SE News

Deadlock immunity is a property by which programs, once afflicted by a deadlock pattern, develop the ability to avoid future occurrences of that deadlock pattern. Over time, programs with such an “immune system” progressively increase their resistance to deadlocks.

Dimmunix is a tool for giving software systems such an immune system against deadlock, without any assistance from programmers or users. Dimmunix is well suited for general purpose software (desktop and enterprise applications, server software, etc.) and a recent extension allows application communities to collaborate in achieving enhanced immunity.

http://dslab.epfl.ch/proj/dimmunix

Almost every day recently I find myself explaining Cloud Computing to different people at all levels and roles in various organizations. So, I decided to take a stab at it from my point of view. The challenge in explaining cloud computing is that there is more than one answer to the what is it question. The field is evolving rapidly and everyone wants a piece now. This article attempts to define and break down cloud computing to it’s most important components in the context of the business use case.

Kent Langley

http://www.productionscale.com/home/2008/4/24/cloud-computing-get-your-head-in-the-clouds.html

The Carnegie Mellon Software Engineering Institute (SEI) CERT Program, together with the Financial Services Technology Consortium (FSTC), today announced the availability of the CERT® Resiliency Engineering Framework. This framework provides a comprehensive roadmap that enables organizations of all sizes to establish, manage, and evaluate operational resiliency which encompasses both security and business continuity.

The CERT Resiliency Engineering Framework (REF) embodies methods and guidelines that have been developed and proven in practice over the last 20+ years by the SEI, combined with security and business continuity expertise gained through the SEI’s collaboration with FSTC.

“Our collaboration with FSTC over the past couple of years has enabled the SEI to develop and release a roadmap specifically designed for organizations to be flexible and straightforward to implement across all sizes of enterprises and their suppliers,” said Rich Caralli, technical lead for the CERT REF project. “REF is based not only on our own experience. FSTC provided us with unparalleled access to some of the best practitioners in the security and business continuity space.”

“Operational resiliency and effective risk management continue to be a priority for all of us in the financial services industry,” said Dan Schutzer, Executive Director of the Financial Services Technology Consortium. “The Resiliency Engineering Framework provides a compelling new tool to measure and improve resiliency for organizations and their suppliers.”

The framework consists of over 20 comprehensive capability modules, giving organizations the flexibility to implement as few or as many as their needs and strategies require. Benchmarking against the framework will help organizations optimize their operational resiliency investments, make objective peer-to-peer comparisons in their industry sector, and select capable third-party suppliers.

http://www.sei.cmu.edu/about/press/releases/refmodel.html

I examine the question of how to design election-related software, with particular attention to the threat of insider attacks, and propose the goal of simplifying the software in electronic voting machines. I apply a technique called prerendering to reduce the security-critical, voting-specific software by a factor of 10 to 100 while supporting similar or better usability and accessibility, compared to today’s voting machines. Smaller and simpler software generally contributes to easier verification and higher confidence.

I demonstrate and validate the prerendering approach by presenting Pvote, a vote-entry program that allows a high degree of freedom in the design of the user interface and supports synchronized audio and video, touchscreen input, and input devices for people with disabilities. Despite all its capabilities, Pvote is just 460 lines of Python code; thus, it directly addresses the conflict between flexibility and reliability that underlies much of the current controversy over electronic voting. A security review of Pvote found no bugs in the Pvote code and yielded lessons on the practice of adversarial code review. The analysis and design methods I used, including the prerendering technique, are also applicable to other high-assurance software.

Ka-Ping Yee

http://zesty.ca/pubs/yee-phd.pdf