The DeVulNix project focuses on software architecture for cybersecurity, specifically design-level vulnerabilities in software systems. Recognized as a significant threat, these vulnerabilities originate from overall architectural or design flaws. To date, their identification and remediation, which involves manual architectural modeling and threat analysis, are error-prone and time-consuming. The project aims to automate the detection and patching of design-level vulnerabilities through source code analysis and fixing. The objectives cover developing an evidence-based theory of these vulnerabilities and developing techniques for their detection and patching (based on large language models used in combination with traditional program analysis tools, abstraction techniques, and human-in-the-loop mechanisms). The research questions are: RQ1. How can we codify the nature and scope of design-level vulnerabilities into an evidence-based theory? RQ2. How can hybrid approaches leverage large language models to detect design-level vulnerability across diverse software environments? RQ3. How can hybrid approaches leverage large language models to generate high-quality, contextually appropriate fix suggestions? RQ4. How can these detection and fixing mechanisms be integrated into developer IDEs and delivery pipelines for ongoing security analysis? The project represents a novel approach to addressing design-level vulnerabilities in software systems. By bypassing the need to create architectural diagrams and dealing directly with the source code, the project seeks to offer a more efficient and accurate method for identifying and fixing these vulnerabilities. Our new foundational approach will be evaluated across programming languages, libraries, and technology stacks. The project innovatively combines security-specific software engineering methods at the design level with LLMs and integrates them into IDEs, delivery pipelines, and human feedback systems.

DFG Programme Research Grants

International Connection Austria

Partner Organisation Fonds zur Förderung der wissenschaftlichen Forschung (FWF)

Cooperation Partner Professor Dr. Uwe Zdun