-
摘要:
嵌入式系统广泛应用于安全关键的工业领域,但目前嵌入式系统的安全性缺乏整体性的分析。为此,提出了一种较为全面且融合了失效概率及失效路径的嵌入式系统的故障演化链分析方法。对系统采用层次分析法,借鉴失效模式和影响分析的方法,构建出故障的演化关系链条,即故障演化链。利用故障演化链可以对系统中可能包含的故障、故障产生的原因、故障带来的危害等级及故障的传播路径进行分析。在2个嵌入式软件系统上进行实验,结果显示:基于故障演化链方法比故障影响分析、功能危害性分析和故障树分析更全面,故障演化链的方法能较好地对嵌入式系统进行安全性分析。
Abstract:Embedded systems are widely used in safety-critical industrial fields, but currently the safety of embedded systems lacks a comprehensive analysis. Therefore, a fault evolution chain analysis method for embedded systems has been proposed, which integrates failure probability and failure path. Firstly, the hierarchical analysis method is used to construct the evolution relationship chain of faults, namely the fault evolution chain, by referring to the methods of failure mode and impact analysis. Then, the fault evolution chain can be used to analyze the possible faults in the system, the causes of faults, the level of harm caused by faults, and the propagation path of faults. Experiments were conducted on two embedded software systems, and the results showed that the fault evolution chain method is more comprehensive than fault impact analysis, functional hazard analysis, and fault tree analysis. The fault evolution chain method can be used to analyze the security of embedded systems effectively.
-
Key words:
- software model /
- embedded system /
- safety analysis /
- fault propagation /
- fault tree
-
表 1 飞行控制系统与车速控制系统
Table 1. Flight control system and speed regulation system
系统 子系统 描述
飞行控制系统自动飞行导航子系统 对飞行控制命令进行自动调节 GPS子系统 进行定位 飞行控制子系统 对飞行状态进行控制 动力供应子系统 为系统提供动力 系统间的接口 提供信息的交互
车速控制系统传感层子系统 负责采集外界的数据 自主避障子系统 对障碍物、应急情况等做出控制 GPS子系统 进行定位 执行器子系统 根据数据做出相应的控制行为 表 2 GPS子系统的outgoing propagation on location{Service_Omission}故障产生根源
Table 2. Root causes of outgoing propagation on location{Service_Omission} fault of GPS subsystem
故障产生的根源 故障类型 概率值 SatelliteSignalReceiver1组件(输出接口sensedData) 服务缺失 2.5×10−4 SatelliteSignalReceiver2组件(输出接口sensedData) 服务缺失 3.5×10−7 network组件(输出接口access) 服务缺失 2.5×10−5 powersupply1组件 服务缺失 3.5×10−7 表 3 FlightControl子系统的ObservableFailure{Service_Omission}故障产生根源
Table 3. Root causes of ObservableFailure{Service_Omission} fault of FlightControl subsystem
故障产生的根源 故障类型 概率值 GPS组件(输出接口location) 服务缺失 8.0×10−8 GPS组件(输入接口satelliteSignal) 信号缺失 2.0×10−8 AutoFlightGuidance组件
(输入接口powersupply)服务缺失 3.5×10−7 AutoFlightGuidance组件
(输入接口operatorCommand)没有提供飞行的输入 2.0×10−7 AutoFlightGuidance组件
(输出接口AFGOutput)服务缺失 1.0×10−9 FlightControl组件
(输入接口flightSurfaceControl)服务缺失 7.0×10−10 FSpowersupply组件 服务缺失 3.5×10−7 表 4 AutoFlightGuidance子系统的outgoing propagation on AFGOutput{Service_Omission}故障产生根源
Table 4. Root causes of outgoing propagation on AFGOutput{Service_Omission} fault of AutoFlightGuidance subsystem
故障产生的根源 故障类型 概率 AutoPilot组件 服务缺失 6.5×10−5 FlightGuidance组件 服务缺失 4.5×10−5 AutoFlightGuidance组件
(输出接口AFGOutput)服务缺失 1.0×10−9 AutoFlightGuidance组件
(输入接口powersupply)服务缺失 2.4×10−9 AutoFlightGuidance组件
(输入接口operatorCommand)没有提供飞行的输入 AutoFlightGuidance组件
(输入接口position)服务缺失 AutoFlightGuidance组件
(输入接口position)服务缺失 表 5 飞行控制系统的FECA与故障影响分析对比
Table 5. Comparison of FECA and fault impact analysis on flight control system
子系统 方法 故障传播路径条数 是否有产生故障
路径原因和影响是否有失效概率 AutoFlightGuidance FECA 5 √ √ 故障影响分析 5 GPS FECA 18 √ √ 故障影响分析 18 FlightControl FECA 31 √ √ 故障影响分析 31 表 6 车速控制系统的FECA与故障影响分析对比
Table 6. Comparison of FECA and fault impact analysis on speed regulation system
子系统 方法 故障传播路径条数 是否有产生故障
路径原因和影响是否有失效概率 Obstacle FECA 56 √ √ 故障影响分析 56 Sensor FECA 69 √ √ 故障影响分析 69 GPS FECA 58 √ √ 故障影响分析 58 Actuators FECA 33 √ √ 故障影响分析 33 -
[1] GAUTIER T, GUY C, HONORAT A, et al. Polychronous automata and their use for formal validation of AADL models[J]. Frontiers of Computer Science, 2019, 13(4): 677-697. doi: 10.1007/s11704-017-6134-5 [2] WEI X M. AADL-based safety analysis approaches for safety-critical systems[C]//2019 12th IEEE Conference on Software Testing, Validation and Verification. Piscataway: IEEE Press, 2019: 481-482. [3] AHMAD E M, SARJOUGHIAN H. A behavior annex for AADL using the DEVS formalism[C]//2019 Spring Simulation Conference (SpringSim). Berlin: Springer, 2019. [4] MANGALATHU S, HWANG S H, JEON J S. Failure mode and effects analysis of RC members based on machine-learning-based Shapley additive explanations (SHAP) approach[J]. Engineering Structures, 2020, 219: 110927. doi: 10.1016/j.engstruct.2020.110927 [5] LIU H C, HU Y P, WANG J J, et al. Failure mode and effects analysis using two-dimensional uncertain linguistic variables and alternative queuing method[J]. IEEE Transactions on Reliability, 2019, 68(2): 554-565. doi: 10.1109/TR.2018.2866029 [6] APRILIA S P, SUHARDI B, ASTUTI R D. Analisis risiko keselamatan dan kesehatan kerja menggunakan metode hazard and operability study (HAZOP): Studi kasus PT. nusa palapa gemilang[J]. Performa:Media Ilmiah Teknik Industri, 2020, 19(1): 1-8. [7] YAZDI M, ZAREI E. Uncertainty handling in the safety risk analysis: An integrated approach based on fuzzy fault tree analysis[J]. Journal of Failure Analysis and Prevention, 2018, 18(2): 392-404. doi: 10.1007/s11668-018-0421-9 [8] VOLK M, JUNGES S, KATOEN J P. Fast dynamic fault tree analysis by model checking techniques[J]. IEEE Transactions on Industrial Informatics, 2018, 14(1): 370-379. doi: 10.1109/TII.2017.2710316 [9] KABIR S. An overview of fault tree analysis and its application in model based dependability analysis[J]. Expert Systems with Applications, 2017, 77: 114-135. doi: 10.1016/j.eswa.2017.01.058 [10] YAZDI M, NIKFAR F, NASRABADI M. Failure probability analysis by employing fuzzy fault tree analysis[J]. International Journal of System Assurance Engineering and Management, 2017, 8(2): 1177-1193. [11] RAMAIAH B S M P S, GOKHALE A. FMEA and fault tree based software safety analysis of a railroad crossing critical system[J]. Global Journal of Computer Science and Technology, 2011, 11(8): 56-62. [12] BERNARDI S, MERSEGUER J, PETRIU D C. Dependability modeling and analysis of software systems specified with UML[J]. ACM Computing Surveys, 2012, 45(1): 1-48. [13] BUZZATTO J L. Failure mode, effects and criticality analysis (FMECA) use in the Federal Aviation Administration (FAA) reusable launch vehicle (RLV) licensing process[C]//Gateway to the New Millennium, 18th Digital Avionics Systems Conference. Piscataway: IEEE Press, 1999: 6582279. [14] PAPADOPOULOS Y, PARKER D, GRANTE C. A method and tool support for model-based semi-automated failure modes and effects analysis of engineering designs[C]//Proceedings of the 9th Australian Workshop on Safety Critical Systems and Software. New York: ACM, 2004: 89-95. [15] CARPITELLA S, CERTA A, IZQUIERDO J, et al. A combined multi-criteria approach to support FMECA analyses: A real-world case[J]. Reliability Engineering & System Safety, 2018, 169: 394-402. [16] GARGAMA H, CHATURVEDI S K. Criticality assessment models for failure mode effects and criticality analysis using fuzzy logic[J]. IEEE Transactions on Reliability, 2011, 60(1): 102-110. doi: 10.1109/TR.2010.2103672 [17] XU K, TANG L C, XIE M, et al. Fuzzy assessment of FMEA for engine systems[J]. Reliability Engineering & System Safety, 2002, 75(1): 17-29. [18] PICKARD K, MULLER P, BERTSCHE B. Multiple failure mode and effects analysis-an approach to risk assessment of multiple failures with FMEA[C]//Annual Reliability and Maintainability Symposium. Piscataway: IEEE Press, 2005: 457-462. [19] JOSHI A, HEIMDAHL M P E. Model-based safety analysis of Simulink models using SCADE design verifier[C]//Computer Safety, Reliability, and Security. Berlin: Springer, 2005: 122-135. [20] JOSHI A, HEIMDAHL M P E. Behavioral fault modeling for model-based safety analysis[C]//10th IEEE High Assurance Systems Engineering Symposium. Piscataway: IEEE Press, 2007: 199. [21] JOSHI A, MILLER S P, WHALEN M, et al. A proposal for model-based safety analysis[C]//24th Digital Avionics Systems Conference. Piscataway: IEEE Press, 2005: 8802738.