Research Project Title
Methods and Techniques for Vulnerability Avoidance and Runtime Detection of Security Attacks in Software Systems

Principal Investigator
Zbigniew Kalbarczyk

Unit # 30
Project Overview

Today, mobile and embedded devices support a rich set of applications (e.g., web browsing and entertainment software) and must often operate in highly variable and harsh environments. While the handheld devices (both hardware and software) become increasingly complex, the reliability begins to decrease due to hardware errors and complex interactions between software modules and multiple applications. Furthermore, the growing complexity of mobile devices increases their sensitivity to malicious attacks. An example is recently reported first mobile phone virus, Cabir, affecting Symbian OS based smart phones. Finally, the consumer tolerance to security violations due to hardware and software designs flaws, application crashes, and malfunctions is getting lower and many consumers may consider switching brands if their current device does not perform to expectations. As a result, security and reliability of these devices directly affect the business.

This research will explore and develop methods and tools for: (i) analysis of vulnerabilities/attacks in combination with in-depth code and system data to enable vulnerability identification and avoidance/removal from the application code, (ii) runtime detection of security attacks, and (iii) quantitative validation/assessment of device/system resilience to accidental errors and malicious attacks. While the primary target will be portable/mobile devices, the developed analysis methods, runtime techniques and validation tools will be applicable in the broader context of designing and evaluating secure and reliable systems including wireline and wireless networks (e.g., new telecommunications and computing infrastructure, such as ATCA deployed by Motorola).

Presentation in PDF format