High Assurance Software Systems

I.-R. Chen
2006 Computer journal  
The last few decades are marked by an unprecedented increase in the complexity and consequence of information technology systems. High assurance software systems must satisfy basic functional service properties that the system intends to deliver, as well as guarantee desirable system properties such as security, safety, timeliness and reliability. Examples of high assurance software systems include command and control systems, nuclear power plants, electronic banking, aerospace systems,
more » ... d manufacturing and medical systems. One of the major challenges in high assurance software engineering is to develop well-founded methods for system construction, verification and validation, so they provide critical services with a high degree of confidence in their correctness and quality. The goal of the special issue is to bring together innovative research ideas and advances in the field of high assurance software systems to address these challenges. To this end, the guest editors invited six papers published in the 29th IEEE Annual International Computer Software and Applications Conference (COMPSAC 2005) in the conference theme of High Assurance Software Systems to submit to this special issue, from which four papers after a rigorous review process have been selected to appear in the special issue. In their paper 'An Empirical Performance Study on PSIM', Jinchun Xia, Carl K. Chang, Jeff Wise and Yujia Ge [1] address performance evaluation of software architecture designs. They describe a PSIM (Performance SImulation and Modeling) tool that integrates performance properties into software architecture specifications expressed in UML syntax. PSIM models can be transformed into Colored GSPN (Colored Generalized Stochastic Petri nets) via an automated tool. As a result, the Colored GSPN models can be simulated to perform model-based performance evaluation. PSIM is shown to be effective in predicting system performance and identifying system performance bottlenecks to address the timeliness property of high assurance software systems early in the development lifecycle. High assurance mobile computing systems often have fault tolerance and timeliness requirements which exceed those encountered in conventional distributed systems. The second paper 'Design and Evaluation of a Low-Latency Checkpointing Scheme for Mobile Computing Systems' by Guohui Li and Lihchyun Shu [2] presents a coordinated checkpointing scheme which reduces the latency in global checkpointing for failure recovery of high assurance mobile systems. The method proposed significantly reduces the latency associated with checkpoint request propagation. Experimental results indicate that an improvement of up to a 60% reduction in latency can be achieved with <2% extra overhead incurred during runtime to provide timely failure recovery for high assurance mobile systems. The third paper 'A Blocking-Based Approach to Protocol Validation' by Qizhi Ye, Yu Lei and David Kung [3] reports a new analysis method for protocol validation. Their method, based on reachability analysis, guarantees to detect protocol logical errors including deadlocks, unspecified receptions and channel overflows prior to actual system deployment. The authors apply the analysis method to 160 synthesized protocols as well as two real protocols to demonstrate its applicability to high assurance software systems that rely on these protocols. Its performance is especially sound when the non-blocking ratio of a protocol is high. Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. The last paper 'Protecting Users against Phishing Attacks' by Engin Kirda and Christopher Kruegel [4] presents a novel method that protects users against spoofed web-based phishing attacks. Their tool called AntiPhish tracks the sensitive information of a user and generates warnings whenever the user attempts to transmit this information to a website that is considered untrusted. AntiPhish is a step in the right direction for protecting software systems against spoofed website-based phishing attacks. We would like to thank the reviewers for their superb work of refereeing and improving the quality as well as the presentation of the four papers selected in this special issue.
doi:10.1093/comjnl/bxl040 fatcat:3xhe2hkp55bgppk533kfppsdbe