Reducing Uncertainty about Software Safety
Dr. Jeffrey Voas
Hemiciclo 1003, 17:00 a 20:00 horas
BIOGRAPHY
Jeffrey Voas is the Corporate Vice-President and Chief Scientist at Reliable Software Technologies. Voas heads the Research Division and is currently the principal investigator on a research initiative for NASA-Ames. He has published over 125 journal and conference papers in the areas of software testability, software reliability, debugging, safety, fault-tolerance, design, and computer security. Voas is widely recognized as a pioneer both in applying practical solutions for measuring software testability and in inventing novel applications for software fault injection methods. Voas's book, Software Assessment: Reliability, Safety, Testability (Wiley 1995), is often used as a text in advanced software engineering courses. Voas and Dr. Gary McGraw recently co-authored Software Fault Injection: Inoculating Programs Against Errors (Wiley 1998). Voas is on the Editorial Board for Software Quality Professional, IT Pro, and IEEE Software.
He is the Executive Secretary of the IEEE Reliability Society for 1998, is a member of the IEEE-USA's Technology Policy Council on R&D Policy, is the Chairman of the Board of Directors for the IEEE's COMPASS Task Force. Voas is an Adjunct Professor of Computer Science at West Virginia University and is on the Board of Trustees of the Center for National Software Studies, a Washington D.C. think tank on national software policy.
ABSTRACT
Exhaustively testing software is generally infeasible, testing software to high levels of reliability is intractable, and software assurance models are often viewed with suspicion. Yet software production forges ahead, resulting in the most complex artifacts in human history: modern software systems. As far as assessing the "goodness" of software goes, we are facing greater challenges today than we faced a decade ago. Unfortunately, we cling to the only mildly effective techniques of the 80's.
This talk asks the attendee to take a critical look at the positive impact that software fault-injection can make toward measuring software risk. Software fault-injection is an emerging technology that can be used to observe how software systems behave under experimentally-controlled, anomalous circumstances. Software fault-injection acts as a crystal ball, predicting how badly software might behave should things go awry (both internally and externally) during execution. Such predictions provide clues as to how robust a piece of code is, where in the code failure tolerance is deficient, and most importantly, what level of risk is incurred by relying on a particular software system. In short, fault-injection is an efficient means for predicting the future and counterfactualizing about specific possible events. Case studies will be described during the talk that have successfully employed fault-injection: (1) Bay Area Rapid Transit, (2) UVA Prototype Magneto Stereo Taxis System, and (3) Halden (Norway) Nuclear Reactor Project. If time permits, the talk will also cover ways that fault injection can be used for both: offensive and defensive information warfare.
