SERC Showcase
Spring 2005
Spring SERC Showcase
is coming soon!
It's time to
register for the Spring 2005 SERC Showcase to be held at
Purdue University in West Lafayette, IN on June 16-17, 2005. You can
register at
www.serc.net.
We are
anticipating 12 companies in attendance, with approximately 20
research presentations, plus many poster sessions and 6 software
demonstrations to display the variety of research carried on in the
SERC. We are also planning a wine and cheese gathering and banquet
entertainment that should be a "ball".
We have a block of rooms
held for SERC on the Purdue Campus at
the Purdue
Memorial Union Hotel.
You can call 1-800-320-6291 to make
your reservation.
If you have
any questions, you can contact the SERC secretary, Brenda McCreery.
Her email address is mccreery@bsu.edu. The SERC Office telephone
number at BSU is (765) 285-2795, and the fax number is (765)
285-2614.
We look
forward to seeing you at Purdue!
Testing Seminar
in Ireland
by
Cathy Wilburn
Wayne Zage
and Dolores Zage and Cathy Wilburn conducted a two-day global
testing workshop at the University of Limerick in Ireland on March 10-11.
In attendance were 24 people, including industry professionals,
University of Limerick graduate students, and University of
Limerick
lecturers. The workshop started with brief introductions to SERC and
the Global Testing project. Then, attendees enjoyed discussion and
exercises pertaining to testing techniques. Finally, test
collaboration was explored by covering such topics as GATE (the
Global Access Testing Environment), defect tracking, collaboration
tools, and communication tools.
Following the
workshop, a Ball
State University and University of
Limerick global
media network conference call was held. The conference call was used
to experiment with this type of global communication. In addition to
students and researchers, both sides had their leaders for
International Education in attendance.
Besides the
positive feedback received about the workshop, the visit to
Ireland was
successful in that the Ball
State visitors were able to
solidify collaboration efforts by recruiting graduate students in
Limerick to work on the project
this summer. In addition, the University of Limerick is working toward
incorporating participation on the Global Testing project into their
Fall 2005 masters program.
Software
Protection Evaluation Course
Presented By Arxan
Labs
Arxan
Technologies, Inc. a West Lafayette-based technology company
conducted a workshop on software security April 2 at the Ball
State University campus.
The Software
Protection Evaluation Course (SPEC) was designed to educate software
developers on ways to circumvent common software protection
mechanisms in order to better understand how to secure against
software tampering. The course was sponsored by the Software
Engineering Research Center (SERC) and the Indiana 21st Century
Research and Technology Fund. The workshop, hosted 40 individuals
ranging from SERC affiliates from Ontario Systems, Raytheon and
Motorola to students and faculty members. Arxan brought in 5 experts
who assisted all of the participants in following the curriculum and
the various assignments.
The SPEC
challenged attendees to analyze real-world security flaws and
develop appropriate solutions. Attendees learned how open-source
tools and their applications can breech most security mechanisms and
creatively solve security issues from start to finish. In addition,
Arxan demonstrated their EnforcIT product, a powerful tool that
prevents tampering of software. As an added educational benefit,
tools that were demonstrated and discussed were given away as
software bundles to participants. Attendees also received
comprehensive technical documentation along with the Tools CD-ROM.
Anyone who pre-registered had an opportunity to win award-winning
books and jump drives.
All attendees
were delighted with the information contained in the course and very
impressed with the capabilities of Arxan's security mechanisms.
Opportunities
for Collaboration among Affiliates in the SERC
by Dr. Wayne
Zage
A new
phenomenon in SERC this year is an enhanced collaboration between
member companies. Most recently, one affiliate wanted to know how to
go about a formal process improvement initiative corporate wide.
That company sent four people for a full day to Motorola to gain a
better understanding of the costs and benefits of striving for
higher levels of maturity in the CMM and CMMI. (Motorola has had
extensive experience and has been very successful in this area.)
Since that meeting, the inquiring company has taken significant
steps toward making process improvement one of their development
environment objectives.
Project with
Arxan Technologies
by Dr. Wayne Zage
Wayne Zage
and Dolores zage are conducting a project with Arxan Technologies
entitled "Quantifying Software Vulnerability and Protections". This
work has gone from the original idea of determining the affect of
the underlying structure of code (through design metrics) on
software security to also modeling the cost of including anti-tamper
solutions into a software system. Arxan will be making a
presentation at the next SERC Showcase to be held in June 2005 at
Purdue
University.
Motorola
Collaborating With UWF and BSU
The
University of West Florida has been working
with SERC affiliate Motorola on the project "Combining Tools for
Feature Location and Understanding". The project is a case study to
see if the UWF's Software Reconnaissance technique for feature
location can be implemented using dynamic and static analysis tools
currently in use at Motorola. Mike Groble from Motorola visited the
UWF campus on May 18 and 19 to see how the tool integration was
proceeding and to review the study results so
far.
Abstracts of New SERC
Technical Reports
"Test
Management and Process Support for Virtual Teams", Dolores Zage,
Wayne Zage and Cathy Wilburn, SERC-TR-271, April 2005.
There are as
many economic benefits as there are problems in developing software
in globally distributed locations. One of the most pressing problems
is the absence of a globally distributed software development
process. One of the specific key areas within that process is
software testing. The focus of our research and the supporting
environment outlined in this paper is the identification of the
essential information and infrastructure required to support
effective testing in a globally distributed test environment.
"Measuring the Effect
of Design Decisions on Software Reliability", Jeff Stineburg, Wayne
Zage and Dolores Zage, SERC-TR-272, April 2005.
This paper
presents a model for estimating the effect of design decisions on
software reliability based on design metrics developed in the
Software Engineering Research Center (SERC). The paper introduces
the concepts of design significance and stress points, and a method
to identify and measure these in software. After a brief overview of
selected software reliability models, the problem of validating
life-critical software is presented. The paper then investigates the
proposition that a relationship exists between the design metric
D(G) and the defects that are found in the field. A study performed
on a subset of a large defense software system provides empirical
evidence to support the proposition. The last section of the paper
describes a high reliability engineering process that has been
developed based on the concepts in this paper. The process is
implemented on an active defense software development
program.
"The
Eclipse Platform for System Modeling, Design, Testing, and
Deployment," Zhihui Yang, Wayne Zage and Dolores Zage, SERC-TR-273,
May 2005.
The goal of
the Eclipse Platform for System Modeling, Design, Testing, and
Deployment Project is to explore the integrated Eclipse platform to
support full life-cycle software development within Motorola. This
research project investigates the capabilities and limitations of
the Eclipse platform as a software development environment for
modeling, code generation, debugging, and validation. It is expected
that this open and integrated platform could improve productivity
and drive down engineering cost by bringing together the
best-in-class tools to work seamlessly.
"Automatic API Usage
Rule Extraction for Software Model Checking", Chang Liu and En Ye,
SERC-TR-274, May 2005.
The need to
manually specify temporal properties of software systems is a major
barrier to wider adoption of software model checking, because the
specification of software temporal properties is a difficult,
time-consuming, and error prone process. To solve this problem, we
propose to automatically extract temporal specifications from code.
Our approach uses a model checker to check a set of API usage rule
candidates against known good programs using that API, and
identifies valid rules based on model checking results. These valid
rules can be used to verify new programs through the same model
checking process. We tested our approach by extracting API usage
rules from C programs using BLAST. We successfully extracted OpenSSL
API usage rules from three OpenSSL applications in product release
and used them to verify an OpenSSL application in beta release.
"Mapping Cache
Artifacts to Design Metrics Primitives", Vinayak Tanksale,
SERC-TR-275, May 2005.
The Design
Metrics Team at Ball State University has developed a
metrics approach for analyzing software designs that helps designers
engineer quality into the design product. Two of the design metrics
developed are an external design metric De, which focuses on a
module's external relationships to other modules in the software
system, and an internal design metric Di, which incorporates factors
related to a module's internal structure. We mapped the various
constructs in Caché to the design metrics primitives and analyzed
error and change reports to co-relate the metric counts and
error-proneness. In this paper, we report the results of our
co-relation and highlight Cache constructs that indicate
error-proneness. The external design metric De is an excellent
predictor that highlighted 88% of the faults.
That's all
for this issue -- thanks for reading!
Dr.
Wayne Zage
wmz@cs.bsu.edu
Director, The SERC SERCulate
|
