How Useful is Software Fault Injection for Evaluating the Security of COTS Products?
نویسندگان
چکیده
Panel Abstract Software fault injection (SFI) is a controversial method for identifying errors and improving software. Many respected researchers believe the method holds promise, including the members on our panel, although with careful qualifications. On the other hand, COTS software manufacturers tend to view the method with skepticism for several reasons. One problem is the difficulty in verifying that injected faults are representative of real world faults. Another is that SFI may not be as efficient in identifying errors in software as more conventional testing. The three panelists explored wide-ranging alternatives to the industry view.
منابع مشابه
Experimental Assessment of COTS DBMS Robustness under Transient Faults
† Research supported in part by Fundação para a Ciência e Tecnologia PRAXIS XXI under grant number BD/5636/95. ‡ On leave from Critical Software, www.criticalsoftware.com. Abstract This paper evaluates the behavior of a common off-theshelf (COTS) database management system (DBMS) in presence of transient faults. Database applications have traditionally been a field with fault-tolerance needs, c...
متن کاملRigorous Evaluation of COTS Middleware Technology
M iddleware refers to a broad class of software infrastructure technologies that use high-level abstractions to simplify construction of distributed systems. Over the past decade, the adoption of commercial off-the-shelf middleware products across the software industry has gathered significant momentum. COTS products make it possible to deploy application components in high-performance, scalabl...
متن کاملIssues in Developing Security Wrapper Technology for COTS Software Products
The use of Commercial Off-The-Shelf (COTS) software products as components of large-scale systems has become more and more pervasive. One of the interesting questions that has arisen is "Can you build secure applications using insecure components?" We have been investigating ways to protect data that is shared between two or more independent, insecure applications. Our initial attempts to accom...
متن کاملSafety Assessment of Systems Embedded with COTS Components by PIP technique
The difficulties to assess reliability of systems that use COTS components are sometimes compounded by the inaccessibility of some COTS codes. This paper develops an approach of Perturbation of Interface Parameters (PIP) to simulate failures of COTS components. It is to validate the use of PIP as a fault-injection technique to test COTS components and surrounding systems. Tests of a nuclear pro...
متن کاملEvaluation and Selection COTS Software Process: The State of the Art
In the recent years, the Commercial OffThe-Shelf (COTS) products are being increasingly used in the world of software development. Therefore, evaluating and selecting appropriate COTS product is one of the most critical activities in COTS-based system development. Unfortunately, many methods that have been proposed in previous studies for evaluating and selecting COTS software are still have ma...
متن کامل