17,913 research outputs found
Early evaluation of security functionality in software projects - some experience on using the common criteria in a quality management process
This paper documents the experiences of assurance evaluation during the early stage of a large software development project. This project researches, contracts and integrates privacy-respecting software to business environments. While assurance evaluation with ISO 15408 Common Criteria (CC) within the certification schemes is done after a system has been completed, our approach executes evaluation during the early phases of the software life cycle. The promise is to increase quality and to reduce testing and fault removal costs for later phases of the development process. First results from the still-ongoing project suggests that the Common Criteria can define a framework for assurance evaluation in ongoing development projects.Dieses Papier dokumentiert den Versuch, mittels der Common Criteria nach ISO 15408 bereits wĂ€hrend der Erstellung eines Softwaresystems dessen Sicherheitseigenschaften zu ĂŒberprĂŒfen. Dies geschieht im Gegensatz zur ĂŒblichen Post-Entwicklungs-Evaluation
Software dependability techniques validated via fault injection experiments
The present paper proposes a C/C++ source-to-source compiler able to increase the dependability properties of a given application. The adopted strategy is based on two main techniques: variable duplication/triplication and control flow checking. The validation of these techniques is based on the emulation of fault appearance by software fault injection. The chosen test case is a client-server application in charge of calculating and drawing a Mandelbrot fracta
Specification and analysis of SOC systems using COWS: a finance case study
Service-oriented computing, an emerging paradigm for distributed computing based on the use of services, is calling for the development of tools and techniques to build safe and trustworthy systems, and to analyse their behaviour. Therefore many researchers have proposed to use process calculi, a cornerstone of current foundational research on specification and analysis of concurrent and distributed systems.
We illustrate this approach by focussing on COWS, a process calculus expressly designed for specifying and combining services, while modelling their dynamic behaviour. We present the calculus and one of the analysis techniques it enables, that is based on the temporal logic SocL and the associated model checker CMC. We demonstrate applicability of our tools by means of a large case study, from the financial domain, which is first specified in COWS, and then analysed by using SocL to express many significant properties and CMC to verify them
Cross-level Validation of Topological Quantum Circuits
Quantum computing promises a new approach to solving difficult computational
problems, and the quest of building a quantum computer has started. While the
first attempts on construction were succesful, scalability has never been
achieved, due to the inherent fragile nature of the quantum bits (qubits). From
the multitude of approaches to achieve scalability topological quantum
computing (TQC) is the most promising one, by being based on an flexible
approach to error-correction and making use of the straightforward
measurement-based computing technique. TQC circuits are defined within a large,
uniform, 3-dimensional lattice of physical qubits produced by the hardware and
the physical volume of this lattice directly relates to the resources required
for computation. Circuit optimization may result in non-intuitive mismatches
between circuit specification and implementation. In this paper we introduce
the first method for cross-level validation of TQC circuits. The specification
of the circuit is expressed based on the stabilizer formalism, and the
stabilizer table is checked by mapping the topology on the physical qubit
level, followed by quantum circuit simulation. Simulation results show that
cross-level validation of error-corrected circuits is feasible.Comment: 12 Pages, 5 Figures. Comments Welcome. RC2014, Springer Lecture Notes
on Computer Science (LNCS) 8507, pp. 189-200. Springer International
Publishing, Switzerland (2014), Y. Shigeru and M.Shin-ichi (Eds.
Recommended from our members
Modeling the effects of combining diverse software fault detection techniques
The software engineering literature contains many studies of the efficacy of fault finding techniques. Few of these, however, consider what happens when several different techniques are used together. We show that the effectiveness of such multitechnique approaches depends upon quite subtle interplay between their individual efficacies and dependence between them. The modelling tool we use to study this problem is closely related to earlier work on software design diversity. The earliest of these results showed that, under quite plausible assumptions, it would be unreasonable even to expect software versions that were developed âtruly independentlyâ to fail independently of one another. The key idea here was a âdifficulty functionâ over the input space. Later work extended these ideas to introduce a notion of âforcedâ diversity, in which it became possible to obtain system failure behaviour better even than could be expected if the versions failed independently. In this paper we show that many of these results for design diversity have counterparts in diverse fault detection in a single software version. We define measures of fault finding effectiveness, and of diversity, and show how these might be used to give guidance for the optimal application of different fault finding procedures to a particular program. We show that the effects upon reliability of repeated applications of a particular fault finding procedure are not statistically independent - in fact such an incorrect assumption of independence will always give results that are too optimistic. For diverse fault finding procedures, on the other hand, things are different: here it is possible for effectiveness to be even greater than it would be under an assumption of statistical independence. We show that diversity of fault finding procedures is, in a precisely defined way, âa good thingâ, and should be applied as widely as possible. The new model and its results are illustrated using some data from an experimental investigation into diverse fault finding on a railway signalling application
- âŠ