Elements: An Infrastructure for Software Quality and Security Issues Detection and Correction

要素：软件质量和安全问题检测和纠正的基础设施

• 批准号: 2216894
• 负责人: Marouane Kessentini
• 金额: $ 60万
• 依托单位: Oakland University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-04-15 至 2024-04-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2216894&HistoricalAwards=false
• 关键词: Elements; Infrastructure; Software; Quality; Security

Research into more effective software development has the potential to make the infrastructure on which so many aspects of society depend less costly and more secure in the scientific community, industry and government agencies. In particular, the scientific community is proposing millions of scientific software prototypes to enable reproducibility of research results in almost every domain. Scientists may frequently introduce security and quality issues into existing scientific software via their code changes due to their limited experience in software quality and security and the lack of tools for quality and security assessments that can be easily used and integrated in programming environments. Thus, several existing scientific software projects are difficult to 1) extend by scientists due to their poor quality and 2) deploy by industry due to the likelihood of security vulnerabilities and the bad development practices used. Without a unified and easy-to-integrate framework for detecting, fixing, and documenting vulnerability and quality issues in scientific projects, the reusability, extendibility, safe deployment, and technology transfer of scientific projects will remain limited. This project builds a sustainable, community-driven software security and quality analysis framework. These tools enable more scientists to build better software and to transfer their prototypes to industry by following the best software development practices. Its integrated education plan will bring undergraduate and graduate computer science students more awareness and expertise in the evolution of software systems, including security and quality issues.This project develops a framework for detecting, fixing, and documenting security and quality issues. It will continuously monitor the software repository to identify security vulnerabilities and quality issues based on static and dynamic analyses, and then find the best sequence of code changes to prioritize and fix them. The developers can review the recommendations and their impacts in a detailed report and select the code changes that they want to apply. The framework includes a visualization support of the quality and security changes over the evolution of the project. Furthermore, non-expert programmers from the scientific community can use the automatically generated documentation by the framework to understand the severity of the detected issues and necessary code changes to fix them. The project has the potential to revolutionize how developers monitor the evolution of their systems in continuous integration environments by unifying security and quality issues detection and correction and enabling their automated documentation. All tools and methodologies will be empirically evaluated in collaboration with scientists from various domains. These tools will enable more scientists to build better software and transfer their prototypes to industry by following best development practices.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

对更有效的软件开发的研究有可能使科学界、行业和政府机构所依赖的社会许多方面所依赖的基础设施成本更低、更安全。特别是，科学界正在提出数百万个科学软件原型，以使几乎每个领域的研究结果都能重现。由于科学家在软件质量和安全方面的经验有限，而且缺乏易于在编程环境中使用和集成的质量和安全评估工具，科学家可能会经常通过更改代码将安全和质量问题引入现有的科学软件。因此，现有的几个科学软件项目很难1)由于质量差而被科学家扩展，2)由于安全漏洞的可能性和所使用的糟糕的开发实践而被行业部署。如果没有一个统一的、易于集成的框架来检测、修复和记录科学项目中的脆弱性和质量问题，科学项目的可重用性、可扩展性、安全部署和技术转让将仍然有限。该项目构建了一个可持续的、社区驱动的软件安全和质量分析框架。这些工具使更多的科学家能够构建更好的软件，并通过遵循最佳软件开发实践将其原型转移到行业中。它的综合教育计划将为本科生和研究生带来更多关于软件系统发展的意识和专业知识，包括安全和质量问题。该项目开发了一个检测、修复和记录安全和质量问题的框架。它将持续监控软件存储库，以基于静态和动态分析来识别安全漏洞和质量问题，然后找到最佳的代码更改序列来确定优先顺序并修复它们。开发人员可以在详细报告中审查建议及其影响，并选择他们想要应用的代码更改。该框架包括对项目发展过程中的质量和安全变化的可视化支持。此外，来自科学界的非专家程序员可以使用框架自动生成的文档来了解检测到的问题的严重性以及修复这些问题所需的代码更改。该项目有可能通过统一安全和质量问题检测和纠正并启用他们的自动化文档来彻底改变开发人员在持续集成环境中监控其系统发展的方式。所有工具和方法都将与不同领域的科学家合作进行经验性评估。这些工具将使更多的科学家能够通过遵循最佳开发实践来构建更好的软件并将其原型转移到工业中。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

What Refactoring Topics Do Developers Discuss? A Large Scale Empirical Study Using Stack Overflow

• DOI: 10.1109/access.2021.3140036
• 发表时间: 2022
• 期刊: IEEE Access
• 影响因子: 3.9
• 作者: Chaima Abid;Khouloud Gaaloul;Marouane Kessentini;Vahid Alizadeh

How Does Refactoring Impact Security When Improving Quality? A Security-Aware Refactoring Approach

• DOI: 10.1109/tse.2020.3005995
• 发表时间: 2020-06
• 期刊: IEEE Transactions on Software Engineering
• 影响因子: 7.4
• 作者: Chaima Abid;Marouane Kessentini;Vahid Alizadeh;Mouna Dhaouadi;R. Kazman

Generation of refactoring algorithms by grammatical evolution

• DOI: 10.1007/s10664-022-10151-4
• 发表时间: 2022-05
• 期刊: Empirical Software Engineering
• 影响因子: 4.1
• 作者: Thainá Mariani;Marouane Kessentini;S. Vergilio

A Systematic Literature Review on Software Maintenance for Cyber-physical Systems

• DOI: 10.1109/access.2021.3126681
• 发表时间: 2021
• 期刊: IEEE Access
• 影响因子: 3.9
• 作者: Nadhira Khezami;Marouane Kessentini;T. Ferreira