With the funding approval of the Federal Ministry of Education and Research (BMBF), the AI-supported secure software development project (AI-DevAssist) started at the beginning of January with a duration of three years and a funding volume of 2.24 million euros. Together with Code Intelligence GmbH, achelos GmbH, the Fraunhofer Institute for Mechatronics Design Technology IEM and the Rheinische Friedrich-Wilhelms-Universität Bonn, scientists from the SICP - Software Innovation Campus Paderborn at the University of Paderborn are developing an assistant supported by artificial intelligence (AI).
"The AI assistant is intended to support software developers as early as the programming stage by searching for and detecting vulnerabilities both directly in the software code and in the programme executions. These vulnerabilities can then be remedied by the developers. With the help of such a cooperative interface between humans and an AI, it will be easier for programmers to guarantee the indispensable IT security. In addition, a new form of cooperation with an AI is established in which the expertise of the users is continuously expanded," explains Dr Gunnar Schomaker, project leader and manager of the Smart Systems competence area at SICP.
Vulnerabilities in the software offer targets for cyber attacks
Mobile apps are networked with each other. While this networking offers functional advantages, it can also create vulnerabilities in the software that offer targets for cyber-attacks. Fully secured software is of immense importance for the privacy and security of a networked society, economy and thus state. The construction of secure and reliable software poses a great, as yet unsolved challenge to developers due to its increasing complexity. Despite extensive efforts and progress to contain the number of critical vulnerabilities, they are increasing.
Detecting vulnerabilities with the help of an AI assistant
Humans naturally make mistakes, continually learn as they fix them, and produce better quality in the process. However, complex systems are often not error-free. Current development tools are not yet intelligent enough to optimally support software developers in this improvement process. Today's tools also issue many irrelevant warnings, which demotivates programmers and distracts them from the really relevant messages. "The aim of our project is to explore methods that enable artificial intelligence to detect vulnerabilities in order to prevent attacks on the software. Our idea here is to extend the previous research and development of Artificial Intelligence methods with existing static and fuzzing analysis tools for vulnerability detection. In addition, a major concern in the development of the AI Assistant is to achieve direct interaction between software developers and the AI systems. A user-friendly interaction with the help of an AI also improves the final assessment of the criticality of a security vulnerability by the developer," explains Dr Schomaker.
Small and medium-sized enterprises should also benefit from the results
Small and medium-sized enterprises (SMEs) have a great need to improve their IT security. The SICP project KMU. Simply Secure. has already shown this. While "KMU. Simply Secure." offers a further training platform for IT-specific expertise, the AI-DevAssist project aims to support software developers with the AI Assistant during programming. "Many areas in which IT solutions are developed can benefit from this project. For example, with the help of the AI Assistant, programmers who have little expertise in IT security can also be supported. This ensures that SMEs, which often do not have proven security experts, also benefit from the results. Software security is an essential factor in all areas. This project has great potential in many respects," explains Dr. Simon Oberthür, manager of the Digital Security competence area at the SICP.
