分布式软件故障注入及软件脆弱点检测方法研究
|
摘要
在一些高可靠性领域,计算机系统的应用越来越广泛,如交通控制、医疗、核电站、银行、电讯系统和航空航天等。在这些领域中,计算机系统的失效可能造成巨大的人员伤亡和经济损失。另外,在高性能并行计算领域,计算机可靠性的重要性也越来越高。并行计算机通常用于一些高强度计算应用,如基础物理/化学、飞机/汽车建模等,这些应用不仅运行时间长,而且由于并行计算所带来的电子器件增多导致故障发生的可能性增大。特别是对于航天领域,由于宇宙射线的存在,会导致计算机系统经常发生各种故障。
可靠性计算机一般都采用容错机制来检测软件或硬件故障,定位故障源或可能从这些故障/错误中恢复。但如何在系统应用之前对这些容错机制的有效性、可用性进行评估和验证,检验它们是否和我们事先预想的情况相一致。这就需要一种有效的对容错机制进行评测的方法和工具。同时,在对软件系统装配容错机制之前,考虑到容错机制的效率因素,把容错机制放于何处及如何放置才能发挥它们的最大作用,这就需要了解软件系统中错误的产生与传播过程,以及找出软件系统中相对薄弱的环节或部分。最后在找到软件系统的薄弱环节以后,如何对之进行加固也是一个很重要的内容。
计算机系统的可靠性验证是一个复杂艰巨的任务,一般使用理论建模方法,但由于故障激活机制和错误传播过程非常复杂,在大多数情况下都是不完全可知的,所以很难对实际系统进行建模。故障注入技术作为一种实验评测方法被证明是一种高效的可靠性验证方法,他通过人为的在目标系统中产生故障,加速系统发生故障和失效的过程,通过对注入故障后系统的反应信息进行监测和分析,可获得对目标系统可靠性和容错性能的评测结果。与其它方法相比,故障注入具有应用范围广、结果精确度高、时间花费少等优点,已引起众多学者和研究人员的重视。
本文首先研究了进行故障注入的一些基本原理和方法,结合航天领域的特点设计了故障模型,然后提出了一种分布式的故障注入工具的架构,并在Linux系统上进行了开发与实现。经实验验证,该工具可在分布式系统或单机系统中注入多种故障,同时还拥有强大的数据回收功能,并具有很好的可移植性(可在所有类Unix操作系统平台上运行)和可扩展性。这为以后研究分布式系统的可靠性奠定了一定的基础。
以该故障注入工具为基础,本文又分别在信号和模块级别上研究了故障在软件中的生成与传播过程,并定义了描述此过程的参数及其计算方法,其中首次提出了模块泄漏率和活动率的概念,并给出了软件脆弱点的概念及确定原则,最后在一卫星光纤陀螺捷联航姿控制系统上对该框架的正确性和有效性进行了验证。这为从设计角度来减少软件系统模块间的错误传播提供了理论基础,同时也为评测软件系统可靠性提供了方法,并为如何放置容错机制才能使之达到效率最高提供了依据。
找到了软件系统中的脆弱点,但如何对它们进行加固处理,也是本文考虑的一个内容。本文针对航天领域强辐射的特点,分别从程序控制流和数据流角度提出了两种在线加固方法。控制流加固方法(RSCFC)可以检测程序中的控制流错误,该方法首先识别程序中的各个基本模块,然后把基本模块间的关系编码进模块标记中,最后在每个基本模块的首部和尾部分别加上测试和设置指令,通过一全局变量来检测程序的执行流程。该方法不仅可用于高级语言,也可在汇编语言级上实现。通过在几个C语言标准程序上使用该方法,并进而进行故障注入实验,结果表明该方法在对程序代码大小和性能影响不大的条件下可把未探测故障率从原始程序的20.7~68.8%降低到2.8~20.4%。
数据流加固方法(SBC)通过对程序中变量进行简单编码和解码操作后,可对发生在程序数据空间内的单“位”错误进行检测并进而纠正。故障注入的实验结果表明,对于程序数据段错误,该算法可把错误输出从原始程序的27%~49%降低到0.01%~0.02%,同时故障纠正率接近100%;对于程序堆栈段错误,该算法可把错误输出从原始程序的10%~70%降低到1%~3%,故障纠正率也在73%以上。
在软件系统实现上,我们把故障注入平台、错误传播和软件脆弱点检测集成到了一起,统称软件脆弱点识别环境SAVIE。本文在最后对SAVIE设计实现进行了描述,包括系统结构、各个模块的功能、使用流程和方法等。
Computer systems are used nowadays in an increasing number of applicationsthat require high levels of dependability. In some cases our lives depend on them,such as in traffic control, medical life support, or nuclear power station managementapplications. In other cases, such as banking, telecommunications and aerospace,failures can cause tremendous economic losses. Another novel area where depend-ability is increasingly important is high performance parallel computing. Parallelcomputers are used to run computation intensive applications such as fundamentalphysics/chemistry, and airplane/vehicle modeling, during large periods of time. De-pendability is important to enable those long runs in spite of the increased probabilityof fault occurrence caused by the larger number of electronic components in parallelcomputers. Especially, computer systems operating in space environment are subjectto different radiation phenomena,whose effects can be permanent or transient. Andthese effects may lead to all kinds of faults/errors.
Generally, a dependable computer should be able to detect software or hard-ware errors, locate their origin, and recover from those errors by using some kind offault tolerance mechanisms. One important problem is how to evaluate and validatethe effectiveness of the fault tolerance mechanisms embedded in these systems be-fore production in order to correct defects and/or provide feedback for improvements.Furthermore, if the efficiency of the fault tolerance mechanisms is taken into account,the other important problem is where to place and how to place these mechanisms inorder to make the most use of them. These demands ask for an effective method andtool to validate the fault tolerance mechanisms.
The validation of the dependability properties of a computer system is an intrin-sically complex task. The use of analytical modeling in actual systems is very difficultas the mechanisms involved in the fault activation and also in the error propagationprocess are highly complex; they are not completely understood in most cases. Ex-perimental evaluation by fault injection has become an attractive way of validating thedependability of system, which introduces some faults into target system artificially inorder to speed the occurrence of fault or failure in the system and can get the validation result of dependability and fault tolerance capability of the system through monitoringand analogizing the info gotten from the injected target system. Compared to othermethods, fault injection has the main advantage that the wide scope of application ,high result precision and much less time consuming, and attract the attention of moreand more scholars and researchers.
In this paper, the basic principle and method about fault injection are investigatedfirstly; then the fault models are designed according to the characteristic of space;thirdly, a distributed framework of the fault injection tool is proposed, furthermore, itis also developed and implemented on Linux operating system. Validated by the ex-periments, this tool can not only inject many types of fault in the distributed systems,but in a single computer. On the other hand, it also have power abilities to collect thedata generated in experiment and primely multi-platforms and expansibility. This toolestablishes some foundation for study the dependability of distributed system later.
Base on the fault injection tool, we study and characterize the error propagationprocess in software from the modular and signal level each, and define a set of metricsthat quantitatively represent the inter-modular software interactions and their calculatemethods. In this process, the modula leak rate and activation rate are first proposed.As a result, the concept and the principles of confirming software vulnerabilities areproposed. Furthermore, we use a real embedded target system used in a navigation-pose control system of a satellite to perform fault-injection experiments to validate thecorrectness and effectiveness of this framework. The work provides theory founda-tion from the design aspect for how to decrease the error propagation among modulesin software system, simultaneously, gives the method of how to testing the depend-ability of software system and shows the ground of how to place the fault tolerancemechanisms in order to make the most use of them.
After the software vulnerabilities have been found, the next problem is how toharden them. According to the strong radiation characteristic of space environment,we propose two on-line harden methods of software from control-?ow and data-?owrespectively.
The control-?ow harden technique proposed is called RSCFC(Relationship Sig-natures for Control Flow Checking) that assigns a relationship signature and insertssome special assertions to each basic block to detect control ?ow faults through ANDoperation between the run-time signature and the basic block’s location info. A fault injection experiment was performed with several C benchmark programs. The resultsuggests that about 20.7~68.8% of the injected branching faults produced unde-tected incorrect outputs without RSCFC; however,with RSCFC, the above numberdeclines to 2.8~20.4%.
The data-?ow harden method SBC(Single Bit Correction), a software-based ap-proach for soft error correction, is put forward. The technique is based on the codingand decoding of variables in programs to detect and correct the errors in them. Resultsissued from fault injection experiments suggests that the method can decline the unde-tected incorrect output from the original programs’s 27%~49% to 0.01%~0.02%for programs’s data section faults, with almost 100% correction rate; furthermore, forstack section faults, the undetected incorrect output is decreased from 10%~70% to1%~3%, with more than 82% correction rate. Compared with previous techniques,the SBC method has the characteristics of both easy implementation and low memoryoverhead with a very high fault detection and correction capability.
In the software implementation, we integrated the fault injection tool, error prop-agation framework and software vulnerability identifying into one platform, generallycalled SoftwAre Vulnerabilities Identifying Environment (SAVIE). In the last of thisdissertation, a detailed description on the design and implementation of SAVIE isgiven, including the system structure, the function of each module, work progress andmethods et.ec.
可靠性计算机一般都采用容错机制来检测软件或硬件故障,定位故障源或可能从这些故障/错误中恢复。但如何在系统应用之前对这些容错机制的有效性、可用性进行评估和验证,检验它们是否和我们事先预想的情况相一致。这就需要一种有效的对容错机制进行评测的方法和工具。同时,在对软件系统装配容错机制之前,考虑到容错机制的效率因素,把容错机制放于何处及如何放置才能发挥它们的最大作用,这就需要了解软件系统中错误的产生与传播过程,以及找出软件系统中相对薄弱的环节或部分。最后在找到软件系统的薄弱环节以后,如何对之进行加固也是一个很重要的内容。
计算机系统的可靠性验证是一个复杂艰巨的任务,一般使用理论建模方法,但由于故障激活机制和错误传播过程非常复杂,在大多数情况下都是不完全可知的,所以很难对实际系统进行建模。故障注入技术作为一种实验评测方法被证明是一种高效的可靠性验证方法,他通过人为的在目标系统中产生故障,加速系统发生故障和失效的过程,通过对注入故障后系统的反应信息进行监测和分析,可获得对目标系统可靠性和容错性能的评测结果。与其它方法相比,故障注入具有应用范围广、结果精确度高、时间花费少等优点,已引起众多学者和研究人员的重视。
本文首先研究了进行故障注入的一些基本原理和方法,结合航天领域的特点设计了故障模型,然后提出了一种分布式的故障注入工具的架构,并在Linux系统上进行了开发与实现。经实验验证,该工具可在分布式系统或单机系统中注入多种故障,同时还拥有强大的数据回收功能,并具有很好的可移植性(可在所有类Unix操作系统平台上运行)和可扩展性。这为以后研究分布式系统的可靠性奠定了一定的基础。
以该故障注入工具为基础,本文又分别在信号和模块级别上研究了故障在软件中的生成与传播过程,并定义了描述此过程的参数及其计算方法,其中首次提出了模块泄漏率和活动率的概念,并给出了软件脆弱点的概念及确定原则,最后在一卫星光纤陀螺捷联航姿控制系统上对该框架的正确性和有效性进行了验证。这为从设计角度来减少软件系统模块间的错误传播提供了理论基础,同时也为评测软件系统可靠性提供了方法,并为如何放置容错机制才能使之达到效率最高提供了依据。
找到了软件系统中的脆弱点,但如何对它们进行加固处理,也是本文考虑的一个内容。本文针对航天领域强辐射的特点,分别从程序控制流和数据流角度提出了两种在线加固方法。控制流加固方法(RSCFC)可以检测程序中的控制流错误,该方法首先识别程序中的各个基本模块,然后把基本模块间的关系编码进模块标记中,最后在每个基本模块的首部和尾部分别加上测试和设置指令,通过一全局变量来检测程序的执行流程。该方法不仅可用于高级语言,也可在汇编语言级上实现。通过在几个C语言标准程序上使用该方法,并进而进行故障注入实验,结果表明该方法在对程序代码大小和性能影响不大的条件下可把未探测故障率从原始程序的20.7~68.8%降低到2.8~20.4%。
数据流加固方法(SBC)通过对程序中变量进行简单编码和解码操作后,可对发生在程序数据空间内的单“位”错误进行检测并进而纠正。故障注入的实验结果表明,对于程序数据段错误,该算法可把错误输出从原始程序的27%~49%降低到0.01%~0.02%,同时故障纠正率接近100%;对于程序堆栈段错误,该算法可把错误输出从原始程序的10%~70%降低到1%~3%,故障纠正率也在73%以上。
在软件系统实现上,我们把故障注入平台、错误传播和软件脆弱点检测集成到了一起,统称软件脆弱点识别环境SAVIE。本文在最后对SAVIE设计实现进行了描述,包括系统结构、各个模块的功能、使用流程和方法等。
Computer systems are used nowadays in an increasing number of applicationsthat require high levels of dependability. In some cases our lives depend on them,such as in traffic control, medical life support, or nuclear power station managementapplications. In other cases, such as banking, telecommunications and aerospace,failures can cause tremendous economic losses. Another novel area where depend-ability is increasingly important is high performance parallel computing. Parallelcomputers are used to run computation intensive applications such as fundamentalphysics/chemistry, and airplane/vehicle modeling, during large periods of time. De-pendability is important to enable those long runs in spite of the increased probabilityof fault occurrence caused by the larger number of electronic components in parallelcomputers. Especially, computer systems operating in space environment are subjectto different radiation phenomena,whose effects can be permanent or transient. Andthese effects may lead to all kinds of faults/errors.
Generally, a dependable computer should be able to detect software or hard-ware errors, locate their origin, and recover from those errors by using some kind offault tolerance mechanisms. One important problem is how to evaluate and validatethe effectiveness of the fault tolerance mechanisms embedded in these systems be-fore production in order to correct defects and/or provide feedback for improvements.Furthermore, if the efficiency of the fault tolerance mechanisms is taken into account,the other important problem is where to place and how to place these mechanisms inorder to make the most use of them. These demands ask for an effective method andtool to validate the fault tolerance mechanisms.
The validation of the dependability properties of a computer system is an intrin-sically complex task. The use of analytical modeling in actual systems is very difficultas the mechanisms involved in the fault activation and also in the error propagationprocess are highly complex; they are not completely understood in most cases. Ex-perimental evaluation by fault injection has become an attractive way of validating thedependability of system, which introduces some faults into target system artificially inorder to speed the occurrence of fault or failure in the system and can get the validation result of dependability and fault tolerance capability of the system through monitoringand analogizing the info gotten from the injected target system. Compared to othermethods, fault injection has the main advantage that the wide scope of application ,high result precision and much less time consuming, and attract the attention of moreand more scholars and researchers.
In this paper, the basic principle and method about fault injection are investigatedfirstly; then the fault models are designed according to the characteristic of space;thirdly, a distributed framework of the fault injection tool is proposed, furthermore, itis also developed and implemented on Linux operating system. Validated by the ex-periments, this tool can not only inject many types of fault in the distributed systems,but in a single computer. On the other hand, it also have power abilities to collect thedata generated in experiment and primely multi-platforms and expansibility. This toolestablishes some foundation for study the dependability of distributed system later.
Base on the fault injection tool, we study and characterize the error propagationprocess in software from the modular and signal level each, and define a set of metricsthat quantitatively represent the inter-modular software interactions and their calculatemethods. In this process, the modula leak rate and activation rate are first proposed.As a result, the concept and the principles of confirming software vulnerabilities areproposed. Furthermore, we use a real embedded target system used in a navigation-pose control system of a satellite to perform fault-injection experiments to validate thecorrectness and effectiveness of this framework. The work provides theory founda-tion from the design aspect for how to decrease the error propagation among modulesin software system, simultaneously, gives the method of how to testing the depend-ability of software system and shows the ground of how to place the fault tolerancemechanisms in order to make the most use of them.
After the software vulnerabilities have been found, the next problem is how toharden them. According to the strong radiation characteristic of space environment,we propose two on-line harden methods of software from control-?ow and data-?owrespectively.
The control-?ow harden technique proposed is called RSCFC(Relationship Sig-natures for Control Flow Checking) that assigns a relationship signature and insertssome special assertions to each basic block to detect control ?ow faults through ANDoperation between the run-time signature and the basic block’s location info. A fault injection experiment was performed with several C benchmark programs. The resultsuggests that about 20.7~68.8% of the injected branching faults produced unde-tected incorrect outputs without RSCFC; however,with RSCFC, the above numberdeclines to 2.8~20.4%.
The data-?ow harden method SBC(Single Bit Correction), a software-based ap-proach for soft error correction, is put forward. The technique is based on the codingand decoding of variables in programs to detect and correct the errors in them. Resultsissued from fault injection experiments suggests that the method can decline the unde-tected incorrect output from the original programs’s 27%~49% to 0.01%~0.02%for programs’s data section faults, with almost 100% correction rate; furthermore, forstack section faults, the undetected incorrect output is decreased from 10%~70% to1%~3%, with more than 82% correction rate. Compared with previous techniques,the SBC method has the characteristics of both easy implementation and low memoryoverhead with a very high fault detection and correction capability.
In the software implementation, we integrated the fault injection tool, error prop-agation framework and software vulnerability identifying into one platform, generallycalled SoftwAre Vulnerabilities Identifying Environment (SAVIE). In the last of thisdissertation, a detailed description on the design and implementation of SAVIE isgiven, including the system structure, the function of each module, work progress andmethods et.ec.
引文
1 徐福祥. 卫星工程. 中国宇航出版社, 2002:1
2 武文权. 可重构并行小卫星星载计算机体系结构设计. 中国科学院研究生院Ph.D. thesis. 2004
3 孙峻朝. 基于故障注入的容错机制评测技术的研究. 哈尔滨工业大学博士学位论文Ph.D. thesis. 1999
4 E. Jenn, J. Arlat, M. Rimen, et al. Fault Injection Into Vhdl Models: The MefistoTool. Proceedings of the 24 International Symposium on Fault-Tolerant Com-puting (FTCS-24),. 1994:66–75
5 V. Sieh, O. T. che, F. Balbach. Verify: Evaluation of Reliability Using Vhdl-models with Embedded Fault Descriptions. Proceedings of the 27th Interna-tional Symposium on Fault-Tolerant Computing (FTCS-27). 1997:32–36
6 K. K. Goswami, R. K. Iyer, L. Young. Depend: A Simulation-based Environ-ment for System Level Dependability Analysis. IEEE Transactions on Comput-ers. 1997, 46(1):60–74
7 R. Chandra, R. M. Lefever, M. Cukier, et al. Loki:a State-driven Fault Injec-tor for Distributed Systems. Proceedings of the International Conference onDependable Systems and Networks (DSN’00),. 2000:237–242
8 J. Arlat, M. Aguera, L. Amat, et al. Fault Injection for Dependability Valida-tion: A Methodology and some Applications. IEEE Transactions On SoftwareEngineering. 1990, 16(2):166–182
9 C. J. Walter. Evaluation and Design of an Ultra-reliable Distributed Architecturefor Fault-tolerance. IEEE Transactions on Reliability. 1990, 39(4):492–499
10 J. Arlat, Y. Crouzet, J. Karlsson, et al. Comparison of Physical and Software-implemented Fault Injection Techniques. IEEE Transactions on Computers.2003, 52(9):1115–1133
11 H. Madeira, M. Rela, F. Moreira, et al. Ri?e: A General Purpose Pin-level FaultInjector. Proceedings of the 1st European Dependable Computing Conference(EDCC-1). 1994:199–216
12 U. Gunne?o, J. Karlsson, J. Torin. Evaluation of Error Detection Schemes UsingFault Injection by Heavy-ion Radiation. Proceedings of the 19th InternationalSymposium on Fault-Tolerant Computing (FTCS-19). 1989:340–347
13 R. Koga, W. Kolasinski. Heavy-ion Induced Single Event Upsets of Microcir-cuits; a Summary of the Aerospace Corporation Test Data. IEEE Transactionon Nuclear Science. 1984, 31(6):1190–1195
14 J. Karlsson, P. Lidén, P. Dahlgren, et al. Using Heavy-ion Radiation to ValidateFault-handling Mechanisms. IEEE Micro. 1994, 14(1):8–23
15 J. Karlsson, U. Gunne?o, P. Lidén, et al. Two Fault Injection Techniques forTest of Fault Handling Mechanisms. Digest of Papers, IEEE 1991 InternationalTest Conference. Nashville,TN,USA, 1991:140–149
16 J. Samson, W. Moreno, F. Falquez. A Technique for Automated Validation ofFault Tolerant Designs Using Laser Fault Injection. Proc. 28th Int. Symp. onFault-Tolerant Computing (FTCS-28). Munich,Germany, 1998:162–167
17 S. Han, H. Rosenberg, K. Shin. Doctor: An Integrated Software Fault InjectionEnvironment. Tech. Rep. CSE-TR-192-93, University of Michigan, 1993
18 E. Fuchs. An Appraisal of the Error Detection Mechanisms in Mars Using Soft-ware Implemented Fault Injection. Proc. 2nd European Dependable ComputingConference (EDCC-2). Taormina, Italy, 1996
19 Z. Segall, D. Vrsalovic, D. Siewiorek, et al. Fiat-fault Injection Based Auto-mated Testing Environment. Proc. 18th Symposium on Fault-Tolerant Comput-ing. Tokyo,Japan, 1988:102–107
20 J. Barton, Z. E. Czeck, Segall, et al. Fault Injection Experiments Using Fiat.IEEE Transactions on Computers. 1990, 39(4):575–582
21 G. A. Kanawati, N. A. Kanawati, J. A. Abraham. Ferrari: A Tool for the Vali-dation of System Dependability Properties. Proc. of the 22nd Int’l Symp. onFault-Tolerant Computing (FTCS-22). 1992:336–344
22 S. Dawson, F. Jahanian, T. Mitton, et al. Testing of Fault-tolerant and Real-timeDistributed Systems Via Protocol Fault Injection. Proc. of the 26th Int’l Symp.on Fault-Tolerant Computing(FTCS-26). 1996:404–414
23 K. Echtle, M. Leu. The Efa Fault Injector for Fault-tolerant Distributed SystemTesting. IEEE Workshop on Fault-Tolerant Parallel and Distributed Systems.1992:28–35
24 W. L. Kao, R. K. Iyer, D. Tang. Fine: A Fault Injection and Monitoring Environ-ment for Tracing the Unix System Behaviour under Faults. IEEE Transactionson Software Engineering. 1993, 19(11):1105–1118
25 W. L. Kao, R. K. Iyer. Define: A Distributed Fault Injection and MonitoringEnvironment. Workshop on Fault-Tolerant Paralel and Distributed Systems.1994
26 T. K. Tsai, R. K. Iyer. An Approach to Benchmarking of Fault-tolerantCommercial Systems. Proc. of the 26th Int’l Symp. on Fault-TolerantComputing(FTCS-26). 1996:314–323
27 J. Carreira, H. Madeira, J. G. Silva. Xception: Software Fault Injection andMonitoring in Processor Functional Units. Proc. of the 5th IFIP Int’l WorkingConf. Dependable Computing for Critical Applications(DCCA-5). 1995:135–149
28 J. Carreira, H. Madeira, J. G. Silva. Xception: A Technique for the Evalua-tion of Dependability in Modern Computers. IEEE Transactions on SoftwareEngineering. 1998, 24(2)
29 D. T. Stott, B. Floering, D. Burke, et al. Nftape: A Framework for AssessingDependability in Distributed Systems with Lightweight Fault Injectors. Proc.of IPDS’2000. Chicago,USA, 2000
30 M. R. Moreno, F. Salles, J. Arlat. Mafalda: A Fault Injection Tool for the Evalu-ation of Cots-microkernel Based Systems. European Workshop on DependableComputing. 1998
31 E. Martins, C. M. F. Rubira, N. G. M. Leme. Jaca: A Re?ective Fault InjectionTool Based on Patterns. Proc. of DSN 2002. Washington,USA, 2002
32 M. Hiller, A. Jhumka, N. Suri. Propane: An Environment for Examining thePropagation of Errors in Software. Proc. Int’l Symp. Software Testing and Anal-ysis(ISSTA’02). 2002:81–85
33 A. Benso, P. Prinetto, M. Rebaudengo, et al. Exfi: A Low-cost Fault InjectionSystem for Embedded Microprocessor-based Boards. ACM Trans. On Designautomation of electronic system. 1998, 3(4):626–634
34 J. Aidemark, J. Vinter, P. Folkesson, et al. Goofi: Generic Object-oriented FaultInjection Tool. DSN 2001. Gothenburg,Sweden, 2001:1–6
35 G. Jacques-Silva, R. J. Drebes, J. Gerchman, et al. Fiona: A Fault Injectorfor Dependability Evaluation of Java-based Network Applications. Proc. of 3rdIEEE International Symposium on Network Computing and Applications (NCA2004). Cambridge, MA, USA, 2004:303–308
36 刘宏泰. 基于软件实现的故障注入系统设计与仿真. Master’s thesis, 哈尔滨工业大学硕士学位论文. 2003
37 王胜文. 基于软件的故障注入方法的研究. 哈尔滨工业大学博士学位论文Ph.D. thesis. 2004
38 彭俊杰. 基于软件故障注入的星载系统可靠性评测. 哈尔滨工业大学博士学位论文Ph.D. thesis. 2005
39 朱鹏, 张平. 基于单片机的故障注入系统. 计算机测量与控制. 2004,12(10):996–998
40 王平. 软硬件协同容错电源控制系统的验证. 微电子学与计算机. 2004,21(5):157–160
41 陈显峰, 裘丽华, 王占林. 分布式系统故障注入研究. 系统仿真学报. 1999,11(6):473–476
42 A. Jhumka, M. Hiller, N. Suri. Assessing Inter-modular Error Propagation inDistributed Software. nternational Symposium on Reliable and Distributed Sys-tems (SRDS). 2001:152–161
43 J. P. Roth. Computer Logic. Testing and Verification, Computer Science Press,1980
44 P. Goel. An Implicit Enumeration Algorithm to Generate Tests for Combina-tional Logic Circuits. IEEE Transactions on Computers. 1981, 30(3):215–222
45 H. Fujiwara, T. Shimono. On the Acceleration of Test Generation Algorithms.IEEE Transactions on Computers. 1983, C-32:265–272
46 K. G. Shin, T.-H. Lin. Modeling and Measurement of Error Propagation ina Multimodule Computing System. IEEE Transactions on Computers. 1988,37(9):1053–1066
47 G. Csertán, A. Pataricza, E. Selényi. Dependability Analysis in Hw-sw Code-sign. Proceedings of the International Computer Performance and Dependabil-ity Symposium (IPDS’95). 1995:306-315
48 J. Voas, L. J. Morell. Propagation and Infection Analysis (pia) Applied to De-bugging. Proceedings of Southeastcon’90. 1990:379–383
49 J. Voas. Pie: A Dynamic Failure-based Technique. IEEE Trans. on SoftwareEngineering. 1992, 18(8):717–727
50 L. Morell, B. Murrill, R. Rand. Perturbation Analysis of Computer Pro-grams. Proceedings of the International Conference on Computer Assur-ance(COMPASS’97). 1997:77–87
51 J. Voas, F. Charron, L. Beltracchi. Error Propagation Analysis Studies in aNuclear Research Code. Aerospace Conf. 1998, 4:115–121
52 C. C. Michael, R. C. Jones. On the Uniformity of Error Propagation in Software.Proc. Int’l Conf. Computer Assurace (COMPASS’97). 1997:68–76
53 D. M. Nassar, W. A. Rabie, M. Shereshevsky, et al. Estimating Error Prop-agation Probabilities in Software Architectures. Tech. rep., College of Com-puter Science. New Jersey Institute of Technology, 2002. http://www.ccs.njit.edu/swarch/ep.pdf
54 W. Abdelmoez, D. M. Nassar, M. Shereshevsky, et al. Error Propagation in Soft-ware Architectures. 10th IEEE International Symposium on Software Metrics(METRICS’04). 2004:384–393
55 M. Hiller, A. Jhumka, N. Suri. Epic: Profiling the Propagation and Effect ofData Errors in Software. IEEE Transactions on Computers. 2004, 53(5):512–530
56 A. Johansson, N. Suri. Error Propagation Profiling of Operating Systems. In-ternational Conference on Dependable Systems and Networks (DSN). 2005:86–95
57 P. Popic, D. Desovski, W. Abdelmoez, et al. Error Propagation in the ReliabilityAnalysis of Component Based Systems. 16th IEEE International Symposiumon Software Reliability Engineering (ISSRE’05). 2005:53–62
58 N. Oh. Software Implemented Hardware Fault Tolerance. Ph.D. thesis, StanfordUniversity. 2000
59 G. A. Reis, J. Chang, N. Vachharajani, et al. Swift: Software ImplementedFault Tolerance. Pro. of the Int. Symposium on Code Generation and Optimiza-tion(CGO’05). 2005:243–254
60 B. Randell. System Structure for Software Fault Tolerant. IEEE Transactionson Software Engineering. 1975, 1(2):220–232
61 A. Avizienis. The N-version Approach to Fault-tolerant Software. IEEE Trans-actions on Software Engineering. 1985, 11(12):1491–1501– 124 –
62 S. Bagchi. Hierarchical Error Detection in a Software Implemented Fault Tol-erance (sift) Environment. Ph.D. thesis, Univ. of Illinois. 2001
63 I. Majzik, A. Pataricza. Control Flow Checking in Multitasking Systems. Peri-odica Polytechnica Ser. Electrical Engineering. 1995, 39(1):27–36
64 J. R. Kane, S. S. Yau. Concurrent Software Fault Detection. IEEE Transactionson Software Engineering. 1975, SE-1:87–99
65 S. S. Yau, F.-C. Chen. An Approach to Concurrent Control Flow Checking.IEEE Transactions on Software Engineering. 1980, SE-6:126–137
66 M. Namjoo. Techniques for Concurrent Testing of Vlsi Processor Operation.Digest 1982 Intl. Test Conf. Philadelphia, PA, 1982:461–468
67 D. J. Lu. Watchdog Processor and Structural Integrity Checking. IEEE Trans-actions on Computers. 1982, C-31(7):681–685
68 S. F. Daniels. A Concurrent Test Technique for Standard Microprocessors. Dig.Papers Compcon Spring 83. San Francisco, CA, 1983:389–394
69 H. Madeira, J. G. Silva. On-line Signature Learning and Checking. 2nd IFIPWorking Conf. on Dependable Computing for Critical Applications(DCCA-2).1991:170–177
70 T. Michel, R. Leveugle, G. Saucier. A New Approach to Control Flow Checkingwithout Program Modification. 21st International Symp. on Fault-ToleranceComputing(FTCS-21). 1991:334–341
71 S. Upadhyaya, B. Ramamurthy. Concurrent Process Monitoring with No Ref-erence Signatures. IEEE Transactions on Computers. 1994, 43(4):475–480
72 G. Miremadi, J. Ohlsson, M. Rimen, et al. Use of Time and Address Signaturesfor Control Flow Checking. 5th IFIP Working Conf. on Dependable Computingfor Critical Applications(DCCA-5). 1995:113–124
73 G. Miremadi, J. Karlsson, U. Gunne?o, et al. Two Software Techniquesfor On-line Error Detection. 22nd International Symp. on Fault-ToleranceComputing(FTCS-22). 1992:328–335
74 G. A. Kanawati, V. S. S. Nair, N. Krishnamurthy, et al. Evaluation of IntegratedSystem-level Checks for On-line Error Detection. IEEE Int’1 Symp. Paralleland Distributed Systems. 1996:292–301
75 Z. Alkhalifa, V. Nair, N. krishnamurthy, et al. Design and Evaluation of System-level Checks for On-line Control Flow Error Detection. IEEE TransactionsParallel and Distributed Systems. 1999, 10(6):627–641
76 N. Oh, P. Shirvani, E. McCluskey. Control-?ow Checking by Software Signa-tures. IEEE Transactions on Reliability. 2002, 51(2):111–122
77 B. Nicolescu, Y. Savaria, R. Velazco. Software Detection Mechanisms Provid-ing Full Coverage Against Single Bit-?ip Faults. IEEE Transactions on NuclearScience. 2004, 51(6):3510–3518
78 P. Cheynet, B. Nicolescu, R. Velazco, et al. Experimentally Evaluating an Au-tomatic Approach for Generating Saftty-critical Software with Respect to Tran-sient Errors. IEEE Transactions on Nuclear Science. 2000, 47(6):2231–2236
79 P. Cheynet, B. Nicolescu, R. Velazco, et al. Hardening the Software with Re-spect to Transient Errors: A Method and Experimental Results. 1st IEEE Latin-American Test Workshop(LATW 2000). Rio de Janeiro(Brazil), 2000
80 A. Mahmood, E. J. McCluskey. Concurrent Error Detection Using WatchdogProcessors-a Survey. IEEE Transactions on Computers. 1988, 37(2):160–174
81 O. Goloubeva, M. Rebaudengo, M. S. Reorda, et al. Soft-error Detection UsingControl Flow Assertions. Proceedings of the 18th IEEE International Sympo-sium on Defect and Fault Tolerance in VLSI Systems(DFT’03). 2003:581–588
82 R. Venkatasubramanian, J. P. Hayes, B. T. Muttay. Low-cost On-line Fault De-tection Using Control Flow Assertions. 9th IEEE International On-Line TestingSymposium(IOLTS’03). 2003:137–143
83 B. Nicolescu, Y. Savaria, R. Velazco. Sied: Software Implemented Error De-tection. 18th IEEE International Symposium on Defect and Fault Tolerance inVLSI Systems. 2003:589–596
84 N. Oh, P. Shirvani, E. McCluskey. Error Detection by Duplicated Instructions inSuper-scalar Processors. IEEE Transactions on Reliability. 2002, 51(1):63–75
85 B. Nicolescu, R. Velazco. Detecting Soft Errors by a Purely Software Approach:Method, Tools and Experimental Results. Proceedings of the Design, Automa-tion and Test in Europe Conference and Exihibition (DATE’03). Munich, Ger-many, 2003:20057–20063
86 A. S. Michael, P. S. John. Exploiting Instruction-level Parallelism for IntegratedControl-?ow Monitoring. IEEE Transactions on Computers. 1994, 43(2):129–133
87 B. Nicolescu, R. Velazco, M. S. Reorda, et al. A Software Fault ToleranceMethod for Safety-critical Systems: Effectiveness and Drawbacks. 15th Sym-posium On Integrated Circuits And System Design(SBCCI’02). Porto Ale-gre,RS,Brazil, 2002
88 Y. S. Ren. Aqua: A Framework for Providing Adaptive Fault Tolerance toDistributed Applications. Ph.D. thesis, University of Illinois. 2001
89 J.-C. Laprie. Dependability: Basic Concepts and Terminology. Vienna:Springer-Verlag, 1992
90 J. Voas. Software Fault Injection: Growing‘safer’systems. Proc. of the IEEEAerospace Conference. Aspen, United States, 1997, 2:551–561
91 吴杰. 分布式系统设计. 机械工业出版社, 2001
92 R. Chillarege. Orthogonal Defect Classification( Chapter 9 of ” Handbook ofSoftware Reliability Engineering”), IEEE Computer Society Press, McGrow-Hill, 1995
93 H. Madeira, D. Costa, M. Vieira. On the Emulation of Software Faults by Soft-ware Fault Injection. Proceedings of the International Conference on Depend-able Systems and Networks. New York,USA, 2000:417–426
94 H. Lee, Y. Song, H. Shin. Sfida: A Software Implemented Fault Injection Toolfor Distributed Dependable Applications. Proceedings of the 4th InternationalConference on High performance Computing in Asia-Pacific Region. China,2000:410–415
95 E. G. Amoroso. Fundamentals of Computer Security Technology. Prentice-Hall, Inc., 1994
96 C. Cowan, P. Wagle, C. Pu, et al. Buffer Over?ows:attacks and Defenses forthe Vulnerability of the Decade. DARPA Information Survivability Conferenceand Exposition (DISCEX). Oakland(CA,USA), 1999:154–163
97 S. K. Talwar, J. Foster, D. Wagner. Detecting Format-string Vulnerabilities withType Qualifiers. Proc. of the 10th USENIX Security Symposium. Washington,DC, 2002
98 M. Bishop, M. Dilger. Checking for Race Conditions in File Accesses. Com-puting Systems. 1996, 9(2):131–152
99 W. Halfond, J. Viegas, A. Orso. A Classification of Sql-injection Attacks andCountermeasures. Proc. of the IEEE International Symposium on Secure Soft-ware Engineering (ISSSE 2006). 2006
100 A. K. Ghosh, T. O’Connor, G. McGraw. An Automated Approach for Identify-ing Potential Vulnerabilities in Software. Proceedings of the IEEE Symposiumon Security and Privacy. Oakland(CA,USA), 1998:104–114
101 W. Du, A. P. Mathur. Testing for Software Vulnerability Using Environ-ment Perturbation. International Conference on Dependable Systems and Net-works(DSN 2000). New York,USA, 2000:603–612
102 Z. Lin, B. Mao, L. Xie. A Practical Framework for Dynamically ImmunizingSoftware Security Vulnerabilities. The First International Conference on Avail-ability, Reliability and Security (ARES2006). 2006:348–357
103 陆余良, 夏阳. 主机安全量化融合模型研究. 计算机学报. 2005, 28(5):914–920
104 C. P?eeger, S. P?eeger, M. Theofanos. A Methodology for Penetration Testing.Computers and Security. 1989, 8(7):613–620
105 F. M. Puchkov, K. A. Shapchenko. Static Analysis Method for DetectingBuffer Over?ow Vulnerabilities. Programming and Computer Software. 2005,31(4):179–189
106 吴春梅, 夏耐, 茅兵. 防范入侵的静态分析技术比较. 计算机工程. 2006,32(3):174–176
107 H. Chen, D. Wagner. Mops:an Infrastructure for Examining Security Propertiesof Software. Tech. Rep. UCB//CSD-02-1197, UC Berkeley, 2002
108 黄光华, 段川, 蒋凡. 基于model Checking的系统脆弱性分析. 计算机工程.2005, 31(4):148–151
109 I. Krsul. Software Vulnerability Analysis. Ph.D. thesis, Purdue University,Department of Computer Sciences. 1998
110 H. Wang, C. Wang. Taxonomy of Security Considerations and Software Quality.Communications of the ACM. 2003, 46(6):75–78
111 L. Anghel, M. Nicolaidis. Cost Reduction of a Temporary Faults DetectingTechnique. Proc. Design, Automation, and Test Eur. Conf.,. Paris,France,2000:591–598
112 R. C. Baumann. Soft Errors in Commercial Semiconductor Technology:Overview and Scaling Trends. IEEE 2002 Reliability Physics Tutorial Notes,Reliability Fundamentals, IEEE Press, 2002. 121–01.1–121–01.14
113 K. Y. Cai. Software Reliability Experimentation and Control. Journal of Com-puter Science and Technology. 2006, 21(5):697–707
114 王同权, 戴宏毅, 沈永平, 等. 宇宙高能质子致单粒子翻转率的计算. 国防科技大学学报. 2002, 24(2):11–13
115 M. Rebaudengo, M. S. Reorda, M. Torchiano, et al. Soft-error DetectionThrough Software Fault-tolerance Techniques. DFT’99: IEEE InternationalSymposium on Defect and Fault Tolerance in VLSI Systems. Austin(USA),1999:210–218
116 R. Chandra, R. M. Lefever, K. R. Joshi, et al. A Global-state-triggered FaultInjector for Distributed System Evaluation. IEEE Transactions on Parallel andDistributed Systems. 2004, 15(7):593–605
117 W. Hoarau, S. Tixeuil. A Language-driven Tool for Fault Injection in Dis-tributed Applications. Proceedings of the IEEE/ACMWorkshop GRID 2005.Seattle,USA, 2005:194–201
2 武文权. 可重构并行小卫星星载计算机体系结构设计. 中国科学院研究生院Ph.D. thesis. 2004
3 孙峻朝. 基于故障注入的容错机制评测技术的研究. 哈尔滨工业大学博士学位论文Ph.D. thesis. 1999
4 E. Jenn, J. Arlat, M. Rimen, et al. Fault Injection Into Vhdl Models: The MefistoTool. Proceedings of the 24 International Symposium on Fault-Tolerant Com-puting (FTCS-24),. 1994:66–75
5 V. Sieh, O. T. che, F. Balbach. Verify: Evaluation of Reliability Using Vhdl-models with Embedded Fault Descriptions. Proceedings of the 27th Interna-tional Symposium on Fault-Tolerant Computing (FTCS-27). 1997:32–36
6 K. K. Goswami, R. K. Iyer, L. Young. Depend: A Simulation-based Environ-ment for System Level Dependability Analysis. IEEE Transactions on Comput-ers. 1997, 46(1):60–74
7 R. Chandra, R. M. Lefever, M. Cukier, et al. Loki:a State-driven Fault Injec-tor for Distributed Systems. Proceedings of the International Conference onDependable Systems and Networks (DSN’00),. 2000:237–242
8 J. Arlat, M. Aguera, L. Amat, et al. Fault Injection for Dependability Valida-tion: A Methodology and some Applications. IEEE Transactions On SoftwareEngineering. 1990, 16(2):166–182
9 C. J. Walter. Evaluation and Design of an Ultra-reliable Distributed Architecturefor Fault-tolerance. IEEE Transactions on Reliability. 1990, 39(4):492–499
10 J. Arlat, Y. Crouzet, J. Karlsson, et al. Comparison of Physical and Software-implemented Fault Injection Techniques. IEEE Transactions on Computers.2003, 52(9):1115–1133
11 H. Madeira, M. Rela, F. Moreira, et al. Ri?e: A General Purpose Pin-level FaultInjector. Proceedings of the 1st European Dependable Computing Conference(EDCC-1). 1994:199–216
12 U. Gunne?o, J. Karlsson, J. Torin. Evaluation of Error Detection Schemes UsingFault Injection by Heavy-ion Radiation. Proceedings of the 19th InternationalSymposium on Fault-Tolerant Computing (FTCS-19). 1989:340–347
13 R. Koga, W. Kolasinski. Heavy-ion Induced Single Event Upsets of Microcir-cuits; a Summary of the Aerospace Corporation Test Data. IEEE Transactionon Nuclear Science. 1984, 31(6):1190–1195
14 J. Karlsson, P. Lidén, P. Dahlgren, et al. Using Heavy-ion Radiation to ValidateFault-handling Mechanisms. IEEE Micro. 1994, 14(1):8–23
15 J. Karlsson, U. Gunne?o, P. Lidén, et al. Two Fault Injection Techniques forTest of Fault Handling Mechanisms. Digest of Papers, IEEE 1991 InternationalTest Conference. Nashville,TN,USA, 1991:140–149
16 J. Samson, W. Moreno, F. Falquez. A Technique for Automated Validation ofFault Tolerant Designs Using Laser Fault Injection. Proc. 28th Int. Symp. onFault-Tolerant Computing (FTCS-28). Munich,Germany, 1998:162–167
17 S. Han, H. Rosenberg, K. Shin. Doctor: An Integrated Software Fault InjectionEnvironment. Tech. Rep. CSE-TR-192-93, University of Michigan, 1993
18 E. Fuchs. An Appraisal of the Error Detection Mechanisms in Mars Using Soft-ware Implemented Fault Injection. Proc. 2nd European Dependable ComputingConference (EDCC-2). Taormina, Italy, 1996
19 Z. Segall, D. Vrsalovic, D. Siewiorek, et al. Fiat-fault Injection Based Auto-mated Testing Environment. Proc. 18th Symposium on Fault-Tolerant Comput-ing. Tokyo,Japan, 1988:102–107
20 J. Barton, Z. E. Czeck, Segall, et al. Fault Injection Experiments Using Fiat.IEEE Transactions on Computers. 1990, 39(4):575–582
21 G. A. Kanawati, N. A. Kanawati, J. A. Abraham. Ferrari: A Tool for the Vali-dation of System Dependability Properties. Proc. of the 22nd Int’l Symp. onFault-Tolerant Computing (FTCS-22). 1992:336–344
22 S. Dawson, F. Jahanian, T. Mitton, et al. Testing of Fault-tolerant and Real-timeDistributed Systems Via Protocol Fault Injection. Proc. of the 26th Int’l Symp.on Fault-Tolerant Computing(FTCS-26). 1996:404–414
23 K. Echtle, M. Leu. The Efa Fault Injector for Fault-tolerant Distributed SystemTesting. IEEE Workshop on Fault-Tolerant Parallel and Distributed Systems.1992:28–35
24 W. L. Kao, R. K. Iyer, D. Tang. Fine: A Fault Injection and Monitoring Environ-ment for Tracing the Unix System Behaviour under Faults. IEEE Transactionson Software Engineering. 1993, 19(11):1105–1118
25 W. L. Kao, R. K. Iyer. Define: A Distributed Fault Injection and MonitoringEnvironment. Workshop on Fault-Tolerant Paralel and Distributed Systems.1994
26 T. K. Tsai, R. K. Iyer. An Approach to Benchmarking of Fault-tolerantCommercial Systems. Proc. of the 26th Int’l Symp. on Fault-TolerantComputing(FTCS-26). 1996:314–323
27 J. Carreira, H. Madeira, J. G. Silva. Xception: Software Fault Injection andMonitoring in Processor Functional Units. Proc. of the 5th IFIP Int’l WorkingConf. Dependable Computing for Critical Applications(DCCA-5). 1995:135–149
28 J. Carreira, H. Madeira, J. G. Silva. Xception: A Technique for the Evalua-tion of Dependability in Modern Computers. IEEE Transactions on SoftwareEngineering. 1998, 24(2)
29 D. T. Stott, B. Floering, D. Burke, et al. Nftape: A Framework for AssessingDependability in Distributed Systems with Lightweight Fault Injectors. Proc.of IPDS’2000. Chicago,USA, 2000
30 M. R. Moreno, F. Salles, J. Arlat. Mafalda: A Fault Injection Tool for the Evalu-ation of Cots-microkernel Based Systems. European Workshop on DependableComputing. 1998
31 E. Martins, C. M. F. Rubira, N. G. M. Leme. Jaca: A Re?ective Fault InjectionTool Based on Patterns. Proc. of DSN 2002. Washington,USA, 2002
32 M. Hiller, A. Jhumka, N. Suri. Propane: An Environment for Examining thePropagation of Errors in Software. Proc. Int’l Symp. Software Testing and Anal-ysis(ISSTA’02). 2002:81–85
33 A. Benso, P. Prinetto, M. Rebaudengo, et al. Exfi: A Low-cost Fault InjectionSystem for Embedded Microprocessor-based Boards. ACM Trans. On Designautomation of electronic system. 1998, 3(4):626–634
34 J. Aidemark, J. Vinter, P. Folkesson, et al. Goofi: Generic Object-oriented FaultInjection Tool. DSN 2001. Gothenburg,Sweden, 2001:1–6
35 G. Jacques-Silva, R. J. Drebes, J. Gerchman, et al. Fiona: A Fault Injectorfor Dependability Evaluation of Java-based Network Applications. Proc. of 3rdIEEE International Symposium on Network Computing and Applications (NCA2004). Cambridge, MA, USA, 2004:303–308
36 刘宏泰. 基于软件实现的故障注入系统设计与仿真. Master’s thesis, 哈尔滨工业大学硕士学位论文. 2003
37 王胜文. 基于软件的故障注入方法的研究. 哈尔滨工业大学博士学位论文Ph.D. thesis. 2004
38 彭俊杰. 基于软件故障注入的星载系统可靠性评测. 哈尔滨工业大学博士学位论文Ph.D. thesis. 2005
39 朱鹏, 张平. 基于单片机的故障注入系统. 计算机测量与控制. 2004,12(10):996–998
40 王平. 软硬件协同容错电源控制系统的验证. 微电子学与计算机. 2004,21(5):157–160
41 陈显峰, 裘丽华, 王占林. 分布式系统故障注入研究. 系统仿真学报. 1999,11(6):473–476
42 A. Jhumka, M. Hiller, N. Suri. Assessing Inter-modular Error Propagation inDistributed Software. nternational Symposium on Reliable and Distributed Sys-tems (SRDS). 2001:152–161
43 J. P. Roth. Computer Logic. Testing and Verification, Computer Science Press,1980
44 P. Goel. An Implicit Enumeration Algorithm to Generate Tests for Combina-tional Logic Circuits. IEEE Transactions on Computers. 1981, 30(3):215–222
45 H. Fujiwara, T. Shimono. On the Acceleration of Test Generation Algorithms.IEEE Transactions on Computers. 1983, C-32:265–272
46 K. G. Shin, T.-H. Lin. Modeling and Measurement of Error Propagation ina Multimodule Computing System. IEEE Transactions on Computers. 1988,37(9):1053–1066
47 G. Csertán, A. Pataricza, E. Selényi. Dependability Analysis in Hw-sw Code-sign. Proceedings of the International Computer Performance and Dependabil-ity Symposium (IPDS’95). 1995:306-315
48 J. Voas, L. J. Morell. Propagation and Infection Analysis (pia) Applied to De-bugging. Proceedings of Southeastcon’90. 1990:379–383
49 J. Voas. Pie: A Dynamic Failure-based Technique. IEEE Trans. on SoftwareEngineering. 1992, 18(8):717–727
50 L. Morell, B. Murrill, R. Rand. Perturbation Analysis of Computer Pro-grams. Proceedings of the International Conference on Computer Assur-ance(COMPASS’97). 1997:77–87
51 J. Voas, F. Charron, L. Beltracchi. Error Propagation Analysis Studies in aNuclear Research Code. Aerospace Conf. 1998, 4:115–121
52 C. C. Michael, R. C. Jones. On the Uniformity of Error Propagation in Software.Proc. Int’l Conf. Computer Assurace (COMPASS’97). 1997:68–76
53 D. M. Nassar, W. A. Rabie, M. Shereshevsky, et al. Estimating Error Prop-agation Probabilities in Software Architectures. Tech. rep., College of Com-puter Science. New Jersey Institute of Technology, 2002. http://www.ccs.njit.edu/swarch/ep.pdf
54 W. Abdelmoez, D. M. Nassar, M. Shereshevsky, et al. Error Propagation in Soft-ware Architectures. 10th IEEE International Symposium on Software Metrics(METRICS’04). 2004:384–393
55 M. Hiller, A. Jhumka, N. Suri. Epic: Profiling the Propagation and Effect ofData Errors in Software. IEEE Transactions on Computers. 2004, 53(5):512–530
56 A. Johansson, N. Suri. Error Propagation Profiling of Operating Systems. In-ternational Conference on Dependable Systems and Networks (DSN). 2005:86–95
57 P. Popic, D. Desovski, W. Abdelmoez, et al. Error Propagation in the ReliabilityAnalysis of Component Based Systems. 16th IEEE International Symposiumon Software Reliability Engineering (ISSRE’05). 2005:53–62
58 N. Oh. Software Implemented Hardware Fault Tolerance. Ph.D. thesis, StanfordUniversity. 2000
59 G. A. Reis, J. Chang, N. Vachharajani, et al. Swift: Software ImplementedFault Tolerance. Pro. of the Int. Symposium on Code Generation and Optimiza-tion(CGO’05). 2005:243–254
60 B. Randell. System Structure for Software Fault Tolerant. IEEE Transactionson Software Engineering. 1975, 1(2):220–232
61 A. Avizienis. The N-version Approach to Fault-tolerant Software. IEEE Trans-actions on Software Engineering. 1985, 11(12):1491–1501– 124 –
62 S. Bagchi. Hierarchical Error Detection in a Software Implemented Fault Tol-erance (sift) Environment. Ph.D. thesis, Univ. of Illinois. 2001
63 I. Majzik, A. Pataricza. Control Flow Checking in Multitasking Systems. Peri-odica Polytechnica Ser. Electrical Engineering. 1995, 39(1):27–36
64 J. R. Kane, S. S. Yau. Concurrent Software Fault Detection. IEEE Transactionson Software Engineering. 1975, SE-1:87–99
65 S. S. Yau, F.-C. Chen. An Approach to Concurrent Control Flow Checking.IEEE Transactions on Software Engineering. 1980, SE-6:126–137
66 M. Namjoo. Techniques for Concurrent Testing of Vlsi Processor Operation.Digest 1982 Intl. Test Conf. Philadelphia, PA, 1982:461–468
67 D. J. Lu. Watchdog Processor and Structural Integrity Checking. IEEE Trans-actions on Computers. 1982, C-31(7):681–685
68 S. F. Daniels. A Concurrent Test Technique for Standard Microprocessors. Dig.Papers Compcon Spring 83. San Francisco, CA, 1983:389–394
69 H. Madeira, J. G. Silva. On-line Signature Learning and Checking. 2nd IFIPWorking Conf. on Dependable Computing for Critical Applications(DCCA-2).1991:170–177
70 T. Michel, R. Leveugle, G. Saucier. A New Approach to Control Flow Checkingwithout Program Modification. 21st International Symp. on Fault-ToleranceComputing(FTCS-21). 1991:334–341
71 S. Upadhyaya, B. Ramamurthy. Concurrent Process Monitoring with No Ref-erence Signatures. IEEE Transactions on Computers. 1994, 43(4):475–480
72 G. Miremadi, J. Ohlsson, M. Rimen, et al. Use of Time and Address Signaturesfor Control Flow Checking. 5th IFIP Working Conf. on Dependable Computingfor Critical Applications(DCCA-5). 1995:113–124
73 G. Miremadi, J. Karlsson, U. Gunne?o, et al. Two Software Techniquesfor On-line Error Detection. 22nd International Symp. on Fault-ToleranceComputing(FTCS-22). 1992:328–335
74 G. A. Kanawati, V. S. S. Nair, N. Krishnamurthy, et al. Evaluation of IntegratedSystem-level Checks for On-line Error Detection. IEEE Int’1 Symp. Paralleland Distributed Systems. 1996:292–301
75 Z. Alkhalifa, V. Nair, N. krishnamurthy, et al. Design and Evaluation of System-level Checks for On-line Control Flow Error Detection. IEEE TransactionsParallel and Distributed Systems. 1999, 10(6):627–641
76 N. Oh, P. Shirvani, E. McCluskey. Control-?ow Checking by Software Signa-tures. IEEE Transactions on Reliability. 2002, 51(2):111–122
77 B. Nicolescu, Y. Savaria, R. Velazco. Software Detection Mechanisms Provid-ing Full Coverage Against Single Bit-?ip Faults. IEEE Transactions on NuclearScience. 2004, 51(6):3510–3518
78 P. Cheynet, B. Nicolescu, R. Velazco, et al. Experimentally Evaluating an Au-tomatic Approach for Generating Saftty-critical Software with Respect to Tran-sient Errors. IEEE Transactions on Nuclear Science. 2000, 47(6):2231–2236
79 P. Cheynet, B. Nicolescu, R. Velazco, et al. Hardening the Software with Re-spect to Transient Errors: A Method and Experimental Results. 1st IEEE Latin-American Test Workshop(LATW 2000). Rio de Janeiro(Brazil), 2000
80 A. Mahmood, E. J. McCluskey. Concurrent Error Detection Using WatchdogProcessors-a Survey. IEEE Transactions on Computers. 1988, 37(2):160–174
81 O. Goloubeva, M. Rebaudengo, M. S. Reorda, et al. Soft-error Detection UsingControl Flow Assertions. Proceedings of the 18th IEEE International Sympo-sium on Defect and Fault Tolerance in VLSI Systems(DFT’03). 2003:581–588
82 R. Venkatasubramanian, J. P. Hayes, B. T. Muttay. Low-cost On-line Fault De-tection Using Control Flow Assertions. 9th IEEE International On-Line TestingSymposium(IOLTS’03). 2003:137–143
83 B. Nicolescu, Y. Savaria, R. Velazco. Sied: Software Implemented Error De-tection. 18th IEEE International Symposium on Defect and Fault Tolerance inVLSI Systems. 2003:589–596
84 N. Oh, P. Shirvani, E. McCluskey. Error Detection by Duplicated Instructions inSuper-scalar Processors. IEEE Transactions on Reliability. 2002, 51(1):63–75
85 B. Nicolescu, R. Velazco. Detecting Soft Errors by a Purely Software Approach:Method, Tools and Experimental Results. Proceedings of the Design, Automa-tion and Test in Europe Conference and Exihibition (DATE’03). Munich, Ger-many, 2003:20057–20063
86 A. S. Michael, P. S. John. Exploiting Instruction-level Parallelism for IntegratedControl-?ow Monitoring. IEEE Transactions on Computers. 1994, 43(2):129–133
87 B. Nicolescu, R. Velazco, M. S. Reorda, et al. A Software Fault ToleranceMethod for Safety-critical Systems: Effectiveness and Drawbacks. 15th Sym-posium On Integrated Circuits And System Design(SBCCI’02). Porto Ale-gre,RS,Brazil, 2002
88 Y. S. Ren. Aqua: A Framework for Providing Adaptive Fault Tolerance toDistributed Applications. Ph.D. thesis, University of Illinois. 2001
89 J.-C. Laprie. Dependability: Basic Concepts and Terminology. Vienna:Springer-Verlag, 1992
90 J. Voas. Software Fault Injection: Growing‘safer’systems. Proc. of the IEEEAerospace Conference. Aspen, United States, 1997, 2:551–561
91 吴杰. 分布式系统设计. 机械工业出版社, 2001
92 R. Chillarege. Orthogonal Defect Classification( Chapter 9 of ” Handbook ofSoftware Reliability Engineering”), IEEE Computer Society Press, McGrow-Hill, 1995
93 H. Madeira, D. Costa, M. Vieira. On the Emulation of Software Faults by Soft-ware Fault Injection. Proceedings of the International Conference on Depend-able Systems and Networks. New York,USA, 2000:417–426
94 H. Lee, Y. Song, H. Shin. Sfida: A Software Implemented Fault Injection Toolfor Distributed Dependable Applications. Proceedings of the 4th InternationalConference on High performance Computing in Asia-Pacific Region. China,2000:410–415
95 E. G. Amoroso. Fundamentals of Computer Security Technology. Prentice-Hall, Inc., 1994
96 C. Cowan, P. Wagle, C. Pu, et al. Buffer Over?ows:attacks and Defenses forthe Vulnerability of the Decade. DARPA Information Survivability Conferenceand Exposition (DISCEX). Oakland(CA,USA), 1999:154–163
97 S. K. Talwar, J. Foster, D. Wagner. Detecting Format-string Vulnerabilities withType Qualifiers. Proc. of the 10th USENIX Security Symposium. Washington,DC, 2002
98 M. Bishop, M. Dilger. Checking for Race Conditions in File Accesses. Com-puting Systems. 1996, 9(2):131–152
99 W. Halfond, J. Viegas, A. Orso. A Classification of Sql-injection Attacks andCountermeasures. Proc. of the IEEE International Symposium on Secure Soft-ware Engineering (ISSSE 2006). 2006
100 A. K. Ghosh, T. O’Connor, G. McGraw. An Automated Approach for Identify-ing Potential Vulnerabilities in Software. Proceedings of the IEEE Symposiumon Security and Privacy. Oakland(CA,USA), 1998:104–114
101 W. Du, A. P. Mathur. Testing for Software Vulnerability Using Environ-ment Perturbation. International Conference on Dependable Systems and Net-works(DSN 2000). New York,USA, 2000:603–612
102 Z. Lin, B. Mao, L. Xie. A Practical Framework for Dynamically ImmunizingSoftware Security Vulnerabilities. The First International Conference on Avail-ability, Reliability and Security (ARES2006). 2006:348–357
103 陆余良, 夏阳. 主机安全量化融合模型研究. 计算机学报. 2005, 28(5):914–920
104 C. P?eeger, S. P?eeger, M. Theofanos. A Methodology for Penetration Testing.Computers and Security. 1989, 8(7):613–620
105 F. M. Puchkov, K. A. Shapchenko. Static Analysis Method for DetectingBuffer Over?ow Vulnerabilities. Programming and Computer Software. 2005,31(4):179–189
106 吴春梅, 夏耐, 茅兵. 防范入侵的静态分析技术比较. 计算机工程. 2006,32(3):174–176
107 H. Chen, D. Wagner. Mops:an Infrastructure for Examining Security Propertiesof Software. Tech. Rep. UCB//CSD-02-1197, UC Berkeley, 2002
108 黄光华, 段川, 蒋凡. 基于model Checking的系统脆弱性分析. 计算机工程.2005, 31(4):148–151
109 I. Krsul. Software Vulnerability Analysis. Ph.D. thesis, Purdue University,Department of Computer Sciences. 1998
110 H. Wang, C. Wang. Taxonomy of Security Considerations and Software Quality.Communications of the ACM. 2003, 46(6):75–78
111 L. Anghel, M. Nicolaidis. Cost Reduction of a Temporary Faults DetectingTechnique. Proc. Design, Automation, and Test Eur. Conf.,. Paris,France,2000:591–598
112 R. C. Baumann. Soft Errors in Commercial Semiconductor Technology:Overview and Scaling Trends. IEEE 2002 Reliability Physics Tutorial Notes,Reliability Fundamentals, IEEE Press, 2002. 121–01.1–121–01.14
113 K. Y. Cai. Software Reliability Experimentation and Control. Journal of Com-puter Science and Technology. 2006, 21(5):697–707
114 王同权, 戴宏毅, 沈永平, 等. 宇宙高能质子致单粒子翻转率的计算. 国防科技大学学报. 2002, 24(2):11–13
115 M. Rebaudengo, M. S. Reorda, M. Torchiano, et al. Soft-error DetectionThrough Software Fault-tolerance Techniques. DFT’99: IEEE InternationalSymposium on Defect and Fault Tolerance in VLSI Systems. Austin(USA),1999:210–218
116 R. Chandra, R. M. Lefever, K. R. Joshi, et al. A Global-state-triggered FaultInjector for Distributed System Evaluation. IEEE Transactions on Parallel andDistributed Systems. 2004, 15(7):593–605
117 W. Hoarau, S. Tixeuil. A Language-driven Tool for Fault Injection in Dis-tributed Applications. Proceedings of the IEEE/ACMWorkshop GRID 2005.Seattle,USA, 2005:194–201