摘要
安全關鍵系統意指「性命攸關」之系統,如:核能電廠、軍事國防、航太、醫療…等。安全關鍵系統能否獲得啟用執照皆需透過管制單位嚴格控管,而核發執照與否則仰賴軟體文件審查作業的結果。現行的審查工作多數依賴主觀判斷,且事務性的工作繁多,申請者與審查者對法規缺乏共同的認知,故問題叢生。本研究以IEEE Std. 603應用於核能電廠之軟體專案文件為實例,為IEEE Std. 603建立完整的知識本體之認證架構,同時以XML標記的方式,依照知識本體的架構來重建文件結構,並開發一套可以自動比對、自動判斷的認證工具平台。透過這個平台,審查人員即可快速又有效的檢查文件是否有遺漏的要項或可能造成的危險。本研究亦將審查者及自動審查的結果以加權平均的方式整合,再依證據符合度給予相對應的安全等級。本方法提供透明化、客觀化的審查工具,並提供審查結果的證據呈現,這樣一來即可提昇軟體專案審查的透明性及可預測性,也能確保核發執照的安全關鍵系統之安全性。
並列摘要
Safety Critical Systems, such as nuclear power plants, military, aerospace, and medical systems, are extremely relevant to our life. Such systems need licenses for operation. The licensing process is called certification. Safety critical systems certification heavily depends on regulators’ review process. Currently, both reviewers and applicants have large amounts of clerical works. In addition, reviewers often issue the license with a subjective judgment. There is no consensus between reviewers and applicants. In view of the above problem, we proposed a certification tool platform based on the ontology of IEEE Std. 603, a standard for nuclear generating stations. Our platform provides a markup tool, a review tool, and an evidence presentation tool. The markup tool which marks up the structure of the document with XML tags. The review tool supports query and generate review table. And also, the Evidence tool shows and stores evidence using DMLD, a visible way for evidence presentation. Finally, the tool will automatically compute the conformance of the document to the Standard IEEE 603 and compute a safety level for the system. Our system alleviates the clerical work in certification and provides an effective, transparent and predictable review process.
參考文獻
[2] 連國廷, 易俗, 范金鳳, 曾婉惠, 吳宜真, “IEEE安全標準邏輯結構的建立及應用.”
[4] Yu-Shu Hu, Mohammad Moarres, “Evaluating system behavior through Dynamic Master Logic Diagram(DMLD)modeling,” Reliability Engineering and System Safety ELSEVIER, VOL. 64, 1999.
[6] Andreas Ekelhart, Stefan Fenz, Gernet Goluch, and Edgar Weippl, “Ontology Mapping of Common Criteria’s Security Assurance Requirements,”Secure Business Austria, 1040 Vienna.
[10] D. Connolly, J. Boask, “Extensible Markup Language,” http://www.w3.org/xml/
[12] Nuclear Power Engineering Committee of the IEEE Power Engineering Society, “IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations,” July , 1998
延伸閱讀
- 廖鴻圖、范修維、邱孟佑、蕭麗齡、瞿鴻斌(2005)。資訊安全風險評鑑驗證系統。電子商務學報,7(4),395-414。https://doi.org/10.6188/JEB.2005.7(4).06
- 黃志睿(2009)。安全關鍵軟體品質認證技術之發展〔碩士論文,元智大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0009-2807200915233600
- 樊國楨、林樹國、黃健誠(2008)。資訊安全管理系統驗證標準化之二:資訊安全管理系統政策集初探。資訊安全通訊,14(2),1-21。https://doi.org/10.29614/DRMM.200804.0001
- Tsay, C. Y., Kuo, C. C., Chao, C. J., & Hsiao, Y. L. (2015). Promoting a Safety Culture for Continuous Improvement in Safety Management. 航空安全及管理季刊, 2(1), 1-16. https://www.airitilibrary.com/Article/Detail?DocID=23107480-201501-201502140020-201502140020-1-16
- 陳志龍(2008)。Establishment of Product Safety Design Process〔碩士論文,國立臺灣大學〕。華藝線上圖書館。https://doi.org/10.6342/NTU.2008.00537