Analyzing Software to Protect against Evolving Cyber Threats (ASPECT)*
Abstract
*Formerly Formal Methods at Scale (FMaS) The Analyzing Software to Protect against Evolving Cyber Threats (ASPECT) program will develop technologies to enable software developers to pose in-depth queries of code under development and sustainment in order to discover negative patterns, capture the semantic features of vulnerability classes, and characterize undesirable behaviors. ASPECT technologies will enable developers to generate the types of evidence required for confident certification, thereby improving software quality and assurance. At present, software faults and vulnerabilities are often unwittingly propagated throughout the software ecosystem because they are not easily discovered in codebases and because developers have strong incentives to re-use code and programming patterns. Moreover, searching for faults and vulnerabilities in software is impractical because these flaws are not manifest through the syntax of the source code but rather through the behaviors encoded in the software, i.e., in the software semantics. ASPECT will develop technologies for querying software at this deeper semantic level by developing modeling languages for the semantics of code and programs; representing code and programs in terms of their semantics; and identifying negative patterns, potential vulnerabilities, and undesirable behaviors. One major impact sought by ASPECT is the capability to efficiently and reliably find all semantically equivalent instances of a vulnerability, as such a capability would make the information that resides in vulnerability databases far more useful to software developers and certifiers.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2022
- Source ID
- 68c15fa8a637890381c409db0b07520f