Architectural flaws are results of inappropriate design choices in early stages of software development, incorrect implementation of security patterns, or degradation of security architecture over time. In this project, we are working on establishing a catalog of Common Architecture Weakness Enumeration, containing architectural weaknesses that may create security breaches within the software.

In this project, we work on delivering solutions to create, validate, and share high-quality datasets necessary to drive future software traceability research. Our approach which is named Bigdata aUgmented Dataset GEneraTor (BUDGET), uses an ultra-large-scale code repository of 2 Million open source projects (in various programming languages) and extracts useful, connected, semantically cohesive traceability artifacts from this repository. In order to solicit high-quality traceability artifacts, BUDGET implements previously proven Information Retrieval (IR) methods, Natural Language Processing (NLP) algorithms, Data Mining techniques, Code Dependency analysis, and Heuristic-based tools.

Before a medical device can be used in the clinical environment, the manufacturer must demonstrate that the device provides a medical benefit in routine clinical use, and also the device is hazard free. Demonstrating that a device is safe, secure and reliable systems is difficult. Certification and regulatory agencies routinely require full life-cycle traceability for the demonstration of fitness. Software traceability plays a critical role in demonstrating that a delivered software system satisfies all of its software design constraints and mitigates all identified hazards and threats. In this project we are developing Medical Device Development Tools that use safety and security reference models to help the manufacturer demonstrate that:

• The device is free from risks that can lead to physical hazards.
• Security threats are identified, and appropriate mitigation techniques are adopted.
• Known domain specific vulnerabilities are identified and eliminated from the products.

The project will include developing a set of novel big-data compatible architecture profilers that detect and learn architectural choices made by several developers across source codes of thousands of open-source systems. This knowledge is used to recommend architectural tactics fitting a new project. This represents a paradigm shift in utilizing automated techniques to bring design thinking into developers' daily coding activities. Unlike existing architecture design practices, which all involve a rigorous upfront analysis of the system's quality concerns, this research takes a bottom-up approach. It uses the latent domain topics in the source code and identifies not only architectural tactics/patterns missing in a given project but also recommends several high quality sample implementations of the tactics/patterns from open source software projects. The findings of this research will partially address the current gap between design and implementation.

Developers often resort to using search engines, crowd-sourcing websites, or discussion forums to find useful information about a particular development task ranging from technical information about a security APIs to how to write a unit test for a multi-threaded program. A fundamental problem of finding implementation artifact is the mismatch between the high-level intent reflected in the descriptions of these artifacts and the low-level implementation details of them. In this project, we develop custom search and rank algorithms to reduce this mismatch and help developers find a diverse set of artifacts matching their development challenges.


Project's Webpage>>

Archie introduces a pluggable tool which provides an architectural protection layer for use in a variety of programming IDEs and software modeling tools.

1. Detect and monitor code snippets that implement key architectural decisions in the source code, including security related ones.
2. Proactively keep developers informed of underlying architectural decisions during maintenance activities.
3. Automatically trace external architecture specification documents to the source code or design model.
4. Perform change impact analysis of architectural concerns at both the code and design level.