In the field of information security, the group concentrates on source code related artifacts and on natural language texts in order to address security related problems.
Using this hybrid, precise call graph, we are implementing various vulnerability detection algorithms that will be able to capture typical security vulnerabilities (e.g. those listed in the OWASP top 10). The detection algorithms will be based on various statistical and machine learning methods. We also plan to provide additional intelligent algorithms for filtering results to minimize false positive hits.
László Vidács (contact), Péter Hegedűs, Gergő Balogh, László Tóth
Predicting vulnerable components using machine learning models.
Automated tagging of security requirements
Security requirements compound an important part of the non-functional requirements. Extracting and tagging security-related requirements is a crucial task of the requirements engineering. Often these requirements are given as a part of another expectation expressed in natural language form. The object of the project is developing a tool for tagging security related sentences thereof supporting identifying security-related issues in the early phase of the development.
Analysis and comparison of static and dynamic call graphs and call chains.