You are here

Self-Coding Cyber Fixes

Description:

TECHNOLOGY AREA(S): Info Systems 

OBJECTIVE: Automate fixes for cyber vulnerabilities in source code based on results from commercially available scanning software. 

DESCRIPTION: This topic seeks innovative modern methods or technologies that alleviate the burden associated with fixing cyber vulnerabilities in already developed source code. This topic does not seek to identify the vulnerabilities as there are many commercial-off-the-shelf tools that perform this function. A listing of such tools is included in the references. The idea is that once scanning software has identified vulnerabilities in source code through some sort of report, innovative algorithms based on machine learning or artificial intelligence methodologies can take those results and automate code fixes. Proper documentation and traceability is critical to this process as developers will need to understand what and how a cyber-vulnerability is being fixed in the source code base. Cyber hardening code is a top priority of the Department of Defense (DoD) and such a tool would save millions of dollars benefiting not only the DoD industry but many commercial entities as well. There are many categories associated with cyber vulnerabilities that will need to be addressed and each category comes with its own unique challenges in how to address them. Major categories that will need to be covered are: Buffer Overflows, Injection Vulnerabilities, Sensitive Data Exposure, Broken Authentication and Security Misconfiguration just to name a few. Different types of source code will also need to be addressed (i.e. C, C++, Java, Python, etc.) as well as a discussion on how different compilers may affect the end result. 

PHASE I: Design and develop improved solutions, methods, and concepts for automating cyber vulnerabilities fixes in source code. The solutions should capture the key areas where new development is needed, suggest appropriate existing methods and technologies, and incorporate new technologies researched during design development. Define the architecture and validity across multiple cyber vulnerabilities with analysis across different types of source code file structures. 

PHASE II: Complete a detailed prototype design incorporating government performance requirements. Coordinate with the government during prototype design and development to ensure that the delivered products will be relevant to ongoing and planned missile defense projects. 

PHASE III: Scale-up the capability from the prototype utilizing the software technologies developed in Phase II into a mature, full-scale, field-able capability. Work with missile defense integrators to transition the technology into existing missile defense modeling and simulation programs. 

REFERENCES: 

1: November 6, 2018. "Top 40 Static Code Analysis Tools". Retrieved from https://www.softwaretestinghelp.com/tools/top-40-static-code-analysis-tools/

2:  April 26, 2018. "DeepCode cleans your code with the power of AI". Retrieved from https://techcrunch.com/2018/04/26/deepcode-cleans-your-code-with-the-power-of-ai/

3:  October 10, 2017. "Practical Integer Overflow Prevention". Retrieved from https://pdfs.semanticscholar.org/074b/8dd5bf9be49534d28ea1be8dc96aa1652cc3.pdf

KEYWORDS: Cybersecurity, Machine Learning, Self-Coding 

US Flag An Official Website of the United States Government