PFI-TT: An Analysis Tool Supporting the Safe Deployment of New Features in Evolving Software Systems

PFI-TT：支持在不断发展的软件系统中安全部署新功能的分析工具

• 批准号: 2122689
• 负责人: Jane Huang
• 金额: $ 24.98万
• 依托单位: University of Notre Dame
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-07-15 至 2023-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2122689&HistoricalAwards=false
• 关键词: PFI; TT; Analysis; Tool; Supporting

The broader impact/commercial potential of this Partnerships for Innovation - Technology Translation (PFI-TT) project will develop a tool-supported environment designed to aid in the safety analysis of software intensive systems. Developing highly dependable software for medical infusion pumps, positive train controls, and robotics applications is a challenging process that requires rigorous and systematic hazard analysis. Such systems are traditionally developed within a carefully controlled process that emphasizes detailed planning, upfront design, and phase-based quality assurance gateways. Despite these efforts, products are recalled for life-threatening safety vulnerabilities. The challenges of developing safety systems have led to the phenomenon known as the "big freeze" in which the cost, effort, and risk of introducing new features inhibit product evolution. The proposed solution will aid software safety analysts and other stakeholders in identifying system-level changes while simultaneously building a safety-case for certification or internal audit purposes. These abilities enable an organization to evolve their products without sacrificing safety, security, or other critical concerns, thereby increasing their competitive advantage. The project trains a diverse cadre of women, minorities, and persons with disabilities in entrepreneurial activities. This project will utilize cutting-edge, deep learning technologies to train a domain-specific language model that will be used to automatically generate and evolve accurate trace links between artifacts such as requirements, design, code, and test cases. The generated trace links will be used to generate novel visualizations of hazards and their mitigation pathways (i.e., hazard slices), and to highlight changes that have been introduced across different versions of the system. In addition, the hazard-slices will be integrated into existing safety-analysis techniques such as fault-trees and safety-assurance cases. The novel hazard-based visualizations are designed to aid analysts and developers in addressing emergent safety concerns in large, complex, and evolving software projects. Finally, the work will provide tools for analyzing changes in the software system, generating explanations to aid in the identification of potential safety problems, and recommending actions that could be taken to mitigate safety risks introduced by the changes.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该创新-技术转化伙伴关系（PFI-TT）项目的更广泛影响/商业潜力将开发一个工具支持环境，旨在帮助软件密集型系统的安全分析。为医用输液泵、正向列车控制和机器人应用开发高度可靠的软件是一个具有挑战性的过程，需要进行严格和系统的危险分析。传统上，这些系统是在一个精心控制的过程中开发的，该过程强调详细的规划、前期设计和基于阶段的质量保证网关。尽管做出了这些努力，但产品仍因危及生命的安全漏洞而被召回。开发安全系统的挑战导致了被称为“大冻结”的现象，其中引入新功能的成本、努力和风险抑制了产品的发展。拟议的解决方案将帮助软件安全分析师和其他利益相关者识别系统级更改，同时构建用于认证或内部审计目的的安全案例。这些能力使组织能够在不牺牲安全性，安全性或其他关键问题的情况下发展他们的产品，从而提高他们的竞争优势。该项目对妇女、少数民族和残疾人等各类骨干进行创业活动培训。该项目将利用尖端的深度学习技术来训练特定于领域的语言模型，该模型将用于自动生成和发展需求，设计，代码和测试用例等工件之间的准确跟踪链接。 生成的跟踪链接将用于生成危害及其缓解途径的新可视化（即，危险切片），并突出显示在系统的不同版本中引入的更改。 此外，危险切片将被集成到现有的安全分析技术，如故障树和安全保证案例。 这种新颖的基于危险的可视化设计旨在帮助分析师和开发人员解决大型、复杂和不断发展的软件项目中的紧急安全问题。最后，这项工作将提供工具，用于分析软件系统中的变化，生成解释，以帮助识别潜在的安全问题，并建议可以采取的行动，以减轻安全风险所引入的变化。这个奖项反映了NSF的法定使命，并已被认为是值得通过评估使用基金会的智力价值和更广泛的影响审查标准的支持。

项目成果

SAFA: A Tool for Supporting Safety Analysis in Evolving Software Systems

SAFA：支持不断发展的软件系统安全分析的工具

• DOI: 10.1145/3551349.3559535
• 发表时间: 2022
• 作者: Rodriguez, Alberto D.;Newman, Timothy;Dearstyne, Katherine R.;Cleland-Huang, Jane
• 通讯作者: Cleland-Huang, Jane

Prompts Matter: Insights and Strategies for Prompt Engineering in Automated Software Traceability

• DOI: 10.1109/rew57809.2023.00087
• 发表时间: 2023-08
• 期刊: 2023 IEEE 31st International Requirements Engineering Conference Workshops (REW)
• 作者: Alberto D. Rodriguez;Katherine R. Dearstyne;J. Cleland-Huang