Research & Development World

  • Home Page
  • Topics
    • Aerospace
    • Archeology
    • Automotive
    • Biotech
    • Chemistry
    • COVID-19
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Market Pulse
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
      • Software
    • Semiconductors
  • 2021 R&D 100 Award Winners
    • R&D 100 Awards
    • 2020 Winners
    • Winner Archive
  • Resources
    • Digital Issues
    • Podcasts
    • Subscribe
  • Global Funding Forecast
  • Webinars

UIC to Lead $3M Initiative to Develop System to Identify, Patch Software Security Holes

By University of Illinois at Chicago | February 11, 2019

Venkat Venkatakrishnan (Photo: Courtesy of the University of Illinois at Chicago)

The University of Illinois at Chicago will lead a $3 million project funded by the Defense Advanced Research Projects Agency to design, develop and evaluate a system that will identify security vulnerabilities in web software. UIC will receive $1.4 million of the funding, and the rest will support co-investigators at the University of Texas at Dallas and The Johns Hopkins University. The system will spot security weaknesses in the millions—sometimes billions—of lines of code that run websites including, banking and online shopping, that are attractive to hackers.

Once identified by the system, called GAMEPLAY (for Graph Analysis for Mechanized Exploit-generation and vulnerability Patching Leveraging human Assistance for improved Yield), the vulnerabilities will be automatically probed to determine whether they really could be leveraged by hackers. GAMEPLAY will then generate patches for these vulnerabilities, known as “exploits” to computer scientists.

“GAMEPLAY addresses a pressing need in both government and industry for more rapid vulnerability identification and patching response strategies that can scale with the increasing speed and scope of modern cyber-warfare campaigns that target networked software,” said Venkat Venkatakrishnan, professor of computer science in the UIC College of Engineering and principal investigator on the grant.

“GAMEPLAY is intended to be used by cybersecurity analysts, software developers and other professionals interested in identifying ‘exploits’ in software. It will run, for the most part, on its own but when an issue arises where a decision needs to be made, then a human will provide input to guide the system.”

Venkatakrishnan says that systems to scan and analyze code exist, but they can be expensive and may not provide total assurance because code is exceedingly complex and scanning it thoroughly presents a huge computational problem. GAMEPLAY will get around these issues by allowing for human input as the system runs.

“We want to create a system that allows software developers and security experts to be proactive by building a tool that will let them scan for potential problems in code that could provide an opening for hackers before the hackers have a chance to find the weaknesses themselves,” Venkatakrishnan said.

The system will be designed to be able to evaluate software written in several computer languages, including C, Python and JavaScript.

“GAMEPLAY will be built on a language-agnostic platform extensible to multiple computer languages,” Venkatakrishnan said.

The UIC team will be joined by computer scientists from Johns Hopkins and the University of Texas at Dallas to develop GAMEPLAY for these different computer languages.

The project will also include students at the graduate and undergraduate level who will have a chance to take part in constructing GAMEPLAY while learning about state-of-the-art digital security tools.

“The GAMEPLAY project will be rolled into several student classes on code analysis and vulnerability identification,” said Rigel Gjomemo, research assistant professor of computer science and associate director of UIC’s Electronic Security and Privacy: Technological, Human, Enterprise and Legal Considerations program. “Students may also participate in hacking competitions using what they’ve learned in these classes, giving them experience that they can bring to their future employers in the cybersecurity field.”

Related Articles Read More >

BIO-ISAC formed to protect bioeconomy infrastructure from increasing attacks
U.S. Army’s Sentinel A4 radar program receives Orolia M-Code solution 
NUS researchers bring attack-proof quantum communication two steps forward
R&D 100 winner of the day: CyberPow: Cyber Sensing for Power Outage Detection
2021 R&D Global Funding Forecast

Need R&D World news in a minute?

We Deliver!
R&D World Enewsletters get you caught up on all the mission critical news you need in research and development. Sign up today.
Enews Signup

R&D World Digital Issues

February 2020 issue

Browse the most current issue of R&D World and back issues in an easy to use high quality format. Clip, share and download with the leading R& magazine today.

Research & Development World
  • Subscribe to R&D World Magazine
  • Enews Sign Up
  • Contact Us
  • About Us
  • Drug Discovery & Development
  • Pharmaceutical Processing
  • 2021 Global Funding Forecast

Copyright © 2022 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search R&D World

  • Home Page
  • Topics
    • Aerospace
    • Archeology
    • Automotive
    • Biotech
    • Chemistry
    • COVID-19
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Market Pulse
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
      • Software
    • Semiconductors
  • 2021 R&D 100 Award Winners
    • R&D 100 Awards
    • 2020 Winners
    • Winner Archive
  • Resources
    • Digital Issues
    • Podcasts
    • Subscribe
  • Global Funding Forecast
  • Webinars