The ultra-large-scale systems of the future require the transformation of software engineering into a computational discipline capable of fast and dependable software development. This paper discusses an emerging next-generation software engineering research area: function extraction (FX) technology for automated computation to the maximum extent possible of the behavior, correctness, and quality attributes of software components and their compositions into systems. An introduction to the mathematical foundations for computation of software behavior is provided, followed by an overview description of a rigorously designed experiment to quantify the potential for FX technology, and a discussion of a CERT STAR*Lab first application of FX technology to compute the behavior of code expressed in the Intel assembly language instruction set. 1. A History Lesson in Complexity When the Normans conquered England in the 11 th century, a census was ordered to catalog what had been won. But after the data were collected, the required summations were not produced despite the obvious interest in the results. The census had been recorded in Roman numerals, and the complexity of adding up so many numbers in that system was overwhelming. Yet if the census had been recorded in decimal arithmetic with place notation, the required sums could have been produced in short order. There is a lesson here for the problems of presentday computing. It is that technology can either add

Technology on Next-Generation

Mobile code and agent-based technology is being actively investigated for use within military systems. The use of mobile code in these systems could greatly benefit future defense capabilities; however, one must first establish confidence in the secure deployment and use of mobile code before widespread acceptance of this technology occurs. This is particularly true when a mobile code is permitted to evolve or modify as it moves through a network. Dynamic program transformation or evolution can enable more efficient computation of long running programs on constrained resource hosts by optimizing the computation for the current runtime input, state, and environment. This technology can also potentially provide dynamically updated or modified program functionality. Traditional mobile code validation methods such as checksums and digital signatures will be unable to efficiently meet the security needs of this itinerant, evolving software. New validation methods must be constructed in order to allow future mobile codes to avail themselves of the advantages dynamic program modification may provide while mitigating potential security risks. We are developing a framework and prototype system to validate mobile, dynamically-transforming code in a manner which enables the system to restrict how the code can transform as it passes through the network. This system will permit modifications to the code based on a user-defined program transformation policy. In this paper, we present the details for our framework to control dynamic program transformation. This framework is the first step towards making dynamicallytransforming software a viable technology for future defense systems. Index Terms — Mobile code, Dynamic program transfor-This material is based upon work supported by the National

Many researchers are investigating the use of adaptive program transformation as a way to efficiently improve program performance. Performance improving transformations are performed at runtime to adapt to the possibly changing runtime characteristics of the program. Leveraging this kind of program transformation on multiple hosts can achieve these same performance gains while reducing the overhead to apply the transformations on the local machine running the program. The reduction in overhead is obtained by distributing the responsibilities for the transformation process to multiple hosts throughout the network. The use of this technology could greatly benefit applications running on networked computation nodes; however, one must first establish confidence in the secure generation and distribution of the transformed versions of the original program before acceptance and execution can occur for many network environments. Since programs are being transformed dynamically, traditional program validation methods such as checksums and digital signatures will be unable to efficiently meet the security needs of this possibly itinerant, transforming software. New validation methods must be developed in order to allow future software to avail itself of the advantages that dynamic program modification may provide while mitigating potential security risks. In this paper, we present our framework to validate dynamically-transforming software in a manner that enables the system to restrict how the software can transform as it executes on a network of hosts. Our prototype system utilizes specification languages to communicate program transformations and controls for those transformations on hosts in the ∗ This material is based upon work supported by the National Science

The function-theoretic view of programs suggests the possibility of automated calculation of program behavior. While significant theoretical challenges exist, the value of behavior calculation for high-assurance systems could be substantial. 1. Program Behavior Realities Short of an impractical expenditure of time and effort, programmers have no means to determine the full functional behavior of programs. Even then, human fallibility in reasoning about myriad program details can cast doubt on the analysis. Despite best efforts, programs are routinely fielded with unknown behavior that may embody errors, vulnerabilities, or malicious code. The totality of large program behavior is difficult to understand because it is distributed across a virtually infinite number of possible execution paths. Testing selects paths from this set and so cannot reveal full behavior. However, large programs are at the same time composed of a finite number of control structures, each of which makes a finite contribution to overall behavior. This observation motivates a closer look at the possibility of behavior calculation for high-assurance systems, and the theoretical and engineering challenges it presents. 2. Treating Programs Like Equations The function-theoretic view focuses not on program paths, but rather on control structures and mathematical foundations for their refinement, abstraction, and verification [2]. In this view, control structures are treated as rules for mathematical functions or relations, that is, mappings from domains to ranges, no matter what subject matter they may address. Function-theoretic foundations prescribe procedure-free equations that define the net effects on data of common control structures and provide

[Abstract] The complex aerospace systems of the future will challenge the capabilities of present-day software engineering, which is reaching cost and complexity limits of development technologies evolved in the first fifty years of computing. A new science for the next fifty years is required to transform software engineering into a computational discipline capable of fast and dependable software development. This paper describes verification and certification challenges for avionics software, in particular, the need to verify behavior in all circumstances of use. The emerging technology of function extraction (FX) for automated computation of software behavior is discussed as a new technology for avionics software certification. An FX demonstration system is employed to illustrate the role of behavior computation in the avionics certification process. I. Verification and Certification of Avionics Software The purpose of software verification in the certification context is to eliminate errors introduced during development, typically in compliance with industry or government guidance. In the case of software for commercial aviation, the FAA recognizes 1 the guidance provided by RTCA DO-178B 2, and aviation software developers use it as a compliance document. Among other things it advises the development team to make sure system requirements that were allocated to software have been developed into high-level software requirements, and that those have been

The ultra-large-scale systems of the future require the transformation of software engineering into a computational discipline capable of fast and dependable software development. This paper discusses an emerging next-generation software engineering research area: function extraction (FX) technology for automated computation to the maximum extent possible of the behavior, correctness, and quality attributes of software components and their compositions into systems. An introduction to the mathematical foundations for computation of software behavior is provided, followed by an overview description of a rigorously designed experiment to quantify the potential for FX technology, and a discussion of a CERT

In the current state of practice, security properties of software systems are typically assessed through subjective, labor-intensive human evaluation. Moreover, much of the quantitative security analysis research to date is characterized by the development of approximate solutions and/or based on assumptions that severely constrain the operational utility of the results. In order to achieve a dramatic increase in maturing the discipline of software security engineering, a fundamentally different approach to analysis and evaluation of security attributes is required. The computational security attributes (CSA) approach to software security analysis provides a new approach for specification of security attributes in terms of data and transformation of data by programs. This paper provides an introduction to the CSA approach, provides behavioral requirements for several security attributes, and discusses possible application of the CSA approach to support analysis of security attributes during software development, acquisition, verification, and operation. 1.

Software testing can benefit from technologies that enable evolution toward increased engineering discipline. In current practice, software developers lack practical means to determine the full functional behavior of programs under development, and even the most thorough testing can provide only partial knowledge of behaviors. Thus, effective scientific principles and engineering technology for revealing software behavior should have a positive impact on software testing. This paper describes the emerging technology of function extraction (FX) for computing the behavior of programs to the maximum extent possible with mathematical precision. We explore how the use of FX technologies can transform methods for functional verification of software. An example illustrates the value of full behavior knowledge for complete and confident assessment of software function and fitness for use. We conclude by describing a transition strategy for introducing FX technology into the development and operation of software systems. ACM Categories: