Effective software vulnerability detection for web services. This project aims to design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a unive ....Effective software vulnerability detection for web services. This project aims to design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a universal data structure, which unfortunately makes it hard to separate trusted code from untrusted user-provided data. This project intends to develop novel program analysis tools and string constraint solvers, and employ these tools to support sophisticated automated reasoning about string manipulating software.Read moreRead less
Processing large data sets on commodity data-parallel hardware. The project aims to reduce the costs of software development by improving the accessibility of massively data-parallel processors, termed graphics processing units (GPUs). The project seeks to develop a high-level programming system with data streaming support targeting GPUs and multi-GPU architectures. This would facilitate the difficult task of developing parallel applications for high-performance computing architectures. The comb ....Processing large data sets on commodity data-parallel hardware. The project aims to reduce the costs of software development by improving the accessibility of massively data-parallel processors, termed graphics processing units (GPUs). The project seeks to develop a high-level programming system with data streaming support targeting GPUs and multi-GPU architectures. This would facilitate the difficult task of developing parallel applications for high-performance computing architectures. The combination of parallelism and data streaming is designed to enable efficient processing of data too big to be held in device memory, which is a common problem in scientific computing, data analysis and machine learning. The project plans to integrate data streaming into an existing system, currently targeting single GPU architectures and which is successfully used in both industry and research.Read moreRead less
Automating data placement and movement for explicitly managed memory hierarchies. Efficient management of explicitly managed memory hierarchies is essential, making a difference often by one order of magnitude in performance. Compiler-directed techniques promise to take the burden of memory management from the programmer and enable significant performance potential for a broader community, resulting in higher productivity.
An extensible framework for analysis of Java language-based security conformance. Java is a programming language and platform running on 3 billion devices. While Java provides a sandbox-based security architecture within the Java Class Library to protect systems from untrusted code downloaded from Internet, it cannot defend against implementation bugs that occur in the Java Class Library. The goal of this project is to provide a formal model of the Java security architecture, which can be used b ....An extensible framework for analysis of Java language-based security conformance. Java is a programming language and platform running on 3 billion devices. While Java provides a sandbox-based security architecture within the Java Class Library to protect systems from untrusted code downloaded from Internet, it cannot defend against implementation bugs that occur in the Java Class Library. The goal of this project is to provide a formal model of the Java security architecture, which can be used by program analysers to identify faulty or insufficient security checks in the Java Class Library that may lead to the sandbox being bypassed.Read moreRead less
Discovery Early Career Researcher Award - Grant ID: DE170101081
Funder
Australian Research Council
Funding Amount
$360,000.00
Summary
Adaptive value-flow analysis to improve code reliability and security. This project aims to develop client-driven adaptive value-flow analysis to detect software bugs in system software written in the C/C++ programme language. Static analysis tools for automated code inspections can benefit software developers, but are imprecise, inefficient and not user-friendly for analysing real-world industrial-sized software. The project will investigate static, dynamic and user-guided value-flow analysis t ....Adaptive value-flow analysis to improve code reliability and security. This project aims to develop client-driven adaptive value-flow analysis to detect software bugs in system software written in the C/C++ programme language. Static analysis tools for automated code inspections can benefit software developers, but are imprecise, inefficient and not user-friendly for analysing real-world industrial-sized software. The project will investigate static, dynamic and user-guided value-flow analysis to efficiently and precisely analyse large-scale programs according to clients’ needs, thereby allowing compilers to generate safe, reliable and secure code. This project is expected to advance value-flow analysis for industrial-sized software, improve software reliability and security, and benefit Australian software systems and industries.Read moreRead less
Soundness-guided security analysis for android applications. This project aims to develop a soundness-guided programme analysis to mitigate security threats caused by reflection and dynamic class loading in Android apps, without compromising precision and scalability. Both dynamic code update techniques are widely used in benign and malware apps, but state-of-the-art malware analysis tools ignore or mishandle them, missing security threats and vulnerabilities. The resulting open-source security ....Soundness-guided security analysis for android applications. This project aims to develop a soundness-guided programme analysis to mitigate security threats caused by reflection and dynamic class loading in Android apps, without compromising precision and scalability. Both dynamic code update techniques are widely used in benign and malware apps, but state-of-the-art malware analysis tools ignore or mishandle them, missing security threats and vulnerabilities. The resulting open-source security analysis tool will allow software industries and enterprises (from national security, finance, banking to healthcare, retail, telecommunications) to test their mobile software effectively for code defects or security threats early at software development time at significantly reduced cost.Read moreRead less
Micro Compilers: An Extensible Compiler Architecture for Increased Flexibility and Safety. Programming languages specialised to a particular application domain can cut software development costs and reduce programming errors. Unfortunately, most application domains cannot sustain the costly development and maintenance of the specialised compilers required to implement specialised languages. We address this problem by introducing a novel customisable compiler architecture that can be adapted to ....Micro Compilers: An Extensible Compiler Architecture for Increased Flexibility and Safety. Programming languages specialised to a particular application domain can cut software development costs and reduce programming errors. Unfortunately, most application domains cannot sustain the costly development and maintenance of the specialised compilers required to implement specialised languages. We address this problem by introducing a novel customisable compiler architecture that can be adapted to specialised languages and other special-purpose compiler requirements. Customisable compilers are especially important to a country like Australia that has only limited resources for special purpose developments. Moreover, we will train students at undergraduate and postgraduate level in the area of programming languages and compilers.Read moreRead less
Portable High-Performance Computing Based on Flattening and Fusion. We aim at simplifying the development and improving the portability of computing intensive applications, such as those from computational science and engineering, which are of growing scientific and economic relevance (e.g., drug synthesis, virtual wind tunnel, and geologic surveys). Our focus is on achieving portable high-performance for a particularly expressive high-level notation supporting irregular algorithms (like sparse ....Portable High-Performance Computing Based on Flattening and Fusion. We aim at simplifying the development and improving the portability of computing intensive applications, such as those from computational science and engineering, which are of growing scientific and economic relevance (e.g., drug synthesis, virtual wind tunnel, and geologic surveys). Our focus is on achieving portable high-performance for a particularly expressive high-level notation supporting irregular algorithms (like sparse matrices and hierarchical N-body codes). We will develop a set of program transformations and integrate them into a compiler implementing an aggressive fusion strategy optimising for the memory hierarchy. We do not propose a new programming language, but work within an existing one.Read moreRead less
Securing systems against code-reuse attacks with modular pointer analysis. This project aims to build secure defences against code-reuse attacks in large-scale C++ applications with millions of lines of code, by enforcing control flow integrity with modular pointer analysis. The state-of-the-art mitigation techniques that are deployed in mainstream computer operating systems can all be bypassed by advanced code-reuse attacks, resulting in security exploits in all major web browsers. The outcomes ....Securing systems against code-reuse attacks with modular pointer analysis. This project aims to build secure defences against code-reuse attacks in large-scale C++ applications with millions of lines of code, by enforcing control flow integrity with modular pointer analysis. The state-of-the-art mitigation techniques that are deployed in mainstream computer operating systems can all be bypassed by advanced code-reuse attacks, resulting in security exploits in all major web browsers. The outcomes of this project will be an exploit mitigation technology and an open-source tool that can significantly raise the bar against advanced code-reuse attacks, thereby providing a foundation for eliminating such security threats.Read moreRead less
Sparse Demand-Driven Analysis to Improve Software Reliability and Security. Current static analysis tools can eliminate many bugs missed by traditional testing but they are still imprecise or inefficient. This project aims to develop precise pointer analyses that enable -finding clients to detect bugs efficiently in large-scale programs in C/C++ and Java, where pointers are used pervasively. The novelty lies in performing these analyses sparsely (allowing data-flow information to move directly f ....Sparse Demand-Driven Analysis to Improve Software Reliability and Security. Current static analysis tools can eliminate many bugs missed by traditional testing but they are still imprecise or inefficient. This project aims to develop precise pointer analyses that enable -finding clients to detect bugs efficiently in large-scale programs in C/C++ and Java, where pointers are used pervasively. The novelty lies in performing these analyses sparsely (allowing data-flow information to move directly from variable definitions to their potential uses) based on Context-Free-Language-reachability (enabling client queries to be answered on-demand). The outcomes aim to significantly improve the reliability and security of industrial-sized software.Read moreRead less