A team of researchers at Georgia Tech’s School of Computer Science, including Indian American Santosh Pande, has been awarded $7.5 million from the Office of Naval Research to develop a customized attack-resistant software stack.
The team includes principal investigator Bill Harris, an assistant professor at the computer science school, as well as professors Wenke Lee and Alessandro Orso, and assistant professor Taesoo Kim.
The researchers are working on a technique for reducing what is known as the attack surface, the total number of ways in which a program can be vulnerable to exploit, according to a GT news release.
Most general-purpose software includes code that not every user needs, and unused code can create an opportunity for exploit for an attacker, it said.
Through this research, users will be able to run software in which unneeded code is removed, thus decreasing the vulnerability of the programs they use, according to the news release.
“When you build a house, you only really need one door, but the house may still have multiple doors,” Lee said in the news release. “The number of doors increases the opportunity to break in. If you only have one door, your house is more secure.”
In order to do this, the news release said, the researchers are looking at the full stack of software systems, including applications, operating systems, and possibly Internet of Things devices.
They are planning to use static and dynamic analysis techniques to determine which pathways through the system different users need.
Each researcher has a specific area of expertise, with Pande’s focus on compilers that will help determine what essential code must be loaded for each user during application execution.
Overall, the five researchers have the set of complementary skills needed for the project to be successful, according to the institution.
Over the five-year life of the grant, the researchers expect to develop a series of approaches for reducing attack surface that anyone can use on complex systems, as well on low-level code, it said.
In addition to serving as a computer science professor at Georgia Tech, Pande is the founder and CEO of Coreopsys Software Labs Inc. He also had a short stint as a software engineer at the Tata Institute of Fundamental Research in India.
He earned a bachelor's degree at Visvesvaraya National Institute of Technology, a master's from the Indian Institute of Technology in Mumbai and doctorate from North Carolina State University.