【誠摯邀請】2012/5/8 13:30~15:20 邀請大家蒞臨Dr. Jeffrey Voas演講

 

Distinguished Speech

Speaker:Dr. Jeffrey Voas


Topic:
1. Software Testing, Fault Injection, and Black Balls and Urns (13:30-14:20)
2. Exposing Security Risks For Commercial Mobile Devices (CMDs) (14:30-15:20)
Date:2012/5/15(Tue.)
Time:13:30~15:20
Location:Room 427, Engineering Building
Moderator:Prof. Shiuhpyng Winston Shieh
Organizer: IEEE Reliability Society Taipei/Tainan Chapter, National Chiao Tung University, and TWISC@NCTU

jeff

Dr. Jeffrey Voas’s Biography:
Jeffrey Voas is a computer scientist at the US National Institute of Standards and Technology (NIST) in Gaithersburg, MD. Before joining NIST, Voas was an entrepreneur and co-founded Cigital. He has served as the IEEE Reliability Society President (2003-2005, 2009-2010), and serves as an IEEE Director (2011-2012). Voas co-authored two John Wiley books (Software Assessment: Reliability, Safety, and Testability [1995] and Software Fault Injection: Inoculating Software Against Errors [1998]), is currently an Associate Editor-In-Chief of IEEE’s IT Professional Magazine, is on the editorial board of IEEE Computer Magazine, and is on the Editorial Advisory Board of IEEE Spectrum Magazine. Voas received his undergraduate degree in computer engineering from Tulane University (1985), and received his M.S. and Ph.D. in computer science from the College of William and Mary (1986, 1990 respectively). Voas is a Fellow of the IEEE and Fellow of the American Association for the Advancement of Science (AAAS). Voas’s current research interests include vetting mobile app software, how apps depend on clouds, software certification ethics, and the Internet of Things (IOT).

 

 

Talk1 Abstract:

Software fault injection is a form of dynamic software testing that allows developers and testers to observe how the software will behave under a variety of anomalous conditions.  These conditions can be the result of simulated internal software defects or simulated external/environmental stimuli.  The end result of a better of way to predict how the software will behave when such events occur. Software testing, on the other hand, allows for predictions of how the software will behave under normal, expected operating conditions.  Therefore the knowledge derived from these different types of dynamic assessment is unique, but when combined, result in a more thorough prediction of how the software will behave under a wide variety of nominal and off-nominal circumstances. This offers a more complete definition of “software assurance.”
This 1 hour talk will compare and contrast these assessment methods, and will also explore how software fault injection can be used to assess the fault hiding ability of code due to the lack of three key ingredient required for failure: execution, infection, and propagation.  By doing so, we can more realistically predict how much testing is needed in order to detect actual faults of different densities as well as deal with issues such as where to insert assertions and how to quantify fault tolerance.
And if time permits, the often referenced “black balls and urn” model for why software testing is a probabilistic game will be explained. Students often learn a lot about why software testing “is a gamble” from this simple probability model.


Talk2 Abstract:
Recent advances in the hardware capabilities of mobile hand-held devices have fostered the development of open source operating systems and a wealth of applications for mobile phones and table devices. This new generation of smart devices, including iPhone and Google Android, are powerful enough to accomplish most of the user tasks previously requiring a personal computer.  In this talk, we will discuss the cyber threats that stem from these new smart device capabilities and the online application markets for mobile devices. These threats include malware, data exfiltration, exploitation through USB, and user and data tracking. We will present the ongoing George Mason University (GMU) and National Institute of Standards and Technology (NIST) efforts to defend against or mitigate the impact of attacks against mobile devices. Our approaches involve analyzing the source code and binaries of mobile applications, hardening the Android Kernel, using Kernel-level network and data encryption, and controlling the communication mechanisms for synchronizing the user contents with computers and other phones. We will also explain the enhanced difficulties in dealing with these security issues when the end-goal is to deploy security-enhanced smart phones into military combat settings. The talk will conclude with a discussion of our current and future research directions and outcomes.

 

Slides1  Slides2

 

Jeff banner

 

 

 

誰在線上

目前有 12 個訪客 以及 沒有會員 在線上

總瀏覽人數

文章瀏覽點擊數
691454

最新消息

 

 

【資安新聞】打造資安將才 交通大學首創亥客書院  (2016/12/01)

 

 
 
一張電子發票會透露多少資訊?金融罪犯如何能盜領巨款?為響應政府推動資通安全政策、培育資安人才,交通大學整合資訊、電機、管理學院及資通安全研教中心、資訊服務中心、推廣教育中心與國內外資安學者專家,跨領域攜手成立「亥客書院」,敦請交大講座教授張善政擔任書院院長,以及美國電機電子學會會士、資訊安全學會前理事長謝續平特聘教授擔任副院長,打造台灣第一流的資安人才培育平台。
閱讀全文...

 

 

【獲獎公告】IEEE Fellow Class of 2014

 

This year, Professor Shiuhpyng Winston Shieh is elevated as an IEEE fellow for the contribution of advances in pattern-oriented intrusion detection and fault-tolerant protection.

閱讀全文...

 

 

【誠摯邀請】2013/3/14 13:30~15:20 邀請大家蒞臨Dr. Jeffrey Voas演講

 

閱讀全文...

 

 

 【誠摯邀請】2012/5/8 13:30~15:20 邀請大家蒞臨Dr. Jeffrey Voas演講

 

閱讀全文...



【誠摯邀請】2011/11/18 10:40~11:40 邀請大家蒞臨Prof. Lixia Zhang演講

 

 

講    者:Prof. Lixia Zhang
                Computer Science Department, UCLA
講    題:Named Data Networking
日    期:100年11月18日(五)
時    間:上午10:40~11:40
地    點:工程三館345會議室
主持人:謝續平教授