Speculative Software Modification
Rodes, Benjamin, Computer Science - School of Engineering and Applied Science, University of Virginia
Knight, John, Department of Computer Science, University of Virginia
Speculative Software Modification (SSM) is an engineering approach for modifying software for which either minimal or no software development information and/or artifacts are available. Software of this form is commonly referred to as Software Of Uncertain (or Unknown) Pedigree (or Provenance) (SOUP). SOUP raises many doubts about the existence and adequacy of desired dependability properties (e.g., security or safety) motivating some users to apply software modifications to improve or enhance the software with respect to these properties. Without necessary development artifacts, however, modifications are made in a state of uncertainty and risk. Lack of artifacts and associated uncertainties motivating users to modify software also present uncertainties about how to effectively apply a modification: i.e., a modification might not be effective, break program semantics, or not meet other user-defined constraints.
SSM is an assurance-based engineering model instantiated by engineers to alter SOUP and address modification risks and uncertainties. The model consists of two primary components: (1) a process architecture, and (2) an assurance case. The process architecture provides general guidelines and activities for generating SOUP modifications. The SSM process architecture is described as an iterative process of selecting and validating hypotheses about how to modify a specimen of SOUP. The assurance case is used as an acceptability model to justify that any modification produced by the SSM process will be acceptable to the system stakeholders. The assurance case is a rigorous and comprehensive argument about the acceptability of SOUP modifications. Engineers instantiate both the process architecture and assurance case for their particular operating environment. Once instantiated, the process can be reused to modify any number of programs.
This dissertation presents the rationale, components, guiding principles and activities of the SSM model. Modifying software to enhance software security is currently an area of active research and presents many unique challenges. In this dissertation, I focus the application of SSM to enhance software security for illustration. Security is a composite dependability property, typically described in terms of integrity, confidentiality and availability.
SSM is evaluated through a series of case studies examining the feasibility and practicality of the SSM concept. In particular, feasibility and practicality is examined first by a case study exploring the utility and form of the SSM process architecture. A subsequent case study assesses the feasibility and practicality of applying assurance cases in SSM. A final case study examines how engineers can determine the applicability of SSM and apply SSM concepts from "first principles". These case studies are based on examination of two specimen security-enhancing modification technologies.
PHD (Doctor of Philosophy)
assurance case, security, software of unknown provenance, SOUP, speculation, software modification, assurance argument, argument confidence
All rights reserved (no additional license for public reuse)