Topic Title: Intelligent Software Security Analysis

 

Technical Area: Security, Software Analysis

 

Background

 

Currently, the software becomes much bigger and more complex, and it is more challenging to analyze its security.

 

First, as the software becomes big, it is hard to analyze the software thoroughly. Therefore, it is urgent to identify the functional component, and focus on the key component which is more important with the higher security level. Second, as software becomes complex, it is hard to analyze all the program behaviors. In general, we can only analyze partial program behaviors.

 

To address these issues, we need to identify the functional components of the software by statically analyzing their source code, and infer the relationship among the components by building the knowledge graph of program behaviors. With the knowledge graph and key components identified, we can do lots of  analyzing tasks related to software security, such as malicious code detecting and vulnerability mining.

 

Target

 

We are looking for collaboration on this topic to 1. identify functional components by statically analyzing the source code of the program; 2. build the knowledge graph of the program behaviors which shows the relationship of components; and 3. conduct malicious code detection based on the functional analyzing result and knowledge graph, to solve part of problem of software supply chain security.

We expect the outcomes of the collaboration would be prototype systems with new algorithms and academic publications.

 

Related Research Topics

 

The related research topics are source code analysis, source code learning and software supply chain security. Source code analysis [1] is a traditional method of software analyzing with a history more than 30 year. Source code learning [2] present how to construct graphs from source code and how to scale Gated Graph Neural Networks training to large graphs. Software supply chain security [3] descript the risk of supply chain security and methods of mitigating.

 

References

[1] Daniel Jackson, Martin Rinard. 2010. Software Analysis: A Roadmap. https://dl.acm.org/citation.cfm?id=1254713

[2] Miltiadis Allamanis, Marc Brockschmidt, Mahmoud Khademi. 2018. LEARNING TO REPRESENT PROGRAMS WITH GRAPHS. https://arxiv.org/abs/1711.00740

[3] RJ Ellison, JB Goodenough, CB Weinstock, C Woody. 2010. Evaluating and mitigating software supply chain security risks. http://www.dtic.mil/docs/citations/ADA522538