Imagine two people who speak different languages trying to decide where to go for dinner. They might draw pictures or do some pointing, and in spite of their inability to understand each other’s words, they can probably still get their ideas across enough to determine a course of action.
Such is the idea behind a 3-year National Science Foundation grant that aims to improve the security and functionality of software programs by helping computer programming languages communicate at the basic level. The $500,000 grant is led by Haipeng Cai, assistant professor in the School of Electrical Engineering and Computer Science.
Most software programs that control common applications use multiple languages. So, for instance, in face recognition software programs that recognize and remember faces, software developers often use the easy-to-use Python language to guide the program’s behavior. They then rely on the C or C+ language for more complex computational capabilities that underly the Python instructions.
When a computer app crashes or gets hacked, the problem may be because of a communication problem at the interface between languages, Cai says. The security and quality assurance tools that protect those software systems analyze problems by studying each of the languages in a given program separately, but research has shown that many of the security vulnerability and quality-related problems happen at the interface between the two languages.
“The current software security techniques ignore the interactions between the languages,” Cai said. “If you look at one language at a time, you’re going to miss that spot, and that becomes a loophole in cybersecurity.”
Cai’s project aims to improve understanding at that important interface by developing an intermediate common representation of the computer languages. Similar to two foreign language speakers using gestures, the languages in the program could then communicate on a rudimentary level, and all of the code can be on the same page without needing cumbersome translations of the entire computing conversation, he said.
“The key novelty of this work is that we have identified the right representation that can uniformly represent different languages,” he said. “We’re not translating the entire code.”
As part of the grant, the researchers are also working to provide a practical, cost-effective tool for analyzing multi-language software systems holistically.
“The research will result in a new foundation of dynamic analysis and a series of application tools to diagnose cross-language correctness and security issues, which will help produce multi-language systems of improved quality,” he said.
Cai’s group will present some of the preliminary work on their project at an upcoming computer security conference.