GGrantIndex
← Search

CICI: TCR: Improving the Robustness of Cyberinfrastructure via Scalable Vulnerability Discovery and Mitigation on "Big Binaries"

$1,199,998FY2023CSENSF

Arizona State University, Scottsdale AZ

Investigators

Abstract

Researchers and scientists in critical scientific domains use software to conduct geophysical imaging, sequence DNA, monitor air quality, and discover new molecules for finding new drugs. Even more software powers daily and routine activities that scientists must perform, such as building and updating academic websites, sharing and transferring research data, writing and composing scientific manuscripts, reviewing academic papers, video conferencing with colleagues, browsing scientific websites and datasets, reading and sending scientific correspondence, and so on. Unfortunately, a lack of software engineering best-practices in research prototype software combined with the wide-spread use of legacy software (often unmaintained due to researcher graduation and drift) in scientific communities make scientists and researchers extremely vulnerable to cyber attacks. Such cyber attacks directly threaten open science. This project explores ways to apply binary analysis techniques, which can theoretically find and mitigate vulnerabilities in legacy software, to the analysis and improvement of scientific software. First, it pursues the creation of a comprehensive corpus of binary software in which the project will find and mitigate vulnerabilities and on which achieved improvements can be measured. With this software in mind, the next thrust will integrate and augment binary analysis techniques to address a lack of scalability of current binary analyses (enabling them to scale to, for example, large simulation software). Finally, this will be combined to a level of automation that does not currently exist in practice so that the sheer amount of scientific software in the research corpus that must be analyzed. The resulting scientific software-focused Cyber Reasoning System will not only provide economical and smooth transition paths for the identification and improvement of legacy, insecure scientific software, but will pave the way for the creation and deployment of next-generation binary analysis technologies. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →