As information technology connects people in ever more elaborate ways, says Gang Tan, the variety, and the backlog, of software programs that require protection from hackers, bugs and coding errors is growing rapidly.
While online businesses need to identify malicious requests, corporations strive to guard intellectual property. Nonprofits must assure their patrons, and governments their citizens, that private data will remain private. And the operating systems that run laptops, tablets and smartphones require security improvements when they are upgraded or add a new app.
Tan, an assistant professor of computer science and engineering, and his collaborators are designing a system that will retrofit existing software to provide what they call “defense-in-depth” protection.
The group, which also includes researchers from Pennsylvania State University, the University of Vermont and Rutgers University, recently received a four-year, $1.2 million grant from the National Science Foundation.
Tan says the group is designing a system that helps operators determine what data in a software program or system needs protection, and which entities should have access to that data. Then it inserts security checks to perform authorization and to authenticate users for privileges.
“As long as the security policy for software stays the same during an upgrade or when features are added,” says Tan, “our system can produce security checks to enforce the policy. At every point on the way, from the creation of an app to an add-on or upgrade, our system can add these checks according to an existing policy.”
Tan, who directs Lehigh’s Security of Software (SOS) Lab, has spent nearly 15 years studying software security. In 2012, he received a CAREER Award from NSF. His research has also been supported by the Defense Advanced Research Projects Agency (DARPA) and the National Security Agency.
Read the full story at the Lehigh University News Center.
-Kurt Pfitzer is a writer with Lehigh University Media Relations.