Software has become a central part of nearly all sectors of economic activity, and our daily lives have become increasingly dependent on complex software-intensive systems, i.e., systems in which software interacts with other software, other systems, devices, sensors and with people. Exploitation of vulnerabilities in software can affect thousands or even millions of people and lead to massive damages. The secureIT project will help reduce software vulnerabilities by addressing the problem at its source: We will develop advanced methods and techniques that help software engineers predict the vulnerability of source code during development, well before it can be exploited. The overall goal of this project is to significantly reduce digital vulnerability of ICT by devising intelligent automated software security assessment technology that supports software engineers by systematically and continuously predicting the vulnerability of source code in the development stage. We reach this goal using three scientific break-throughs that will advance the state of the art in software security assessments: (1) Vulnerability Prediction based on Vulnerability Smells and Security Anti-Patterns (2) Anomaly-based Vulnerability Prediction (3) Improving Vulnerability Predictions using Historical Data Timeliness: The secureIT project builds on the PI's earlier achievements in automated software inspection, code smell detection, cross-language information flow analysis in heterogeneous systems, and frequent pattern mining and anomaly detection in high-volume data. Recent advances in machine learning together with the PI's new results on automatically learning patterns in high volume data and generalizing them using rule aggregation [27 in project description] make that now is the best time to start this research. Software vulnerability needs to be reduced, and the global state-of-the-art was not at the required level to start this ambitious research undertaking until just recently.
Project leader: Leon Moonen
Category: Øvrige forskningsinstitutter
Institution: SIMULA RESEARCH LABORATORY AS