ASU engineer Adam Doupé looks to safeguard personal data through advanced automated vulnerability analysis tools


|

Nowadays, when a person wants to buy something over the internet they will type in their credit-card information, name and address without giving it a second thought. But a single vulnerability in a web application can allow an attacker to steal that personal information.

Adam Doupé, an assistant professor of computer science and engineering in Arizona State University’s Ira A. Fulton Schools of Engineering, wants to develop tools that can automatically find such vulnerabilities in a web application, so they can be found and remedied before an attacker can exploit them.

Doupé is developing these tools as part of a five-year, $416,585 National Science Foundation CAREER Award, “Next Generation Black-Box Web Application Vulnerability Analysis.”

“The inspiration for this project was my own experiences as a penetration tester for web applications,” said Doupé. “I realized that, as a human, when I am interacting with a web application, I am not only building a mental model of how the web application works, but I’m also trying to understand how the code of the web application was written. This is essentially reverse engineering the code of the web application.”

Doupé wondered if this idea could be applied to an automated tool. Could an automated tool reverse engineer the code of the web application simply through interacting with it?

“It turns out that there is a branch of machine learning, called inductive programming, that could help,” said Doupé. “Therefore, the project idea is to apply inductive programming techniques to automatically reverse engineer the source code of a web application, simply through interacting with it, then to identify vulnerabilities in the reverse-engineered source code of the web application. This should result in smarter tools that can find vulnerabilities as well as a human.” 

The growing need for secure data solutions keeps research such as Doupé’s in high demand.

“I think that the proposal was chosen because it features the combination of interesting and diverse research areas that are applied to an area with great impact,” Doupé said.

The excitement and potential of innovations helped draw Doupé to ASU.

“Everyone I talked to was positive and excited about their research,” said Doupé. “I knew that I wanted to be a part of the ASU family.”

ASU’s robust support system helped Doupé put together the successful proposal. He credits Steven Ayer, assistant professor of construction management and engineering; Stacy Esposito, director of Research Advancement in the Fulton Schools; and his fellow computer science and engineering faculty in helping to strengthen the proposal.

More Science and technology

 

Associate Professor Yoan Simon in his lab on the Tempe campus.

New polymer technology opens door to paths for enhancing sustainability

We are reminded every day in the media of the unnecessary amount of waste being generated with pictures of plastic garbage…

A young girl receives an eye exam.

ASU researchers use AI to help people see more clearly

Myopia, also known as nearsightedness, is on the rise, especially among children.Experts predict that by the year 2050, myopia…

A portrait of Tim Cope posing with the ORIGAMI RISK logo and balloons that form the number 900.

ASU computer science alum turns entrepreneurship into activism

Tim Cope encourages students to take risks.That may sound like an odd posture for a co-founder of a software firm that helps…