Based On Petri Net Component-based Software System Security Analysis

Component-based design was originated from middleware technology and combined with software reuse and object oriented programming. Component-based design method has become an effective method to improve software design efficiency and software quality of development. Currently, component-based design has been widely used in software development, including much software used in safety-critical field, such as nuclear power plant, aerospace, industrial control, traffic control, military field and financial security. Software systems used in these areas generally has features of real-time, fault-tolerance and others characteristics. These software systems need to satisfy both its functional requirements and its specific safety requirements. In this paper, the research status, background, related concepts and technologies of the component technology and component-based software system safety were summarized and analyzed. According the correlation theory of Petri net, a Petri net-based analytical method for component-based software system safety that used in safety-critical software system is proposed.Analyzing the safety of whole system with this method, firstly,the safety of individual components is analyzed. Generally, these components were developed by third parties. Software source code is not provided and its safety requirement can not be guaranteed. In this paper, a static safety assessment method is used first in the individual components. According to the component security basic model (CIA model) features when the algorithm is described by conventional analytic hierarchy process (AHP),there are many faults of the analytic hierarchy process that is used in component safety assessment, such as subjectivity of expert assessment, indefinite of boundary nodes information and other shortcomings. To solve the above drawbacks, an improved method of safety assessment is proposed. In this method, the safety value of individual components from the analysis of CIA model by fuzzy analytic hierarchy process (FAHP). This method not only achieves the safety analysis of individual components, but also overcomes the subjectivity of fuzzy judgment in the conventional AHP method. It is applied to the experiment of the component safety assessment. The results show that method can be an effective safety assessment of component.On this basis, analyzing the entire component-based software system safety, a Petri net-based analytical method is proposed. This method simplifies the relationship of component-based software system, and makes describe the system more direct. The idea of software architecture is used in this method to better grasp the whole structure of the software system. According to the safety of component, connector and migration probability, the safety of software architecture is tracked dynamically. And then, the safety of various factors in software architecture are analyzed and assessed. The safety of whole software architecture is derived. Finally, this method is applied to experiment and the feasibility of the method is verified.