Applications are invited for several Research Assistantship positions for the following project in Software Security.

Funding is available for several years, depending on the needs and qualification of the applicant. The starting salary will be $3100

per month, along with CPF, health-care and other benefits. The project has just been funded by Defense Science and Technology Agency (DSTA)

for a period of three years.

If you are interested, contact us via e-mail with your CV. If you want to enquire about the position first, you can do so as well.

Thanks

Abhik Roychoudhury  abhik@...

Liang Zhenkai                 liangzk@...

--------------------------Project description-----------------------------------------------------------------------------

Project title:  Symbolic Taint Analysis

Introduction:

Much of the functionalities in our daily lives are software controlled and hence protecting our software against security vulnerabilities is of extreme importance. Software analysis methods have long been used for studying program flow and dependencies, and thereby detect bugs in programs. In this project, we propose to develop and employ information flow analysis methods for detecting impact of program inputs on (parts of) an application.

              Objectives:

The main purpose of this project is to detect / explain potential software attacks – thereby enhancing software security.  One of the innovative outputs of the project will be to use software analysis and symbolic execution methods for generating and explaining potential attack scenarios, without actually encountering the attacks.

Technical approach:

he proposed work will develop a software analysis framework geared towards taint analysis. The goal here is to study/analyse the impact of tainted input data on (parts of) an application. Previous works on taint analysis can be classified as either static or dynamic. Static analysis analyses the program code (or some representation of it) without specific reference to program inputs. Dynamic analysis analyses executions for concrete inputs. In this work, we plan to develop a mixed (dynamic +static) analysis framework – where we will analyse a collection of execution traces in a program. Furthermore, while analysing execution traces we will not refer to concrete inputs driving the traces, but rather symbolic ones. Solving for symbolic inputs may then uncovers potentially problematic concrete inputs leading to potential attack scenarios.  These attack scenarios are thus detected without actually encountering them. Detecting and explaining of these attack scenarios will be the main novelty of our work.