NEWS Fuzzing, software testing and program analysis. These are some of the areas that we will hear much more about from Alexandre Bartel, Umeå university’s first Professor in Software System Security. “I’m excited to join the Department of Computing Science and to contribute to its developments. Society will benefit from the output of my research” says Alexandre Bartel.
Alexandre Bartel, new Professor in Software Engineering and Security at The Department of Computing Science, Umeå University.
ImageMichel Brumat PhotographeThe most important thing for companies and societies is the data they produce and store. In fact, data can now be considered as the new kind of oil, and it needs to be handled carefully. “Flaws such as vulnerabilities and malware within the systems or present in a third-party software are a grave threat to the security, and cost billions each year,” Alexandre Bartel says.
He has studied Data and Software Security since he first started taking an interest in computing at an early age. Today, he is Umeå University’s first and only professor in Software Engineering and Security, now joining the fast-growing Department of Computing Science, where five prominent professors have been appointed during the last four years.
Alexandre Bartel and his research group will develop future tools and techniques capable of testing and evaluating software systems, during their whole life cycle. “We want to contribute to more robust systems that behave correctly, by identifying weaknesses and vulnerabilities at an early stage,” says Alexandre Bartel.
There are already ways to find security issues. Testers and developers are often doing it manually, which can take months or even years. Another approach is “fuzzing”, an automated technique to identify specific kinds of software vulnerabilities in a much faster and accurate way. Alexandre and his research group will work on the further development of fuzzing methods – an approach to evaluate these models and tools more efficiently. “Fuzzing is well-known within software security research. We want to speed up the process, and at the same time deliver a high-quality analysis”, says Alexandre Bartel.
Companies many times have software and infrastructures which work even if they don’t take security into account. "They often consider security as not necessary, until it’s too late – and way more costly," Alexandre Bartel says.
That’s one of the reasons behind another area that his research group will work on – Reverse Engineering. “If a company or the public sector buys software, they don’t usually have access to the underlying code. With our approach, we can take the software, reverse the process, and understand how it works. It’s an easier way to find vulnerabilities and evaluate security issues and design flaws, afterward”, says Alexandre Bartel.
He and his research group aim to minimize malware, leakage, and other threats. By developing tools and techniques that are more robust, the aim is to make it harder for attackers to exploit a system.
“The bar has to be higher in terms of how much computational power will be needed to break software, and in terms of the time attackers need to compromise the system. We want to develop a new framework to evaluate the most advanced testing tools used to identify vulnerabilities in the real world”.