{"title":"基于STPA的安全分析与验证方法在敏捷软件开发中的应用","authors":"Yang Wang, S. Wagner","doi":"10.1145/2896941.2896948","DOIUrl":null,"url":null,"abstract":"Agile methodologies are becoming widespread in modern software development. However, due to a lack of safety assurance activities, agile methods are criticized for being inadequate for the development of safe software. Safety analysis and safety verication are complementary methods for safety assurance. Yet, both usually rely on traditional, waterfall-like processes. Therefore, it is strongly needed to integrate an appropriate safety analysis approach into agile software development processes driving architecture design and verify the safe design at the code level. This paper presents a novel agile process model \"S-Scrum\" based on the existing development process \"Safe Scrum\"and extended by a safety analysis method and a safety verica- tion approach based on STPA (System-Theoretic Process Analysis). The proposed agile development process S-Scrum can be separated into three parts: (1) performing safety-guided de- sign by STPA inside each sprint. (2) Verifying safety re- quirements at the code level by using model checking. (3) Replacing traditional RAMS (Reliability, Availability, Main- tainability, Safety) validation on thenal product by STPA safety analysis. We adopt other aspects from the original Safe Scrum. Finally, the feasibility of S-Scrum is illustrated with the example of an airbag system.","PeriodicalId":438234,"journal":{"name":"2016 IEEE/ACM International Workshop on Continuous Software Evolution and Delivery (CSED)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Towards Applying a Safety Analysis and Verification Method Based on STPA to Agile Software Development\",\"authors\":\"Yang Wang, S. Wagner\",\"doi\":\"10.1145/2896941.2896948\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Agile methodologies are becoming widespread in modern software development. However, due to a lack of safety assurance activities, agile methods are criticized for being inadequate for the development of safe software. Safety analysis and safety verication are complementary methods for safety assurance. Yet, both usually rely on traditional, waterfall-like processes. Therefore, it is strongly needed to integrate an appropriate safety analysis approach into agile software development processes driving architecture design and verify the safe design at the code level. This paper presents a novel agile process model \\\"S-Scrum\\\" based on the existing development process \\\"Safe Scrum\\\"and extended by a safety analysis method and a safety verica- tion approach based on STPA (System-Theoretic Process Analysis). The proposed agile development process S-Scrum can be separated into three parts: (1) performing safety-guided de- sign by STPA inside each sprint. (2) Verifying safety re- quirements at the code level by using model checking. (3) Replacing traditional RAMS (Reliability, Availability, Main- tainability, Safety) validation on thenal product by STPA safety analysis. We adopt other aspects from the original Safe Scrum. Finally, the feasibility of S-Scrum is illustrated with the example of an airbag system.\",\"PeriodicalId\":438234,\"journal\":{\"name\":\"2016 IEEE/ACM International Workshop on Continuous Software Evolution and Delivery (CSED)\",\"volume\":\"78 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-05-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE/ACM International Workshop on Continuous Software Evolution and Delivery (CSED)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2896941.2896948\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE/ACM International Workshop on Continuous Software Evolution and Delivery (CSED)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2896941.2896948","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8
摘要
敏捷方法在现代软件开发中越来越普遍。然而,由于缺乏安全保证活动,敏捷方法被批评为不适合安全软件的开发。安全分析与安全验证是安全保障的互补手段。然而,两者通常都依赖于传统的瀑布式流程。因此,迫切需要将适当的安全分析方法集成到驱动架构设计的敏捷软件开发过程中,并在代码级别验证安全设计。本文在现有开发过程“安全Scrum”的基础上,通过基于系统理论过程分析(system - theoretical process analysis, STPA)的安全分析方法和安全验证方法的扩展,提出了一种新的敏捷过程模型“S-Scrum”。提出的敏捷开发过程S-Scrum可以分为三个部分:(1)在每个sprint中通过STPA执行安全引导设计。(2)通过模型检查在代码层面验证安全要求。(3)用STPA安全分析取代传统的产品可靠性(Reliability, Availability, maintainability, Safety)验证。我们采用了原始安全Scrum的其他方面。最后,以安全气囊系统为例说明了S-Scrum的可行性。
Towards Applying a Safety Analysis and Verification Method Based on STPA to Agile Software Development
Agile methodologies are becoming widespread in modern software development. However, due to a lack of safety assurance activities, agile methods are criticized for being inadequate for the development of safe software. Safety analysis and safety verication are complementary methods for safety assurance. Yet, both usually rely on traditional, waterfall-like processes. Therefore, it is strongly needed to integrate an appropriate safety analysis approach into agile software development processes driving architecture design and verify the safe design at the code level. This paper presents a novel agile process model "S-Scrum" based on the existing development process "Safe Scrum"and extended by a safety analysis method and a safety verica- tion approach based on STPA (System-Theoretic Process Analysis). The proposed agile development process S-Scrum can be separated into three parts: (1) performing safety-guided de- sign by STPA inside each sprint. (2) Verifying safety re- quirements at the code level by using model checking. (3) Replacing traditional RAMS (Reliability, Availability, Main- tainability, Safety) validation on thenal product by STPA safety analysis. We adopt other aspects from the original Safe Scrum. Finally, the feasibility of S-Scrum is illustrated with the example of an airbag system.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
