[introduction]Arrive again to the factory from power plant water supply, industrial control system is the one part of content couplet net from the network change that have only and closes. Safe development process can reduce the software flaw in these crucial infrastructure.

 

Arrive again to the factory from power plant water supply, industrial control system is the one part of content couplet net from the network change that have only and closes. Safe development process can reduce the software flaw in these crucial infrastructure.

In the likelihood lets most software develop personnel to feel astonished circumstance falls, computer worm has become a movie star. In Song of new act Jing piece ” 0 days ” in, villain in drama blew up chemical plant, shut system of nuclear report refrigeration, destroyed the train, shut national electrified wire netting to wait a moment. The movement of this sudden shift piece star is the Stuxnet worm that smelly name clear wears, according to the report, this is developed by the United States and Israel information branch, aim to weaken Iranian assess to delimit. Stuxnet atttacked the centrifugal inside control nuclear power plant but controller of process designing logic (PLC) , but it is aberrant and OK that worm reachs his be aimed at a series of production, carry the system in be being operated with public utility to undertake custom-built.

The public that seeing a movie basically did not realize conceal the danger in our interconnection infrastructure — these danger are perplexing engineer and development staff all the time. Normally, use monitoring of factory automation system and data are collected (SCADA) the system moves, in order to realize man-machine interface and visit. Of IEC61508 standard and its ramification carrying out is to ensure the function of the software that runs these systems in extensive industry is safe. But, these SCADA systems (be based on Windows or Linux normally) receive business management repeatedly again, business management needs to visit inventory control, sale, accountant and a lot of other objectives. Of course, these are as associated as exterior Internet, because this is,come from external attack offerred perfect way. Accordingly, although inchoate closed system relies on misfortune or baleful individual to come,the hand uses installation worm, but system of today’s Internet join industry offerred new attack range. Because the join sex of this kind of Gao Shuiping is mixed,atttack a risk, if the system is insecure, cannot think it is safety.

IEC61508 and its develop produce were not aimed at security technically. Development staff needs to solve from the product development phase arrives the network that after appearing on the market, manages is safe problem. To abide by all sorts of criterion and requirement, development staff must use enough tool to handle tall complexity. As these systems more and more the tie that is asked by attestation, the validity of encode must obtain proof and record together with needs function.

The core that develops safe code is to devise a strategy, this strategy can be based on network safety guideline, for example American state level and technical academy (NIST) issuance guideline, and the method that organizes oneself, propose its form in the demand documentation of the system that developing. In addition, this project should use the encode level such as MISRA C, in order to avoid the mistake of doubtful method and carelessness, these mistakes may endanger security, and won’t show instantly, cause functional error even. Of course, next important step is to ensure this kind of strategy and encode standard are carried out effectively actually. As a result of the dimensions of current software and complexity, this no longer can the hand is moved finish, must use a comprehensive tool, can analyse code thoroughly after before compiling, be mixed.

Use but date from sex and analysis come security of test and verify

Although definition demand is essential the first condition, but the method that must have a specific definition will dog to whether satisfy requirement with test and verify. Demand but the integral security that date from sex and management can increase code quality and applied order, security and effectiveness. Those who be based on demand documentation is two-way but date from sex can ensure every high demand is enclothed by one or more low demand, the work that and every low demand is linked makes in activity of code, test and verify and flow. Same, these links must restrospect to arrives from workpiece and code the upper reaches of demand, ensure flow is medium of any phase any changing can detect easily, understand and manage appropriately (graph 1) .

Graph 1 demand but tool of date from sex offerred flow diaphaneity, the influence analysis of all to developing technological process certainly phase is crucial.

Demand but tool of date from sex allows a group to treat single activity, answer code and link of workpiece of test and verify more advanced and other target. In two-way demand but of date from sex supervise below, what developing a process is inchoate used 3 main functions with successive phase. These are static analysises, the dynamic analysis that the function checks to enclothe an analysis with the structure and unit / compositive test. Latter is developing the inchoate application static state of the process and dynamic analysis, also apply to the code with compositive later period.

Static state and dynamic safety analyse a partner

In ensure when security, two main problems are data and control. The issue that must consider includes, who has authority what to data visit? Who can be read from which take, who can write to it? What is with what the data between entity flows? And how does visit control affect control? Here, “Who ” can show development staff and operator and hacker wait for a person, the software package that also can show applied process is medium or a certain place that lives in network framework. To solve these problems, static state and dynamic analysis must advance side by side- do two or more things at once.

The respect is analysed in the static state, these tools use the source code that did not compile to check all sorts of quality index of code, for example complexity, definition and can safeguard a gender. Static analysis still can be used at checking code according to the encode regulation of make choice of, the encode standard that these regulation can be support (be like MISRA C or CERT C) aleatoric combination, and development staff or company may appoint any define regulation and requirement oneself. These tools search the software construction that endangers security possibly, check memory protection to authority visits what memory and dog in order to decide who has to all over the finger of position of all previous memory possibly. Below good case, answer to show with graphical screen as a result, evaluate a result in order to facilitate, in order to ensure code is clean, uniform and can safeguard, accord with encode standard (graph 2) .

This process can analyse a tool through moving and undertake coding the standard is defined will be finished automatically in the light of the source code that uses a program. Almost OK and affirmative is, this kind of code needs to revise, the newest safety that already was added in order to accord with in MISRA C asks (graph 2) .

Graph 2 encode standard adds up to compasses sex and file / the couplet inside functional name shows, in order to show what respect of the system does not accord with a standard. The view of advanced color code that process designing standard called a graph to show the system codes the standard adds up to compasses sex.

On the other hand, dynamic analysis checks the code that already compiled, this code is used compile implement generated symbolic data link answers source code. Dynamic analysis, especially code enclothes rate analysis, can offer the deep view of pair of test process effectiveness. But, the test that normally attempt hand uses development staff to generate and manage his is used exemple. Beginning the work from demand documentation is to generate a test to use the typical method of the exemple, they may excite each shares with surveillance application process with the effectiveness of different level, but the size that considers current code and complexity, this can’t make code is not had correctly by accident or any attestation that obtain a likelihood to need or approval.

Generate automatically measure try out exemple to be able to enhance test process greatly, save time and money. But, measure try out exemple effectively to generate the quality static state that is based on code to analyse. The software package in applied process is during the information that static analysis provides conduces to automatic test be being analysed in trends with exemple builder founds proper drive. Can the hand moves the test that establishs a function to check to be generated automatically with augment to use exemple, the code with be offerred better thereby is enclothed lead and mix more effectively more efficient test process. The hand uses the test that establish is generated from demand normally, namely the test of demand drive. These should include any functional security to check, imitate tries a visit to control device or provide the erroneous data that can change its job to its for example. The functional test that is based on the test that establish should include rash club sex, check the result of unallowed input and unusual condition for example. In addition, dynamic analysis offers code to enclothe not only rate, still offer data to flow / control analysis, can use two-way requirement conversely but date from sex will check its integrality.

Besides checking to whether accord with standard and requirement, still be necessary to examine a possibility is ” the software with unidentified blood relationship ” or any parts of SOUP code. For example, existence and ” dead ” the danger related code area, these area may be activationed by the hacker or the obscure incident in the system is used at baleful purpose. Although begin be ideal to achieve security from the beginning, but most project includes the code that exists beforehand, these code may have the function that just needs it seems that. Boycott of development staff need introduces this kind of code automatically (it is the code that comes from same organization even) , and need not undertake as identical as the code of themselves strict analysis to its. Static state and dynamic analysis are used together can announce the area of dead code, these area may be dangerous source, just take up possibly also space. Be necessary to identify this kind of code correctly and undertake handling, it is normally through eliminating it. Should develop a group (the likelihood is in completely different position) development, test, when revise and testing unit afresh, can store, share and use cover a generated test record from integrated tool, at the same time will unit compositive in bigger project.

Mix to make a system reliable safe, they still must be safe. For this, they must are by encode abide by language regulation not only, and abide by the strategy that ensures the make clearing of safety and safeguard is defined even. full-scale test and analytic tool apply at development process of the organization, can raise the complete sex of the safety precaution and accuracy greatly, in order to protect important system. It returns diplomatic corps the team is common cause and the effort with confident to end item joint efforts becomes successful. The product that produces from this will have better chance to win client approval, if need, the attestation that still can obtain authorities – and it becomes a big star unlikelily.

Avoid duty statement: The article is reprint an article, reprint this article purpose to depend on passing more information, the person that copyright puts in original work ‘s charge is all. If involve work copyright issue,article place uses video, picture, written language, contact please small make up undertake handling.