Title: The National Need for Software Understanding
Abstract: Society is presently facing extensive, unmeasurable risk to our national security and critical infrastructure (NS&CI) missions through our widespread dependence on largely inscrutable third-party and legacy software. In recent decades, software has been integrated into every facet of daily life and government, including NS&CI missions. Historical choices on how to leverage software widely have resulted in economic opportunity and prosperity, but also a tremendous gap between our total dependence on software for NS&CI missions and our extremely limited capability to understand and validate that software. Despite rigorous testing, software typically contains unexpected behavior that can imperil the missions which rely upon it. This lecture will discuss the need for understanding software, trace the technical characteristics of software that make this challenging, and conclude with some thoughts about the research directions that software analysis needs to explore in order to address this vital problem.
Short Bio: Dr. Douglas Ghormley started at Sandia National Laboratories in 1998 after receiving a BS in Computer Engineering from CMU and a PhD in Computer Science from UC Berkeley. At Sandia, Doug has spent a career working on cyber-related challenges for a variety of national security missions. He is a Senior Scientist, specializing in cybersecurity. Currently, Doug's focus is on the cyber challenges posed by rapid adoption of third-party software into nearly every aspect of critical infrastructure and national security. He is leading the Rapid Analysis of Mission Software Systems (RAMSeS) team at Sandia, a research group exploring static analysis approaches to meet these challenges.
Title: Ensuring Data Quality for Learning Based Software Security Solutions: Lessons and Recommendations
Abstract: Learning based approaches to ensuring software security are attracting significant interest. It is well known that AI/ML based approaches are heavily reliant on the quality of data - "garbage in, garbage out. Hence, "Data Wrangling" serves as an important, but expensive, phase of using AI/ML for software security. Like any AI/ML based effort, our R&D efforts for leveraging AI/ML for software security have encountered several significant challenges of "Data Wrangling". Our pursuit of finding/devising reliable solutions to security data quality challenges has taught us that the expensiveness and error-proneness of "Data Wrangling" activities can be a barrier to widespread industrial adoption of AI/ML based approaches to software security. We believe that it is important to engage the relevant stakeholders for developing and sharing knowledge and technologies aimed at improving software security data quality. To this end, we are not only systematically identifying and synthesizing the existing empirical literature on improving data quality, but also devising suitable solutions for easing the problems we experienced/observed during "Data Wrangling". This talk will draw lessons and recommendations from our efforts of systematically reviewing the state-of-the-art and developing solutions for improving data quality while building and using AI/ML based software security solutions such as SVP models.
Short Bio: Dr. M. Ali Babar is a Professor in the School of Computer Science, University of Adelaide, Australia. He leads a theme on architecture and platform for security as service in Cyber Security Cooperative Research Centre (CSCRC), a large initiative funded by the Australian government, industry, and research institutes. Professor Babar leads one of the largest projects on "Software Security" in the ANZEC region funded by the CSCRC. Software Security with Focus on Critical Infrastructure, SOCRATES, brings more than 75 researchers and practitioners from 10 organization for developing and evaluating novel knowledge and AI- based platforms, methods, and tools for software security. Prof Babar established an interdisciplinary R&D centre called CREST, Centre for Research on Engineering Software Technologies, where he directs the research, development and education activities of more than 30 researchers and engineers in the areas of Software Systems Engineering, Security and Privacy, and Social Computing. Professor Babar obtained a Ph.D. in Computer Science and Engineering from the school of computer science and engineering of University of New South Wales, Australia. He also holds a M.Sc. degree in Computing Sciences from University of Technology, Sydney, Australia. More information on Professor Babar can be found at: https://protect-au.mimecast.com/s/ebWQCJyBw2hR6kB8sVEZAY?domain=malibabar.wordpress.com
Title: Sandia National Laboratories: Understanding third-party software for national security missions
Abstract: For more than 70 years, Sandia has delivered essential science and technology to resolve the nation's most challenging security issues. In keeping with our vision to be the nation's premier science and engineering laboratory for national security and technology innovation, we recruit the best and the brightest, equip them with world-class research tools and facilities, and provide opportunities to collaborate with technical experts from many different scientific disciplines. In this talk, Dr. Douglas Ghormley, Senior Scientist at Sandia National Laboratories, will give an overview of Sandia and its missions, with special emphasis on a research group he leads which seeks to improve our nation's ability to analyze and understand the third-party software that underlies so much of the nation's critical infrastructure and national security systems.
Short Bio: Dr. Douglas Ghormley started at Sandia National Labs in 1998 after receiving a BS in Computer Engineering from CMU and a PhD in Computer Science from UC Berkeley. At Sandia, Doug has spent a career working on cyber-related challenges for a variety of national security missions. He is currently a Senior Scientist, specializing in cyber security. Currently, Doug's focus is on the cyber challenges posed by rapid adoption of third-party software into nearly every aspect of critical infrastructure and national security. He is leading the RAMSeS (Rapid Analysis of Mission Software Systems) team at Sandia, a research group exploring static analysis approaches to meet these challenges.
Title: A Perspective on Software Analysis and Layered Hard Problems
Abstract: Lessons learned from 19 years of multi-disciplinary cyber security research at Sandia National Labs - Why does security research so often fail to have an impact? How do we put software analysis on a firmer scientific foundation? An overview of the GroundTruth project and working on layered hard problems using the RAMSeS model.
Short Bio: Dr. Samuel Mulder is a Principal Member of Technical Staff at Sandia National Labs. He currently leads the GroundTruth project, focused on establishing a stronger scientific basis for research in static program analysis, and develops the Oxide framework to extract and compare features from commercial and open reverse engineering tools, providing a unified feature layer for machine learning and other applications. Samuel received his PhD in 2004 from the University of Missouri-Rolla, with a dissertation using Adaptive Resonance Theory neural networks on combinatorial optimization problems. He has worked in cyber security for the last 19 years, with a focus on adversarial analysis and reverse engineering. He has also worked in a cognitive science group and is a frequent collaborator on multidisciplinary teams using machine learning, game theory, human factors research, and biologically-inspired learning algorithms.