Navy funding software security research at UW-Madison

UW-Madison has received $6.1 million from the Navy to support a research project into software security.

Professor Somesh Jha of the UW-Madison Computer Sciences Department will lead the research team. He’s a specialist in information security and has published numerous works on detecting malware, network security protocols and much more.

The project will focus on containers, but not the physical kind. Just as standardized shipping containers simplified the process of transporting diverse goods, containers in the online world make it easier to move software from one computing environment to another.

Tech analytics firm 451 Research says container technologies generated $762 million in revenue in 2016. And these containers have been gaining more footing in the tech world in recent years, with industry leaders using containers for major aspects of their platforms. Google, for example, runs nearly everything in containers, including Gmail, Youtube and search.

One problem with containers, according to a UW-Madison release, is that they can build up redundancies, becoming “bloated.”

“Bloat causes slowdowns, and software becomes harder to manage, and of course security is a big concern,” Jha said. “If you are including things (in a container) that are not needed, if any one part of that is compromised, you’re becoming vulnerable.”

The “Techniques and Tools for De-bloating Containers” project, supported by the Navy’s Office of Naval Research, aims to improve application performance, make software easier to manage and bolster online security.

Jha will be working with UW-Madison computer sciences Professor Tom Reps, as well as other colleagues who specialize in computer systems, system measurement, program analysis and more. Four other groups are also pitching in: the University of Illinois, Oregon State University, the University of Toronto and GrammaTech, a Madison-based computer security company.

Reps is the co-founder of GrammaTech, which has office both in Wisconsin and in New York. He says the Office of Naval Research “has a history of initiating prescient research efforts” on issues like these before the public is aware of them.

“The larger ‘Software Customization and Complexity Reduction’ program that we are part of is a creative effort to build the technology base for a win-win: for software to be made to run faster at the same time as its ‘attack surface’ — the number of potentially attackable features — is reduced,” Reps said.

GrammaTech has also gotten support from the Office of Naval Research, announcing earlier that it had landed a three-year, $9 million contract to investigate new techniques for defending against cyber attacks.

“The team is right to handle this very complex, large-scale problem,” Jha added. “And if we can create techniques to decrease container bloat, the potential benefit to society is huge in terms of software performance, security and trustworthiness.”

–By Alex Moe