Analyzing Software to Protect against Evolving Cyber Threats (ASPECT)
Abstract
The Analyzing Software to Protect against Evolving Cyber Threats (ASPECT) program is developing technologies to enable software developers to pose in-depth queries of code under development and sustainment in order to discover negative patterns, capture the semantic features of vulnerability classes, and characterize undesirable behaviors. ASPECT technologies will enable developers to generate the types of evidence required for confident certification, thereby improving software quality and assurance. At present, software faults and vulnerabilities are often unwittingly propagated throughout the software ecosystem because they are not easily discovered in codebases and because developers have strong incentives to re-use code and programming patterns. Moreover, searching for faults and vulnerabilities in software is impractical because these flaws are not manifest through the syntax of the source code but rather through the behaviors encoded in the software, i.e., in the software semantics. ASPECT will enable developers to query software at this deeper semantic level by developing modeling languages for the semantics of code and programs; representing code and programs in terms of their semantics; and identifying negative patterns, potential vulnerabilities, and undesirable behaviors.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2023
- Source ID
- 3ba2c3e6fa19225521fb349a4adc5c21