Skip to main content
SpringerLink
Log in

A Hybrid Approach to Enhancing the Reliability of Software

  • Published:
Programming and Computer Software Aims and scope Submit manuscript

Abstract

Two approaches to enhancing the reliability and security of software—static analysis of the source code and dynamic protection—are compared. Advantages and disadvantages of these approaches are discussed. A hybrid approach to enhancing the reliability of software is suggested that combines advantages of both methods and smoothes over their drawbacks. A classification of dynamic protection systems is presented in terms of the time of their operation, abstraction level at which modifications are introduced and the protection code operates, and principles of protection. A pragmatic approach to the development and evolution of an algorithm for finding errors of a certain class in the source code that result in reducing the reliability or security of the system is described. The algorithm calculates an approximation of the exact solution (the set of dangerous fragments), and every next version of the algorithm improves the approximation to the exact solution. At each stage, the hybrid algorithm is used: when the static analysis cannot decide whether there are errors or not, the task of preventing the effects of possible errors is entrusted to the dynamic protection system. The iterative improvement of the algorithm has two purposes: to reduce the number of false alerts and to reduce the workload on the dynamic protection system. Application of the approach to a class of errors reducing the security of software is considered.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

REFERENCES

  1. Lipaev, V.V., Kachestvo programmnykh sredstv (Quality of Software), Moscow: Yanus-K, 2002.

    Google Scholar 

  2. Zhogolev, E.A., Lectures in Software Engineering, http://sp.cs.msu.ru/courses/techprog/lectp5.zip.

  3. Myers, G.J., Software Reliability: Principles and Practices, New York: Wiley, 1976. Translated under the title Nadezhnost' programmnogo obespecheniya, Moscow: Mir, 1980.

    Google Scholar 

  4. Landi, W., Undecidability of Static Analysis, ACM Lett. Program. Lang. Syst., 1992, vol. 1, pp. 323–337.

    Google Scholar 

  5. Ramalingam, G., The Undecidability of Aliasing, ACM Trans. Prom. Lang. Syst., 1994, vol. 16, pp. 1467–1471.

    Google Scholar 

  6. Team, T., Exploiting Format String Vulnerabilities, http://teso.scene.at/articles/formatstring/.

  7. Robbins, T.J., Libformat home page, http://www.wiretapped.net/ fyre/software/libformat.html.

  8. Cowan, C., Barringer, M., Beattie, S., and Kroah-Hartmann, G., FormatGuard: Automatic Protection from printf Format String Vulnerabilities, http://immunix.org/formatguard.pdf.

  9. Tsai, T.K. and Singh, N., Libsafe: Protecting Critical Elements of Stacks, http://www.research.avaylabs.com/project/libsafe.

  10. DeKok, A., PScan: A Limited Problem Scanner for C Source Files, http://www.striker.ottawa.on.ca/aland/pscan/.

  11. Secure Software Solutions. Rough Auditing Tool for Security. RATS 1.3, http://www.securesw.com/rats/.

  12. Wheeler, D., Flawfinder, http://www.dwheeler.com/flawfinder/.

  13. Wheeler, D., Secure Programming for Linux and Unix HOWTO, http://www.dwheeler.com/secure-programs/.

  14. Viega, J., Bloch, J.T., Kohno, T., and McGraw, G., Token-based Scanning of Source Code for Security, ACM Trans. Inf. Syst. Security, 2002, vol. 5, pp. 238–261.

    Google Scholar 

  15. Byers, D. and Kamkar, M., A Hybrid Approach to Propagation Analysis, Proc. Third Int. Workshop on Automatic Debugging, 1997, pp. 193–197.

  16. Mock, M., Dynamic Analysis from the Bottom Up, http://www.cs.nmsu.edu/jcook/woda2003/papers/Mock.pdf.

  17. Heuzeroth, D., Holl, T., and Lowe, W., Combining Static and Dynamic Analysis to Detect Interaction Patterns, Proc. Sixths Int. Conf. on Integrated Design and Process Technology (IDPT), 2002.

  18. Necula, G.C., McPeak, S., and Weimer, W., Ccured: Type-safe Retrofitting of Legacy Code, ACM SIGPLAN Notices, 2002, vol. 37, pp. 128–139.

    Google Scholar 

  19. Austin, T.M., Breach, S.E., and Sohi, G.S., Efficient Detection of All Pointer and Array Access Errors, Conf. on Programming Languages Design and Implementation (PLDI 94), 1994, pp. 290–301.

  20. Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., and Wang, Y., Cyclone: A Safe Dialect of C, USENIX Annual Technical Conf., Monterey, CA, pp. 275–278.

Download references

Author information

Authors and Affiliations

  1. Institute for System Programming, Russian Academy of Sciences, ul. Bol'shaya Kommunisticheskaya 25, Moscow, 109004, Russia

    A. M. Frolov

Authors
  1. A. M. Frolov
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Frolov, A.M. A Hybrid Approach to Enhancing the Reliability of Software. Programming and Computer Software 30, 18–24 (2004). https://doi.org/10.1023/B:PACS.0000013437.87730.e5

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/B:PACS.0000013437.87730.e5

Keywords

Search

Navigation