Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618576
S. Dawson, F. Jahanian, T. Mitton
The paper presents a set of experiments on real time protocols using the ORCHESTRA software fault injection environment. The paper first describes a specific implementation of ORCHESTRA for testing applications that use Unix sockets for communication. A novel feature of this tool is that it utilizes operating system support provided by Real Time Mach to quantify and compensate for the intrusiveness of the fault injection mechanism. The fault injection experiments which are described, tested fault tolerance and timing behavior of two target real time protocols. In addition, timing intrusiveness of ORCHESTRA was measured during the course of these experiments.
本文介绍了一套基于ORCHESTRA软件故障注入环境的实时协议实验。本文首先描述了用于测试使用Unix套接字进行通信的应用程序的ORCHESTRA的具体实现。该工具的一个新颖特性是,它利用Real Time Mach提供的操作系统支持来量化和补偿故障注入机制的侵入性。本文所描述的故障注入实验,测试了两种目标实时协议的容错和定时行为。此外,在实验过程中测量了ORCHESTRA的定时侵入性。
{"title":"Fault injection experiments on real-time protocols using ORCHESTRA","authors":"S. Dawson, F. Jahanian, T. Mitton","doi":"10.1109/HASE.1996.618576","DOIUrl":"https://doi.org/10.1109/HASE.1996.618576","url":null,"abstract":"The paper presents a set of experiments on real time protocols using the ORCHESTRA software fault injection environment. The paper first describes a specific implementation of ORCHESTRA for testing applications that use Unix sockets for communication. A novel feature of this tool is that it utilizes operating system support provided by Real Time Mach to quantify and compensate for the intrusiveness of the fault injection mechanism. The fault injection experiments which are described, tested fault tolerance and timing behavior of two target real time protocols. In addition, timing intrusiveness of ORCHESTRA was measured during the course of these experiments.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"238 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131578506","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618606
M. Heimdahl, Barbara J. Czerny
Previously, we have defined procedures for analyzing hierarchical state based requirements specifications for two properties: (1) completeness with respect to a set of criteria related to robustness (a response is specified for every possible input and input sequence) and (2) consistency (the specification is free from conflicting requirements and undesired nondeterminism) (M.P.E. Heimdahl and N.G. Leveson, 1995; 1996). We implemented the analysis procedures in a prototype tool and evaluated their effectiveness and efficiency on a large real world requirements specification expressed in an hierarchical state based language called RSML (Requirements State Machine Language). Although our approach has been largely successful, there are some drawbacks with the current implementation that must be addressed. Our prototype implementation uses Binary Decision Diagrams (BDDs) to perform the analysis. Unfortunately, since BDDs treat predicates and functions as uninterpreted and thus fail to capture their semantics, the use of BDDs can lead to large numbers of spurious (false) error reports. We are currently investigating how the Prototype Verification System (PVS) and its theorem proving component can help us increase the accuracy of our analysis. PVS is a verification system that provides an interactive environment for writing formal specifications and checking formal proofs. The paper discusses the problems with spurious error reports and describes our experiences using the Prototype Verification System to increase the accuracy of our analysis results.
{"title":"Using PVS to analyze hierarchical state-based requirements for completeness and consistency","authors":"M. Heimdahl, Barbara J. Czerny","doi":"10.1109/HASE.1996.618606","DOIUrl":"https://doi.org/10.1109/HASE.1996.618606","url":null,"abstract":"Previously, we have defined procedures for analyzing hierarchical state based requirements specifications for two properties: (1) completeness with respect to a set of criteria related to robustness (a response is specified for every possible input and input sequence) and (2) consistency (the specification is free from conflicting requirements and undesired nondeterminism) (M.P.E. Heimdahl and N.G. Leveson, 1995; 1996). We implemented the analysis procedures in a prototype tool and evaluated their effectiveness and efficiency on a large real world requirements specification expressed in an hierarchical state based language called RSML (Requirements State Machine Language). Although our approach has been largely successful, there are some drawbacks with the current implementation that must be addressed. Our prototype implementation uses Binary Decision Diagrams (BDDs) to perform the analysis. Unfortunately, since BDDs treat predicates and functions as uninterpreted and thus fail to capture their semantics, the use of BDDs can lead to large numbers of spurious (false) error reports. We are currently investigating how the Prototype Verification System (PVS) and its theorem proving component can help us increase the accuracy of our analysis. PVS is a verification system that provides an interactive environment for writing formal specifications and checking formal proofs. The paper discusses the problems with spurious error reports and describes our experiences using the Prototype Verification System to increase the accuracy of our analysis results.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127807488","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618570
J. Drake
This paper describes the experience of building a users functional description (UFD) document for an Army metrics support tool. The purpose of the UFD is to capture the users' domain knowledge, but the users are often not in a position to write the UFD. As a contractor, the author wrote the UFD and struggled to reflect the users' viewpoint. This report reflects the lessons learned in trying to write a UFD from the users' viewpoint.
{"title":"Writing a user functional description for an Army software metrics support tool","authors":"J. Drake","doi":"10.1109/HASE.1996.618570","DOIUrl":"https://doi.org/10.1109/HASE.1996.618570","url":null,"abstract":"This paper describes the experience of building a users functional description (UFD) document for an Army metrics support tool. The purpose of the UFD is to capture the users' domain knowledge, but the users are often not in a position to write the UFD. As a contractor, the author wrote the UFD and struggled to reflect the users' viewpoint. This report reflects the lessons learned in trying to write a UFD from the users' viewpoint.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122508785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618609
Heidrun Engel
Design diversity, which is generally used to detect software faults, can be used to detect hardware faults without any additional measures. Since design of diverse programs may use hardware parts in the same way, the hardware fault coverage obtained is insufficient. To improve hardware fault coverage, a method is presented that systematically transforms every instruction of a given program into a modified instruction (sequence), keeping the algorithm fixed. This transformation is based on a diverse data representation and accompanying modified instruction sequences, that calculate the original results in the diverse data representation. If original and systematically modified variants of a program are executed sequentially, the results can be compared online to detect hardware faults. For this method, different diverse data representation have been examined. For the most suitable representation, the accompanying modified instruction sequences have been generated at assembler level and at high language level. The theoretically estimated improvement of the fault coverage of design diversity by additionally using systematically generated diversity have been confirmed by practical examinations.
{"title":"Data flow transformations to detect results which are corrupted by hardware faults","authors":"Heidrun Engel","doi":"10.1109/HASE.1996.618609","DOIUrl":"https://doi.org/10.1109/HASE.1996.618609","url":null,"abstract":"Design diversity, which is generally used to detect software faults, can be used to detect hardware faults without any additional measures. Since design of diverse programs may use hardware parts in the same way, the hardware fault coverage obtained is insufficient. To improve hardware fault coverage, a method is presented that systematically transforms every instruction of a given program into a modified instruction (sequence), keeping the algorithm fixed. This transformation is based on a diverse data representation and accompanying modified instruction sequences, that calculate the original results in the diverse data representation. If original and systematically modified variants of a program are executed sequentially, the results can be compared online to detect hardware faults. For this method, different diverse data representation have been examined. For the most suitable representation, the accompanying modified instruction sequences have been generated at assembler level and at high language level. The theoretically estimated improvement of the fault coverage of design diversity by additionally using systematically generated diversity have been confirmed by practical examinations.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"66 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120995291","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618561
C. Meadows
We discuss and characterize different types of solutions to computer security problems in terms of bad (theoretically sound, but expensive and impractical), ugly (practical, but messy and of doubtful assurance), and good (theoretically sound and practical). We also attempt to characterize the different approaches and problems in computer security that would lead to these different types of solutions.
{"title":"Computer security: the good, the bad and the ugly","authors":"C. Meadows","doi":"10.1109/HASE.1996.618561","DOIUrl":"https://doi.org/10.1109/HASE.1996.618561","url":null,"abstract":"We discuss and characterize different types of solutions to computer security problems in terms of bad (theoretically sound, but expensive and impractical), ugly (practical, but messy and of doubtful assurance), and good (theoretically sound and practical). We also attempt to characterize the different approaches and problems in computer security that would lead to these different types of solutions.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"66 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134093838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618591
R. V. Vishnuvajjala, S. Subramanian, W. Tsai, R. Mojdehbakhsh, L. Elliott
One of the widely used techniques in software safety analysis is fault tree analysis. The paper discusses the use of flow analysis techniques for supporting fault tree generation from software specifications. Earlier work on flow analysis techniques has focused on sequential systems. We discuss how system characteristics such as concurrency and real time reactive features impact the flow analysis techniques. The paper discusses concepts and algorithms that can be used in performing flow analysis for concurrent reactive real time systems.
{"title":"Flow analysis for concurrent, reactive, real-time systems","authors":"R. V. Vishnuvajjala, S. Subramanian, W. Tsai, R. Mojdehbakhsh, L. Elliott","doi":"10.1109/HASE.1996.618591","DOIUrl":"https://doi.org/10.1109/HASE.1996.618591","url":null,"abstract":"One of the widely used techniques in software safety analysis is fault tree analysis. The paper discusses the use of flow analysis techniques for supporting fault tree generation from software specifications. Earlier work on flow analysis techniques has focused on sequential systems. We discuss how system characteristics such as concurrency and real time reactive features impact the flow analysis techniques. The paper discusses concepts and algorithms that can be used in performing flow analysis for concurrent reactive real time systems.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"22 11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122943936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618596
Myong H. Kang, J. Froscher, I. S. Moskowitz
Distributed object oriented computing (DOC) is a new computing paradigm that promotes component based development, location independence, scalability, software reuse, etc. Users of multilevel security (MLS) technology want to take advantage of these new technologies However, the process of incorporating new technologies into MLS products is slower than the analogous process for non secure commercial products because MLS products must go through rigorous evaluation/certification procedures. We propose an architectural framework that speeds up the process of introducing new technologies to MLS users. We examine the drawbacks of traditional MLS approaches and take a fresh look at the requirements of MLS users. We then introduce security critical components that can enable MLS solutions and an MLS architectural framework that can accommodate not only legacy systems but also new technologies including DOC, without jeopardizing system security. Our framework separates security critical components/functions from the rest of the system because these components must go through rigorous evaluation/certification processes. This approach enables the secure use of new technologies for MLS users.
{"title":"A framework for MLS interoperability","authors":"Myong H. Kang, J. Froscher, I. S. Moskowitz","doi":"10.1109/HASE.1996.618596","DOIUrl":"https://doi.org/10.1109/HASE.1996.618596","url":null,"abstract":"Distributed object oriented computing (DOC) is a new computing paradigm that promotes component based development, location independence, scalability, software reuse, etc. Users of multilevel security (MLS) technology want to take advantage of these new technologies However, the process of incorporating new technologies into MLS products is slower than the analogous process for non secure commercial products because MLS products must go through rigorous evaluation/certification procedures. We propose an architectural framework that speeds up the process of introducing new technologies to MLS users. We examine the drawbacks of traditional MLS approaches and take a fresh look at the requirements of MLS users. We then introduce security critical components that can enable MLS solutions and an MLS architectural framework that can accommodate not only legacy systems but also new technologies including DOC, without jeopardizing system security. Our framework separates security critical components/functions from the rest of the system because these components must go through rigorous evaluation/certification processes. This approach enables the secure use of new technologies for MLS users.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114253864","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618572
Jing Chen, R. Carver
Specification-based testing of concurrent programs requires that test sequences be selected from the specification and mapped to the implementation. Test sequences can be selected incrementally. During incremental testing, the specification is partitioned into two or more components that are each tested separately. In this paper, we show how guidance for the partitioning can be provided by a constraint-style Lotos specification. Using incremental analysis techniques, components can be composed and reduced into smaller but observationally equivalent components. The combination of incremental testing and analysis alleviates the state explosion problem during test generation. We also show a mapping between the abstract test sequences of a Lotos specification and the concrete test sequences of an Ada implementation. The results of an empirical study of specification-based incremental testing are reported.
{"title":"Selecting and mapping test sequences from formal specifications of concurrent programs","authors":"Jing Chen, R. Carver","doi":"10.1109/HASE.1996.618572","DOIUrl":"https://doi.org/10.1109/HASE.1996.618572","url":null,"abstract":"Specification-based testing of concurrent programs requires that test sequences be selected from the specification and mapped to the implementation. Test sequences can be selected incrementally. During incremental testing, the specification is partitioned into two or more components that are each tested separately. In this paper, we show how guidance for the partitioning can be provided by a constraint-style Lotos specification. Using incremental analysis techniques, components can be composed and reduced into smaller but observationally equivalent components. The combination of incremental testing and analysis alleviates the state explosion problem during test generation. We also show a mapping between the abstract test sequences of a Lotos specification and the concrete test sequences of an Ada implementation. The results of an empirical study of specification-based incremental testing are reported.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131583300","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618556
J. Bruel, R. France, A. Benzekri, Y. Raynaud
The critical and complex nature of most real-time systems necessitates the use of rigorous techniques in their development. Formal specification techniques (FSTs) offer a foundation for rigorous design of complex systems. Though developers are aware of the benefits FSTs can bring to the software development effort, they often cite the difficulty of applying the techniques to their problems as a reason for not using them. We describe a Z-based specification environment that we are developing. The goal of the environment is to facilitate the application of FSTs to industrial-strength real-time system development. The environment is based on an integrated Z specification technique and a graphical object-oriented design technique.
{"title":"A real-time specification environment based on Z and graphical object-oriented modeling techniques","authors":"J. Bruel, R. France, A. Benzekri, Y. Raynaud","doi":"10.1109/HASE.1996.618556","DOIUrl":"https://doi.org/10.1109/HASE.1996.618556","url":null,"abstract":"The critical and complex nature of most real-time systems necessitates the use of rigorous techniques in their development. Formal specification techniques (FSTs) offer a foundation for rigorous design of complex systems. Though developers are aware of the benefits FSTs can bring to the software development effort, they often cite the difficulty of applying the techniques to their problems as a reason for not using them. We describe a Z-based specification environment that we are developing. The goal of the environment is to facilitate the application of FSTs to industrial-strength real-time system development. The environment is based on an integrated Z specification technique and a graphical object-oriented design technique.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129984972","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618562
V. Thomas
This paper presents ten practical techniques that help engineer complex systems that have stringent dependability and real-time requirements. The techniques described are software centric but in most cases they apply to systems as a whole.
{"title":"Ten practical techniques for high assurance systems engineering","authors":"V. Thomas","doi":"10.1109/HASE.1996.618562","DOIUrl":"https://doi.org/10.1109/HASE.1996.618562","url":null,"abstract":"This paper presents ten practical techniques that help engineer complex systems that have stringent dependability and real-time requirements. The techniques described are software centric but in most cases they apply to systems as a whole.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130317594","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: