Researchers help develop state-of-the-art cybersecurity resource

Feb 05, 2014

Researchers from Indiana University's Center for Applied Cybersecurity Research and University Information Technology Services' Research Technologies Division have contributed to the development of a new tool designed to help software developers close critical security holes in their products.

Cybercrime is booming; it is an estimated $100 billion industry in the United States and shows no signs of slowing down. Attackers have an arsenal of weapons at their disposal, including social engineering—or phishing—penetrating weak security protocols and exploiting software vulnerabilities that can serve as an "open window" into an organization's IT environment. Closing those windows requires effective and accessible tools to identify and root out .

The Software Assurance Marketplace, or the SWAMP, has created a resource to address this growing need that was made publicly available and free to the software community this week.

Supported by a $23.4 million grant from the Department of Homeland Security's Science and Technology Directorate, the SWAMP provides a state-of-the-art facility that serves as an open resource for , software assurance tool developers and software researchers who wish to collaborate and improve software assurance activities in a safe, secure environment. From the very early stages of a project and throughout its entire life cycle, the SWAMP offers continuous, automated access to a rich and evolving set of assessment capabilities.

"We're pleased Indiana University's resources could be leveraged in the creation of this state-of-the-art facility that can now serve as an open resource to help improve the safety and quality of software ecosystems by creating access to assurance tools, testing and reporting," said CACR Deputy Director and SWAMP Chief Security Officer Von Welch. Welch serves as the principal investigator for IU's work with SWAMP.

Located in Madison, Wis., and designed by researchers from the Morgridge Institute for Research, the University of Wisconsin-Madison, IU and the University of Illinois, Champaign-Urbana, the SWAMP provides a suite of assurance tools and software packages that serve to identity vulnerabilities and reduce false positives. According to SWAMP's director and chief technology officer, Miron Livny, "The magnitude of our national software assurance problem requires a comprehensive approach backed by a powerful facility that addresses all dimensions of the problem—integrated education, better tools and wider adoption."

The initial operating capability of the SWAMP enables the assessment of Java, C and C++ software against five static analysis tools. Results are displayed via Secure Decisions' CodeDx vulnerability results viewer, which was developed through the Small Business Innovation Research program of the Department of Homeland Security's Science and Technology Directorate.

"We see widespread adoption of the SWAMP as having a profound, positive impact on software systems and applications that powers our critical infrastructure," said DHS software assurance program manager Kevin Greene. "Better assurance practices lead to better security. It's that simple."

"The SWAMP collaboration is a great example of the public and private sector coming together to advance improvements in assurance activities to deal with emerging cyber threats," he added.

The SWAMP's initial assurance tools include FindBugs, PMD, Clang, CppCheck and GCC and the choice of eight platforms. Over the five-year project, SWAMP will add multiple assessment capabilities including mobile, dynamic and binary analysis tools.

Explore further: osCommerce e-commerce software vulnerable to hackers, security researchers find

add to favorites email to friend print save as pdf

Related Stories

Games help improve software security

Dec 05, 2013

Ever more sophisticated cyber attacks exploit software vulnerabilities in the Commercial Off-the-Shelf (COTS) IT systems and applications upon which military, government and commercial organizations rely. ...

Apple denies 'backdoor' NSA access

Jan 01, 2014

Apple said Tuesday it had no "backdoor" in its products after a security researcher and a leaked document suggested the US National Security Agency had unfettered access to the iPhone.

Recommended for you

Researchers jailbreak iOS 7.1.2

17 hours ago

Security researchers at the Georgia Tech Information Security Center (GTISC) have discovered a way to jailbreak current generation Apple iOS devices (e.g., iPhones and iPads) running the latest iOS software.

Smartphones as a health tool for older adults

18 hours ago

A team of researchers from the Universitat Politècnica de Catalunya · BarcelonaTech (UPC) and the Universitat Autònoma de Barcelona (UAB) is creating a smartphone app that will help older adults to understand ...

Can you trust that app?

18 hours ago

You're on your smartphone, browsing through Facebook. In a fit of productivity, you search for, say, a project management app to help you use your non-Instagram and cat video time more effectively. You download ...

Facebook's Internet.org expands in Zambia

Jul 31, 2014

(AP)—Facebook's Internet.org project is taking another step toward its goal of bringing the Internet to people who are not yet online with an app launching Thursday in Zambia.

Body by smartphone

Jul 30, 2014

We love our smartphones. Since they marched out of the corporate world and into the hands of consumers about 10 years ago, we've relied more and more on our iPhone and Android devices to organize our schedules, ...

User comments : 0