EAS Doctoral Proposal Defense by Chidera Biringa
When: Friday,
November 17, 2023
12:00 PM
-
2:00 PM
Where: > See description for location
Description: EAS Doctoral Proposal Defense by Chidera Biringa
Date: Friday, November 17, 2023
Time: 12:00 p.m.
Topic: Proactive Software Security through Vulnerability Detection and Interception
Zoom Teleconference:
https://umassd.zoom.us/j/91434147860?pwd=V09XWkRLdDBJc3dwQ2d6VW1MaEZKZz09
Location: Dion 307
Abstract:
Software developers frequently introduce vulnerable programs such as textual credentials and exploitable functions in software repositories during development and maintenance even though it is strictly advised against due to the severe threat to the security of the software. These vulnerabilities create attack surfaces exploitable by an adversary to conduct malicious exploits such as backdoor attacks and escalation of privileges. Consequently, successful attacks cost organizations financial and human resources. In our work,
we handle these vulnerabilities through detection and interception. We introduce vReduce, a cost-efficient vulnerability detection methodology through guided feature selection, representation, and prediction. vReduce significantly reduces the vocabulary size of input programs by only using targeted features. It
leverages large language models to learn the semantic and contextual representation of these features. Then, learned features are used as predictors in deep learning classifiers for vulnerability detection. We introduce
Security-in-the-Middle (SiTM) to intercept transiting detected vulnerabilities. SiTM is tasked with preventing the introduction of these vulnerabilities during software development by creating a secure buffer between the developer and the source code management systems, thus ensuring that only secure code is permitted in the software. We propose the integration of SiTM into git and continuous integration pipelines. An overwhelming majority of data breaches and cyberattacks originate from exploitable vulnerabilities in the code introduced during development. Hence, the goal of our work is to proactively reduce the prospective malicious exploits using vReduce and SiTM, ensuring the security of the software from inception.
ADVISOR(S):
Dr. Gokhan Kul, Department of Computer and Information Science
(gkul@umassd.edu)
COMMITTEE MEMBERS:
Dr. Lance Fiondella, Department of Electrical and Computer Engineering
Dr. Jiawei Yuan, Department of Computer and Information Science
Dr. Ming Shao, Department of Computer and Information Science
Dr. Yi Liu, Department of Computer and Information Science
NOTE: All EAS Students are ENCOURAGED to attend.
Date: Friday, November 17, 2023
Time: 12:00 p.m.
Topic: Proactive Software Security through Vulnerability Detection and Interception
Zoom Teleconference:
https://umassd.zoom.us/j/91434147860?pwd=V09XWkRLdDBJc3dwQ2d6VW1MaEZKZz09
Location: Dion 307
Abstract:
Software developers frequently introduce vulnerable programs such as textual credentials and exploitable functions in software repositories during development and maintenance even though it is strictly advised against due to the severe threat to the security of the software. These vulnerabilities create attack surfaces exploitable by an adversary to conduct malicious exploits such as backdoor attacks and escalation of privileges. Consequently, successful attacks cost organizations financial and human resources. In our work,
we handle these vulnerabilities through detection and interception. We introduce vReduce, a cost-efficient vulnerability detection methodology through guided feature selection, representation, and prediction. vReduce significantly reduces the vocabulary size of input programs by only using targeted features. It
leverages large language models to learn the semantic and contextual representation of these features. Then, learned features are used as predictors in deep learning classifiers for vulnerability detection. We introduce
Security-in-the-Middle (SiTM) to intercept transiting detected vulnerabilities. SiTM is tasked with preventing the introduction of these vulnerabilities during software development by creating a secure buffer between the developer and the source code management systems, thus ensuring that only secure code is permitted in the software. We propose the integration of SiTM into git and continuous integration pipelines. An overwhelming majority of data breaches and cyberattacks originate from exploitable vulnerabilities in the code introduced during development. Hence, the goal of our work is to proactively reduce the prospective malicious exploits using vReduce and SiTM, ensuring the security of the software from inception.
ADVISOR(S):
Dr. Gokhan Kul, Department of Computer and Information Science
(gkul@umassd.edu)
COMMITTEE MEMBERS:
Dr. Lance Fiondella, Department of Electrical and Computer Engineering
Dr. Jiawei Yuan, Department of Computer and Information Science
Dr. Ming Shao, Department of Computer and Information Science
Dr. Yi Liu, Department of Computer and Information Science
NOTE: All EAS Students are ENCOURAGED to attend.
Contact: > See Description for contact information
Topical Areas: Faculty, Students, Graduate, Students, Undergraduate, Bioengineering, Civil and Environmental Engineering, College of Engineering, Computer and Information Science, Co-op Program, Electrical and Computer Engineering, Mechanical Engineering, Physics