03/30/2023
By Krishnaa Chaithanya Vellamchety
The Richard A. Miner School of Computer & Information Sciences, Department of Computer Science, invites you to attend a Master’s thesis defense by Krishna Chaitanya Vellamchety on “ Graph-theoretic Vulnerability Detection for Insecure Cryptography Code."
Candidate Name: Krishna Chaitanya Vellamchety
Degree : Master’s
Defense Date: Wednesday, April 5, 2023
Time : 1 to 2 p.m. EST.
Location : WAN 445, Wannalancit Mills, East Campus
Thesis Title: Graph-theoretic Vulnerability Detection for Insecure Cryptography Code.
Committee:
- Sashank Narain, advisor, Computer Science Department, University of Massachusetts Lowell
- Ian Chen, Computer Science Department, University of Massachusetts Lowell
- Claire Lee, School of Criminology and Justice Studies, Center for Asian American Studies, University of Massachusetts Lowell
Brief Abstract:
Developers rely on a variety of sources to help them solve problems and complete projects, including online and offline resources like books, forums, and communities. One of the most popular and accessible sources of information for developers is Stack Overflow, a website where programmers can ask and answer questions about coding and software development. Using Stack Overflow, developers can quickly find solutions to coding problems, often in real-time as they work on their projects. However, the question remains: are the responses provided on Stack Overflow always accurate and up-to-date?
The answer to this question is both yes and no. On the one hand, when a developer posts a question on Stack Overflow, they can receive a large number of responses, and at least one of these responses is likely to be accurate and helpful. In some cases, the response may even be an exact solution to the problem at hand. However, on the other hand, technology and software development methodologies are constantly evolving, and this means that code that was considered correct and secure at one point in time may become outdated and vulnerable as time goes on. As a result, Stack Overflow responses that were written some time ago may no longer be valid or secure.
This problem is not unique to Stack Overflow or the technology industry. Every industry has to grapple with the challenge of keeping up with changing trends and technologies, and ensuring that products and services remain secure and up-to-date. However, in the context of cybersecurity, the risks of using outdated code can be particularly severe. When a cryptography implementation or other security feature is compromised by an attacker, it can become unsafe to use in the future. This means that developers must be constantly vigilant and aware of the latest implementations, rules, and methods in order to keep their code secure.
Unfortunately, many developers are not always aware of the latest cybersecurity risks and vulnerabilities. This can lead to situations where a developer searches for a solution on Stack Overflow, finds an answer that appears to work, and unwittingly introduces vulnerabilities into their system. These vulnerabilities can then be exploited by attackers, leading to potentially disastrous consequences.
To mitigate this problem, it may be helpful to give users of Stack Overflow a tool that can alert them to potential vulnerabilities before they use insecure code in their system. For example, a tool that could implement a system that checks responses for potential security vulnerabilities and flags them for users to review. Ultimately, this tool would come in handy for the users of online forums, or developers that are implementing cryptographic codes.