| ¡¡ | Chinese Journal of Computers Full Text |
| Title | An Approach for Identifying Software Vulnerabilities Based on Error Propagation Analysis |
| Authors | LI Ai-Guo1) HONG Bing-Rong1) WANG Si2) |
| Address | 1)(School of Computer Science and Technology, Harbin Institute of Technology, Harbin 150001) 2)(School of Astronautics, Harbin Institute of Technology, Harbin 150001) |
| Year | 2007 |
| Issue | No.11(1910¡ª1921) |
| Abstract & Background | Abstract For the software system operating in space environment where radiation phenomenon exists widely, identifying the vulnerabilities emphasizes particularly on the analysis about the effect of environment on the software. This paper presents a methodology for analyzing the vulnerabilities in software subjected to environment perturbation. Based on the premise that the software has been modularized, this methodology analyzes the error-generation and error-propagation process in software from signal and module level each, as a result of giving a theory framework for identifying software vulnerabilities. Whereafter, a fault-injection-based method for estimation of the various measures in the framework is described and the software of a real embedded control system used in a satellite is analyzed to show the type of results obtained by the methodology. keywords software vulnerability; error propagation; fault injection; environment perturbation; single event upset background In the special field, where very high dependability level is needed, the software is required to run smoothly in the presence of errors, which spurs us to find out the characteristic of software under these exceptions, especially to know how the errors propagate through software and affect its execution. Furthermore, in order to increase the software dependability, we must find such vulnerable parts for further analysis and possibly retrofitting with fault-tolerant mechanisms. Error propagation analysis may be used to find the modules and signals which are most exposed to errors in a system and to ascertain how different modules affect each other in the presence of errors. This work is supported by the National Aeronautical Research Program under grant No.417010402, and by the Aeronautical Innovation Fund under grant No.CASC0409. |