Date: March 15, 2018
Time: 11:00 AM - 12:20 PM
Location:
432 Newell Drive, Gainesville, Florida, 32611
Host: UF CISE Department
Admission: This event is free and open to the public.
Towards a Vulnerability Prediction Model using Traceable Code Patterns and Software Metrics
Abstract: Security is a major concern in the software developer community. If software can be exploited by malicious attack, its reliability suffers. Early detection of vulnerable code during development can better ensure secure coding practices and minimize the testing effort required by targeting vulnerable areas. Although traditional software metrics have been used for pre-release detection of software vulnerabilities, their ability to pinpoint issues at fine levels of granularity is limited. In this research, we explore the relationship between traceable software patterns and code-level security vulnerabilities. These patterns characterize class and method level object-oriented programming constructs. Traceable patterns are similar to design patterns but they can be automatically recognized and easily extracted from source code.
In this talk, I will present research aimed at building prediction models to determine vulnerable code areas. We mine historical data of open-source software systems where known vulnerabilities exists. We evaluate the code to determine the distribution of micro (classlevel) and nano (method-level) patterns throughout the codebase and examine the relationship between the code constructs and security vulnerabilities. We apply statistical and machine learning techniques to build models and compare results with standard software metrics. I will also present related research and my efforts at improving the collegiate student experience for computer scientists and engineers.
We show that we can learn topics with higher quality if documents are modeled as observations of HMMs sharing the same emission. topic) probability, compared to the simple but widely used bag-of-words model.
Biography: Byron J. Williams is a 2017 inductee in the MSU Bagley College of Engineering Academy of Distinguished Teachers and holds the Jack Hatcher Endowed Chair for Engineering Entrepreneurship. Previously, he worked as the associate director and chief software engineer at the Center for Defense Integrated Data in Jackson, MS. Williams serves as the chair for the Empirical Software Engineering Research Group at MSU. Williams has created courses on Software Security, Software Development Operations, and iOS Application Development. His research interests include software analytics, secure software development, development operations, technical debt, and CS education. He is an IEEE Computer Society certified software development professional, a senior member of the Association for Computing Machinery, and a member of the Mississippi State University Entrepreneurship Center Advisory Board.