Elements: An Infrastructure for Software Quality and Security Issues Detection and Correction

Information

  • NSF Award
  • 2216894
Owner
  • Award Id
    2216894
  • Award Effective Date
    4/15/2022 - 2 years ago
  • Award Expiration Date
    10/31/2024 - 3 months ago
  • Award Amount
    $ 599,999.00
  • Award Instrument
    Standard Grant

Elements: An Infrastructure for Software Quality and Security Issues Detection and Correction

Research into more effective software development has the potential to make the infrastructure on which so many aspects of society depend less costly and more secure in the scientific community, industry and government agencies. In particular, the scientific community is proposing millions of scientific software prototypes to enable reproducibility of research results in almost every domain. Scientists may frequently introduce security and quality issues into existing scientific software via their code changes due to their limited experience in software quality and security and the lack of tools for quality and security assessments that can be easily used and integrated in programming environments. Thus, several existing scientific software projects are difficult to 1) extend by scientists due to their poor quality and 2) deploy by industry due to the likelihood of security vulnerabilities and the bad development practices used. Without a unified and easy-to-integrate framework for detecting, fixing, and documenting vulnerability and quality issues in scientific projects, the reusability, extendibility, safe deployment, and technology transfer of scientific projects will remain limited. This project builds a sustainable, community-driven software security and quality analysis framework. These tools enable more scientists to build better software and to transfer their prototypes to industry by following the best software development practices. Its integrated education plan will bring undergraduate and graduate computer science students more awareness and expertise in the evolution of software systems, including security and quality issues.<br/><br/>This project develops a framework for detecting, fixing, and documenting security and quality issues. It will continuously monitor the software repository to identify security vulnerabilities and quality issues based on static and dynamic analyses, and then find the best sequence of code changes to prioritize and fix them. The developers can review the recommendations and their impacts in a detailed report and select the code changes that they want to apply. The framework includes a visualization support of the quality and security changes over the evolution of the project. Furthermore, non-expert programmers from the scientific community can use the automatically generated documentation by the framework to understand the severity of the detected issues and necessary code changes to fix them. The project has the potential to revolutionize how developers monitor the evolution of their systems in continuous integration environments by unifying security and quality issues detection and correction and enabling their automated documentation. All tools and methodologies will be empirically evaluated in collaboration with scientists from various domains. These tools will enable more scientists to build better software and transfer their prototypes to industry by following best development practices.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

  • Program Officer
    Varun Chandolavchandol@nsf.gov7032922656
  • Min Amd Letter Date
    4/7/2022 - 2 years ago
  • Max Amd Letter Date
    4/7/2022 - 2 years ago
  • ARRA Amount

Institutions

  • Name
    Oakland University
  • City
    ROCHESTER
  • State
    MI
  • Country
    United States
  • Address
    2200 N SQUIRREL RD
  • Postal Code
    483094401
  • Phone Number
    2483704116

Investigators

  • First Name
    Marouane
  • Last Name
    Kessentini
  • Email Address
    kessentini@oakland.edu
  • Start Date
    4/7/2022 12:00:00 AM

Program Element

  • Text
    Software Institutes
  • Code
    8004

Program Reference

  • Text
    CSSI-1: Cyberinfr for Sustained Scientif
  • Text
    SMALL PROJECT
  • Code
    7923
  • Text
    Software Institutes
  • Code
    8004
  • Text
    WOMEN, MINORITY, DISABLED, NEC
  • Code
    9102