P. Devanbu, S. Stubblebine. Cryptographic Verification of Test Coverage Claims. IEEE Transactions on Software Engineering. 1999.  Home/Search   Document Details and Download   Summary   Related Articles   Check

.... ond provides o woy to test the component from eoch subdomoin in the progroin thor uses Devonbu ond Stubblebine present on opprooch thor uses cryptogrophic techniques to help component users verify coveroge of components without requiring the component developer to disclose intellectuol property [13]. With odditionol reseorch in these oreos, we con expect efficient techniques ond tools thor will help component users test their opplicotions more effectively. We need to understond ond develop effective techniques for testing vorious ospects of the components, including security, dependobility, ....

P. Devanbu and S. Stubblebine. Cryptographic verification of test coverage claims. IEEE Transactions on Software Engineering, in press.

....and provides a way to test the component from each subdomain in the program that uses it. Devanbu and Stubblebine present an approach that uses cryptographic techniques to help component users verify coverage of components without requiring the component developer to disclose intellectual property [13]. With additional research in these areas, we can expect e#cient techniques and tools that will help component users test their applications more e#ectively. We need to understand and develop e#ective techniques for testing various aspects of the components, including security, dependability, and ....

P. Devanbu and S. Stubblebine. Cryptographic verification of test coverage claims. IEEE Transactions on Software Engineering, in press.

....assured and or determined. Even with a way of 1,4 1,3,4 1,2,3 1,2 1,2 1,2 1 1 DM SD 2 SD 3 SD 4 SD 1 Fig. 4 . Subdomain relationships for proof of Theorem 2. 8 determining the adequacy of the testing of M (e.g. using a technique such as the one described by Devanbu and Stubblebine [3]) as M is used within more and more programs, the unit testing viewpoint could require more and more tests to be run on M. Another approach to studying the applicability of the model is to consider the different scenarios that will be encountered in the process of testing component based ....

P. Devanbu and S.G. Stubblebine, "Cryptographic Verification of Test Coverage Claims", Proc. Sixth European Software Engineering Conference/Fifth ACM SIGSOFT Symposium on the Foundations of Software Engineering, Zurich, Switzerland, 1997.

....to duplicated e#ort. In this context, one might seek a grey box that might allow the COTS vendor to guardedly disclose enough details of her verification practices to convince a skeptical COTS user, while also protecting much of her intellectual property. Gray box Approaches We have described two [27, 22] approaches: one using interactive cryptographic techniques, and the other relying upon tamper resistant hardware. Cryptographic coverage verification. Suppose a COTS vendor has achieved 99 basic block coverage. This is a significant achievement indicative of a stringent QC process. To convince ....

....is a significant achievement indicative of a stringent QC process. To convince a user of this, she would typically have to use a third party (trusted by her and the user) to verify the coverage, or she would have to disclose the source code, the tests, and any applicable tools to her customer. In [26, 27], we propose a way in which the customer can provide credible evidence of coverage, while disclosing (in most practical situations) only a few test cases. Essentially, our approach is driven by a fair random process. An unbiased coin flip (say) chooses basic blocks at random, and vendor provides ....

P. Devanbu and S. Stubblebine. Cryptographic verification of test coverage claims. IEEE Transactions on Software Engineering, 1999. Accepted to appear.

....is a significant achievement indicative of a stringent QC process. To convince a user of this, she would typically have to use a third party (trusted by her and the user) to verify the coverage, or she would have to disclose the source code, the tests, and any applicable tools to her customer. In [26, 27], we propose a way in which the customer can provide credible evidence of coverage, while disclosing (in most practical situations) only a few test cases. Essentially, our approach is driven by a fair random process. An unbiased coin flip (say) chooses basic blocks at random, and vendor provides ....

P. Devanbu and S. Stubblebine. Cryptographic Verification of Test Coverage claims. In Proceedings, Fifth ACM/SIGSOFT Conference on Foundations of Software Engineering, 1997.

....resources. These resources are not a limitation in a few applications areas as such as cash cards, identity cards etc. However, for general purpose multi application cards, these resource limitations are significant. We have been exploring the use of trusted hardware in software engineering [7, 6]. see Section 6) In this Appears in IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, May, 1998, pp. 198 206. context, it becomes necessary store large amounts of data in the form of various data structures (stacks, queues, arrays, dynamic static symbol ....

....secure virtual memory schemes, which must be carefully implemented and tuned, our schemes are relatively simple, and can be built by an application programmer. 6 Applications The problem of checking large data structures with limited memorywas motivated by new applications for software tools [7, 6]. The goal of this work is to place trusted software tools (static analyzers, type checkers, proof checkers, compilers instrumenters, etc. in trusted hardware; the output of these tools would be attested by a signature in a public key crypto system. One particular application concerns Java TM ....

P. Devanbu and S. G. Stubblebine. Cryptographic verification of test coverage claims. In Proceedings of The Fifth ACM/SIGSOFT Symposium on the foundations of software engineering, Zurich, Switzerland, September 1997.

....can be used to construct safe 1 software that inspires trust in hosts. Engineering concerns such as cost, efficiency, delay, etc. are of vital importance; in addition, the vendor (V) can be expected to be deeply concerned about disclosure of valuable intellectual property. In an earlier paper[12] we explored techniques for the process side of trusted software engineering: the concern there was to find ways in which V could convince (quickly, and at low cost) a host (H) that V s testing practices were rigorous, without disclosing too much information. In this paper, we turn to the product ....

P. Devanbu and S. G. Stubblebine. Cryptographic verification of test coverage claims. In Proceedings of The Fifth ACM/SIGSOFT Symposium on the foundations of software engineering, Zurich, Switzerland, September 1997.

....process. There are any number of aspects that can be a secrecy concern to the software producer including the fact that a product has been submitted for testing, the results of the testing, and information revealed about the code during testing. Other approaches, not involving third party testing [4], could be used. Testing approaches, however, have a fundamental limitation: it is impossible to test programs under all possible conditions. Thus it is always possible that a program may exhibit undesirable behaviour under conditions that were never raised during testing. 2.5 Synthesis Our goal ....

P. Devanbu and S. G. Stubblebine. Cryptographic verification of test coverage claims. In Proceedings of The Fifth ACM/SIGSOFT Symposium on the foundations of software engineering, Zurich, Switzerland, September 1997.

No context found.

P. Devanbu, S. Stubblebine. Cryptographic Verification of Test Coverage Claims. IEEE Transactions on Software Engineering. 1999.

No context found.

Prem Devanbu and Stuart G. Stubblebine. Cryptographic verification of test coverage claims. In Proceedings of the Fifth ACM/SIGSOFT Conference on Foundations of Software Engineering (FSE), Zurich, Switzerland, 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC