Software plays a vital role supporting scientific communities. Modern software programming cyberinfrastructure (CI), consisting of online discussion platforms (such as Stack Overflow) and social coding repositories (such as Github), offers an open-source and collaborative environment for distributed scientific communities to expedite the process of software development. Within the ecosystem, researchers and developers can reuse code snippets and libraries, or adapt existing ready-to-use software to solve their own problems. Despite the apparent benefits of this new social coding paradigm, its potential security-related risks have been largely overlooked; insecure or malicious codes could be easily embedded and distributed, which could severely damage the scientific credibility of CI. Therefore, there is an urgent need for developing scalable techniques and tools to automatically detect these open-source insecure or malicious codes. To address this issue, this proposed project seeks to explore innovative links between Artificial Intelligence (AI) and cybersecurity to enhance the security of modern software programming CI.
The key components of the proposed research are three-fold: (1) a novel AI-based solution (iTrustSO) utilizing social coding properties is developed to automatically identify suspicious insecure code snippets on Stack Overflow; (2) a cross-platform model is constructed to represent the complex interplay between GitHub and Stack Overflow; deep learning techniques are then utilized to build a predictive model (iTrustGH) for automatic detection of malicious codes on GitHub; and (3) a user-friendly tool (SciTrust) is developed to enhance code security for software development. The broader impacts of this work include benefits to scientific communities and the whole society by promoting the efficiency of cyber-enabled software development without sacrificing the security. The establishment of a Cybersecurity Lab through this project enhances the education and workforce training in cybersecurity. The project integrates research with education through curriculum development and student mentoring activities for the newly-established cybersecurity degree program. It is also expected to increase the participation of underrepresented groups including minority and women.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.