Options
Akronym
DeVulnIX
Projekt Titel
Design-Level Vulnerabilities Identification and Fixing
Funding code
945.03-955
Startdatum
May 1, 2026
Enddatum
April 30, 2029
Gepris ID
Loading...
Institut
Principal Investigator
Involved external organisation
The DeVulNix project focuses on software architecture for cybersecurity, specifically design-level vulnerabilities in software systems. Recognized as a significant threat, these vulnerabilities originate from overall architectural or design flaws. To date, their identification and remediation, which involves manual architectural modeling and threat analysis, are error-prone and time-consuming. The project aims to automate the detection and patching of design-level vulnerabilities through source code analysis and fixing. The objectives cover developing an evidence-based theory of these vulnerabilities and developing techniques for their detection and patching (based on large language models used in combination with traditional program analysis tools, abstraction techniques, and human-in-the-loop mechanisms). The research questions are: RQ1. How can we codify the nature and scope of design-level vulnerabilities into an evidence-based theory? RQ2. How can hybrid approaches leverage large language models to detect design-level vulnerability across diverse software environments? RQ3. How can hybrid approaches leverage large language models to generate high-quality, contextually appropriate fix suggestions? RQ4. How can these detection and fixing mechanisms be integrated into developer IDEs and delivery pipelines for ongoing security analysis? The project represents a novel approach to addressing design-level vulnerabilities in software systems. By bypassing the need to create architectural diagrams and dealing directly with the source code, the project seeks to offer a more efficient and accurate method for identifying and fixing these vulnerabilities. Our new foundational approach will be evaluated across programming languages, libraries, and technology stacks. The project innovatively combines security-specific software engineering methods at the design level with LLMs and integrates them into IDEs, delivery pipelines, and human feedback systems.