Akond Rahman, assistant professor in computer science and software engineering, was awarded two National Science Foundation (NSF) awards as lead principal investigator totaling $332,000 in grant funding.
His projects focus on the development of techniques that will automatically detect security weaknesses in configuration scripts.
It will also educate students on the consequences of security weaknesses commonplace in development and operations (DevOps) software and how to mitigate them.
“DevOps is the state-of-the-art process to develop software,” Rahman said. “It is expected to reach a market value of $12.8 billion by 2025. If there are unmitigated security weaknesses in DevOps artifacts, that will create large-scale consequences.”
His research is a three-pronged thrust for one of the NSF-funded projects. First, qualitative analysis will be applied to determine a comprehensive list of security weaknesses for multiple configuration script languages and devise static analysis techniques for automatically identifying each category of security weakness.
Next, grammar-based parsing and formal method techniques will be applied and integrated into the derived static analysis so that false positives are reduced.
“Finally, the development context of practitioners from the open source and proprietary domain will be systematically mined to generate actionable alerts and suggestions, which will enable practitioners to fix security weaknesses,” Rahman said.