Computers and information play an increasingly important role in modern society. More people use computers, more informaion is processed and stored by them, aadn our nation\‘s dependence on computers continues to grow. Therefore, it is essential to protect computers and the informationtghey contain. From a practical stand poiny, computer viruses white-collar crime, theft of hardware and software, unauthorized acces to data, and damage and destruction of computer systems by people or nature are real threats. COmputer security shows its worth in preventing loss or harm. The meaning of terms like \“appropriate and cost-effective safeguards\” are truely appreciated when explaining how a loss was or was not prevented.
Due to vital need to protect computer systems, the National Insttute of Standards and Technology (NIST) povides standards and guidelines on many asoects of computer security. This document addresses the specific issue of including computer security requirements in federal information processing (FIP) procurements. A NIST-sponsored working group of government and industry representatives in computer security, information management, and FIP procurement helped to develp this document.
Programmers spend considerable time debugging code. Symbolic debuggers provide some help but the task still remains complex and difficult. Other than breakpoints and tracing, these tools provide little high level help. Programmers must perform many tasks manually that the tools couldd perform automatically, such as finding which statements in the program affect the value of an output variable under a given testcase, what was the value of a given variable when the control last reached a given program location, and what does the program do differently under one testcase that it does not do under another. If the debugging tools provided explicit support for such tasks, the whole debuggin process would be automated to a large extent. In this dissertation, we propose a new debugging paradigm that easily lends itself to automation. Two tasks in this paradigm translate into techniques called dynamic program slicing and execution backtracking. we discuss what these techniques are and how they can be automated. We present ways to obtain accurate dynamic slices of programs that may involve unconstrained pointers and composite variables. Dynamic slicing algorithms spanning a range of time-space-accuracy trade-offs are presented. We also propose ways in which multiple dynamic slices may be combined to provide further fault localization information. A new space-efficient approach to execution backtracking called “structured backtracking” is also proposed. Our experiment with the above techniques has also resulted in development of a prototype tool, SPYDER, that explicitely supports them.