2.3 软件功能安全技术措施
标准4.6节至4.10节主要规定了软件安全措施的选取原则以及选择时的注意事项。
2.3.1 标准条款
4.6 Where a requirement is qualified by the words"to the extent required by the software safety integrity level", this indicates that a range of techniques and measures shall be used to satisfy that requirement.
4.7 Where 4.6 is applied, tables from normative Annex A shall be used to assist in the selection of techniques and measures appropriate to the software safety integrity level. The selection shall be documented in the Software Quality Assurance Plan or in another document referenced by the Software Quality Assurance Plan. Guidance to these techniques is given in the informative Annex D.
4.8 If a technique or measure which is ranked as highly recommended (HR) in the tables is not used, then the rationale for using alternative techniques shall be detailed and recorded either in the Software Quality Assurance Plan or in another document referenced by the Software Quality Assurance Plan. This is not necessary if an approved combination of techniques given in the corresponding table is used. The selected techniques shall be demonstrated to have been applied correctly.
4.9 If a technique or measure is proposed to be used that is not contained in the tables then its effectiveness and suitability in meeting the particular requirement and overall objective of the sub-clause shall be justified and recorded in either the Software Quality Assurance Plan or in another document referenced by the Software Quality Assurance Plan.
4.10 Compliance with the requirements of a particular sub-clause and their respective techniques and measures detailed in the tables shall be verified by the inspection of documents required by this European Standard. Where appropriate, other objective evidence, auditing and the witnessing of tests shall also be taken into account.
4.6 凡出现“应达到软件安全完整性等级要求”字样,表明一系列的技术和措施应被用于满足这一需求。
4.7对于条款4.6,规范附件表A应被用于指导根据相应的软件安全完整性等级选择合适的技术措施。技术措施也应在《软件质量保证计划》及其他相关文件中记录。技术措施详见附件D。
4.8 如果附表中一项被列为高度推荐(HR)的技术措施没有被使用,那么使用其他替代技术措施的理由详细记录在《软件质量保证计划》及其相关文件中。但若使用了被认可的技术组合时则不需要特别说明。
4.9 如果使用某些标准附件表格之外的技术,则需要在软件质量保证计划或相关文档中论证和说明这种技术对特殊需求和条款的有效性和适合性。
4.10对标准中特定子条款和附表中各种技术措施的遵循情况应该按照标准要求进行审查,在适当时,其他客观证据、审计和目击测试也应考虑。
2.3.2 条款理解及应用
根据BS IEC 62279定义的软件安全生命周期,主要包括软件安全需求规范、软件设计和开发(软件结构设计、支持工具和编程语言、详细设计、软件模块测试和集成)、可编程电子集成(硬件和软件)、软件安全确认、修改、软件验证、功能安全评估等阶段。
各阶段根据安全完整性等级推荐了可选择的技术措施,每一种技术都按安全完整性等级SIL0至SIL4推荐。应用者可以根据安全完整性等级选择适当的技术和措施。其中,M表示强制使用,HR表示高度推荐,R表示推荐,NR表示不推荐。如果附表中一项被列为高度推荐(HR)的技术措施没有被使用,那么使用其他替代技术措施的理由详细记录在《软件质量保证计划》及其相关文件中。软件需求技术措施见表2-5,软件体系结构技术措施见表2-6,软件设计与实现技术措施见表2-7,验证和测试技术措施见表2-8,集成技术措施见表2-9,整体软件测试技术措施见表2-10,软件分析技术措施见表2-11。表中所涉及的内容在后续章节均有详细说明。
表2-5 软件需求技术措施
表2-6 软件体系结构技术措施
表2-7 软件设计与实现技术措施
表2-8 验证和测试技术措施
表2-9 集成技术措施
表2-10 整体软件测试技术措施
表2-11 软件分析技术措施
