安全关键系统多范式建模及安全性分析方法  

作　　者：李书铭 杨志斌[1,2] 谢健 周勇[1,2] 陈静 LI Shu-ming;YANG Zhi-bin;XIE Jian;ZHOU Yong;CHEN Jing(School of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China;Key Laboratory of Safety-critical Software,Ministry of Industry and Information Technology,Nanjing 211106,China;Beijing Institute of Computer Technology and Application,Beijing 100854,China)

机构地区：[1]南京航空航天大学计算机科学与技术学院,南京211106 [2]高安全系统的软件开发与验证技术工信部重点实验室,南京211106 [3]北京计算机技术及应用研究所,北京100854

出　　处：《小型微型计算机系统》2022年第9期2005-2016,共12页Journal of Chinese Computer Systems

基　　金：国家自然科学基金项目(62072233)资助;航空科学基金项目(201919052002)资助;中央高校基本科研业务费专项资金项目(NP2017205)资助.

摘　　要：随着安全关键系统的规模和复杂性不断增长,单一建模语言无法完全覆盖该类异构系统的建模要求.近年来,多范式建模方法逐渐成为表达复杂异构系统的有力手段,而安全性分析则是保证安全关键系统质量的重要步骤.本文提出一种面向安全关键系统的多范式建模及安全性分析方法.首先,使用SysML和AADL两种建模语言对安全关键系统进行多范式建模,SysML定义系统需求和逻辑架构,AADL则用于表达系统实现的物理架构、执行平台和应用软件运行时.其次,面向航空适航安全分析标准ARP4761的要求,对多范式模型进行安全性分析,即,为支持SysML系统定义层的安全性分析,提出安全性扩展附件SafetyProfile用于表达安全性信息,并将安全模型和SysML系统模型进行链接,自动生成功能危害评估报告和故障树;提出SysML系统模型和安全模型到AADL架构模型和错误附件模型的自动转换方法,并对AADL模型进行系统实现层的安全性分析.最后,设计实现了原型工具,并以航空领域的飞机空气增压系统(Airplane Air Compressor System)这一安全关键系统为案例,验证本文所提方法和工具的有效性.A single modeling language cannot fully cover heterogeneous systems′modeling requirements with the increasing scale and complexity of safety-critical systems.Recently,multi-paradigm modeling methods have gradually become a powerful way to model complex heterogeneous systems.Safety analysis is an important step to ensure the quality of safety-critical systems.This paper proposes a multi-paradigm modeling and safety analysis method for safety-critical systems.First,SysML and AADL are used to model safety-critical systems in multiple paradigms.SysML defines system requirements and logical architecture,and AADL is used to specify a physical architecture,execution platform,and application software of the system implementation.Second,according to requirements of guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment ARP761,the safety analysis of multi-paradigm models is performed,that is,in order to support the safety analysis of the SysML system definition layer,the safety extension annex SafetyProfile is proposed to express the safety information and link the safety models with SysML system models to automatically generate a functional hazard assessment report and fault tree models.An automatic transformation method is proposed to generate AADL architecture models and error annex models from SysML system models and safety models.The safety of AADL models is analyzed at the system implementation level.Finally,a prototype tool is designed and implemented.The Airplane Air Compressor System,a safety-critical system in the aviation field,is used as a case study to verify the effectiveness of the methods and tools presented in this paper.

关 键 词：安全关键系统 多范式建模 安全性分析 SYSML AADL ARP4761 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]