Software is responsible for many critical government, business, and educational functions. This project aims to develop new methods for finding and repairing some of the most challenging, poorly understood security vulnerabilities in modern software that have the potential to jeopardize the security and reliability of the nation's cyber infrastructure. The first objective of this project is to design and implement a robust program analysis framework that is capable of finding exploitable semantic bugs in modern applications, such as accidental omission of access-control checks, unintentional exposure of sensitive operations such as native calls and database queries to untrusted code or users, high-complexity control structures vulnerable to denial of service, misconfigurations of security policies, and other errors in programs' security logic. The second objective is to develop methods for automatically repairing semantic vulnerabilities by applying program transformations that insert correct implementations of appropriate security logic.
TWC: Small: Finding and Repairing Semantic Vulnerabilities in Modern Software