By Topic

Computer Assurance, 1997. COMPASS '97. Are We Making Progress Towards Computer Assurance? Proceedings of the 12th Annual Conference on

Date 16-19 June 1997

Filter Results

Displaying Results 1 - 21 of 21
  • Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance

    Publication Year: 1997
    Request permission for commercial reuse | PDF file iconPDF (133 KB)
    Freely Available from IEEE
  • On the analysis of software rejuvenation policies

    Publication Year: 1997, Page(s):88 - 96
    Cited by:  Papers (4)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (756 KB)

    Software rejuvenation is a technique for software fault tolerance which involves occasionally stopping the executing software, “cleaning” the “internal state” and restarting. This cleanup is done at desirable times during execution on a preventive basis set that unplanned failures, which result in higher costs compared to planned stopping, are avoided. Since during rejuvena... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automatic generation of test vectors for SCR-style specifications

    Publication Year: 1997, Page(s):54 - 67
    Cited by:  Papers (11)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1204 KB)

    This paper provides the basis for integrating the Software Cost Reduction (SCR) specification method with the T-VEC (Test VECtor) test vector generator and specification analysis system. The SCR model is mapped to the T-VEC model to support automatic test vector generation for SCR specifications. The T-VEC system generated test vectors for an example SCR specification that was translated into the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Quantitative reliability and availability assessment for critical systems including software

    Publication Year: 1997, Page(s):147 - 158
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1136 KB)

    In many cases, it is possible to derive a quantitative reliability or availability assessment for systems containing software with the appropriate use of system-level measurement-based modeling and supporting data. This paper demonstrates the system-level measurement based approach using a simplified safety protection system example. The approach is contrasted with other software reliability predi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Is information security an oxymoron?

    Publication Year: 1997, Page(s):120 - 121
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (196 KB)

    Although weaknesses have been demonstrated in some security techniques (encryption, protocols, mobile code such as Java, etc.), current security technology is quite strong in many areas. Despite this, information security has proved difficult to achieve in large modern software systems. Many problems have been reported in which supposedly secure systems have been penetrated and in some cases signi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • “What is a formal method (and what is an informal method)?”

    Publication Year: 1997, Page(s):125 - 126
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (168 KB)

    This position paper traces a very personal view of formal methods in the period 1982-1997. The author describes his own experiences in formal methods all the way from outright belief in the power of mathematics in the early 1980s, to a measurement-tempered and rather cautious optimism in the late 1990s View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information security: from reference monitors to wrappers

    Publication Year: 1997, Page(s):122 - 124
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (240 KB)

    Information system security has turned out to be much more challenging than at first thought. In the 1980s a great deal of energy was expended in an attempt to create a broad market of security-enhanced systems. This market, however, did not develop, and most computer systems today include only rudimentary security mechanisms. New technologies, however, such as extensible systems and security wrap... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the formal verification of delegation in SESAME

    Publication Year: 1997, Page(s):23 - 34
    Cited by:  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1180 KB)

    The objective of this paper is to present the verification of delegation in the SESAME protocol, a compatible extension version of Kerberos. For this we use the formal approach presented in Bolignano (1997). This approach is based on the use of state-based general purpose formal methods. It makes a clear separation between modeling of reliable agents and that of intruders. The SESAME protocol allo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Simulation-based test of fault-tolerant group membership services

    Publication Year: 1997, Page(s):129 - 138
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1008 KB)

    We address the problem of gaining assurance on the correctness of fault-tolerant and real-time distributed protocols. We validate implementations of two group membership protocols by running a centralized simulation of the distributed system, and testing whether the protocols satisfy the safety and timeliness properties prescribed by their specifications. Our testing environment performs determini... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Effect of repair policies on software reliability

    Publication Year: 1997, Page(s):105 - 116
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (612 KB)

    Software reliability is an important metric that quantifies the quality of the software product and is inversely related to the number of unrepaired faults in the system. Fault removal is a critical process in achieving the desired level of quality before software deployment in the field. Conventional software reliability models assume that the time to remove a fault is negligible and that the rep... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the uniformity of error propagation in software

    Publication Year: 1997, Page(s):68 - 76
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (784 KB)

    This paper presents an empirical study of an important aspect of software defect behavior: the propagation of data-state errors. A data-state error occurs when a fault is executed and affects a program's data-state, and it is said to propagate if it affects the outcome of the execution. Our results show that data-state errors appear to have a property that is quite useful when simulating faulty co... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evolving directions in formal methods

    Publication Year: 1997, Page(s):127 - 128
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (116 KB)

    Formal methods have demonstrated their effectiveness in a number of application areas, but are still not widely used in the computing industry. Advances in theorem proving tools, particularly those combining model checking with traditional interactive proof techniques are reducing the cost of formal techniques. Although traditionally used for analyzing the correctness of specifications against req... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Assured VLSI design with formal verification

    Publication Year: 1997, Page(s):13 - 22
    Cited by:  Papers (1)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (744 KB)

    Design and verification using formal logic extends existing VLSI design methods and tools. Such an extension provides rigorous support for design and verification at various levels of abstraction. Our design methodology combines design verification by mechanized theorem proving with conventional CAD tools. The theorem proving environment allows as to relate low level boolean implementations and hi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Why testing technology is not transferred to industry: academics don't get it, vendors don't know it, practitioners don't care

    Publication Year: 1997, Page(s):52 - 53
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (132 KB)

    There are several reasons why testing technology is not successfully transferred to industry. These reasons can be traced to fundamental flaws with the way academics perform research, tool vendors market technology, and practitioners build software. Until these flaws are corrected, advanced testing technology will continue to languish inside universities and commercial research labs. This paper di... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A software metric for logical errors and integration testing effort

    Publication Year: 1997, Page(s):139 - 146
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (772 KB)

    Many software metrics are based on analysis of individual source code modules and do not consider the way that modules are interconnected. This presents a special problem for many current software development project environments that utilize a considerable amount of commercial, off-the-shelf or other reusable software components and devote a considerable amount of time to testing and integrating ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Software testing: from theory to practice

    Publication Year: 1997, Page(s):48 - 51
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (316 KB)

    This paper is about the disparity between what is known and being learned in academia, and what is being used in industry. The author interprets the issue as “why aren't the ideas that researchers have developed being used in industry?”. The paper presents a shopping list of reasons why industry does not use the highly advanced and in some cases highly developed software testing techni... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Reusing testing of reusable software components

    Publication Year: 1997, Page(s):97 - 104
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (604 KB)

    A software component that is reused in diverse settings can experience diverse operational environments. Unfortunately, a change in the operating environment can also invalidate past experience about the component's quality of performance. Indeed, most statistical methods for estimating software quality assume that the operating environment remains the same. Specifically, the probability density g... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Testing for security during development: why we should scrap penetrate-and-patch

    Publication Year: 1997, Page(s):117 - 119
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (292 KB)

    In the commercial sector security analysis has traditionally been applied at the network system level, after release, using tiger team approaches. After a successful tiger team penetration, specific system vulnerability is patched. I make a case for applying software engineering analysis techniques that have proven successful in the software safety arena to security-critical software code. This wo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Tools for formal specification, verification, and validation of requirements

    Publication Year: 1997, Page(s):35 - 47
    Cited by:  Papers (15)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1988 KB)

    Although formal methods for developing computer systems have been available for more than a decade, few have had significant impact in practice. A major barrier to their use is that software developers find formal methods difficult to understand and apply. One exception is a formal method called SCR for specifying computer system requirements which, due to its easy to use tabular notation and its ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using the B-toolkit to ensure safety in SCR specifications

    Publication Year: 1997, Page(s):1 - 12
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1096 KB)

    SCR (Software Cost Reduction) specifications are useful for specifying event-driven systems. To use SCR effectively for critical applications, automated verification of safety properties is important. The fact that model checking approaches are sometimes problematic motivates us to further examine the alternative approach of theorem proving. Theorem proving, in general, is a difficult task; howeve... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Perturbation analysis of computer programs

    Publication Year: 1997, Page(s):77 - 87
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1004 KB)

    Error flow analysis is the study of how errors originate, spread, and propagate during program execution based on the three steps of the fault/failure model: execution, infection, and propagation. These three steps are defined relative to a virtual computer-by judiciously selecting the instruction set and data state of this computer the need for infection analysis can be reduced or eliminated in f... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.