In this project we explore techniques beyond those in the Program Analysis domain, to find bugs and vulnerabilities, as well as ways of preventing such bugs and vulnerabilities from happening in the first instance, through Secure Languages.
What we are doing
- We explore Fuzzing techniques to find vulnerabilities in JS applications
- We explore Machine Learning techniques to find bugs in C applications. There are two high level steps. Step one is feature selection/extraction including manually specified features and the extraction of features from recurrent neural networks. Step two is to identify off-the-shelf learning models for bug detection. We are currently experimenting with support vector machines (SVM), Gradient Boost Tree (GBT), and naive Bayseian classifier (NBC).
- We explore Secure Languages and secure abstractions, and their applications to commercial codebases
To find out more, contact