Current research projects

LowCapsFormally: Low-level Object Capabilities for Formally Watertight Security (01/2019 to 12/2023)

Object capabilities (ocaps) are a technique for fine-grained privilege separation in programming languages, with applications in security and software engineering. Ocaps are practically used in high-level programming languages like JavaScript, but recently, there is also a renewed interest in capability machines: processors that apply ocaps at the low level of assembly languages (lowcaps). Security measures based on lowcaps offer the perspective of efficient but watertight defences against realistic attackers, that protect against arbitrary attacks, not just the ones we already know. Such measures promise to end the attack-defence arms race that plagues many current measures. In this research project, I aim to validate and demonstrate this potential, as well as deepen the scientific understanding of ocaps in general.

To reach this objective, this project takes the perspective that a lowcap assembly language is just another programming language, that can be studied using powerful techniques that are developed for high-level programming languages, particularly logical relations and program logics. Using this methodology, I intend to propose, study and implement novel lowcap security measures and rigorously prove their effectiveness. On the other hand, I also intend to further study effect parametricity: a general property I proposed that formally captured the essence of ocaps. I intend to study and apply it in different contexts: for modular reasoning about ocap and lowcap code, but also in the context of functional and dependently typed programming languages, for a number of different purposes (elaborated below).

This project’s results will range from novel, provably correct security measures built on lowcaps, novel methods for reasoning about such measures, but also novel insights about the nature of ocaps, the relation between object-oriented and functional code and the use of effect parametricity in dependently-typed proof assistants.

SECO-Assist: Automated Assistance for Developing Software in Ecosystems of the Future (01/2018 to 12/2021)

Software ecosystems are the most promising avenue for organising the software needs of the digital era. SECO-ASSIST aims to realise a scientific breakthrough to nurture the ecosystems of the future, by providing novel software recommendation techniques that address the resilience, evolvability, heterogeneity, and social interaction. To achieve this, the partners of this FWO-FNRS funded EOS project will combine their expertise in social networks (UMONS), software testing (UAntwerpen), software reuse (VUB) and database evolution (UNamur). 

INTiMALS: Intelligent Modernisation Assistance for Legacy Software (01/2018 to 12/2020)

The goal of this Innoviris-funded TeamUp project is to research and deploy novel pattern mining algorithms in an industrial prototype of an intelligent modernisation assistant for legacy software systems. The assistant pro-actively recommends software engineers source code modernisation actions by comparing their current development efforts with insights gained by treating source code repositories as data . The assistant draws its intelligence from continuously mining for previously unknown patterns in the current state and structure of the system’s source code (programming idioms, coding conventions, library usage protocols) and in changes made to this code (systematic edits, repetitive changes). The proposed modernisation actions appear increasingly informed as the recommendation assistant uncovers and refines more patterns in the code, version and change repositories it mines. The success of the modernisation assistant hinges on the quality of the pattern mining algorithms it incorporates and their ability to improve their results by learning from their interaction with the software engineers.

D3-CPS: Distributed Software Technologies for Developing & Managing Dependable Cyber-Physical Systems (01/2018 to 12/2021)

In response to strong industry demand, the D3-CPS project aims to drastically rethink the way that distributed CPS applications are developed and managed. The overall objective of D3-CPS is to support software businesses in exploiting the potential of CPS. Our goal is to lower the boundary of CPS development by drastically reducing the effort required to develop and manage (i.e. coordinate, monitor, and reconfigure) distributed CPS applications. However, we do also want to guarantee that distributed CPS applications execute within safe boundaries of time (e.g. responsiveness) and quality (e.g. consistent and accurate operation). 

Tearless: Secure Coordination of Rich Internet Application Tiers (01/2016 to 12/2019)

There is an increasing demand for web-based services that offer collaborative and off-line functionality, and this at unparalleled global scales. Realizing these qualities requires distributing previously centralized application logic and state both vertically and horizontally. Both forms of distribution bring about the essential complexity of maintaining the consistency and safeguarding the security of replicated or shared application assets, along with the accidental complexity of reconciling a myriad of heterogenous tier-specific technology. The Tearless project therefore envisions a future in which multi-tier web applications are developed, tested and maintained as a single artefact that spans all tiers. This tierless programming should relieve developers of distribution, consistency and security concerns. We will not pursue this vision through a new and potentially esoteric programming language. Instead, we will pursue a two-pronged solution of enabling technologies & development tooling. This enables the gradual incorporation of our technology in existing code, and maximizes valorization opportunities for different stakeholders.

FLAMENCO (01/2016 to 12/2019)

The goal of FLAMENCO is to build and valorise an open reusable and reconfigurable citizen observatory platform for Flanders. Through this platform, (ICT-agnostic) stakeholders themselves can instantiate new citizen observatories for the particular application area they have in mind. Web services and mobile apps are generated accordingly. Data gathered involves sensorial data (e.g., noise levels, physical activity) as well as behavioural data (e.g., tolerance for delays in public transportation or sensitivity to public safety). In this scalable approach stakeholders see their concerns translated into procedures for successful participatory campaigning without having to rely on platform engineers. Only in this way can we move away from research-oriented deployments to the full-fledged adoption of citizen observatories as a societally and scientifically relevant method.