We have investigated a fault injection-based technique for undermining the ability of software components to produce undesirable outputs into the state of the system. Undesirable outputs are any class of outputs that a component must not release into the state of the system given its current environment. Software components are said to be \failure-tolerant" if they release desirable outputs regardless of the programmer faults, potential malicious input data directed against the component, and other non-malicious but corrupted input data. Our technology assesses the failure tolerance of software components after simulated program state corruptions are injected into the components as they execute. Based on the types of outputs that result from fault injection, our technique knows where \recovery assertions" (which act somewhat like antibodies do in an organism) should be injected into software components to ensure desirable system outputs the second part of our approach then s...
Jeffrey M. Voas