EAST: Using Evolutionary Algorithms to Understand and Secure Web/Enterprise Systems

With the EAST project, I aim to improve our understanding of the intrinsic characteristics of web/enterprise systems related to their security. I will achieve it by designing novel techniques that are able to scale to automatically generate test cases for large web/enterprise systems, and that can automatically find common types of security threats. This is a necessary stepping stone before reaching the high risk / high impact goal of designing testing systems that can adapt and learn, finding classes of security threats for which currently there is no automated solution due to the oracle-problem. I will contribute towards this goal by constructing and studying classes of co-evolutionary algorithms that evolve in competition in separate populations of test cases for graphical user interfaces (e.g., web app GUIs) and direct network calls (e.g., HTTP). The tools and techniques developed in the EAST project will be instrumental to study and broaden our understanding of what kinds of security-related mistakes do developers make in practice, and why they are made. Such scientific knowledge will be at the base to form a so much needed theoretical framework for the field of security testing. The project will contribute to software engineering (insight in web/enterprise systems and automated methods for system testing), evolutionary computation (in particular co-evolutionary algorithms for the domain of software test generation), and computer security (in particular developing breakthroughs in investigating the so-called oracle-problem).

This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 864972)

The project is financed by ERC-European Research Council