EAGER: Collaborative: Using Cognitive Techniques To Detect and Prevent Security Flaws

EAGER：协作：使用认知技术检测和预防安全缺陷

• 批准号: 1444827
• 负责人: Justin Cappos
• 金额: $ 13.43万
• 依托单位: New York University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-01-01 至 2017-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1444827&HistoricalAwards=false
• 关键词: EAGER; Collaborative; Using; Cognitive; Techniques

Software vulnerabilities are a substantial problem that exists in part due to programmer errors. A common cause is that programmers have a cognitive gap between their understanding of what actions code will perform and the actual actions the code performs. This work takes a first step toward rigorously understanding how humans think about code to (eventually) help to dramatically reduce bugs by building more human understandable programming languages and programs. This project will perform a pilot study to determine how to understand such security bugs, tease out the key aspects of them, and integrate this understanding into expert tutoring systems to help programmers detect them.Cognitive science techniques will be used to derive the core contributing issues in existing security vulnerabilities by slicing vulnerabilities into their component parts and evaluating the resulting bugs. This will create a generalized understanding of security issues which will enable easy reproduction and replication of similar source code, which is ideal input for an expert tutoring tool. The resulting expert tutoring tool will be used to evaluate the effectiveness of tutoring in helping programmers reduce reduce their susceptibility to similar bugs.

软件漏洞是一个实质性的问题，部分原因是程序员的错误。一个常见的原因是，程序员对代码将执行什么操作的理解与代码执行的实际操作之间存在认知差距。这项工作迈出了严格理解人类如何思考代码的第一步，以（最终）通过构建更易于人类理解的编程语言和程序来帮助显着减少错误。该项目将进行一项试点研究，以确定如何理解这些安全漏洞，梳理出它们的关键方面，并将这种理解整合到专家辅导系统中，以帮助程序员发现它们。认知科学技术将被用于通过将漏洞分割成其组成部分并评估所产生的漏洞来获得现有安全漏洞中的核心问题。这将创建对安全问题的一般性理解，这将使类似源代码的复制和复制变得容易，这是专家辅导工具的理想输入。由此产生的专家辅导工具将用于评估辅导的有效性，帮助程序员减少减少他们对类似错误的敏感性。