Like thieves looking for unlocked doors or windows, cybercriminals search for mistakes in software code that could allow them to break into computer networks to steal private data or launch attacks.
Dr. Shiyi Wei, assistant professor of computer science at The University of Texas at Dallas Erik Jonsson School of Engineering and Computer Science, develops tools to prevent cyberattacks by finding and fixing coding errors before the software is deployed.
Most recently, Wei received a five-year, $458,849 National Science Foundation Faculty Early Career Development Program (CAREER) award to improve static analysis, a tool that examines software for flaws that create security vulnerabilities.
“Our goal is to make sure that errors … can be detected before the deployment of the code or as early as possible in the process so they can’t be exploited by bad users, which could cause very severe consequences.”
Dr. Shiyi Wei, assistant professor of computer science in the Erik Jonsson School of Engineering and Computer Science
“When you have a bug, or error, in a software application, it leaves the chance for attacks,” Wei said. “Our goal is to make sure that errors, especially critical errors, can be detected before the deployment of the code or as early as possible in the process so they can’t be exploited by bad users, which could cause very severe consequences.”
Thousands, or even millions, of lines of code are needed to operate basic software applications that people use every day. Mistakes in this complex set of instructions, which could be written in a range of languages, are caused by human error. As a relatively young field, computer science does not have a universal set of standards for developing software code, which Wei said also can lead to mistakes.
About CAREER Awards
The Faculty Early Career Development Program supports early-career faculty who exemplify the role of teacher-scholars through outstanding research and excellent education. The highly selective program is the National Science Foundation’s most prestigious award for early-career faculty who are considered likely to become leaders in their fields.
Software is tested using static analysis programs made up of algorithms that search for vulnerabilities. Wei said it can be challenging, however, to know which of the many available analysis tools should be applied. He said the wrong one could be as ineffective as using an English spelling checker on an article written in a different language. Wei’s research is designed to use machine learning to construct the best software analysis tool automatically for the type of software being tested.
Another part of his research focuses on developing a more systematic process to ensure that the tools themselves are effective and do not have bugs. Researchers in his group have developed a technique to discover bugs within a static analysis tool by examining the relationships between the algorithms. Wei said relationships that do not behave in expected ways can indicate errors.
Wei and his team will initially focus on analysis tools for Android, with the aim of applying the solution more broadly.
“Our goal is to help users figure out which option or combination of options to use to take advantage of the full potential of the tools available,” Wei said.
Wei became interested in software security and reliability as an undergraduate student in China, where he had the opportunity to participate in research on the issue. He earned his doctoral degree from Virginia Tech and worked as a postdoctoral associate at the University of Maryland, College Park before joining UT Dallas in 2017.