Computer Scientist Earns Grant To Strengthen Software Protection
Dr. Shiyi Wei, assistant professor of computer science in the Erik Jonsson School of Engineering and Computer Science, focuses on software protection through error detection prior to software deployment.
Like thieves looking for unlocked doors or windows, cybercriminals search for mistakes in software code that could allow them to break into computer networks to steal private data or launch attacks.
Dr. Shiyi Wei, assistant professor of computer science at The University of Texas at Dallas Erik Jonsson School of Engineering and Computer Science, develops tools to prevent cyberattacks by finding and fixing coding errors before software is deployed.
Most recently, Wei received a five-year $458,849 National Science Foundation Faculty Early Career Development Program (CAREER) award to improve static analysis, a tool that examines software for flaws that create security vulnerabilities.
“When you have a bug, or error, in a software application, it leaves the chance for attacks,” Wei said. “Our goal is to make sure that errors — especially critical errors — can be detected before the deployment of the code or as early as possible in the process so they can’t be exploited by bad users, which could cause very severe consequences.”
Thousands or even millions of lines of code are needed to operate basic software applications that people use every day. Mistakes in this complex set of instructions, which could be written in a range of languages, are caused by human error. As a relatively young field, computer science does not have a universal set of standards for developing software code, which Wei said also can lead to mistakes.
Software is tested using static analysis programs made up of algorithms that search for vulnerabilities. Wei said it can be challenging, however, to know which of the many available analysis tools should be applied. He said the wrong one could be as ineffective as using an English spell checker on an article written in a different language. Wei’s research is designed to use machine learning to automatically construct the best software analysis tool for the type of software being tested.
“Our goal is to make sure that errors … can be detected before the deployment of the code or as early as possible in the process so they can’t be exploited by bad users, which could cause very severe consequences.”
Dr. Shiyi Wei
assistant professor of computer science in the Erik Jonsson School of Engineering and Computer Science
Another part of his research focuses on developing a more systematic process to ensure that the tools themselves are effective and do not have bugs. Researchers in his group have developed a technique to discover bugs in software by examining the relationships between the algorithms with a static analysis tool. Wei said relationships that do not behave in expected ways can indicate errors.
Wei and his team will initially focus on analysis tools for Android, with the aim of applying the solution more broadly.
“Our goal is to help users figure out which option or combination of options to use to take advantage of the full potential of the tools available,” Wei said.
Wei became interested in software security and reliability as an undergraduate student in China, where he had the opportunity to participate in research on the issue. He earned his doctoral degree from Virginia Tech and worked as a postdoctoral associate at the University of Maryland, College Park before joining The University of Texas at Dallas in 2017.