Open Position

SecurityAware: Fine-grained approach to detect and patch vulnerabilities
SecurityAware: Abordagem refinada para detectar e corrigir vulnerabilidades

Type of Position: Research Fellowship (Bolsa de Investigação)

Type of Contract: Research grant

Duration: 6 Months

Limit to reply: 2020-Dec-15


Description

1) Obtain a benchmark offering real vulnerabilities test cases to study the approaches developed in the context of the project (task T1). 2) Study the performance of static analysis tools using the benchmark obtained in task T1 (task T2). This is to understand which of them are more efficient and which of them may be complementary. Through this process, this task will label several warnings as false positives or not. Furthermore, based on the labels, develop a method to prioritise warnings. There is already some research in alert prioritization using labeled warnings has input. After collecting the data and studying the tools, the team plans to explore solutions to several different problems of static analysis. 3) Explore the combination of a set of tools studied in task T2 (task T3). The goal is to explore and design a unified technique that intelligently will combine the different techniques to report more warnings. Following CodeAware’s vision, the researcher will also explore how to improve software engineers’ CI experience dealing with high numbers of warnings, understanding the problems and customizing their own analysis in terms of tooling, types of vulnerabilities and files. We will also explore novel approaches to rank warnings. This will provide more efficient rankings of warnings that can pave the way to other research fields such as Automated Program Repair field. Following CodeAware’s vision, the team plans to explore how to design customized, intelligent notifications system that will take into consideration the warnings rankings and the security engineers experience, roles and availability. Exploring visualizations and ways of dealing with the different types of warnings will also be studied in this research project.

Contacts

Rui Filipe Lima Maranhão de Abreu

Email: rh@inesc-id.pt

URL: http://www.eracareers.pt/opportunities/index.aspx?task=global&jobId=129340

Phone Number: