to that potential hazard is analyzed, and mainly description endangers recorded in log that institute is harmful to be all taken into account, and
Potential risks are quantitatively evaluated, record harm and the corresponding safe precaution measure of every kind of harm in log are endangered,
And prove their validity;
Safety Standard refers to the safety standard of reference;
System Configration refers to system configuration information.
Safe case template part 3-security requirement template is established, as shown in table 3:
Table 3
The security requirement template describes all security requiremenies of system, including functional nand function safety
Demand, and the retrospective between system requirements and software security demand is described, including harm associated by the demand
Harm, safety standard in analysis or the derivation security requirement for arriving the Requirement Decomposition.Furthermore software high rise building safety needs
Asking may be decomposed to obtain by other security requiremenies, or derivative new demand in the analysis process, record its derivation
Reason.Retrospective between demand and demand has decomposition, derives from two kinds of relationships.Software high rise building safety demand must be by some
Design is realized, needs to record relevant design information, is used for Late Stage Verification.
Safe case template part 4-hazard analysis template is established, as shown in table 4:
Table 4
The hazard analysis template describes the analysis to harm to the system, including endangers Producing reason, and endanger source is
Probability etc. that the severity and harm that system function, harm occur occur.
Safe case template part 5-risk management template is established, as shown in table 5:
Table 5
The risk management template describes the risk of system, such as the harm that risk is contacted, the frequency of risk, Yi Jiru
The risk mitigation technique etc. of where reason risk.
Step S4, it establishes safe case template constraint rule and stores in the database.
In a template, according to natural language description, ambiguity can be generated.By establishing template completion constraint rule, advise
Determine keyword, add semantic rules, the specific form of expression of design language realizes semi-structured description, effectively avoids the occurrence of and retouch
State linguistic inconsistency and fuzzy problem.Such as target is an object or two objects for description;If one
Object describes the state or behavior of object;If two objects describe relationship or behavior between object;Separately
Outside, in addition to goal description, for safe evidence, the contents such as sub-goal description require to carry out similar constraint.In addition to this, right
There are also other constraints for natural language.For example, forbidding many occur, the ambiguities word such as some is forbidden to use passive voice etc..It is right
Include: in safe case constraint rule
Goal description constraint rule:
{Software Y}is acceptably safe to operate within{System Z}
The contribution made by{Software Y}to{System Z}hazards is acceptably
{Software safety requirements X}are satisfied.
Context-descriptive constraint rule:
Description of operating context of{System Z}
Description of{System Z}
Description of{Software Y}
Policy depiction constraint rule:
Argument over all functions implemented by{System Z}
Argument over all hazards of{System Z}
Argument over all safety requirements for{Hazard H}
Argument of compliance with{Safety Standard S}
Step S5, safe case template is called from database, is treated demonstration system and is carried out safety demonstration.Specifically, from
Safety demonstration template is called in database, carries out security target decomposition;Calling system description template carries out System describe;Call peace
Full property demand, hazard analysis, risk management template carry out safety analysis correlation specification;To establish safe case mould
Type.
The safe case modeling method based on template that the invention discloses a kind of, according to safe case specification and its about
Beam rule, instructs system development and maintenance personnel to write safe case, generates when avoiding the safe case of description endless
Whole property;Ambiguity caused by the safe case of natural language description is alleviated, and then completely, clearly shows safe case.
The template is conducive to carry out safety Design, maintenance and verifying to system.
It will be understood by those skilled in the art that realizing all or part of the process of above-described embodiment method, meter can be passed through
Calculation machine program is completed to instruct relevant hardware, and the program can be stored in computer readable storage medium.Wherein, institute
Stating computer readable storage medium is disk, CD, read-only memory or random access memory etc..
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto,
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by anyone skilled in the art,
It should be covered by the protection scope of the present invention.
Claims (8)
1. a kind of safe case modeling method based on template, which comprises the following steps:
Step S1, domain analysis is carried out to safe case, extracts the concept, relationship and constraint of safe case;
Step S2, safe case is modeled according to domain analysis, establishes safe case meta-model, and store in the database;
Step S3, establish safe case template according to safe case meta-model, including safety demonstration template, System describe template,
Security requirement template, hazard analysis template and risk management template, storage is in the database;
Step S4, security constraint rule is established to safe case template and stores in the database, the security constraint rule packet
Include goal description constraint rule, context-descriptive constraint rule, policy depiction constraint rule;
Step S5, safe case template is called to carry out safety demonstration from database.
2. the safe case modeling method according to claim 1 based on template, which is characterized in that the step S1 is into one
Step the following steps are included:
The concept and definition of safe case are investigated, analyze the concept of safe case, its component part and its between
Relationship, constraint.
3. the safe case modeling method according to claim 1 based on template, which is characterized in that pacify described in step S2
Whole case example meta-model further comprises:
Security target, demonstration strategy, system, security requirement, harm, risk bearing entity.
4. the safe case modeling method according to claim 1 based on template, which is characterized in that pacify described in step S3
Whole case example template further comprises:
Safety demonstration template, System describe template, security requirement template, hazard analysis template, risk management template.
5. the safe case modeling method according to claim 1 based on template, which is characterized in that the safety demonstration mould
Plate be used for describe safe case core -- safety demonstration further comprises: safe general objective is decomposed by demonstration strategy
Sub-goal, then sub-goal is decomposed respectively, until safe evidence can directly support sub-goal.
6. the safe case modeling method according to claim 3 based on template, which is characterized in that the safety demonstration mould
Plate includes:
Security target domain, evidence domain and demonstration strategy domain.
7. the safe case modeling method according to claim 1 based on template, which is characterized in that described in step S4 about
Beam rule further comprises:
It provides keyword, adds semantic rules, the specific form of expression of design language realizes semi-structured description.
8. the safe case modeling method according to claim 1 based on template, which is characterized in that the step S5 is into one
Step includes:
Safety demonstration template is called from database, carries out security target decomposition;
Calling system description template carries out System describe;
Security requirement, hazard analysis, risk management template is called to carry out safety analysis correlation specification;
To establish safe case model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610346291.9A CN106020826B (en) | 2016-05-23 | 2016-05-23 | A kind of safe case modeling method based on template |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610346291.9A CN106020826B (en) | 2016-05-23 | 2016-05-23 | A kind of safe case modeling method based on template |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106020826A CN106020826A (en) | 2016-10-12 |
| CN106020826B true CN106020826B (en) | 2019-04-02 |
Family
ID=57096809
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610346291.9A Active CN106020826B (en) | 2016-05-23 | 2016-05-23 | A kind of safe case modeling method based on template |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106020826B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109033437A (en) * | 2018-08-15 | 2018-12-18 | 广东电网有限责任公司 | A kind of power spot market case data management system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101750978A (en) * | 2009-10-23 | 2010-06-23 | 北京航空航天大学 | Open platform for supporting design, verification and validation of telex flight control system |
| US8561014B2 (en) * | 2009-04-23 | 2013-10-15 | International Business Machines Corporation | Extracting a system modelling meta-model language model for a system from a natural language specification of the system |
| CN103853871A (en) * | 2013-11-21 | 2014-06-11 | 北京航空航天大学 | Safety requirement modeling method applicable for avionics system |
| CN104820733A (en) * | 2015-04-17 | 2015-08-05 | 南车青岛四方机车车辆股份有限公司 | A high-speed train requirement meta model establishing method and device |
-
2016
- 2016-05-23 CN CN201610346291.9A patent/CN106020826B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8561014B2 (en) * | 2009-04-23 | 2013-10-15 | International Business Machines Corporation | Extracting a system modelling meta-model language model for a system from a natural language specification of the system |
| CN101750978A (en) * | 2009-10-23 | 2010-06-23 | 北京航空航天大学 | Open platform for supporting design, verification and validation of telex flight control system |
| CN103853871A (en) * | 2013-11-21 | 2014-06-11 | 北京航空航天大学 | Safety requirement modeling method applicable for avionics system |
| CN104820733A (en) * | 2015-04-17 | 2015-08-05 | 南车青岛四方机车车辆股份有限公司 | A high-speed train requirement meta model establishing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106020826A (en) | 2016-10-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mirakhorli et al. | Detecting, tracing, and monitoring architectural tactics in code | |
| Benlarbi et al. | Thresholds for object-oriented measures | |
| Pamarthi | AI Meets Anonymity: How named entity recognition is redefining data privacy | |
| Wylde et al. | Ethical challenges in the use of digital technologies: AI and big data | |
| Gofuku et al. | A technique to generate plausible counter-operation procedures for an emergency situation based on a model expressing functions of components | |
| CN105955719B (en) | The security requirement tracking chain of airborne Safety-Critical System is established and the method for maintenance | |
| Huynh et al. | Addressing regulatory requirements on explanations for automated decisions with provenance—A case study | |
| CN103853871A (en) | Safety requirement modeling method applicable for avionics system | |
| Macák et al. | Cybersecurity analysis via process mining: A systematic literature review | |
| Charitoudi et al. | A socio-technical approach to cyber risk management and impact assessment | |
| Young et al. | A method for identifying software requirements based on policy commitments | |
| Shahandashti et al. | Evaluating the effectiveness of gpt-4 turbo in creating defeaters for assurance cases | |
| Singhal et al. | De-identifying student personally identifying information with gpt-4 | |
| Khakzad Shahandashti et al. | Assessing the impact of GPT-4 turbo in generating defeaters for assurance cases | |
| CN106020826B (en) | A kind of safe case modeling method based on template | |
| Dinh et al. | From plan to practice: Interorganizational crisis response networks from governmental guidelines and real‐world collaborations during hurricane events | |
| Gonzalez Barman | Accident causation models: The good the bad and the ugly | |
| Hu et al. | SLM meets LLM: Balancing latency, interpretability and consistency in hallucination detection | |
| Malhotra et al. | Analyzing and evaluating security features in software requirements | |
| Leigh et al. | Global epidemics: how well can we cope? | |
| Irvine et al. | Short paper: Integrating the data protection impact assessment into the software development lifecycle | |
| Chuang et al. | Beyond root cause analysis: An enriched system oriented event analysis model for wide application | |
| Nakamura | Meta-methodology for risk management | |
| Bishop et al. | Augmenting machine learning with argumentation | |
| Whitten | A framework for adaptive scale space tracking solutions to problems in computational vision |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20161012 Assignee: Zhengzhou Yunhai Technology Co.,Ltd. Assignor: BEIHANG University Contract record no.: X2021990000107 Denomination of invention: A security case modeling method based on template Granted publication date: 20190402 License type: Common License Record date: 20210218 |