Much as old cars running on leaded gas caused health hazards in decades past, outdated computer systems still in use today create hazards that threaten the security of sensitive data.
In an attempt to ease the dependence of government agencies and corporations on the use of outdated and insecure operating systems, researchers from UT Dallas and Purdue University recently received a $1.4 million grant to help extract and transition this data onto newer, more secure systems.
Dr. Zhiqiang Lin, assistant professor in the Erik Jonsson School of Engineering and Computer Science, is working jointly with Purdue University on the project funded by the Defense Advanced Research Projects Agency.
“In this project, we are working on a way to automatically identify and extract functional components for reuse in new applications,” Lin said.
The data resides on older systems, or so-called legacy systems, and each has their own set of specific capabilities. The research team, therefore, will investigate how to move data to new systems while preserving what they can of legacy-system capabilities.
“These older systems can be further reused or integrated with other programs to deliver more advanced capabilities,” Lin said. “The reverse engineering process also serves as a sanitization procedure that could remove hidden malicious logic in these applications.”
The project has many technical challenges, Lin said, including identifying the reusable functional components of older systems, and extracting them from the existing computer code. Extraction is the process of removing such information and repackaging it into a new computer program that can be reused.
“We will leverage both static and dynamic analysis to solve this problem,” Lin said.
Dr. Bhavani Thuraisingham, director of the Cyber Security Research Center at UT Dallas, added that this grant is the latest in more than $15 million generated in research funding since the Center’s inception in October 2004.
“We are very pleased to add this DARPA grant to the list,” Thuraisingham said. “With Lin joining the team in fall 2011, we now have even more robust expertise in critical areas of cyber security including data and applications security, language and software security, network security, system security and reverse engineering, and data mining for security applications.”