Like thieves looking for unlocked doors or windows, cybercriminals search for mistakes in software code that could allow them to break into computer networks to steal private data or launch attacks.
Dr. Shiyi Wei, assistant professor of computer science at The University of Texas at Dallas Erik Jonsson School of Engineering and Computer Science, develops tools to prevent cyberattacks by finding and fixing coding errors before the software is deployed.
Most recently, Wei received a five-year, $458,849 National Science Foundation Faculty Early Career Development Program (CAREER) award to improve static analysis, a tool that examines software for flaws that create security vulnerabilities.
“When you have a bug, or error, in a software application, it leaves the chance for attacks,” Wei said. “Our goal is to make sure that errors, especially critical errors, can be detected before the deployment of the code or as early as possible in the process so they can’t be exploited by bad users, which could cause very severe consequences.”
Thousands, or even millions, of lines of code are needed to operate basic software applications that people use every day. Mistakes in this complex set of instructions, which could be written in a range of languages, are caused by human error. As a relatively young field, computer science does not have a universal set of standards for developing software code, which Wei said also can lead to mistakes.
Software is tested using static analysis programs made up of algorithms that search for vulnerabilities. Wei said it can be challenging, however, to know which of the many available analysis tools should be applied. He said the wrong one could be as ineffective as using an English spelling checker on an article written in a different language. Wei’s research is designed to use machine learning to construct the best software analysis tool automatically for the type of software being tested.
Another part of his research focuses on developing a more systematic process to ensure that the tools themselves are effective and do not have bugs. Researchers in his group have developed a technique to discover bugs within a static analysis tool by examining the relationships between the algorithms. Wei said relationships that do not behave in expected ways can indicate errors.
Wei and his team will initially focus on analysis tools for Android, with the aim of applying the solution more broadly.
“Our goal is to help users figure out which option or combination of options to use to take advantage of the full potential of the tools available,” Wei said.
Wei became interested in software security and reliability as an undergraduate student in China, where he had the opportunity to participate in research on the issue. He earned his doctoral degree from Virginia Tech and worked as a postdoctoral associate at the University of Maryland, College Park before joining UT Dallas in 2017.
Source | UT Dallas News Center
ABOUT THE UT DALLAS COMPUTER SCIENCE DEPARTMENT
The UT Dallas Computer Science program is one of the largest Computer Science departments in the United States with over 4,000 bachelors-degree students, more than 1,010 master’s students, 140 Ph.D. students, 52 tenure-track faculty members, and 42 full-time senior lecturers, as of Fall 2021. With the University of Texas at Dallas’ unique history of starting as a graduate institution first, the CS Department is built on a legacy of valuing innovative research and providing advanced training for software engineers and computer scientists.