{"title":"从系统风险分析中得出关键软件的安全特性,并应用于地面运输系统","authors":"J. Boulanger, V. Delebarre, S. Natkin, J. Ozello","doi":"10.1109/HASE.1997.648058","DOIUrl":null,"url":null,"abstract":"Safety properties of critical software are consequences of the application safety properties (i.e. the front collision of two trains must not occur), and of the system design choices. The paper presents the first results of a SNCF and CESIR joint research project whose purpose is to design a constructive and formal method to derive, at each design level, the safety properties of subsystems from the System Preliminary Hazard Analysis. One of the goals of this method is to obtain, at the lowest level, properties of the safety software which can be checked either by formal proof or by testing. The method relies on two concepts: the safety kernel, proposed by J. Rushby (1989), and a generalization and formalization of the notion of \"restrictivity\", used in classical safe hardware design. An application to the Maggaly (Lyon Subway) automatic pilot is presented.","PeriodicalId":319609,"journal":{"name":"Proceedings 1997 High-Assurance Engineering Workshop","volume":"192 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1997-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Deriving safety properties of critical software from the system risk analysis, application to ground transportation systems\",\"authors\":\"J. Boulanger, V. Delebarre, S. Natkin, J. Ozello\",\"doi\":\"10.1109/HASE.1997.648058\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Safety properties of critical software are consequences of the application safety properties (i.e. the front collision of two trains must not occur), and of the system design choices. The paper presents the first results of a SNCF and CESIR joint research project whose purpose is to design a constructive and formal method to derive, at each design level, the safety properties of subsystems from the System Preliminary Hazard Analysis. One of the goals of this method is to obtain, at the lowest level, properties of the safety software which can be checked either by formal proof or by testing. The method relies on two concepts: the safety kernel, proposed by J. Rushby (1989), and a generalization and formalization of the notion of \\\"restrictivity\\\", used in classical safe hardware design. An application to the Maggaly (Lyon Subway) automatic pilot is presented.\",\"PeriodicalId\":319609,\"journal\":{\"name\":\"Proceedings 1997 High-Assurance Engineering Workshop\",\"volume\":\"192 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1997-08-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 1997 High-Assurance Engineering Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HASE.1997.648058\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 1997 High-Assurance Engineering Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HASE.1997.648058","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Deriving safety properties of critical software from the system risk analysis, application to ground transportation systems
Safety properties of critical software are consequences of the application safety properties (i.e. the front collision of two trains must not occur), and of the system design choices. The paper presents the first results of a SNCF and CESIR joint research project whose purpose is to design a constructive and formal method to derive, at each design level, the safety properties of subsystems from the System Preliminary Hazard Analysis. One of the goals of this method is to obtain, at the lowest level, properties of the safety software which can be checked either by formal proof or by testing. The method relies on two concepts: the safety kernel, proposed by J. Rushby (1989), and a generalization and formalization of the notion of "restrictivity", used in classical safe hardware design. An application to the Maggaly (Lyon Subway) automatic pilot is presented.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
