Static analysis-based approaches for secure software development

Software security is a matter of major concern for software development enterprises that wish to deliver highly secure software products to their customers. Static analysis is considered one of the most effective mechanisms for adding security to software products. The multitude of static analysis tools that are available provide a large number of raw results that may contain security-relevant information, which may be useful for the production of secure software. Several mechanisms that can facilitate the production of both secure and reliable software applications have been proposed over the years. In this paper, two such mechanisms, particularly the vulnerability prediction models (VPMs) and the optimum checkpoint recommendation (OCR) mechanisms, are theoretically examined, while their potential improvement by using static analysis is also investigated. In particular, we review the most significant contributions regarding these mechanisms, identify their most important open issues, and propose directions for future research, emphasizing on the potential adoption of static analysis for addressing the identified open issues. Hence, this paper can act as a reference for researchers that wish to contribute in these subfields, in order to gain solid understanding of the existing solutions and their open issues that require further research

Dependable distributed and mobile computing - utilizing time to enhance recovery from failures

Abstract Mobile computing allows ubiquitous and continuous access to computing resources while users travel or work at a client's site. The flexibility introduced by mobile computing brings new challenges to dependability and fault tolerance. Failures that were rare with fixed hosts become common, and host disconnections make fault detection and message coordination difficult. This chapter describes checkpointing and failure recovery procedures that are well adapted to both distributed and mobile environments. The protocols use time to indirectly coordinate the creation of new global states and thereby avoid message exchanges. The mobile protocol uses two different types of checkpoints to adapt to network characteristics. Procedures for integrating adaptive mobile checkpointing with storage management are also described

Reversible Choreographies via Monitoring in Erlang

International audienceWe render a model advocating an extension of choreographies to describe reverse computation via monitoring. More precisely, our extension imbues the communication behaviour of multi-party protocols with minimal decorations specifying the conditions triggering monitor adaptations. We show how, from these extended global descriptions, one can (i) synthesise actors implementing the normal local behaviour of the system prescribed by the global graph, but also (ii) synthesise monitors that are able to coordinate a distributed rollback when certain conditions (denoting abnormal behaviour) are met