Computer & Information Science Department   Polytechnic University

ATTENTION: THIS WEB SITE HAS MOVED. The pages you are looking at are no longer being maintained. Please go to http://www.poly.edu/cis/ to visit the new site of the Department of Computer and Information Science at Polytechnic University.

Software Engineering

(Profs. Frankl, Memon, Naumovich)

Software engineering research in the department includes work on software testing techniques, finite state verification techniques, and network and application security.

Software Testing: Prof. Frankl has worked extensively on problems in testing large software systems, including theoretical aspects of software testing, comparing effectiveness of software testing techniques, and building testing tools. She played an important part in the development of data flow testing. In a program, a variable is often defined and used in several different statements -- data flow testing techniques decide to include a test case in a test suite if this test case executes certain combinations of statements for a given variable. Prof. Frankl has also developed a testing technique for object-oriented programs and worked in the area of regression testing -- techniques for efficiently testing a new version of a program when a previous version has already been tested.

Prof. Frankl's and her students' current work includes the development of techniques for testing database applications, and the experimental comparison of the effectiveness of several promising coverage-based testing techniques. Coverage-based techniques measure the quality of a test set by how fully this set ``exercises'' a specific aspect of a program. For example, for a test set to achieve a 100% statement coverage, each statement in the program has to be executed by at least one test case from this set. The research is evaluating how good such techniques are at detecting bugs. One of the challenges of testing database applications is that the test cases are represented not only by the conventional parameters passed to the application, but also by (potentially very large) tables in the database.

Finite State Verification: This research area addresses the problem of quality assurance of large distributed software systems. Finite state verification (FSV) is a family of techniques that use a finite model to represent a software system. The finite models are then analyzed for specification errors. FSV techniques take all possible inputs of a system into account and are largely automated, thus providing an important alternative to both testing and formal verification techniques. Prof. Naumovich has participated in the development of a FSV technique that can be applied to distributed Ada and Java programs.

Currently, the main interests of Prof. Naumovich in this area lie in improving performance of FSV techniques by optimizing algorithms that they use. Since several studies have demonstrated that even simple optimizations can dramatically improve performance of FSV tools, he hopes that a systematic analysis of the nature of different FSV techniques and previously proposed optimizations will lead to powerful new optimizations, making FSV applicable to much larger distributed systems than at present. A substantial part of the work in this direction will involve extensive experimental work on analyzing realistic distributed programs with FSV tools.

Another promising research direction is the collaboration of Profs. Frankl and Naumovich on combining testing and FSV in a synergistic manner. This approach attempts to use information from FSV analyses to investigate the reported problems with testing techniques and also to use information from testing in the form of heuristics to improve modeling used in FSV. Presently, a tool to be used for empirical evaluation of this approach is being constructed.

Analysis of Network and Application Security: Profs. Frankl, Memon, and Naumovich are interested in various aspects of network and application security. Currently, their interests are concentrated in the area of improving confidence in Java programs that may be attacked by hostile applets. Hostile applets (or, more generally, classes) can exploit weaknesses in Java systems by obtaining, in one way, or another, permissions to perform system-critical operations, such as accessing data on local disks. The main direction of the current work is to formulate important requirements on Java programs and develop techniques for validating these requirements. Such techniques will be based on both finite state verification approaches and testing approaches.

Virus protection is an important aspect of network security. Prof. Frankl has worked on detection of macro viruses using a range of static analysis techniques. Results of this work have been used in a virus detection tool by IBM.

Software Watermarking: Software piracy is extremely widespread (estimated at USD 15 Billion in 1999 alone). It is important that the legitimate developers of a software system be able to prove their authorship of the software. Software watermarking is a technique for embedding a message identifying the author in a software system. Profs. Memon and Naumovich are interested in the problem of watermarking Java programs. Currently, they are working on a dynamic watermarking technique, based on embedding a message in the run-time state of a program. Profs. Memon and Naumovich are also interested in several other techniques for preventing software piracy, including authentication and program obfuscation techniques.