Science of Secure Frameworks (CMU/Wayne State University/George Mason University Collaborative Proposal) - July 2017
Public Audience
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.
PI(s): David Garlan (CMU), Jonathan Aldrich (CMU)
Researchers: Marwan Abi Antoun (Wayne State University), Sam Malek (University of California, Irvine), Joshua Sunshine (CMU), Bradley Schmerl (CMU)
1) HARD PROBLEM(S) ADDRESSED (with short descriptions)
This refers to Hard Problems, released November 2012.
By leveraging approaches to software architecture we will be able to better understand the security implications of frameworks used to build many of today's mobile software systems. This will allow us and provide tools and techniques for building more scalable and composable frameworks that have security assurances that can be verified statically, can be used for building self-securing resllient systems, and that ultimately reduce security vulnerabilities in frameworks and applications based on them in practice.
2) PUBLICATIONS
- Alireza Sadeghi, Naeem Esfahani, and Sam Malek. 2017. Ensuring the Consistency of Adaptation through Inter- and Intra-Component Dependency Analysis. ACM Trans. Softw. Eng. Methodol. 26, 1, Article 2 (May 2017), 27 pages. DOI: https://doi.org/10.1145/3063385
- A. Sadeghi, H. Bagheri, J. Garcia and S. Malek, "A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android Software," in IEEE Transactions on Software Engineering, vol. 43, no. 6, pp. 492-530, June 1 2017.
3) KEY HIGHLIGHTS
We developed a taxonomy of techiniques for security assessment in Android software, and reported on Savasana, which is a static analysis technique for analyzing intra- and inter-compoenent dependencies to determine safe adaptation intervals. We can infer safe adaptation intervals for components of a software system under various use cases and conditions.
4) COMMUNITY ENGAGEMENT
5) EDUCATIONAL ADVANCES