A potential spin-out driven by AMBS and the computer science department at The University of Manchester has received backing from the Innovation Factory.
The FuSeBMC-AI tool was created by Dr Lucas Cordeiro, Reader in Program Analysis and Cyber-Security, and Dr Kaled Alshmrany from computer sciences with support from Richard Allmendinger, Professor of Applied Artificial Intelligence at AMBS. The tool specifically aims to improve computer source code security and reduce cyber security threats.
There are major challenges in the coding sector around security, quality, and plagiarism. For instance, it is estimated that small UK businesses are targeted by 65,000 cyberattacks daily, costing the average small business thousands of pounds. At the same time, studies have shown that the average computer developer spends almost half their time dealing with maintenance issues and debugging bad or poor-quality code.
Proof of concept
The £30,000 funding from the Innovation Factory, the organisation which drives the commercialisation of the University of Manchester’s innovations and intellectual property, will now be used to create a prototype of the FuSeBMC-AI tool.
Professor Allmendinger said the idea for the spin-out came on the back of the university’s ongoing project with Cheshire Software Escrow and cyber security specialist SES Secure, with whom it collaborated to produce a proof of concept that allows an AI programme to evaluate source code and discover weaknesses that could lead to security vulnerabilities.
He said: “The computer science department has been looking at identifying security vulnerabilities in computer code for many years. On the back of our work with SES, we realised that the FuSeBMC-AI tool was a strong product in its own right, so we reached out to Innovation Factory.
“We know that this tool can spot vulnerabilities really well, so the next step is all about how it can then be used to repair code as well. At the end of the day anyone creating code wants to ensure it is safe before operationalising it. We are also using AI to get the most out of the algorithm by allowing it to calibrate itself to the code at hand, making it more adaptable.”
Research
Dr Cordeiro said the University’s systems and software security research group has been developing automated logic-based verification engines for various industrial programming languages, including C/C++, Java, Kotlin, Python, and Solidity.
He added: “We have also made considerable progress in tackling scalability and usability aspects so that our framework can handle larger software systems and different types of run-time errors that are of interest to prevent vulnerabilities in modern software architectures. We also have industrial partners that deploy our research in production to safeguard software systems against vulnerabilities in this increasingly digital and interconnected world.
“Our partnership with Innovation Factory marks an exciting opportunity to extend our research further so that we can empower organisations to construct trustworthy software and AI systems, ensuring reliability, availability, safety, resilience, and security. We aspire to contribute significantly to creating a more secure and robust digital landscape through this collaboration.”
External investment
If the proof of concept is successful, the team will spin-out and seek external investment. Being based in Manchester also brings considerable benefits as the University of Manchester has been at the forefront of the cyber security agenda for several years through its investment in the Centre for Digital Trust and Society. Manchester also has grand ambitions to be a leading global centre for business data security through its GM Digital Strategy.
Rachel Pooley, Invention Discovery Manager at The Innovation Factory, added: “The Innovation Factory is proud to support this innovative proof of concept project that addresses emerging cybersecurity threats head-on. The FuSeBMC-AI tool has great potential to protect organisations and foster a more secure digital landscape. We are excited to support the team in their journey to commercialisation of their cutting-edge research.”
Future work
Tom Sweet, Head of Technology, Escrow and Cyber Security, at SES Secure, added that the company was also keen to pursue this area of research in partnership with the University of Manchester.
“I can see a future that utilises this solution to evaluate code at rest and prevent exploits being created that could otherwise cause significant harm if discovered by malicious actors. This type of machine learning will be especially useful within our industry, where millions of lines of code are held securely on behalf of businesses and developers as part of their risk mitigation strategies.
“The benefit of discovering weaknesses and potential vulnerabilities in advance could save large organisations significant sums of money when you account for the amount of damage a cyber security incident can have and will provide an additional layer of protection against cyber criminals and nation state hackers. I look forward to continuing our work with the University of Manchester and the talented people leading the research project.”