IEEE Reliability Society Student Outreach at National Chiao Tung University

Shiuhpyng Winston Shieh
Member of IEEE Reliability Society Administrative Committee
ssp@cs.nctu.edu.tw
http://dsns.csie.nctu.edu.tw/ssp/ssp.html

Speaker: Dr. Jeffrey Voas
Date: Tuesday, May 15, 2012
Schedule: 12:00~13:20    Lunch Party
13:30~15:20    Distinguished Speech
15:30~17:30    Visit TWISC@NCTU
Topic: 1. Software Testing, Fault Injection, and Black Balls and Urns
2. Exposing Security Risks For Commercial Mobile Devices (CMDs)
Location: Room 427, Engineering Building at National Chiao Tung University
Moderator: Prof. Shiuhpyng Winston Shieh
Organizer: IEEE Reliability Society Taipei/Tainan Chapter
National Chiao Tung University
TWISC@NCTU


Dr. Jeffrey Voas's Biography:

Jeffrey Voas is a computer scientist at the US National Institute of Standards and Technology (NIST) in Gaithersburg, MD. Before joining NIST, Voas was an entrepreneur and co-founded Cigital. He has served as the IEEE Reliability Society President (2003-2005, 2009-2010), and serves as an IEEE Director (2011-2012). Voas co-authored two John Wiley books (Software Assessment: Reliability, Safety, and Testability [1995] and Software Fault Injection: Inoculating Software Against Errors [1998]), is currently an Associate Editor-In-Chief of IEEE's IT Professional Magazine, is on the editorial board of IEEE Computer Magazine, and is on the Editorial Advisory Board of IEEE Spectrum Magazine. Voas received his undergraduate degree in computer engineering from Tulane University (1985), and received his M.S. and Ph.D. in computer science from the College of William and Mary (1986, 1990 respectively). Voas is a Fellow of the IEEE and Fellow of the American Association for the Advancement of Science (AAAS). Voas's current research interests include vetting mobile app software, how apps depend on clouds, software certification ethics, and the Internet of Things (IOT).


Talk1 Abstract:

Software fault injection is a form of dynamic software testing that allows developers and testers to observe how the software will behave under a variety of anomalous conditions. These conditions can be the result of simulated internal software defects or simulated external/environmental stimuli. The end result of a better of way to predict how the software will behave when such events occur. Software testing, on the other hand, allows for predictions of how the software will behave under normal, expected operating conditions. Therefore the knowledge derived from these different types of dynamic assessment is unique, but when combined, result in a more thorough prediction of how the software will behave under a wide variety of nominal and off-nominal circumstances. This offers a more complete definition of "software assurance."
This 1 hour talk will compare and contrast these assessment methods, and will also explore how software fault injection can be used to assess the fault hiding ability of code due to the lack of three key ingredient required for failure: execution, infection, and propagation. By doing so, we can more realistically predict how much testing is needed in order to detect actual faults of different densities as well as deal with issues such as where to insert assertions and how to quantify fault tolerance.
And if time permits, the often referenced "black balls and urn" model for why software testing is a probabilistic game will be explained. Students often learn a lot about why software testing "is a gamble" from this simple probability model.



Talk2 Abstract:

Recent advances in the hardware capabilities of mobile hand-held devices have fostered the development of open source operating systems and a wealth of applications for mobile phones and table devices. This new generation of smart devices, including iPhone and Google Android, are powerful enough to accomplish most of the user tasks previously requiring a personal computer. In this talk, we will discuss the cyber threats that stem from these new smart device capabilities and the online application markets for mobile devices. These threats include malware, data exfiltration, exploitation through USB, and user and data tracking.
We will present the ongoing George Mason University (GMU) and National Institute of Standards and Technology (NIST) efforts to defend against or mitigate the impact of attacks against mobile devices. Our approaches involve analyzing the source code and binaries of mobile applications, hardening the Android Kernel, using Kernel-level network and data encryption, and controlling the communication mechanisms for synchronizing the user contents with computers and other phones.
We will also explain the enhanced difficulties in dealing with these security issues when the end-goal is to deploy security-enhanced smart phones into military combat settings. The talk will conclude with a discussion of our current and future research directions and outcomes.



Lunch Party Lunch Party
Distinguished Speech
Speaker: Dr. Jeffrey Voas, NIST		 Distinguished Speech
Speaker: Dr. Jeffrey Voas, NIST
Distinguished Speech
Speaker: Dr. Jeffrey Voas, NIST		 Distinguished Speech
Speaker: Dr. Jeffrey Voas, NIST
Visit TWISC@NCTU Visit TWISC@NCTU



Click here for the slides of Talk1

Click here for the slides of Talk2