The goal of the FAST Adventurous Research project was to develop widely deployable, easy-to-use tools that augment human analysis for security evaluation of software.
The FAST project advances the methodology and tools used for model-based security evaluation of software. This was accomplished by researching ways to develop, extend, and integrate capabilities in three distinct domains: static analysis (BEAM and DOMO), test generation (MBAT/Archetest), and dynamic monitoring (code coverage measurement tools).
The design of the FAST test environment is an inter-connection of components including test harness, target software under test, test generator with UML models of target software behavior, static analysis tools, and dynamic monitoring tools. To enhance this framework further, we introduced two feedback loops designed to communicate dynamically acquired information to the test generator. One feedback loop enables the test generator to steer around failures using machine-learning techniques. This capability makes it possible to diagnose failures and identify alternate test paths. The second feedback loop prompts the test generator to create additional test cases that will execute previously unexecuted lines of code in the target software. The goal is to maximize code coverage during testing.
The scientific impact of the FAST project is evident in areas such as knowledge mining and codification of human expertise in security. Research performed for the FAST project also influences the standards definition for higher levels of Common Criteria evaluation.
FAST Solution Architecture
Last updated 16 Jun 2008
