2023
Fitzroy D Nembhard, Marco M Carvalho
Teaming humans with virtual assistants to detect and mitigate vulnerabilities Book Chapter
In: Arai, K. (Ed.): vol. 711, Chapter Lecture Notes in Networks and Systems, pp. 565-576, Springer Nature Switzerland, 2023.
Abstract | Links | BibTeX | Tags: Human-machine teaming, virtual assistant, vulnerability detection, vulnerability mitigation
@inbook{nokey,
title = {Teaming humans with virtual assistants to detect and mitigate vulnerabilities},
author = {Fitzroy D Nembhard, Marco M Carvalho},
editor = {Arai, K.},
url = {978-3-031-37717-4},
doi = {https://doi.org/10.1007/978-3-031-37717-4_35},
year = {2023},
date = {2023-07-13},
urldate = {2023-07-13},
volume = {711},
pages = {565-576},
publisher = {Springer Nature Switzerland},
chapter = {Lecture Notes in Networks and Systems},
series = {SAI 2023},
abstract = {The use of virtual assistants has grown significantly in recent years. This growth can be attributed to the prevalence of mobile devices and advances in the Internet of Things (IoT). While virtual assistants are widely used for interpersonal and social purposes such as ordering items from restaurants, creating reminders, and communicating with peers, their use is limited in cybersecurity and other computational sciences. In this research, we develop a framework that teams humans with virtual assistants on mobile devices in an effort to encourage the use of vulnerability detectors to mitigate errors in software and their underlying networks and systems. Creating effective cyber defenses involves teaming humans with machines in a way that enables secure orchestration, real-time communication, and unity of action. We demonstrate that a seamless coordination between human and AI can help minimize the number of errors in software systems, which will ultimately reduce data breaches and other cyber-related challenges plaguing our world.},
keywords = {Human-machine teaming, virtual assistant, vulnerability detection, vulnerability mitigation},
pubstate = {published},
tppubtype = {inbook}
}
2021
Nembhard, Fitzroy D.; Carvalho, Marco M.
A Smart and Defensive Human-Machine Approach to Code Analysis Proceedings Article
In: First International Workshop on Artificial Intelligence, IJCAI-ACD 2021, ijcai.org, 2021.
Abstract | BibTeX | Tags: agent, Google Assistant, NLP, virtual assistant, voice assistant, vulnerability detection
@inproceedings{IJCAINembhardCarvalho21,
title = {A Smart and Defensive Human-Machine Approach to Code Analysis},
author = {Fitzroy D. Nembhard and Marco M. Carvalho},
year = {2021},
date = {2021-08-20},
urldate = {2021-08-20},
booktitle = {First International Workshop on
Artificial Intelligence, IJCAI-ACD 2021},
publisher = {ijcai.org},
abstract = {Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of development standards, or other problems, with the ultimate goal of fixing these errors so that systems and software are as secure as possible. There exists a plethora of static analysis tools, which makes it challenging for businesses and programmers to select a tool to analyze their program code. It is imperative to find ways to improve code analysis so that it can be employed by cyber defenders to mitigate security risks. In this research, we propose a method that employs the use of virtual assistants to work with programmers to ensure that software are as safe as possible in order to protect safety-critical systems from data breaches and other attacks. The proposed method employs a recommender system that uses various metrics to help programmers select the most appropriate code analysis tool for their project and guides them through the analysis process. The system further tracks the user's behavior regarding the adoption of the recommended practices.},
keywords = {agent, Google Assistant, NLP, virtual assistant, voice assistant, vulnerability detection},
pubstate = {published},
tppubtype = {inproceedings}
}
Nembhard, Fitzroy D.; Carvalho, Marco M.
Conversational Code Analysis: The Future of Secure Coding Journal Article
In: IntechOpen, London, 2021.
Abstract | Links | BibTeX | Tags: Google Assistant, NLP, software security, virtual assistant, voice assistant, vulnerability detection
@article{nembhard2021conversational,
title = {Conversational Code Analysis: The Future of Secure Coding},
author = {Fitzroy D. Nembhard and Marco M. Carvalho},
doi = {10.5772/intechopen.98362},
year = {2021},
date = {2021-06-08},
urldate = {2021-06-08},
journal = {IntechOpen, London},
abstract = {The area of software development and secure coding can benefit significantly from advancements in virtual assistants. Research has shown that many coders neglect security in favor of meeting deadlines. This shortcoming leaves systems vulnerable to attackers. While a plethora of tools are available for programmers to scan their code for vulnerabilities, finding the right tool can be challenging. It is therefore imperative to adopt measures to get programmers to utilize code analysis tools that will help them produce more secure code. This chapter looks at the limitations of existing approaches to secure coding and proposes a methodology that allows programmers to scan and fix vulnerabilities in program code by communicating with virtual assistants on their smart devices. With the ubiquitous move towards virtual assistants, it is important to design systems that are more reliant on voice than on standard point-and-click and keyboard-driven approaches. Consequently, we propose MyCodeAnalyzer, a Google Assistant app and code analysis framework, which was designed to interactively scan program code for vulnerabilities and flaws using voice commands during development. We describe the proposed methodology, implement a prototype, test it on a vulnerable project and present our results.},
keywords = {Google Assistant, NLP, software security, virtual assistant, voice assistant, vulnerability detection},
pubstate = {published},
tppubtype = {article}
}
2019
Nembhard, Fitzroy D.; Carvalho, Marco M.; Eskridge, Thomas C.
Towards the Application of Recommender Systems to Secure Coding Journal Article
In: EURASIP Journal on Information Security, vol. 2019, no. 1, pp. 9, 2019, ISBN: 2510-523X.
Abstract | Links | BibTeX | Tags: ab testing, bugs, code security, intellisense, java, minhash, recommender systems, simhash, software quality, user study, vulnerability detection
@article{nembhard_recommender_journal,
title = {Towards the Application of Recommender Systems to Secure Coding},
author = {Fitzroy D. Nembhard and Marco M. Carvalho and Thomas C. Eskridge},
url = {https://doi.org/10.1186/s13635-019-0092-4},
doi = {10.1186/s13635-019-0092-4},
isbn = {2510-523X},
year = {2019},
date = {2019-06-13},
urldate = {2019-06-13},
journal = {EURASIP Journal on Information Security},
volume = {2019},
number = {1},
pages = {9},
abstract = {Secure coding is crucial for the design of secure and efficient software and computing systems. However, many programmers avoid secure coding practices for a variety of reasons. Some of these reasons are lack of knowledge of secure coding standards, negligence, and poor performance of and usability issues with existing code analysis tools. Therefore, it is essential to create tools that address these issues and concerns. This article features the proposal, development, and evaluation of a recommender system that uses text mining techniques, coupled with IntelliSense technology, to recommend fixes for potential vulnerabilities in program code. The resulting system mines a large code base of over 1.6 million Java files using the MapReduce methodology, creating a knowledge base for a recommender system that provides fixes for taint-style vulnerabilities. Formative testing and a usability study determined that surveyed participants strongly believed that a recommender system would help programmers write more secure code.},
keywords = {ab testing, bugs, code security, intellisense, java, minhash, recommender systems, simhash, software quality, user study, vulnerability detection},
pubstate = {published},
tppubtype = {article}
}
Nembhard, Fitzroy; Carvalho, Marco
The Impact of Interface Design on the Usability of Code Analyzers Proceedings Article
In: 2019 SoutheastCon, pp. 1-6, 2019.
Links | BibTeX | Tags: ab testing, code analysis, code security, ui design, user study, vulnerability detection
@inproceedings{nembhard2019_analyzer_usability,
title = {The Impact of Interface Design on the Usability of Code Analyzers},
author = {Fitzroy Nembhard and Marco Carvalho},
doi = {10.1109/SoutheastCon42311.2019.9020339},
year = {2019},
date = {2019-04-11},
urldate = {2019-04-11},
booktitle = {2019 SoutheastCon},
pages = {1-6},
keywords = {ab testing, code analysis, code security, ui design, user study, vulnerability detection},
pubstate = {published},
tppubtype = {inproceedings}
}
2017
Nembhard, Fitzroy; Carvalho, Marco; Eskridge, Thomas
A Hybrid Approach to Improving Program Security Proceedings Article
In: 2017 IEEE Symposium Series on Computational Intelligence (SSCI), 2017.
Abstract | BibTeX | Tags: code security, cybersecurity, recommender systems, topic modeling, vulnerability detection, vulnerability mitigation
@inproceedings{nembhard_hybrid_2017,
title = {A Hybrid Approach to Improving Program Security},
author = {Fitzroy Nembhard and Marco Carvalho and Thomas Eskridge},
year = {2017},
date = {2017-11-27},
urldate = {2017-11-27},
booktitle = {2017 IEEE Symposium Series on Computational Intelligence (SSCI)},
abstract = {The security of computer programs and systems is a very critical issue. With the number of attacks launched on computer networks and software, businesses and IT professionals are taking steps to ensure that their information systems are as secure as possible. However, many programmers do not think about adding security to their programs until their projects are near completion. This is a major mistake because a system is as secure as its weakest link. If security is viewed as an afterthought, it is highly likely that the resulting system will have a large number of vulnerabilities, which could be exploited by attackers. One of the reasons programmers overlook adding security to their code is because it is viewed as a complicated or time-consuming process. This paper presents a tool that will help programmers think more about security and add security tactics to their code with ease. We created a model that learns from existing open source projects and documentation using machine learning and text mining techniques. Our tool contains a module that runs in the background to analyze code as the programmer types and offers suggestions of where security could be included. In addition, our tool fetches existing open source implementations of cryptographic algorithms and sample code from repositories to aid programmers in adding security easily to their projects.},
keywords = {code security, cybersecurity, recommender systems, topic modeling, vulnerability detection, vulnerability mitigation},
pubstate = {published},
tppubtype = {inproceedings}
}