A faculty member in the Department of Computing Sciences is part of a team that will develop a software tool for beginning programmers.
Assistant professor Duke Hutchings has received $14,000 from the National Science Foundation as part of a joint project to develop a software tool that helps beginning computer programmers by letting them know when the code they write may contain security flaws.
Colleagues at the University of North Carolina at Charlotte and at Johnson C. Smith University are joining Hutchings in the creation of a tool they’ve dubbed “ASIDE,” an acronym for Assured Software Integrated Development Environment. All told, the NSF has awarded researchers at the three collaborating schools nearly $200,000.
Once complete, ASIDE will operate alongside programs that students use to design software applications. When students test their code, ASIDE will conduct an analysis of the project and provide easy-to-understand warnings. “This will encourage students to fix or rework the code to be more secure,” Hutchings said.
For example, Hutchings said, if programmers aren’t careful, when they write code for text boxes that website visitors use, they leave open the possibility of hackers dumping their own code into that text box. Such viruses can wreak havoc with computer systems.
While tools already exist for programmers who write code, the computing sciences researchers are attempting to build a program with warning messages that students programmers can easily comprehend. Current tools spot flaws in computer codes, Hutchings said, but when they offer warnings to inexperienced programmers, the messages are often too complicated.
“Our goal with ASIDE is to provide something that makes sense to a beginning programmer,” Hutchings said. “Finding the appropriate level of description can be a challenge.”
Another goal of the new approach is to assist faculty who lack formal training in secure programming. Hutchings said that many effective secure programming practices are also the easiest to implement and fairly easy to explain through a tool. The warnings are such that not only can novice programmers react to and understand them, so too can faculty who are expert programmers but novice security analysts.
The research team plans to have the ASIDE software installed in computer labs at their respective campuses by the spring semester. Hutchings and his colleagues will survey students at the beginning and toward the end of their courses to determine whether the program was effective in raising their awareness of security protocols.
If the team finds that the tool is a success, it will disseminate the software for others to use. “It’s built on an open source platform,” Hutchings said. “People can look at how it was created and adapt it to their needs.”
Hutchings joined the Elon faculty in 2008 after spending two years at Bowling Green State University. His research interests include human-computer interaction related to multi-display systems and password systems, as well as information visualization.
He received his doctorate in computer science in 2006 from the Georgia Institute of Technology.