Subventions et des contributions :

Retour à la page de recherche

Titre :

Language Based Analysis of Software and Security

Numéro de l’entente :

RGPIN

Valeur d'entente :

100 000,00 $

Date d'entente :

10 mai 2017 -

Organisation :

Conseil de recherches en sciences naturelles et en génie du Canada

Location :

Ontario, Autre, CA

Numéro de référence :

GC-2017-Q1-01814

Type d'entente :

subvention

Type de rapport :

Subventions et des contributions

Informations supplémentaires :

Subvention ou bourse octroyée s'appliquant à plus d'un exercice financier. (2017-2018 à 2022-2023)

Nom légal du bénéficiaire :

Dean, Thomas (Queen’s University)

Programme :

Programme de subventions à la découverte - individuelles

But du programme :

The main theme of my research program is the application of grammar programming, source code analysis, and source transformation to solve real software problems.
As part of the ultra large scale software systems program at Queen's, I will investigate the issue of automatically migrating these applications using source code analysis and transformation to take advantage of new technologies. Ultra large scale software systems are software systems such as Facebook, Google, and Pokemon Go. These systems pose problems of scale, speed, availability, privacy and security. One example is the automated migration of applications to use NoSQL databases. Existing research has investigated the migration of the data. We will use static and dynamic analysis to assist the migration of the code that uses the data. This approach uses the map between the proposed data migration and the use of that data in the code to identify and propose changes to the application. Another example is the functionality between the multiple versions of desktop and mobile clients that access the systems. We are using source code analysis to map and compare functionality between the versions and to identify conflicts between open source components of software commonly used to build web based clients.
Often source code analysis and transformation techniques provide a substantially different approach to conventional techniques in other areas leading to new insights and new blended approaches. A previous cross area I had some success in was to use grammar programming and constraints to describe network protocols for security testing. These constraints were used to mutate captured network data resulting in the detection of new vulnerabilities in well tested software.
My proposed research inverts this approach. Network data that does not satisfy the grammar and constraints may indicate an attack. One of the properties of industrial control networks is the use of a limited number of protocols, unlike conventional business and academic networks. Given the limited number of protocols, we can build a complete grammar and set of constraints that defines the legal traffic on these networks. The challenge is to construct a domain specific grammar and constraint language that covers the threats of this domain, as well as a stream based constraint engine that can process a large amount of data in real time.
My proposed research will train three Ph.D. and three M.Sc. students in leading edge solutions to real problems faced by Canadian companies and government agencies, increasing competitiveness and ensuring safety the of data and operations.