Data-Driven Software Security Assessments

Develop and evaluate data-driven techniques and prototypes for automatically assessing the security of a software system by analyzing the system's source code for potential security vulnerabilities during the development stage.
Master

The exploitation of security vulnerabilities in software can affect large groups of people and lead to massive financial damages. We have several opportunities for exciting Master projects in the context of a large research project that aims to significantly reduce the vulnerability of software systems by developing intelligent data-driven analysis technology that will help software engineers by automatically detecting security vulnerabilities in source code during development, well before they can be exploited.

Data-driven software engineering aims to use the wealth of data produced during software development and operation to support its development, maintenance and evolution. Concretely, we apply machine learning and data mining techniques on software engineering data (such as source code, versioning histories, issue tracking, build & test logs, operational data) to derive actionable insights that in this case aim to make a system more secure by reducing security vulnerabilities.

Some of the topics related to this project are described in more detail elsewhere, but we are also keen to meet with interested students to discuss variations on these topics, or exciting new research directions, as long as they have some relation to data-driven software security assessments. If you want to propose your own direction, it is important that you carefully think about the research component of your proposal, and have a clear idea why your proposal is novel – it should advance the world's knowledge in data-driven software engineering

Learning outcome

  • application of data science in a software engineering context
  • proficiency with implementing and evaluating data-driven software engineering techniques and prototypes
  • gain appreciation for the state of the art in code-based software security assessments and associated solution strategies
  • experience with working in an exciting and active research environment
  • excellent opportunities to publish your research results in the form of a scientific publication

Qualifications

  • interested in software security/application security
  • interested in machine learning, in particular machine learning on source code
  • preferably knowledge of python, R and LaTeX.

Supervisors

  • Leon Moonen

Collaboration partners

mnemonics, Cisco Norway

Contact person