Popular libraries grow rapidly in size while catering to diverse client software. A recent study of 11 versions of the Android Operating System showed that its Application Programming Interface (API) has grown ten-fold in a decade. This puts a huge cognitive load on developers and they tend to defer upgrading their code to use newer versions. Alarmingly, it is not unusual for developers to continue to use versions that are vulnerable.
To build sustainable and secure software systems, client software needs to be synchronised automatically with libraries. In the SELES project, we will develop a novel approach to software upgrade which integrates directives for human developers into formal frameworks for program synthesis, generation and repair. We will use library documentation to guide frameworks for reasoning and auto-transformation of software. We will leverage recent advances in symbolic and data-driven software analysis for this. The outputs from SELES will be used to automatically upgrade Android apps by using the outputs as plugins in build systems and static analysis tools for Android.
SELES requires an understanding of Static Analysis and/or Compilers. Previous experience with the Android ecosystem, Natural Language Processing or Machine Learning would be beneficial but not essential. This project will be supervised by Dr. Santanu Dash and Dr. Jorge Blasco Alis. It will be in collaboration with the Software System Engineering Group at University College London. Please email [Email Address Removed] for initial discussions or queries.
SELES complements existing work in S3Lab (https://s3lab.isg.rhul.ac.uk) within the Information Security Group at Royal Holloway. S3Lab has an established track record of producing world-leading research outputs in Systems Security, with publications in flagship venues for both Software Security and Software Engineering. We are proud of our alumni who hold important positions in both academic and industrial research. Come join us for a chance to do impactful research.