ECE: Electrical & Computer Engineering
ECE News

Wang awarded YIP for tools to detect vulnerabilities in concurrent software

Multicore debugging

Read more about Wang's research in the 2012 Annual Report article: Multi-thread Multi-core...a Single Bug.

ECE’s Chao Wang has received a three-year Office of Naval Research (ONR) Young Investigator Program (YIP) to develop methods and software tools that can detect security vulnerabilities in multicore software.

The Young Investigator grant is the most prestigious of ONR grants for faculty members early in their careers. Awardees are noted for their exceptional promise for conducting creative research. ONR made only sixteen awards in 2013.

Chao Wang in front of a whiteboard with formulas

Chao Wang

According to Wang, “seemingly simple software defects, such as buffer overruns, have led to numerous security exploits in the past.” With the use of multicore processors, he continues, “concurrency related software defects may become the new buffer overruns.”

As software takes advantage of multicore processors, it becomes increasingly difficult to detect vulnerabilities. Concurrency vulnerabilities can sometimes be discovered as program bugs, but some remain hidden until maliciously attacked.

Wang stresses that it is inherently difficult to reason about concurrent programming. Because there are so many interleavings where different program threads interact, “multiple runs of the same program may exhibit different behaviors even for the same input,” he says. “Furthermore, the number of interleavings is often astronomically large.”

Wang explains that current methods for detecting vulnerabilities either detect only specific sets of interleavings, or “overapproximate the impact of threading and report too many false positives.”

Wang proposes to use a model driven program analysis framework that automatically generates models from existing software code. These models will reduce the complexity of the program analysis problem. Wang explains that with this approach, “we won’t have to enumerate all the interleavings. Instead, we concentrate on only the discrepancy (if any) between the intended program behavior and the actual program behavior.” This will work for a wide range of security vulnerabilities, known and unknown.

“Although automated model generation has been used or at least envisioned in other settings...it has never been fully explored for mitigating concurrency vulnerabilities,” Wang notes. “This research will fill the gap.”

Wang joined ECE in August 2011, after serving seven years as a Research Staff member at NEC Laboratories in Princeton, New Jersey. He earned his B.S. and M.S. from Peking University, China in 1996 and 1999, respectively, and a Ph.D. in 2004 from the University of Colorado at Boulder.