TY - GEN
T1 - Automated behavior computation for software analysis and validation
AU - Pleszkoch, Mark
AU - Linger, Richard
AU - Prowell, Stacy
AU - Sayre, Kirk
AU - Burns, Luanne
PY - 2012
Y1 - 2012
N2 - Software systems can exhibit massive numbers of execution paths, and even comprehensive testing can exercise only a small fraction of these. It is no surprise that systems experience errors and vulnerabilities in use when many executions are untested. Computations over the functional semantics of programs may offer a potential solution. Structured programs are expressed in a finite hierarchy of control structures, each of which corresponds to a mathematical function or relation. A correctness theorem defines transformation of these structures from procedural logic into nonprocedural, as-built specifications of behavior. These computed specifications enumerate behavior for all circumstances of use and cover the behavior space. Automation of these computations affords a new means for validating software functionality and security properties. This paper describes theory and implementation for loop behavior computation in particular, and illustrates use of an automated behavior computation system to validate a miniature looping program with and without embedded malware.
AB - Software systems can exhibit massive numbers of execution paths, and even comprehensive testing can exercise only a small fraction of these. It is no surprise that systems experience errors and vulnerabilities in use when many executions are untested. Computations over the functional semantics of programs may offer a potential solution. Structured programs are expressed in a finite hierarchy of control structures, each of which corresponds to a mathematical function or relation. A correctness theorem defines transformation of these structures from procedural logic into nonprocedural, as-built specifications of behavior. These computed specifications enumerate behavior for all circumstances of use and cover the behavior space. Automation of these computations affords a new means for validating software functionality and security properties. This paper describes theory and implementation for loop behavior computation in particular, and illustrates use of an automated behavior computation system to validate a miniature looping program with and without embedded malware.
UR - http://www.scopus.com/inward/record.url?scp=84857934186&partnerID=8YFLogxK
U2 - 10.1109/HICSS.2012.128
DO - 10.1109/HICSS.2012.128
M3 - Conference contribution
AN - SCOPUS:84857934186
SN - 9780769545257
T3 - Proceedings of the Annual Hawaii International Conference on System Sciences
SP - 5537
EP - 5545
BT - Proceedings of the 45th Annual Hawaii International Conference on System Sciences, HICSS-45
PB - IEEE Computer Society
T2 - 2012 45th Hawaii International Conference on System Sciences, HICSS 2012
Y2 - 4 January 2012 through 7 January 2012
ER -