NSF Safe-OSE: Implementing Artificial Intelligence (AI)-Enabled Vulnerability Management Practices to Enhance Safety and Security of Open-Source Cloud Computing Ecosystems
Indiana University, Bloomington IN
Investigators
Abstract
This Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE) project aims to make important research tools in the cloud safer from cyber threats by using artificial intelligence (AI) to detect and fix software vulnerabilities. The project focuses on two widely used open-source platforms: Jetstream Cloud, which helps researchers build secure cloud systems, and Exosphere, which provides an easy-to-use interface for accessing cloud resources. The project scans both platforms for security issues, uses AI to analyze and reduce risks, and builds tools to help users understand and address potential problems. By improving the safety and reliability of these tools, the project supports researchers, cloud operators, and broader scientific communities, helping the U.S. maintain leadership in secure cloud computing. The Safe-OSE project executes three inter-related activities to help national cloud services overcome the wide-range of software vulnerabilities that can threaten their security posture. First, extensive vulnerability scanning is conducted on Jetstream Cloud OSE, Exosphere OSE, and user-defined virtual machines, containers, infrastructure as code, and code repositories on Jetstream2. Second, reinforcement learning and large language model-based vulnerability management methods suggest alternatives for vulnerable software components and generate vulnerability-minimizing software. The AI-enabled vulnerability management information helps overcome challenges with existing practices by providing context-aware results considering user, time frame, and asset type, offering personalized recommendations, and learning user preferences over time. Finally, Exosphere’s user interface (UI) will be enriched with opt-in scan results and AI-enabled capabilities to help automatically address vulnerabilities in the Open-Source Software (OSS) products such as suggesting alternative libraries, generating potential re-implementations, and more. These enhancements in the OSS products will also help Jetstream2 users address OSS asset vulnerabilities when provisioning resources and could also be translated into commercial cloud offerings. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →