 |
|
|
Award Abstract #0346903
CAREER: Test-Driven Development of Secure and Reliable Software Applications
| NSF Org: |
CCF
Division of Computer and Communication Foundations
|
|
|
| Initial Amendment Date: |
March 22, 2004 |
|
| Latest Amendment Date: |
February 4, 2008 |
|
| Award Number: |
0346903 |
|
| Award Instrument: |
Continuing grant |
|
| Program Manager: |
Sol J. Greenspan
CCF Division of Computer and Communication Foundations
CSE Directorate for Computer & Information Science & Engineering
|
|
| Start Date: |
April 1, 2004 |
|
| Expires: |
March 31, 2009 (Estimated) |
|
| Awarded Amount to Date: |
$405889 |
|
| Investigator(s): |
Laurie Williams williams@csc.ncsu.edu(Principal Investigator)
|
|
| Sponsor: |
North Carolina State University
CAMPUS BOX 7514
RALEIGH, NC 27695 919/515-2444
|
|
| NSF Program(s): |
COMPUTING PROCESSES & ARTIFACT,
ADVANCED NET INFRA & RSCH,
SOFTWARE ENGINEERING AND LANGU
|
|
| Field Application(s): |
0000912 Computer Science
|
|
| Program Reference Code(s): |
HPCC,9251,9218,9215,1187,1045
|
|
| Program Element Code(s): |
7352,4090,2880
|
ABSTRACT
ABSTRACT
0346903
Laurie Williams
North Carolina State University
CAREER: The Test-Driven Development of Secure and Reliable Software Applications
Our nation's critical infrastructure demands that our current and future IT professionals have the knowledge, tools, and techniques to produce reliable and trustworthy software. The objective of this research is to extend, validate, and disseminate a software development practice to aid in the prevention of computer-related disasters. The practice is based upon test-driven development (TDD), a software development technique with tight verification and validation feedback loops. The proposed work extends the TDD practice and provides a supportive open-source tool for explicitly situating security as a primary attribute considered in these tight feedback loops. Additionally, the research examines the composition of TDD and pair programming/pair testing as a security- and reliability-enhancing tuple of development practices. The study will also examine the potential of pair programming/pair testing for improving the success/retention of socially-oriented women, men, and minorities in the IT workforce. The intellectual merits of this proposal include an enhanced TDD-based software development practice to mitigate security concerns and a catalog of security testing patterns disseminated via the Internet. The broad impacts of the proposal include an interuniversity student competition to build excitement about developing secure and reliable software applications and a revised undergraduate software engineering textbook integrating security and reliability topics.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
(Showing: 1 - 13 of 13).
Davidsson, M., Zheng, J., Nagappan, N., Williams, L., Vouk, M..
"GERT: An Empirical Reliability Estimation and Testing Feedback Tool,"
IEEE International Symposium on Software Reliability Engineering 2004,
2004,
p. 269.
Gegick, M. and Williams, L..
"Matching Attack Signatures to Security Vulnerabilities in Software-Intensive System Design,"
Software Engineering for Secure Systems Workshop at the International Conference on Software Engineering (ICSE) 2005,
2005,
p. 1.
Nagappan, N., Williams, L., Osborne, J., Vouk, M., Abrahamsson, P..
"Providing Test Quality Feedback Using Static Source Code and Automatic Test Suite Metrics,"
International Symposium on Software Reliability Engineering (ISSRE) 2005,
2005,
p. 85.
Nagappan, N., Williams, L., Vouk, M., and Osborne, J..
"Using In-Process Testing Metrics to Estimate Post-Release Field Quality of Java Programs,,"
IEEE International Symposium on Software Reliability Engineering,
2007,
p. 209.
Nagappan, N., Williams, L., Vouk, M., Osborne, J..
"Early Estimation of Software Quality Using In-Process Testing Metrics: A Controlled Case Study,"
Third Workshop on Software Quality at the International Conference on Software Engineering (ICSE) 2005,
2005,
p. 1.
Nagappan, N., Williams, L., Vouk, M., Osborne, J..
"Using In-Process Testing Metrics to Estimate Software Reliability: A Feasibility Study,"
Fast Abstract at the International Symposium on Software Reliability Engineering (ISSRE) 2004,
2004,
p. 21.
Nagappan, N., Williams, L., Vouk, M., Osborne, J.,.
"Using In-Process Testing Metrics to Estimate Post-Release Product Quality,"
NCSU-CSC TR 2006-34, December 29. 2006.,
2006,
p. 1.
Shin, Y..
"Improving the Identification of Actual Input Manipulation Vulnerabilities,"
ACM Foundations of Software Engineering (FSE) Doctoral Symposium,
2006,
p. 1.
Shin, Y., Williams, L., and Xie, T..
"SQLUnitGen: SQL Injection Testing Using Static and Dynamic Analysis,"
Student Paper at the International Symposium on Software Reliability Engineering (ISSRE) 2006, Raleigh, NC, ISBN 978-0-9671473-3-3-8.,
2006,
p. 1.
Shin, Y., Williams, L., Xie, T..
"SQLUnitGen: Test Case Generation Injection Detection,"
NCSU-CSC TR 2006-21, August 6. 2006.,
2006,
p. 1.
Srikanth, H. and Williams, L.
"On the Economics of Requirements-Based Test Case Prioritization,"
Seventh International Workshop on Economics-Driven Software Engineering Research at the International Conference on Software Engineering (ICSE) 2005,
2005,
p. 1.
Strom, M., Davidsson, M., Williams, L., Vouk, M.,.
"The Good Enough Reliability Tool (GERT) Version 2,"
Fast Abstract at the International Symposium on Software Reliability Engineering (ISSRE) 2005,
2005,
p. 4.35.
Williams, L. and Shin, Y..
"WIP: Exploring Security and Privacy Concepts through the Development and Testing of the iTrust Medical Records System,"
Frontiers in Education (FIE) 2006, San Diego,
2006,
p. S1F30.
(Showing: 1 - 13 of 13).
Please report errors in award information by writing to: awardsearch@nsf.gov.
|
|
|
