Is there such a thing anymore as a software system that doesn't need to be secure? Almost every softwarecontrolled system faces threats from potential adversaries, from Internet-aware client applications running on PCs, to complex telecommunications and power systems accessible over the Internet, to commodity software with copy protection mechanisms. Software engineers must be cognizant of these threats and engineer systems with credible defenses, while still delivering value to customers. In this paper, we present our perspectives on the research issues that arise in the interactions between software engineering and security.

Testing is an important process that is performed to support quality assurance. Testing activities support quality assurance by gathering information about the nature of the software being studied. These activities consist of designing test cases, executing the software with those test cases, and examining the results produced by those executions. Studies indicate that more than fifty percent of the cost of software development is devoted to testing, with the percentage for testing critical software being even higher. As software becomes more pervasive and is used more often to perform critical tasks, it will be required to be of higher quality. Unless we can find efficient ways to perform effective testing, the percentage of development costs devoted to testing will increase significantly. This report briefly assesses the state of the art in software testing, outlines some future directions in software testing, and gives some pointers to software testing resources.

People have long advocated a component-based approach to software construction as a way of simplifying the design and maintenance of large software systems, increasing the opportunities for reuse, and increasing software development productivity. Although the technology for constructing component-based software is relatively advanced, we lack a sufficient theoretical basis for testing component-based software. This paper initiates the development of such a theory. The main result is a formal definition of the concept C-adequate-for-# for adequate unit testing of a component and the concept C-adequate- on-M for adequate integration testing of a component-based system. The paper uses these concepts to discuss practical considerations in adequate testing of component-based software. Keywords Component-based software engineering, integration testing, subdomain-based testing, test adequacy criterion, unit testing INTRODUCTION People have long advocated a component-based approach to sof...

When computationally intensive tasks have to be carried out on trusted, but limited, platforms such as smart cards, it becomes necessary to compensate for the limited resources #memory, CPU speed# by o#- loading implementations of data structures on to an available #but insecure, untrusted# fast co-processor. However, data structures such as stacks, queues, RAMS, and hash tables can be corrupted #and made to behave incorrectly# by a potentially hostile implementation platform or by an adversary knowing or choosing data structure operations. This paper examines approaches that can detect violations of datastructure invariants, while placing limited demands on the resources of the secure computing platform. 1 Introduction Smart cards, set-top boxes, consumer electronics and other forms of trusted hardware #2, 3, 16# have been available #or are being proposed #1## for applications such as electronic commerce. We shall refer to these devices as T . These devices are typically composed of...

Since the advent of distributed systems, security of software systems has been an issue of immense concern. Traditionally, security is incorporated in a software system after all the functional requirements have been addressed. This paper argues for the need for security concerns to be an integral part of the entire software development life cycle. Different research areas that lie at the confluence of Software Engineering and Security are surveyed. Finally, the paper focuses on the use of Software Architecture to solve certain problems that are faced in the engineering of secure systems.

The Java programming language provides an almost ideal environment for both static and dynamic analysis, being easy to parse, and supporting a standardised, easily-profiled virtual environment. In this paper we study the relationship between results obtainable from static and dynamic analysis of Java programs, and in particular the difficulties of correlating static and dynamic results. As a foundation for this study, we focus on various criteria related to run-time code coverage, as commonly used in test suite analysis. We have implemented a dynamic coverage analysis tool for Java programs, and we use it to evaluate several standard Java benchmark suites using line, instruction and branch coverage criteria. We present data indicating a considerable variance in static and dynamic analysis results between these suites, and even between programs in these suites.

Is there such a thing anymore as a software system that doesn't need to be secure? Almost every software-controlled system faces threats from potential adversaries, from Internet-aware client applications running on PCs, to complex telecommunications and power systems accessible over the Internet, to commodity software with copy protection mechanisms. Software engineers must be cognizant of these threats and engineer systems with credible defenses, while still delivering value to customers. In this paper, we present our perspectives on the research issues that arise in the interactions between software engineering and security.

Abstract not found