The usage of Commercial off the Shelf (COTS) components in software systems presents the possibility of temporal savings and efficiency increases. However, this temporal savings might come at the expense of system quality. When a system integrator relies upon COTS software, trust is placed in unknown, black-box components. We present a methodology that identifies problematic COTS components and then attempts to augment a system integrator’s understanding of these components. Our technique uses software fault injection to expose COTS components to new failure scenarios. When these unique failure scenarios cause a COTS component to act in an unpredictable manner, our approach records the injected fault and the anomalous behavior. Next, we employ different machine learning techniques to build a representation of the anomalous behavior of the COTS component. These machine learning algorithms analyze the collected data, which describes the diverse conditions that cause a COTS component to behave unpredictably, and produce a comprehensive model of the combinations of input and component state that normally result in deviant behavior. A system integrator can inspect a graphical representation of this model in order to gain a better understanding of the anomalous COTS components. We believe our approach to isolating and understanding problematic COTS components will allow a system integrator to realize the temporal savings of reusable COTS software while also mitigating the associated risks.
Kapfhammer, G. M., Michael, C. C., Haddox, J., & Colyer, R. (2000). An approach to identifying and understanding problematic COTS components. In Proceedings of the 2nd International Software Assurance and Certification Conference.
Want to cite this paper? Look in the BiBTeX file of gkapfham/research-bibliography for the key "Kapfhammer2000".