Current research projects

LowCapsFormally: Low-level Object Capabilities for Formally Watertight Security (01/2019 to 12/2023)

Object capabilities (ocaps) are a technique for fine-grained privilege separation in programming languages, with applications in security and software engineering. Ocaps are practically used in high-level programming languages like JavaScript, but recently, there is also a renewed interest in capability machines: processors that apply ocaps at the low level of assembly languages (lowcaps). Security measures based on lowcaps offer the perspective of efficient but watertight defences against realistic attackers, that protect against arbitrary attacks, not just the ones we already know. Such measures promise to end the attack-defence arms race that plagues many current measures. In this research project, I aim to validate and demonstrate this potential, as well as deepen the scientific understanding of ocaps in general.

To reach this objective, this project takes the perspective that a lowcap assembly language is just another programming language, that can be studied using powerful techniques that are developed for high-level programming languages, particularly logical relations and program logics. Using this methodology, I intend to propose, study and implement novel lowcap security measures and rigorously prove their effectiveness. On the other hand, I also intend to further study effect parametricity: a general property I proposed that formally captured the essence of ocaps. I intend to study and apply it in different contexts: for modular reasoning about ocap and lowcap code, but also in the context of functional and dependently typed programming languages, for a number of different purposes (elaborated below).

This project’s results will range from novel, provably correct security measures built on lowcaps, novel methods for reasoning about such measures, but also novel insights about the nature of ocaps, the relation between object-oriented and functional code and the use of effect parametricity in dependently-typed proof assistants.

SECO-Assist: Automated Assistance for Developing Software in Ecosystems of the Future (01/2018 to 12/2021)

Software ecosystems are the most promising avenue for organising the software needs of the digital era. SECO-ASSIST aims to realise a scientific breakthrough to nurture the ecosystems of the future, by providing novel software recommendation techniques that address the resilience, evolvability, heterogeneity, and social interaction. To achieve this, the partners of this FWO-FNRS funded EOS project will combine their expertise in social networks (UMONS), software testing (UAntwerpen), software reuse (VUB) and database evolution (UNamur). 

INTiMALS: Intelligent Modernisation Assistance for Legacy Software (01/2018 to 12/2020)

The goal of this Innoviris-funded TeamUp project is to research and deploy novel pattern mining algorithms in an industrial prototype of an intelligent modernisation assistant for legacy software systems. The assistant pro-actively recommends software engineers source code modernisation actions by comparing their current development efforts with insights gained by treating source code repositories as data . The assistant draws its intelligence from continuously mining for previously unknown patterns in the current state and structure of the system’s source code (programming idioms, coding conventions, library usage protocols) and in changes made to this code (systematic edits, repetitive changes). The proposed modernisation actions appear increasingly informed as the recommendation assistant uncovers and refines more patterns in the code, version and change repositories it mines. The success of the modernisation assistant hinges on the quality of the pattern mining algorithms it incorporates and their ability to improve their results by learning from their interaction with the software engineers.

D3-CPS: Distributed Software Technologies for Developing & Managing Dependable Cyber-Physical Systems (01/2018 to 12/2021)

In response to strong industry demand, the D3-CPS project aims to drastically rethink the way that distributed CPS applications are developed and managed. The overall objective of D3-CPS is to support software businesses in exploiting the potential of CPS. Our goal is to lower the boundary of CPS development by drastically reducing the effort required to develop and manage (i.e. coordinate, monitor, and reconfigure) distributed CPS applications. However, we do also want to guarantee that distributed CPS applications execute within safe boundaries of time (e.g. responsiveness) and quality (e.g. consistent and accurate operation).