A practical solution to ensuring trusted software components

Abstract

Using component technologies alters the basic model for a software system. A traditional software application is executed as a stand- alone process on an operating system. Software applications built from software components depend upon a robust component model implementation; in fact, these applications cannot execute without it. To ensure wider applicability of CBSE, it must be possible for application assemblers to trust the software components they buy and use. Two promising directions towards improving trust are (1) enhancing the ability of assemblers to debug and otherwise troubleshoot black-box components; and (2) enabling run-time enforcement of assertions and interface specifications. We have developed a probe monitoring technology, called CDI, based on research funded by the NSF and DARPA that supports both of these directions. The Consolidated DASADA Infrastructure (CDI) provides an implementation of a set of core interfaces designed by the DARPA Dynamic Assembly for System Adaptability, Dependability, and Assurance (DASADA) program. DASADA was based on the principle that software systems would be more robust with a standardized infrastructure that monitors and measures the performance of a software system as it executes by using probes embedded in the target system. This probe infrastructure emits events that are interpreted by specialized gauges that detect anomalous or otherwise dangerous conditions. The true benefit of CDI appears when it is integrated into a component model to be automatically available for any applications built from those components. In this talk, we'll describe the advances we have made and our future plans.