o Code Analysis and Development
o Database Security & Information Management
o Network & Wireless Security
o Policy & Management

Human Enhanced Code Analysis and Development

As critical systems built on software pervade every part of life, writing secure software has become essential. As experience has shown, writing secure software is difficult, because it is all too easy in popular programming languages like C and C++ to make mistakes that open the door to malicious attacks. Our approach at Maryland is to attack this problem at all phases of the software lifecycle using a human-centered methodology that delivers interfaces, sophisticated tools, and analytic programs that allow us to write code which minimize security flaws.

For today's software, our work combines sophisticated program analysis with an understanding of the common mistakes and misconceptions made by programmers. Using our techniques we are able to craft finely engineered environments which programmers can use to interact with tools that automatically highlight both questionable and clearly insecure portions of today's software, providing developers with an immediately useful tool for auditing source code. However, when confronted with particularly complicated or obscure programming idioms, our techniques cannot always produce definitive results. Thus it is critical that our tools are developed in a human-centered framework in which a developer can review software in light of the tools output and identify which problems represent real vulnerabilities and which problems are not exploitable.

For tomorrow's software, our techniques will move from external analysis of source code into the design of the language itself. We are developing new languages that encourage and support secure programming practice, and we believe that ultimately new software

should be written in such languages. In order to support the cognitive shift from an external tool to an integrated part of the language, we must make design our languages to be human-centered. For example, comfortable programming patterns must not be replaced by awkward ones, however safe. Developing interfaces to support this is key. Sophisticated checking methods must yield comprehensible error messages or traces. And easy interaction with or porting from legacy code must be supported.