Sponsored Research

DHS logo

Department of Homeland Security

The HSQA project addresses three areas that align with DHS S&T long term strategies:

  1. Measure source code quality and maturity of ICS and cloud based software
  2. Composition, stylometry and origination of software
  3. Identify secured and sensitive sections of source code
CERL

Construction Engineer Research Lab (CERL)

We work with the TSEAL team at TechLink to test software components as well as provide support for measuring the quality assurance of these software components.

Learn more >>

logo for DHS/INL

Department of Homeland Security/Idaho National Labs

We have developed a framework that allows managers to make informed decisions and gives developers more visibility into code vulnerabilities.

Learn more >>

Put Image Description Here

Research Experiences for Undergraduates (REU)

The REU summer program provides an opportunity for students from around the country to come to MSU for an immersive summer learning experience.

Learn more >>

Put Image Description Here

Raytheon

Building on MSU’s prior research on building fault-tolerant computers for NASA, we design hardware diversity to make flight computers resilient to cyber-attacks.  

Learn more >>

Put Image Description Here

Northwest Virtual Institute for Cybersecurity Education and Research (CySER)

As part of this inter-institution program, ROTC cadets at MSU participate in a baseline cybersecurity class their first semester and carry out a senior capstone project.

Learn more >>

 

Student Projects

Faqeer Rehman

Title: Improving the confidence of machine learning models through improved software testing approaches

Machine learning is gaining popularity in transforming and improving a number of different domains e.g., self-driving cars, natural language processing, healthcare, manufacturing, retail, banking, and cybersecurity. However, knowing the fact that machine learning algorithms are computationally complex, it becomes a challenging task to verify their correctness when either the oracle is not available or is available but too expensive to apply. Software Engineering for Machine Learning (SE4ML) is an emerging research area that focuses on applying the SE best practices and methods for better development, testing, operation, and maintenance of ML models. The focus of my research work is on the testing aspect of ML applications by adapting the traditional software testing approaches for improving the confidence on them. Specifically, to complete my dissertation, I propose (i) a statistical metamorphic testing technique to test NN-based classifiers in a non-deterministic environment, (ii) a hybridized approach that addresses the data collection/labeling problem and includes a statistical hypothesis testing technique (for detection) and machine learning-based approach (for prediction) of buggy behavior in the next release of the ML classifier under test, and (iii) generic metamorphic relations to test unsupervised algorithms from both the verification and validation perspective.

Grant Nelson

Grant Nelson is researching programmatic Technical Debt analysis, focusing on analysis of procedural languages. During analysis of patterns and anti-patterns in object oriented languages, the membership of methods in classes is used as a metric. Procedural languages do not always specify a membership between functions and structures. Grant is looking into using the variable types of a function's arguments and the arguments' usage inside of the functions to determine a participation score. The participation score is a probability that a function may belong to a structure. If a participation score can be determined such that it can be used in place of the membership metric, then current pattern and anti-pattern analysis can be performed on procedural languages.

Karishma Rahman

Title: Metamorphic Testing for Web Application

Abstract: Software testing is a process that evaluates the software’s functionality by revealing its faults. The testing process can often be complicated and expensive for complex scientific applications. Automation of software testing, which automates parts of the testing process, is thus a practical solution and can make software development much more efficient and cost-effective. Various techniques are also being used to address the oracle problem in security testing, of which, Metamorphic Testing (MT) is one. My research focuses on applying Metamorphic Testing to detect vulnerabilities in web applications.

Reese Pearsall

With new and reused malware surfacing in the cyber world everyday, there is a need to detect malware before it can cause damage and to classify and group together similar malicious files to gain a better understanding of how the malware functions. Reese's research focuses on improving the ability to detect and classify malware by using graph-based machine learning methods. There are many different graph representations of binary files, such as a control flow graph or a function call graph. By converting these graphs to a vector using graph embedding algorithms, we can create a machine learning model to detect or cluster malicious binaries. Reese's goal is to identify the effectiveness of different graph representations and discover which ones provide accurate results for detecting and clustering malware.

Prashanta Saha

TITLE: Improving The Effectiveness Of Metamorphic Testing Using Systematic Test Case Generation

Metamorphic testing is a well-known approach to tackle the oracle problem in software testing. This technique requires source test cases that serve as seeds for the generation of follow-up test cases. Systematic design of test cases is crucial for the test quality. Thus, source test case generation strategy can make a big impact on the fault detection effectiveness of metamorphic testing. Most of the previous studies on metamorphic testing have used either random test data or existing test cases as source test cases. There has been limited research done on systematic source test case generation for metamorphic testing. In my current research, I propose two different source test case generation techniques for testing scientific applications. I will apply coverage-based test case generation approaches, i.e., line, branch, and weak mutation coverage for testing numerical programs. Furthermore, for testing applications of supervised machine learning classifiers, I will apply the property-based test case generation technique. My goal is to select a metamorphic relation based test case generation approach for any particular program. To evaluate these proposed techniques, I plan to conduct experiments on complex open-source projects. My preliminary results suggest that coverage-based test cases’ fault detection effectiveness is significantly higher than the randomly generated source test cases. Moreover, random source test cases have little impact on increasing fault detection effectiveness of metamorphic relations while testing supervised classifiers. These motivational results encourage me to do further experiments to approve my claims. Further, I will integrate my approaches to the metamorphic testing tool called ”METTester” to conduct testing on scientific software applications.

Dillon Shaffer

Software Development Environment for Resilient Computing Architectures

As MSU’s radiation tolerant computer (RadPC) prepares for launch, Resilient computing prepares to launch a similar commercialized board. The commercial board will work in a variety of industries; from defense, to outer space. This research delves into the development of an eclipse IDE based plugin that will allow users from all industries to interface with the computer. The plug-in will contain knowledge of the device architecture that enables users unfamiliar with the specifics of the hardware to program it with ease using the C language.

Susan McCartney

Ever wondered what could be the next big data breach? We conduct a proactive investigation into file attached to bug bounty reports within bug bounty programs. The idea is a hacker could register with a bug bounty platform (i.e. BugCrowd or HackerOne), report a security vulnerability, and attach a malicious file. We created a conceptual framework to avoid this potential disaster.

Bryce Leighton, Amanda Faulconer

Bryce is currently working on the further development of an application that can visualize results of the lab's software quality analysis tool - PIQUE. Currently, they are able to see the tool's results as a classic tree data structure (1 parent per tree node), yet they would like to see the tool's results as a family tree data structure (more than one parent per tree node). Creating a family tree visualization would allow for more effective communication and analysis of PIQUE results.