Search For:

Displaying 1-12 out of 12 total
Using Model Checking to Generate Tests from Specifications
Found in: Formal Engineering Methods, International Conference on
By Paul E. Ammann, Paul E. Black, William Majurski
Issue Date:December 1998
pp. 46
We apply a model checker to the problem of test generation using a new application of mutation analysis. We define syntactic operators, each of which produces a slight variation on a given model. The operators define a form of mutation analysis at the leve...
Formal Verification of Secure Programs in the Presence of Side Effects
Found in: Hawaii International Conference on System Sciences
By Paul E. Black, Phillip J. Windley
Issue Date:January 1998
pp. 327
Much software is written in industry standard programming languages, but these languages often have complex semantics making them hard to formalize. For example, the use of expressions with side effects is common in C programs. We present new inference rul...
A Specification-Based Coverage Metric to Evaluate Test Sets
Found in: High-Assurance Systems Engineering, IEEE International Symposium on
By Paul E. Ammann, Paul E. Black
Issue Date:November 1999
pp. 239
Software developers use a variety of methods, including both formal methods and testing, to argue that their systems are suitable components for high assurance applications. In this paper, we develop another connection between formal methods and testing by...
Does Security Trump Reliability?
Found in: Computer
By James Bret Michael,Phillip A. Laplante,Jeffery Payne,Paul E. Black,Jeffrey M. Voas
Issue Date:November 2013
pp. 84-86
A conference panel discussed security and reliability and which of these concerns outweighs the other. Although the panel didn't conclude that one is definitively more important than the other, it did open the discussion for further consideration.
Juliet 1.1 C/C++ and Java Test Suite
Found in: Computer
By Tim Boland,Paul E. Black
Issue Date:October 2012
pp. 88-90
Juliet Test Suite 1.1 offers test cases for assessing the effectiveness of static analyzers and other software-assurance tools.
Counting Bugs is Harder Than You Think
Found in: Source Code Analysis and Manipulation, IEEE International Workshop on
By Paul E. Black
Issue Date:September 2011
pp. 1-9
Software Assurance Metrics and Tool Evaluation (SAMATE) is a broad, inclusive project at the U.S. National Institute of Standards and Technology (NIST) with the goal of improving software assurance by developing materials, specifications, and methods to te...
Mutation Operators for Specifications
Found in: Automated Software Engineering, International Conference on
By Paul E. Black, Vadim Okun, Yaacov Yesha
Issue Date:September 2000
pp. 81
Testing has a vital support role in the software engineering process, but developing tests often takes significant resources. A formal specification is a repository of knowledge about a system, and a recent method uses such specifications to automatically ...
Software vulnerabilities precluded by spark
Found in: Proceedings of the 2011 ACM annual international conference on Special interest group on the ada programming language (SIGAda '11)
By Chris E. Dupilka, F. David Jones, Joyce L. Tokar PhD, Paul E. Black PhD
Issue Date:November 2011
pp. 437-438
Software vulnerabilities are defined as a property of a system's security requirements, design, implementation, or operation that could be accidentally triggered or intentionally exploited and result in a security failure [1]. Many organizations throughout...
Wouldn't it be nice to have software labels
Found in: Proceedings of the ACM SIGAda annual international conference on SIGAda (SIGAda '10)
By Elizabeth Fong, Gary McGraw, Jeff Williams, Larry Wagoner, Paul E. Black, Richard F. Leslie, Simson Garfinkel
Issue Date:October 2010
pp. 441-442
EN-50128, the European standard for railway software safety, requires that software be demonstrated as free from using language features that would trigger known bugs in the compiler. Given a list of problem reports provided by the compiler vendor, this pa...
Static analysis summit II
Found in: Proceedings of the 2007 ACM international conference on SIGAda annual international conference (SIGAda '07)
By Paul E. Black
Issue Date:November 2007
pp. 207-210
Funded by the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST) started a long-term, ambitious project to identify, enhance and develop software assurance tools. The Software Assurance Metrics And Tool Evaluat...
Effect of static analysis tools on software security: preliminary investigation
Found in: Proceedings of the 2007 ACM workshop on Quality of protection (QoP '07)
By Paul E. Black
Issue Date:October 2007
pp. 1-5
Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by vulnerabilit...
Software security assurance tools, techniques and metrics (SSATTM)
Found in: Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering (ASE '05)
By Michael Kass, Paul E. Black
Issue Date:November 2005
pp. 461-461
The purpose of the workshop is to convene researchers, developers, and government and industrial users of software security assurance (SSA) tools to refine the taxonomy of flaws and the taxonomy of SSA tool functions, converge on which SSA functions should...