Back to search

H20-ERC-European Research Council

Using Evolutionary Algorithms to Understand and Secure Web/Enterprise Systems

Awarded: NOK 19.7 mill.

Source:

Project Number:

864972

Application Type:

Project Period:

2020 - 2025

Funding received from:

Location:

Using Evolutionary Algorithms to Understand and Secure Web/Enterprise Systems

-------------------- With the EAST project, I aim to improve our understanding of the intrinsic characteristics of web/enterprise systems related to their security. I will achieve it by designing novel techniques that are able to scale to automatically generate test cases for large web/enterprise systems, and that can automatically find common types of security threats. This is a necessary stepping stone before reaching the high risk / high impact goal of designing testing systems that can adapt and learn, finding classes of security threats for which currently there is no automated solution due to the oracle-problem. I will contribute towards this goal by constructing and studying classes of co-evolutionary algorithms that evolve in competition in separate populations of test cases for graphical user interfaces (e.g., web app GUIs) and direct network calls (e.g., HTTP). The tools and techniques developed in the EAST project will be instrumental to study and broaden our understanding of what kinds of security-related mistakes do developers make in practice, and why they are made. Such scientific knowledge will be at the base to form a so much needed theoretical framework for the field of security testing. The project will contribute to software engineering (insight in web/enterprise systems and automated methods for system testing), evolutionary computation (in particular co-evolutionary algorithms for the domain of software test generation), and computer security (in particular developing breakthroughs in investigating the so-called oracle-problem).

Funding scheme:

H20-ERC-European Research Council

Funding Sources