发布求助
文献互助 智能选刊 最新文献

Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance最新文献

筛选
英文 中文
Software testing: from theory to practice 软件测试:从理论到实践
Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance Pub Date : 1998-03-01 DOI: 10.1109/CMPASS.1997.613216
A. Offutt
{"title":"Software testing: from theory to practice","authors":"A. Offutt","doi":"10.1109/CMPASS.1997.613216","DOIUrl":"https://doi.org/10.1109/CMPASS.1997.613216","url":null,"abstract":"This paper is about the disparity between what is known and being learned in academia, and what is being used in industry. The author interprets the issue as \"why aren't the ideas that researchers have developed being used in industry?\". The paper presents a shopping list of reasons why industry does not use the highly advanced and in some cases highly developed software testing techniques that are available. For ease of digestion, the problems are divided into three broad categories: problems in industry, problems in academic research and education, and problems in the interface between the two. Because the most difficult problems are usually those in the interface, these are presented first.","PeriodicalId":377266,"journal":{"name":"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance","volume":"95 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1998-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123364034","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Testing for security during development: why we should scrap penetrate-and-patch 在开发过程中测试安全性:为什么我们应该放弃渗透和补丁
Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance Pub Date : 1997-06-16 DOI: 10.1109/CMPASS.1997.613270
Gary McGraw
{"title":"Testing for security during development: why we should scrap penetrate-and-patch","authors":"Gary McGraw","doi":"10.1109/CMPASS.1997.613270","DOIUrl":"https://doi.org/10.1109/CMPASS.1997.613270","url":null,"abstract":"In the commercial sector security analysis has traditionally been applied at the network system level, after release, using tiger team approaches. After a successful tiger team penetration, specific system vulnerability is patched. I make a case for applying software engineering analysis techniques that have proven successful in the software safety arena to security-critical software code. This work is based on the generally held belief that a large proportion of security violations result from errors introduced during software development.","PeriodicalId":377266,"journal":{"name":"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance","volume":"491 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123891026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 52
Why testing technology is not transferred to industry: academics don't get it, vendors don't know it, practitioners don't care 为什么检测技术不向产业界转移:学者不懂,厂商不懂,从业者不关心
Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance Pub Date : 1997-06-16 DOI: 10.1109/CMPASS.1997.613222
J. Payne
{"title":"Why testing technology is not transferred to industry: academics don't get it, vendors don't know it, practitioners don't care","authors":"J. Payne","doi":"10.1109/CMPASS.1997.613222","DOIUrl":"https://doi.org/10.1109/CMPASS.1997.613222","url":null,"abstract":"There are several reasons why testing technology is not successfully transferred to industry. These reasons can be traced to fundamental flaws with the way academics perform research, tool vendors market technology, and practitioners build software. Until these flaws are corrected, advanced testing technology will continue to languish inside universities and commercial research labs. This paper discusses these flaws and provides some suggestions on how these problems can be addressed.","PeriodicalId":377266,"journal":{"name":"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127726244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Evolving directions in formal methods 形式方法的发展方向
Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance Pub Date : 1997-06-16 DOI: 10.1109/CMPASS.1997.613289
D. Kuhn
{"title":"Evolving directions in formal methods","authors":"D. Kuhn","doi":"10.1109/CMPASS.1997.613289","DOIUrl":"https://doi.org/10.1109/CMPASS.1997.613289","url":null,"abstract":"Formal methods have demonstrated their effectiveness in a number of application areas, but are still not widely used in the computing industry. Advances in theorem proving tools, particularly those combining model checking with traditional interactive proof techniques are reducing the cost of formal techniques. Although traditionally used for analyzing the correctness of specifications against requirements (and to a lesser extent the correctness of source code), formal methods can help reduce the cost of test generation, making formal methods more cost effective.","PeriodicalId":377266,"journal":{"name":"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123169536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
On the formal verification of delegation in SESAME 浅谈SESAME中授权的形式验证
Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance Pub Date : 1997-06-16 DOI: 10.1109/CMPASS.1997.613201
M. M. Ayadi, D. Bolignano
{"title":"On the formal verification of delegation in SESAME","authors":"M. M. Ayadi, D. Bolignano","doi":"10.1109/CMPASS.1997.613201","DOIUrl":"https://doi.org/10.1109/CMPASS.1997.613201","url":null,"abstract":"The objective of this paper is to present the verification of delegation in the SESAME protocol, a compatible extension version of Kerberos. For this we use the formal approach presented in Bolignano (1997). This approach is based on the use of state-based general purpose formal methods. It makes a clear separation between modeling of reliable agents and that of intruders. The SESAME protocol allows a principal in the system to delegate his rights to another principal or a group of principals. The formalization is transposed in a quite systematic manner into the Coq prover's formalism, and the complete formal proof is performed. The proof relies on the fact that confidentiality of keys shared by the multiple authorities involved in the protocol is guaranteed.","PeriodicalId":377266,"journal":{"name":"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128052297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Assured VLSI design with formal verification 确保VLSI设计与正式验证
Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance Pub Date : 1997-06-16 DOI: 10.1109/CMPASS.1997.613200
J. Kim, Shiu-Kai Chin
{"title":"Assured VLSI design with formal verification","authors":"J. Kim, Shiu-Kai Chin","doi":"10.1109/CMPASS.1997.613200","DOIUrl":"https://doi.org/10.1109/CMPASS.1997.613200","url":null,"abstract":"Design and verification using formal logic extends existing VLSI design methods and tools. Such an extension provides rigorous support for design and verification at various levels of abstraction. Our design methodology combines design verification by mechanized theorem proving with conventional CAD tools. The theorem proving environment allows as to relate low level boolean implementations and high level arithmetic and instruction set specifications. We use the Higher-Order Logic theorem prover (HOL) to verify correctness relations between implementations and specifications. We use existing CAD tools to synthesize physical layouts and validate low level electrical and timing properties. Our CAD systems are Mentor Graphics GDT and MAGIC. To verify our design methodology, we fabricated a serial pipelined multiplier that is formally verified. Bit-serial circuits are widely used in signal processing. The multiplier chip was fabricated through MOSIS and worked correctly.","PeriodicalId":377266,"journal":{"name":"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127597464","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
On the analysis of software rejuvenation policies 软件振兴政策分析
Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance Pub Date : 1997-06-16 DOI: 10.1109/CMPASS.1997.613248
S. Garg, A. Puliafito, M. Telek, Kishor S. Trivedi
{"title":"On the analysis of software rejuvenation policies","authors":"S. Garg, A. Puliafito, M. Telek, Kishor S. Trivedi","doi":"10.1109/CMPASS.1997.613248","DOIUrl":"https://doi.org/10.1109/CMPASS.1997.613248","url":null,"abstract":"Software rejuvenation is a technique for software fault tolerance which involves occasionally stopping the executing software, \"cleaning\" the \"internal state\" and restarting. This cleanup is done at desirable times during execution on a preventive basis set that unplanned failures, which result in higher costs compared to planned stopping, are avoided. Since during rejuvenation, the software is typically unavailable or in a degraded mode of operation, the operation involves a cost. In this paper, we present an analytical model of a software system which serves transactions. Due to \"aging\", not only the service rate of the software decreases with time hut the software itself experiences occasional crash/hang failures. We propose and compare two rejuvenation policies. The policies are evaluated for the resulting steady state availability as well the probability that a transaction is denied service. We also numerically illustrate the use of our model to compute the optimal rejuvenation interval which minimizes (maximizes) the loss probability (steady state availability).","PeriodicalId":377266,"journal":{"name":"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131047112","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Reusing testing of reusable software components 可重用软件组件的重用测试
Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance Pub Date : 1997-06-16 DOI: 10.1109/CMPASS.1997.613254
C. Michael
{"title":"Reusing testing of reusable software components","authors":"C. Michael","doi":"10.1109/CMPASS.1997.613254","DOIUrl":"https://doi.org/10.1109/CMPASS.1997.613254","url":null,"abstract":"A software component that is reused in diverse settings can experience diverse operational environments. Unfortunately, a change in the operating environment can also invalidate past experience about the component's quality of performance. Indeed, most statistical methods for estimating software quality assume that the operating environment remains the same. Specifically, the probability density governing the selection of program inputs is assumed to remain constant. However, intuition suggests that such a stringent requirement is unnecessary. If a component has been executed very many times in one environment without experiencing a failure, one would expect it to be relatively failure-free in other similar environments. This paper seeks to quantify that intuition. The question asked is, \"how much can be said about a component's probability of failure in one environment after observing its operation in other environments?\" Specifically, we develop bounds on the component's probability of failure in the new environment based on its past behavior.","PeriodicalId":377266,"journal":{"name":"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128299190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Automatic generation of test vectors for SCR-style specifications 自动生成测试向量的scr风格规格
Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance Pub Date : 1997-06-16 DOI: 10.1109/CMPASS.1997.613225
M. Blackburn, R. Busser, J. Fontaine
{"title":"Automatic generation of test vectors for SCR-style specifications","authors":"M. Blackburn, R. Busser, J. Fontaine","doi":"10.1109/CMPASS.1997.613225","DOIUrl":"https://doi.org/10.1109/CMPASS.1997.613225","url":null,"abstract":"This paper provides the basis for integrating the Software Cost Reduction (SCR) specification method with the T-VEC (Test VECtor) test vector generator and specification analysis system. The SCR model is mapped to the T-VEC model to support automatic test vector generation for SCR specifications. The T-VEC system generated test vectors for an example SCR specification that was translated into the T-VEC language. The relationships between the models and the resulting test vectors are described. Two general guidelines for the translation process were identified that are fundamental for testing specifications that use event operators and for structuring the specifications to provide tests for all specified requirements.","PeriodicalId":377266,"journal":{"name":"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127910479","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 50
Using the B-toolkit to ensure safety in SCR specifications 使用B-toolkit确保SCR规范中的安全
Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance Pub Date : 1997-06-16 DOI: 10.1109/CMPASS.1997.613186
I. Ray, P. Ammann
{"title":"Using the B-toolkit to ensure safety in SCR specifications","authors":"I. Ray, P. Ammann","doi":"10.1109/CMPASS.1997.613186","DOIUrl":"https://doi.org/10.1109/CMPASS.1997.613186","url":null,"abstract":"SCR (Software Cost Reduction) specifications are useful for specifying event-driven systems. To use SCR effectively for critical applications, automated verification of safety properties is important. The fact that model checking approaches are sometimes problematic motivates us to further examine the alternative approach of theorem proving. Theorem proving, in general, is a difficult task; however the regular structure of the proof obligations generated from SCR specifications suggests that relatively unsophisticated theorem provers can discharge many of these obligations. As a feasibility study, we use the B-Toolkit to detect safety violations in an example SCR specification. The B-Toolkit is a good choice because it is commercially available and Supports verified refinement to executables in a commercial programming language (C). We convert the mode transition table in the example SCR specification to an AMN (Abstract Machine Notation) specification and analyze the result with the B-Toolkit. The B-Toolkit generates 120 proof obligations of which 113 are automatically discharged by the theorem prover. The remaining 7 proof obligations are, in fact, not theorems and correspond to the 3 problems in the SCR specification detected by the model checking approaches. For the corrected SCR specification, the B-Toolkit automatically discharges all proof obligations. The example shows that even simple theorem provers are a viable approach to automated analysis for SCR specifications.","PeriodicalId":377266,"journal":{"name":"Proceedings of COMPASS '97: 12th Annual Conference on Computer Assurance","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1997-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115586387","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信