Penn Engineers Receive $6.1 Million Grant from Office of Naval Research to Reduce Software Complexity

by Lida Tunesi

The larger a fortress, the more spots there are for attackers to sneak in. One might think of software in a similar way: making software more complicated can also make it more vulnerable. “The trend of increasing software complexity has no end in sight,” says Mayur Naik, Associate Professor of Computer and Information Science (CIS). Unfortunately, this growth has led to a rise in cyberattacks.

With this problem in mind, researchers in Penn Engineering’s PRECISE Center have received a $6.1 million, five-year grant from the Office of Naval Research (ONR) for the ASPIRE project, which will create a compiler that can simplify software without sacrificing functionality.

“Developers today use general purpose, ‘off-the-shelf’ components to build software, so no single developer has a complete understanding of the entire codebase,” says Naik, who is the principal investigator for ASPIRE. “This opens up opportunities for cyberattackers to exploit defects.” ASPIRE’s final product will be able to recognize which features of these components the software isn’t going to use, and automatically remove them.

The team of CIS researchers includes Naik, Zisman Family Professor Rajeev Alur, Professor Boon Thau Loo and Research Associate Professor Oleg Sokolsky, as well as Cecilia Fitler Moore Professor and PRECISE Center co-director Insup Lee, who also has an appointment in the Department of Electrical and Systems Engineering. The grant is part of ONR’s “Total Platform Cyber Protection” program.

The ASPIRE team also plans on using ideas from artificial intelligence. “There is a lot of open-source software out there that we can use as data,” says Naik. “The hope is that the compiler can learn, from this data, new techniques to transform complicated programs into simpler ones.”