An important step in the development of dependable systems is validation their fault tolerance properties. Fault injection has been widely used for this purpose, however with rapid increase processor complexity, traditional techniques are also increasingly more difficult to apply. This paper presents a new software-implemented and monitoring environment, called Xception, which targeted at modern complex processors. Xception uses advanced debugging performance features existing most...

The injection of faults has been widely used to evaluate fault tolerance mechanisms and assess the impact in computer systems. However, software is not as well understood other classes (e.g., hardware faults). In this paper, we analyze how can be injected (emulated) a source-code independent manner. We specifically address important emulation requirements such representativeness accuracy. start with analysis an extensive collection real faults. observed that large percentage falls into...

The injection of software faults in components to assess the impact these on other or system as a whole, allowing evaluation fault tolerance, is relatively new compared decades research hardware injection. This paper presents an extensive experimental study (more than 3.8 million individual experiments three real systems) evaluate representativeness injected by state-of-the-art approach (G-SWFIT). Results show that significant share (up 72 percent) cannot be considered representative...

Although Web services are becoming business-critical components, they often deployed with critical software bugs that can be maliciously explored. vulnerability scanners allow detecting security vulnerabilities in by stressing the service from point of view an attacker. However, research and practice show different have performance on detection. In this paper we present experimental evaluation 300 publicly available services. Four well known been used to identify flaws implementations. A...

Web applications are typically developed with hard time constraints and often deployed security vulnerabilities. Automatic web vulnerability scanners can help to locate these vulnerabilities popular tools among developers of applications. Their purpose is stress the application from attacker's point view by issuing a huge amount interaction within it. Two most widely spread dangerous in SQL injection cross site scripting (XSS), because damage they may cause victim business. Trusting results...

This paper presents an experimental study on the emulation of software faults by fault injection. In a first experiment, set real has been compared with injected SWIFI tool (Xception) to evaluate accuracy faults. Results revealed limitations Xception (and other tools) in different classes (about 44% cannot be emulated). The use field data about was discussed and metrics were suggested as alternative guide injection process when is nor available. second rules for errors meant emulate...

This paper proposes an approach for the evaluation of robustness web services, which are complex software components that must provide a robust interface to client applications. However, although services becoming business-critical components, there is no practical way assess code or compare alternative implementations concerning robustness. The proposed based on set tests (i.e., invalid call parameters) applied in order discover both programming and design errors. classified failures...

In this paper we propose a methodology and prototype tool to evaluate web application security mechanisms. The is based on the idea that injecting realistic vulnerabilities in attacking them automatically can be used support assessment of existing mechanisms tools custom setup scenarios. To provide true life results, proposed vulnerability attack injection relies study large number real applications. addition generic methodology, describes implementation Vulnerability & Attack Injector Tool...

This paper proposes a new automatic approach for the detection of SQL Injection and XPath vulnerabilities, two most common critical types vulnerabilities in Web services. Although there are tools that allow testing applications against security previous research shows effectiveness those services environments is very poor. In our representative workload used to exercise service large set SQL/XPath injection attacks applied disclose vulnerabilities. Vulnerabilities detected by comparing...

Most web applications have critical bugs (faults) affecting their security, which makes them vulnerable to attacks by hackers and organized crime. To prevent these security problems from occurring it is of utmost importance understand the typical software faults. This paper contributes this body knowledge presenting a field study on two most widely spread application vulnerabilities: SQL Injection XSS. It analyzes source code patches used Web written in weak strong typed languages. Results...

We propose that understanding functional patterns of activity in mapped brain regions associated with code comprehension tasks and, more specifically, to the finding bugs traditional inspections could reveal useful insights improve software reliability and development process general. This includes helping select best professionals for debugging effort, improving conditions inspections, identify new directions follow training reviewers. paper presents an interdisciplinary study analyze...

An emergent research area in software engineering and reliability is the use of wearable biosensors to monitor cognitive state developers during development tasks. The goal gather physiologic manifestations that can be linked error-prone scenarios related programmers’ states. In this paper we investigate whether electroencephalography (EEG) applied accurately identify load associated with comprehension code different complexity levels. Therefore, a controlled experiment involving 26...

Abstract Comprehending digital content written in natural language online is vital for many aspects of life, including learning, professional tasks, and decision-making. However, facing comprehension difficulties can have negative consequences learning outcomes, critical thinking skills, decision-making, error rate, productivity. This paper introduces an innovative approach to predict at the local level (e.g., paragraphs). Using affordable wearable devices, we acquire physiological responses...

An important research topic deals with the investigation of whether a non-duplicated computer can be made fail-silent, since that behaviour is a-priori assumed in many algorithms. However, previous has shown systems using simple based error detection mechanism invisible to programmer (e.g. memory protection), percentage fail-silent violations could higher than 10%. Since study these errors they were mostly caused by pure data errors, we evaluate effectiveness software techniques capable...

This paper evaluates the impact of transient errors in operating system a COTS-based (CETIA board with two PowerPC 750 processors running LynxOS) and quantifies their effects at both OS application level. The study has been conducted using Software-Implemented Fault Injection tool (Xception) realistic programs synthetic workloads (to focus on specific features) have used. results provide comprehensive picture faults LynxOS key features (process scheduling most frequent calls), data...

Web-services and service-oriented architectures are gaining momentum in the area of distributed systems Internet applications. However, as we increase abstraction level applications also increasing complexity underlying middleware. In this paper, present a dependability benchmarking study to evaluate compare robustness some most popular SOAP-RPC implementations that intensively used industry. The was focused on Apache Axis where have observed high susceptibility software aging. Building...

Web-services are supported by a complex software infrastructure that must provide robust service to the client applications. This practical experience report presents approach for evaluation of robustness infrastructures. A set tests (i.e., invalid web-services call parameters) is applied during execution in order reveal possible problems code and application server infrastructure. The illustrated using two different implementations specified TPC-App performance benchmark running on top...