Porter Receives Seed Grant to Develop Source Code Analysis Tools

Tue Aug 02, 2016

Adam Porter, a professor of computer science with an appointment in UMIACS, recently received a $78,500 seed grant to develop source code analysis tools used to improve the security of modern web application software.

The funding from the MITRE Corporation’s National Cybersecurity Federally Funded Research and Development Center (FFRDC) and the University System of Maryland is part of a national initiative to advance research and innovation in emerging cybersecurity technologies.

Porter’s winning project was one of only five proposals chosen from almost 40 applicants.

“These efforts will help advance cybersecurity solutions in finance, healthcare, retail and utilities—our nation’s critical systems,” says Mark Maybury, a vice president at MITRE and director of the National Cybersecurity FFRDC, launched in 2014 to identify and solve real-world cybersecurity challenges facing U.S. businesses across sectors.

Porter is working with computer science doctoral student Christoph Schulze and with staff at the Fraunhofer Center for Experimental Software Engineering to develop a suite of software analysis tools that can quickly probe modern web code applications like .NET Framework.

Web application security is improving with new tools and techniques constantly being created, Porter says, but some of the most popular security technologies still require users to manually apply their security-related functions. Any small mistake can therefore create openings that hackers can exploit.

This project is creating a source code annotation tool called SCAT that provides detailed analysis and annotated feedback in real-time, offering immediate suggestions to fix potential security gaps.

“We want to provide intelligent support so that application developers can use new security technologies more effectively,” Porter says.

While the SCAT project is still in its early stages, the seed funding from MITRE and the University System will help bring in other researchers this fall, Porter says. This includes several undergraduates in the university’s ACES cybersecurity program, as well as an undergraduate from Towson University.

Porter would also like to see the project spur even more collaborations between university researchers and the Fraunhofer Center, where he currently serves as executive director.

“The Fraunhofer Center is focused heavily on applied research and technology transfer, and source code analysis tools like SCAT will help advance that mission,” he says.