Search

CN-122027282-A - Code verification method, device, equipment, medium and product of train operation control system

CN122027282ACN 122027282 ACN122027282 ACN 122027282ACN-122027282-A

Abstract

The invention discloses a code verification method, a device, equipment, a medium and a product of a train operation control system, which relate to the technical field of network security and comprise the steps of carrying out semantic analysis on a network security requirement specification document, extracting network security requirement structural information and determining an object code verification strategy according to the network security requirement structural information; determining an assertion specification and a code insertion position of the assertion specification according to the object code verification strategy and the network security requirement structural information, inserting the assertion specification into an original network communication code according to the code insertion position to obtain a network communication code to be verified, and verifying the network communication code to be verified according to the assertion specification by using an object code verification tool to obtain a code verification result. The invention realizes the effect of verifying the code level of the network communication code of the train operation control system, improves the network security of the train operation control system, and reduces the possibility of occurrence of potential network safety hazards.

Inventors

  • CHEN HONGXUE
  • ZHANG ZONGHUA
  • MA WEIHONG
  • LIU PENGRUI
  • SHEN XIANGYU
  • ZHANG HAO

Assignees

  • 北京全路通信信号研究设计院集团有限公司

Dates

Publication Date
20260512
Application Date
20260211

Claims (14)

  1. 1.A code verification method of a train operation control system, the method comprising: Acquiring an original network communication code corresponding to a target train operation control system and acquiring a network security requirement specification document associated with the target train operation control system; Carrying out semantic analysis on the network security requirement specification document, extracting network security requirement structural information, and determining an object code verification strategy for verifying the original network communication code according to the network security requirement structural information; Determining an assertion specification and a code insertion position of the assertion specification in the original network communication code according to the target code verification policy and the network security requirement structuring information, and inserting the assertion specification into the original network communication code according to the code insertion position to obtain a network communication code to be verified; and verifying the network communication code to be verified according to the assertion specification by using an object code verification tool to obtain a code verification result.
  2. 2. The method of claim 1, wherein the determining an object code verification policy for verifying the original network communication code based on the network security requirement structured information comprises: Inputting the network security requirement structural information and the original network communication code into a target large language model, and determining an object code verification strategy identification from candidate code verification strategy identifications according to the network security requirement structural information and the original network communication code through the target large language model; and acquiring the target code verification policy identifier output by the target large language model, and determining the target code verification policy according to the target code verification policy identifier.
  3. 3. The method of claim 1, wherein the determining an assertion specification and a code insertion location of the assertion specification in the original network communication code based on the object code verification policy and the network security requirement structuring information comprises: inputting the target code verification strategy and the network security requirement structuring information into a target large language model, and determining the assertion specification and the code insertion position according to the target code verification strategy and the network security requirement structuring information through the target large language model; And acquiring the assertion specification output by the target large language model and the code insertion position.
  4. 4. The method of claim 1, wherein verifying the network communication code to be verified using an object code verification tool according to the assertion specification, to obtain a code verification result, comprises: analyzing the assertion specification by using the target code verification tool to generate a verification task description adapted to the target code verification tool; based on the verification task description, performing corresponding verification on the network communication code to be verified to obtain verification state data corresponding to each code execution path; and comparing each verification state data with expected state data defined in the assertion specification, and determining the code verification result according to the comparison result.
  5. 5. The method of claim 4, wherein the determining the code verification result based on the comparison result comprises: if each verification state data is matched with the expected state data, determining that the code verification result is that the code is normal; and if at least one verification state data is not matched with the expected state data, determining that the code verification result is a code abnormality.
  6. 6. The method of claim 1, wherein the verifying the network communication code to be verified according to the assertion specification by using an object code verification tool, before obtaining a code verification result, further comprises: Inputting the network security requirement structural information and the original network communication code into a target large language model, determining an initial code verification tool identifier from candidate code verification tool identifiers according to the network security requirement structural information and the original network communication code through the target large language model, and generating operation configuration parameters associated with the initial code verification tool identifier; and acquiring the initial code verification tool identifier and the operation configuration parameter output by the target large language model, determining the initial code verification tool from candidate code verification tools according to the initial code verification tool identifier, and configuring the initial code verification tool according to the operation configuration parameter to obtain the target code verification tool.
  7. 7. The method of claim 5, after the determining that the code verification result is a code exception, further comprising: Determining the at least one verification state data which is not matched with the expected state data as abnormal verification state data, and determining the code execution path corresponding to the abnormal verification state data as a counterexample code execution path; And generating risk description information and code restoration suggestions corresponding to the original network communication code according to the counterexample code execution path, and generating a code verification report according to an abnormal code position, the code verification result, the risk description information and the code restoration suggestions, wherein the abnormal code position is a code position associated with the counterexample code execution path in the network communication code to be verified.
  8. 8. The method of claim 7, the method further comprising: generating information to be archived according to the original network communication code, the network security requirement specification document, the network security requirement structural information, the network communication code to be authenticated and the code authentication report; And acquiring task identification information corresponding to the code verification, and carrying out association storage on the task identification information and the information to be archived.
  9. 9. The method of claim 1, wherein the performing semantic analysis on the network security requirement specification document to extract network security requirement structured information comprises: Inputting the network security requirement specification document into a target large language model, carrying out semantic analysis on the network security requirement specification document through the target large language model, and determining the network security requirement structural information contained in the network security requirement specification document; And acquiring the network security requirement structural information output by the target large language model.
  10. 10. The method of any of claims 1-9, wherein the network security requirement structuring information comprises at least one of task goals, task keywords, interface specifications, input constraints, output constraints, and functional boundaries.
  11. 11. A code verification device for a train operation control system, the device comprising: the information acquisition module is used for acquiring an original network communication code corresponding to a target train operation control system and acquiring a network security requirement specification document associated with the target train operation control system; The code verification strategy determining module is used for carrying out semantic analysis on the network security requirement specification document, extracting network security requirement structural information and determining an object code verification strategy for verifying the original network communication code according to the network security requirement structural information; The network communication code acquisition module to be verified is used for determining an assertion specification and a code insertion position of the assertion specification in the original network communication code according to the target code verification strategy and the network security requirement structural information, and inserting the assertion specification into the original network communication code according to the code insertion position to obtain the network communication code to be verified; And the code verification module is used for verifying the network communication code to be verified by utilizing an object code verification tool according to the assertion specification to obtain a code verification result.
  12. 12. An electronic device, the electronic device comprising: at least one processor, and A memory communicatively coupled to the at least one processor, wherein, The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-10.
  13. 13. A computer-readable storage medium, wherein the computer-readable storage medium stores computer instructions, the computer instructions for causing a processor to perform the method of any one of claims 1-10.
  14. 14. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any of claims 1-10.

Description

Code verification method, device, equipment, medium and product of train operation control system Technical Field The invention relates to the technical field of network security, in particular to a code verification method, a device, equipment, a medium and a product of a train operation control system. Background Along with the continuous propulsion of rail traffic construction, the train operation control system is used as a core system for guaranteeing the safe and efficient operation of the train and bears important tasks such as train operation state sensing, signal transmission, scheduling control and the like. The train operation control system has the characteristics of strong real-time performance, complex structure, fine control and the like, and the safety and reliability of the train operation control system in the whole process of design, development, test and operation and maintenance are related to the life and property safety of passengers, and the stable operation of the transportation system is directly influenced. However, due to the complexity and real-time performance of the train operation control system, the train operation control system still faces a plurality of potential safety hazards in practical application. For example, in the process of developing and verifying a train operation control system, manufacturers usually focus on verification of functional safety, but lack of code level verification on a network communication code of the train operation control system, which causes that network safety of the train operation control system cannot be ensured and potential network safety hazards exist. Disclosure of Invention The invention provides a code verification method, device, equipment, medium and product of a train operation control system, which are used for solving the problem that the existing network communication code of the train operation control system is lack of code level verification, so that the network safety hidden trouble exists in the train operation control system. According to an aspect of the present invention, there is provided a code verification method of a train operation control system, the method comprising: Acquiring an original network communication code corresponding to a target train operation control system and acquiring a network security requirement specification document associated with the target train operation control system; Carrying out semantic analysis on the network security requirement specification document, extracting network security requirement structural information, and determining an object code verification strategy for verifying the original network communication code according to the network security requirement structural information; Determining an assertion specification and a code insertion position of the assertion specification in the original network communication code according to the target code verification policy and the network security requirement structuring information, and inserting the assertion specification into the original network communication code according to the code insertion position to obtain a network communication code to be verified; and verifying the network communication code to be verified according to the assertion specification by using an object code verification tool to obtain a code verification result. According to another aspect of the present invention, there is provided a code verification apparatus of a train operation control system, the apparatus comprising: the information acquisition module is used for acquiring an original network communication code corresponding to a target train operation control system and acquiring a network security requirement specification document associated with the target train operation control system; The code verification strategy determining module is used for carrying out semantic analysis on the network security requirement specification document, extracting network security requirement structural information and determining an object code verification strategy for verifying the original network communication code according to the network security requirement structural information; The network communication code acquisition module to be verified is used for determining an assertion specification and a code insertion position of the assertion specification in the original network communication code according to the target code verification strategy and the network security requirement structural information, and inserting the assertion specification into the original network communication code according to the code insertion position to obtain the network communication code to be verified; And the code verification module is used for verifying the network communication code to be verified by utilizing an object code verification tool according to the assertion specification to obtain a code verification result. According to another aspect of