The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Testing software-intensive systems, for us, has traditionally focused on verifying and validating compliance and conformance to specification, as well as some general non-functional requirements such as performance of different components. In recent years, we have seen a strong move towards more data intensive systems. We have found that these types of systems require a different approach for testing...
Doubt is key to becoming a good programmer. If you don't doubt the correctness of your work, you have no incentive to look for the hidden spoilers that are always there.
With the increased attention on cyber security, more and more people focus on the security and reliability of the software they utilize. Therefore, software vendors, especially operating system suppliers, make great efforts to build more secure and reliable software. The aim of this paper is finding a re-development way building secure and reliable operating system (OS) based on open source software...
Current Security Pattern evaluation techniques are demonstrated to be incomplete with respect to quantitative measurement and comparison. A proposal for a dynamic testbed system is presented as a potential mechanism for evaluating patterns within a constrained environment.
Modern society depends on the continuing correct operation of software-based systems. Critical infrastructures — including energy, communication, transportation, and finance — all function within powerful and complex computing environments. The dependability of these systems is increasingly threatened by a wide range of adversaries, and increasing investments are being made to provide and assess sufficient...
Software vulnerabilities are the root cause of computer security problem. How people can quickly discover vulnerabilities existing in a certain software has always been the focus of information security field. This paper has done research on software vulnerability techniques, including static analysis, Fuzzing, penetration testing. Besides, the authors also take vulnerability discovery models as an...
This study examines trust in the framework of service-based systems and discusses why it is difficult to achieve. We propose a discipline we term trust engineering, which considers the interactions of trust-enhancing technology, system architecture, and the development life cycle. The traditional view of security solutions have focused on preventing external threats such as malware in the forms of...
Component-based software development (CBSD) is an emerging technology that focuses on building systems by integrating existing software components. CBSD offers a range of benefits, such as an improved ability to reuse existing codes, reduced development costs of high-quality systems and faster development time. Several earlier studies have reported different challenges involved with using CBSD in...
Using static analysis tools can detect software vulnerabilities, which is important for improving the security of software. Static analysis technology has developed rapidly, but the comparison and evaluation of static analysis techniques and tools are not much. This paper focuses on software vulnerability static analysis techniques and tools. First we discuss the commonly-used static analysis techniques...
Watchdog timers are often used to trigger recovery of failed processes. But to this end the watchdog itself must be fail-safe. This work maximizes watchdog timer availability by a smart technology combination: replicated watchdogs, only one active at a time; hidden watchdogs, inside carrier processes. This approach was validated by implementation and testing within a security system.
Development of a dependable software requires a variety of techniques to be used in a coherent and systematic process, since it is required to take the reliability, safety, and security of the system into account. In this paper, we describe a framework for developing dependable software systems using the SOFL formal engineering method, and demonstrate its applicability by a case study developing and...
This paper presents an enhanced derivation procedure to obtain a system of services, from a given choreography. In addition to the basic framework, we introduce several situations where nondeterminism appears and it is resolved by using a dynamic prioritized system. The priority policy is based on several parameters such as the request dispatching, the response time, the quality of the response, etc...
The number of security errors and vulnerabilities can be reduced if a secure software development process (SSDP) is followed. Such a SSDP must cater for security aspects during each phase of development. In this paper, we present a new process that provides ways of addressing security concerns and incorporating security decisions throughout the software development process. Our process has two views:...
Nowadays, Web services are one of the most fashionable technology. Their simplicity of use and interoperability make them used in several fields such as web sites,widgets, classical applications and so on. There exists many technologies linked to this paradigm: SOAP (a communication protocol), WSDL (a description language) and UDDI (a yellow pages system) are among the most known. Some works proposed...
Modern software systems are difficult to test due to their distributed nature, and increased security complicates testing even further. Our hypothesis is that some security vulnerabilities are actually introduced due to developerspsila need to facilitate testing that software requirements have been implemented correctly. If these temporary security vulnerabilities are not removed before the software...
Software is no longer creeping into every aspect of our lives - it's already there. In fact, failing to recognize just how much everything we do depends on software functioning correctly makes modern society vulnerable to software errors.
GEMOM (Genetic Message Oriented Secure Middleware) is an EU FP7 ICT project that focuses on the significant and measurable increase in the end-to-end intelligence, security and resilience of complex, distributed information systems. Complex, distributed software systems are virtually impossible to implement without heavy use of messaging infrastructure. While the existing state of the art achieves...
Information security is more important in network days. A kind of adversary pattern based on probabilistic method to find out information security bug is raised. We discuss the software decomposition ways and how to use the adversary pattern, put forward an attack-proof theorem which shows a method of computing average number of attack times before a software system having concealed bugs becomes invalid...
Maritime Safety and Security systems represent a novel kind of large-scale distributed component-based systems in which the individual components are elaborate and complex systems in their own right. Two distinguishing characteristics are their ability to evolve during runtime, that is, joining and leaving of components, and the need for high reliability of the system. In this paper, we identify the...
This paper proposes a framework for measuring the vulnerability of individual hosts based on current and historical operational data for vulnerabilities and attacks. Previous approaches have not been scalable because they relied on complex manually constructed models, and most approaches have examined software flaws only, not other vulnerabilities such as software misconfiguration and software feature...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.