INTERFACES Project Responds to Security Concerns
INTERFACES - Certified Interfaces for Integrity and Security in Extensible Web-based Applications is a project that addresses security concerns for large scale software systems. It is funded by the Fundação para a Ciência e a Tecnologia (FCT) under the Carnegie Mellon Portugal program.
The problems involved in software security have real world significance, whether in everyday activities - such as changing profile security settings on popular networking sites - or large scale business endeavors - such as modifying web applications in response to changing requirements. Most often, security malfunctions are the result of “bugs,” or mistakes in the programming.
The INTERFACES project seeks to develop programs that will automatically analyze software, helping developers to detect potential errors in the programming before they occur. INTERFACES will be able to signal which parts of the system are insecure - for example, by coloring the program code on the screen - and possibly even correct the software. This is a complex problem because many software systems are constructed as a piecemeal from internet sources, and are subject to strict security and resource usage requirements. The INTERFACES project is approaching these challenges by conducting thorough research that runs the gamut from theory to actual development.
In a short brief detailing various aspects of the project, Principal Investigators Luis Caires and Frank Pfenning said that the “broad objective of this partnership is the promotion of bothways knowledge transfer between top notch academic
research and industrial R&D.”
Team members represent several of the Carnegie Mellon Portugal program’s affiliates: Vasco Vasconcelos of the Faculdade de Ciências da Universidade de Lisboa (FCUL), António Melo and Lúcio Ferrão of OutSystems, João Costa Seco of Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa (FCTUNL), Filipe Militão and Bernardo Toninho, dual degree Ph.D. students, and Hugo Vieira of FCTUNL. Two postdoctoral researchers were also recently hired to assist with the project.
In keeping with the Carnegie Mellon Portugal program precedent of collaboration, this project works in tandem with OutSystems, one of the program’s many Industrial Affiliates. OutSystems is a Portugal-based software company with clients in 16 industries. The company provides an “All-in-One Agile Platform” for management of web business applications that are built for continuous change, a special consideration of INTERFACES.
“A key novelty of this project is the use of sophisticated logic and type systems that will lead to the design of programs that can actually automatically analyze other programs, and help developers to detect and correct errors even before the modules are installed, just by looking at the way they are glued to each other, i.e. at their INTERFACES.” The INTERFACES project was launched in May of 2009, but is already showing promise.
Technical results have already been published and team members are currently working on a prototype of a self-correcting web-application development system, which will be able to “detect possible security breaches before they happen, and warn the software developer at the right time.”
With completion projected for 2012, the project team is making towards its goal of “bridging basic research results to validation and product improvement in real systems.”
More information about the INTERFACES - Certified Interfaces for Integrity and Security in Extensible Web-based Applications project available at /WorkArea/linkit.aspx?LinkIdentifier=id&ItemID=1564