Results 1  10
of
21
An Efficient Dynamic and Distributed Cryptographic Accumulator
 Tech. Rep., Johns Hopkins Information Security Institute
, 2002
"... We show how to use the RSA oneway accumulator to realize an efficient and dynamic authenticated dictionary, where untrusted directories provide cryptographically verifiable answers to membership queries on a set maintained by a trusted source. Our accumulatorbased scheme for authenticated dicti ..."
Abstract

Cited by 40 (14 self)
 Add to MetaCart
We show how to use the RSA oneway accumulator to realize an efficient and dynamic authenticated dictionary, where untrusted directories provide cryptographically verifiable answers to membership queries on a set maintained by a trusted source. Our accumulatorbased scheme for authenticated dictionaries supports efficient incremental updates of the underlying set by insertions and deletions of elements. Also, the user can optimally verify in constant time the authenticity of the answer provided by a directory with a simple and practical algorithm. This work has applications to certificate management in public key infrastructure and endtoend integrity of data collections published by third parties on the Internet.
Generating Oracles from Your Favorite Temporal Logic Specifications
 In Proceedings of the 4th ACM SIGSOFT Symposium on Foundations of Software Engineering
, 1996
"... This paper describes a generic tableau algorithm, which is the basis for a general customizable method for producing oracles from temporal logic specifications. A generic argument gives semantic rules with which to build the semantic tableau for a specification. Parameterizing the tableau algorithm ..."
Abstract

Cited by 34 (3 self)
 Add to MetaCart
This paper describes a generic tableau algorithm, which is the basis for a general customizable method for producing oracles from temporal logic specifications. A generic argument gives semantic rules with which to build the semantic tableau for a specification. Parameterizing the tableau algorithm by semantic rules permits it to easily accommodate a variety of temporal operators and provides a clean mechanism for finetuning the algorithm to produce efficient oracles. The paper develops conditions to ensure that a set of rules results in a correct tableau procedure. It gives sample rules for a variety of lineartime temporal operators and shows how rules are tailored to reduce the size of an oracle. Keywords: formal specification, verification, specificationbased test oracles, tableau methods, propositional temporal logic, test validation. 1 Introduction Temporal specifications describe constraints on the order in which events can occur in executions of a concurrent software syste...
On the Robustness of Functional Equations
 SIAM Journal on Computing
, 1994
"... In this paper, we study the general question of how characteristics of functional equations influence whether or not they are robust. We isolate examples of properties which are necessary for the functional equations to be robust. On the other hand, we show other properties which are sufficient for ..."
Abstract

Cited by 22 (2 self)
 Add to MetaCart
In this paper, we study the general question of how characteristics of functional equations influence whether or not they are robust. We isolate examples of properties which are necessary for the functional equations to be robust. On the other hand, we show other properties which are sufficient for robustness. We then study a general class of functional equations, which are of the form 8x; y F [f(x \Gamma y); f(x + y); f(x); f(y)] = 0, where F is an algebraic function. We give conditions on such functional equations that imply robustness. Our results have applications to the area of selftesting/correcting programs. We show that selftesters and selfcorrectors can be found for many functions satisfying robust functional equations, including algebraic functions of trigonometric functions such as tan x; 1 1+cotx ; Ax 1\GammaAx ; cosh x. 1 Introduction The mathematical field of functional equations is concerned with the following prototypical problem: Given a set of properties (fun...
Efficient Specificationbased Oracles for Critical Systems
 IN PROCEEDINGS OF THE CALIFORNIA SOFTWARE SYMPOSIUM
, 1996
"... Effective testing of critical systems has been hampered by the lack of a costeffective method for deciding the correctness of a program's behavior under test. Using formal specifications to describe the critical system properties and then checking test results against these specifications overcomes ..."
Abstract

Cited by 18 (5 self)
 Add to MetaCart
Effective testing of critical systems has been hampered by the lack of a costeffective method for deciding the correctness of a program's behavior under test. Using formal specifications to describe the critical system properties and then checking test results against these specifications overcomes these problems. If these test oracles, which are mechanisms for determining whether a test passes or fails, are efficient, they can be combined with automatic test generation to costeffectively automate the testing of large numbers of testcases that more adequately cover the system requirements and structure. This paper presents a algorithm for automatically deriving efficient test oracles from Graphical Interval Logic (GIL) [5], which is a graphical temporal logic that is easier for nonexperts to understand than many formal languages. To develop efficient test oracles from GIL, we convert the specifications into automata that can be checked in time linear in the length of the trace. Addi...
Approximate Checking of Polynomials and Functional Equations
 PROC. 37TH FOUNDATIONS OF COMPUTER SCIENCE
, 1997
"... In this paper, we show how to check programs that compute polynomials and functions defined by addition theorems  in the realistic setting where the output of the program is approximate instead of exact. We present results showing how to perform approximate checking, selftesting, and selfcorrec ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
In this paper, we show how to check programs that compute polynomials and functions defined by addition theorems  in the realistic setting where the output of the program is approximate instead of exact. We present results showing how to perform approximate checking, selftesting, and selfcorrecting of polynomials, settling in the affirmative a question raised by [GLR + 91, RS92, RS96]. We then show how to perform approximate checking, selftesting, and selfcorrecting for those functions that satisfy addition theorems, settling a question raised by [Rub94]. In both cases, we show that the properties used to test programs for these functions are both robust (in the approximate sense) and stable. Finally, we explore the use of reductions between functional equations in the context of approximate selftesting. Our results have implications for the stability theory of functional equations.
Predicting Dependability by Testing
 In Proceedings of the 1996 International Symposium on Software Testing and Analysis (ISSTA
, 1995
"... In assessing the quality of software, we would like to make engineering judgements similar to those based on statistical quality control. Ideally, we want to support statements like: "The confidence that this program's result at X is correct is p," where X is a particular vector of inputs, and p is ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
In assessing the quality of software, we would like to make engineering judgements similar to those based on statistical quality control. Ideally, we want to support statements like: "The confidence that this program's result at X is correct is p," where X is a particular vector of inputs, and p is a probability obtained from measurements of the software (perhaps involving X). For the theory to be useful, it must be feasible to predict values of p near 1 for many programs, for most values of X . Manuel Blum's theory of selfchecking/correcting programs has exactly the right character, but it applies to only a few unusual problems. Conventional software reliability theory is widely applicable, but it yields only confidence in a failure intensity, and the measurements required to support a correctnesslike failure intensity (say 10 \Gamma9 /demand) are infeasible. Jeff Voas's sensitivity theory remedies these problems of reliability theory, but his model is too simple to be very plaus...
Certifying Algorithms
, 2010
"... A certifying algorithm is an algorithm that produces, with each output, a certificate or witness (easytoverify proof) that the particular output has not been compromised by a bug. A user of a certifying algorithm inputs x, receives the output y and the certificate w, and then checks, either manual ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
A certifying algorithm is an algorithm that produces, with each output, a certificate or witness (easytoverify proof) that the particular output has not been compromised by a bug. A user of a certifying algorithm inputs x, receives the output y and the certificate w, and then checks, either manually or by use of a program, that w proves that y is a correct output for input x. In this way, he/she can be sure of the correctness of the output without having to trust the algorithm. We put forward the thesis that certifying algorithms are much superior to noncertifying algorithms, and that for complex algorithmic tasks, only certifying algorithms are satisfactory. Acceptance of this thesis would lead to a change of how algorithms are taught and how algorithms are researched. The widespread use of certifying algorithms would greatly enhance the reliability of algorithmic software. We survey the state of the art in certifying algorithms and add to it. In particular, we start a
SelfTesting Without The Generator Bottleneck
 SIAM J. on Computing
, 1995
"... Suppose P is a program designed to compute a function f defined on a group G. The task of selftesting P , that is, testing if P computes f correctly on most inputs, usually involves testing explicitly if P computes f correctly on every generator of G. In the case of multivariate functions, the numb ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
Suppose P is a program designed to compute a function f defined on a group G. The task of selftesting P , that is, testing if P computes f correctly on most inputs, usually involves testing explicitly if P computes f correctly on every generator of G. In the case of multivariate functions, the number of generators, and hence the number of such tests, becomes prohibitively large. We refer to this problem as the generator bottleneck . We develop a technique that can be used to overcome the generator bottleneck for functions that have a certain nice structure, specifically if the relationship between the values of the function on the set of generators is easily checkable. Using our technique, we build the first efficient selftesters for many linear, multilinear, and some nonlinear functions. This includes the FFT, and various polynomial functions. All of the selftesters we present make only O(1) calls to the program that is being tested. As a consequence of our techniques, we also obtain efficient program resultcheckers for all these problems.
The Uncertainty Principle in Software Engineering
, 1996
"... This paper makes two contributions to software engineering research. First, we observe that uncertainty permeates software development but is rarely captured explicitly in software models. We remedy this situation by presenting the Uncertainty Principle in Software Engineering (UPSE), which states t ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
This paper makes two contributions to software engineering research. First, we observe that uncertainty permeates software development but is rarely captured explicitly in software models. We remedy this situation by presenting the Uncertainty Principle in Software Engineering (UPSE), which states that uncertainty is inherent and inevitable in software development processes and products. We substantiate UPSE by providing examples of uncertainty in select software engineering domains. We present three common sources of uncertainty in software development, namely human participation, concurrency, and problemdomain uncertainties. We explore in detail uncertainty in software testing, including test planning, test enactment, error tracing, and quality estimation. Second, we present a technique for modeling uncertainty, called Bayesian belief networks, and justify its applicability to software systems. We apply the Bayesian approach to a simple network of software artifacts based on an elev...