[1] Aven T. Practical implications of the new risk perspectives[J]. Reliability Engineering and System Safety, 2013, 115: 136-145.[2] Chu W K, Zhang F M, Fan X G. Overview on software architecture of integrated modular avionic systems[J]. Acta Aeronautica et Astronautica Sinica. 2009, 30(10): 1912-1917 (in Chinese). 褚文魁, 张凤鸣, 樊晓光. 综合模块化航空电子系统软件体系结构综述[J]. 航空学报, 2009, 30(10): 1912-1917.[3] Dodd I, Habli I. Safety certification of airborne software: an empirical study[J]. Reliability Engineering and System Safety, 2012, 98(1): 7-23.[4] Zhu H Q, Xu H J, Xue Y, et al. A software safety assessment method based on semi-physical simulation test[J]. Acta Aeronautica et Astronautica Sinica, 2014, 35(6): 1703-1713 (in Chinese). 朱和铨, 徐浩军, 薛源, 等. 一种半实物仿真试验软件安全性分析方法[J]. 航空学报, 2014, 35(6): 1703-1713.[5] Leveson N G. Software safety: why, what, and how[J]. Computing Surveys, 1986, 18(2): 125-163.[6] United States Air Force Chief Scientist (AF/ST). Technology horizons: a vision for air force science and technology during 2010-2030[R]. Washington D. C.: Office of the USAF Chief Scientist, 2010.[7] Radio Technical Commission for Aeronautics. DO-178B software considerations in airborne systems and equipment certification[S]. Washington D. C.: Radio Technical Commission for Aeronautics, 1992.[8] Radio Technical Commission for Aeronautics. DO-178C software considerations in airborne systems and equipment certification[S]. Washington D. C.: Radio Technical Commission for Aeronautics, 2011.[9] Leveson N G. Applying systems thinking to analyze and learn from events[J]. Safety Science, 2011, 49(1): 55-64.[10] Kelley K. Automated test case generation from correct and complete system requirements models[C]//2009 IEEE Aerospace Conference. Piscataway, NJ: IEEE, 2009: 1-10.[11] Bernardi S, Merseguer J, Petriu D C. Adding dependability analysis capabilities to the MARTE profile[C]//Proceedings of the 11th International Conference on Model Driven Engineering Languages and Systems. Berlin: Springer Berlin Heidelberg, 2008: 736-750.[12] Hungar H, Robbe O, Wirtz B. Safe-UML-restricting UML for the development of safety-critical systems[C]//FORMS/FORMAT 2007. 2007: 467-475.[13] Michael J B, Shing M T, Cruickshank K J, et al. Hazard analysis and validation metrics framework for system of systems software safety [J]. IEEE Systems Journal, 2010, 4(2): 186-197.[14] Fujiwara T, Estevez J M, Satoh Y, et al. Acalculation method for software safety integrity level[C]//Proceedings of the 1st Workshop on Critical Automotive Applications: Robustness and Safety. New York: ACM, 2010: 31-34.[15] Xu B F, Huang Z Q, Hu J, et al. Model-driven safety dependence verification for component-based airborne software supporting airworthiness certification [J]. Acta Aeronautica et Astronautica Sinica. 2012, 33(5): 796-808 (in Chinese). 徐丙凤, 黄志球, 胡军, 等. 面向适航认证的模型驱动机载软件构件的安全性验证[J]. 航空学报, 2012, 33(5): 796-808 (in Chinese).[16] Parnas D L. On the criteria to be used in decomposing system into modules[J]. Communications of the ACM, 1972, 15(12): 1053-1058.[17] Bao P L. Research and implementation of a SysML modeling tool SysModeler [D]. Baotou: Inner Mongolia University, 2008 (in Chinese). 鲍鹏丽. SysModeler: 一个SysML的建模工具的研究与实现[D]. 包头: 内蒙古大学, 2008.[18] ARP4754. The engineering society for advancing mobility land sea air and space, Certification considerations for highly-integrated of complex aircraft systems[S]. Warrendale: SAE International, 1996.[19] Cai Y, Zheng Z, Cai K Y, et al. Research on airborne software airworthiness standards DO-178B/C[M]. Shanghai: Shanghai Jiao Tong University Press, 2013: 129-130 (in Chinese). 蔡喁, 郑征, 蔡开元, 等.机载软件适航标准DO-178B/C研究[M]. 上海: 上海交通大学出版社, 2013: 129-130.[20] Navarro I, Leveson N G, Lunqvist K. Semantic decoupling: reducing the impact of requirement changes[J]. Requirements Engineering, 2010, 15(4): 419-437.[21] Huang Z Q, Xu B F, Kan S L, et al. Survey on embedded software safety analysis standards, methods and tools for airborne system[J]. Journal of Software, 2014, 25(2): 200-218 (in Chinese). 黄志球, 徐丙凤, 阚双龙, 等. 嵌入式机载软件安全性分析标准、方法及工具研究综述[J]. 软件学报, 2014, 25(2): 200-218. |