NSF grant will help ensure quality and security of multilingual software – WSU Insider

Haipeng Cai

Imagine two people who speak different languages ​​trying to decide where to have dinner. They can draw pictures or point to each other, and despite their inability to understand each other’s words, they can probably still get their ideas across enough to determine a course of action.

This is the idea of ​​a 3-year program National Science Foundation Grant which aims to improve the security and functionality of software by helping computer programming languages ​​communicate at a basic level. The $500,000 grant is led by Haipeng Cai, assistant professor in the School of Electrical Engineering and Computer Science.

Most software that controls common applications uses multiple languages. So, for example, in facial recognition software that recognizes and remembers faces, software developers often use the easy-to-use Python language to guide program behavior. They then rely on the C or C+ language for more complex computational capabilities that underlie Python instructions.

When a computer application crashes or is hacked, the problem may be due to a communication problem at the interface between languages, Cai explains. The security and quality assurance tools that protect these software systems analyze issues by looking at each of a given program’s languages ​​separately, but research has shown that many of the security vulnerabilities and quality-related issues occur at the interface between two languages.

“Current software security techniques ignore interactions between languages,” Cai said. “If you look at one language at a time, you’re going to miss this place, and it becomes a cybersecurity hole.”

Cai’s project aims to improve understanding of this important interface by developing a common intermediate representation of computer languages. Similar to two foreign language speakers using gestures, program languages ​​could then communicate at a rudimentary level, and all code could be on the same page without the need for tedious translations of the entire computer conversation, he said. declared.

“The main novelty of this work is that we have identified the right representation that can uniformly represent different languages,” he said. “We don’t translate the entire code. »

As part of the grant, researchers are also working to provide a practical and cost-effective tool to holistically analyze multilingual software systems.

“The research will lead to a new dynamic analysis base and a series of application tools for diagnosing cross-language accuracy and security issues, which will help produce higher quality multilingual systems,” said he declared.

Cai’s group will present some of the preliminary work on their project at an upcoming computer security conference.