Praerit Garg

On the correlation between code coverage and software reliability

We report experiments conducted to investigate the correlation between code coverage and software reliability. Black-, decision-, and all-use-coverage measures were used. Reliability was estimated to be the probability of no failure over the given input domain defined by an operational profile. Four of the five programs were selected from a set of Unix utilities. These utilities range in size from 121 to 8857 lines of code, artificial faults were seeded manually using a fault seeding algorithm. Test data was generated randomly using a variety of operational profiles for each program. One program was selected from a suite of outer space applications. Faults seeded into this program were obtained from the faults discovered during the integration testing phase of the application. Test cases were generated randomly using the operational profile for the space application. Data obtained was graphed and analyzed to observe the relationship between code coverage and reliability. In all cases it was observed that an increase in reliability is accompanied by an increase in at least one code coverage measure. It was also observed that a decrease in reliability is accompanied by a decrease in at least one code coverage measure. Statistical correlations between coverage and reliability were found to vary between -0.1 and 0.91 for the shortest two of the five programs considered; for the remaining three programs the correlations varied from 0.89 to 0.99.

Improving the granularity of access control in Windows NT

This paper presents the access control mechanisms in Windows 2000 that enable fine-grained protection and centralized management. These mechanisms were added during the transition from Windows NT 4.0 to support the Active Directory, a new feature in Windows 2000. We first extended entries in access control lists to allow rights to apply to just a portion of an object. The second extension allows centralized management of object hierarchies by specifying more precisely how access control lists are inherited. The final extension allows users to limit the rights of executing programs by restricting the set of objects they may access. These changes have the combined effect of allowing centralized management of access control while precisely specifying which accesses are granted to which programs.

Security relevancy analysis on the registry of Windows NT 4.0

Many security breaches are caused by inappropriate inputs, crafted by people with malicious intents. To enhance the system security, we need either to ensure that inappropriate inputs are filtered out by the program, or to ensure that only trusted people can access those inputs. In the second approach, we certainly do not want to put such a constraint on every input; instead, we only want to restrict the access to the security-relevant inputs. This paper investigates how to identify which inputs are relevant to system security. We formulate the problem as a security relevancy problem and deploy static analysis technique to identify security-relevant inputs. Our approach is based on the dependency analysis technique; it identifies whether the behavior of any security-critical action depends on a certain input. If such a dependency relationship exists, we say that the input is security-relevant, otherwise we say the input is security-nonrelevant. This technique is applied to a security analysis project initiated by the Microsoft Windows NT Security Group. The project is intended to identify security-relevant registry keys in the Windows NT operating system. The results from this approach proved useful to enhancing Windows NT security. Our experiences and results from this project are presented in this paper.

A Conceptual Authorization Model for Web Services

This paper describes a conceptual authorization model for Web Services. It is an adaptation of those of Taos [Lamp92] and SDSI [Lamp96] with terms changed to correspond more closely to those introduced with the WS-Security model [WS02]. In contrast to the more formal and mathematical presentation used for Taos and SDSI, this presentation is conceptual and informal, which hopefully may provide more intuition for some readers; it also might provide an outline for the class hierarchy of an object-oriented implementation. In addition, this model abstracts away from issues of distribution and network security such as authentication [Need78] and encryption (for example, by assuming that messages include the unforgeable identity of the sender and are private and tamperproof) so as to focus on authorization, but it does deal with the extensibility and composability of security services, and partial trust. It also

Access control in practice: pain points

Access control is acknowledged to be one of the most important aspects of security. Research and deployments related to access control in computers and networks dates back several decades. Nevertheless, several aspects of access control remain challenging in practice. This panel pulls together four experts from industry that have dealt with access control systems in various capacities. The panelists are all technical individuals, that make or have made substantive technical contributions to building or deploying access control systems or, integrating access control systems into broader systems or products. The panelists will discuss their experiences with access control systems, and in particular, highlight the pain points associated with them in practice. One of the anticipated outcomes of the discussions in this panel is a set of insights that researchers and practitioners in access control can incorporate into their work. In the long term, we anticipate that these insights will translate to access control systems that assuage the pain points to which the panelists will allude.