Verifying resilient software

Author

Black, P.E. ; Windley, P.J.

Author_Institution

Dept. of Comput. Sci., Brigham Young Univ., Provo, UT, USA

Volume

5

fYear

1997

fDate

7-10 Jan 1997

Firstpage

262

Abstract

We explore the tension between adding functionality to create resilient software and minimizing functionality to make it more feasible to formally verify software. To illustrate the effects of this trade-off, we examine a tiny example in detail. We show how code written with a good style may be hard to verify, specifically that the test condition is troublesome. We also show that a test condition “improved” in an attempt to make the verification more straight-forward worsens the failure characteristics. To demonstrate the effect in an actual situation, we examine a secure web server, thttpd, its design principles and security features. We discuss how the security features introduce redundancies making verification harder, but also present some of its formal verification to show that verification is feasible. We conclude that software should be designed with necessary redundancies and that the temptation to oversimplify the design in order to formally verify it should be resisted

Keywords

program verification; security of data; functionality; resilient software verification; secure web server; test condition; thttpd; Computer science; Fault detection; Formal verification; Hardware; Redundancy; Software design; Software safety; Switches; Testing; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

System Sciences, 1997, Proceedings of the Thirtieth Hawaii International Conference on

Conference_Location

Wailea, HI

ISSN

1060-3425

Print_ISBN

0-8186-7743-0

Type

conf

DOI

10.1109/HICSS.1997.663182

Filename

663182