External Research Grants

The research aims to address security challenges arising from the usage of security-sensitive applications without trusting the phone’s operating system, which is known to be vulnerable to attacks due to its enormous code size and large attack surface.

Compilers are a key technology of software development. They are relevant for not only general purpose programming languages (like C/Java) but also many domain specific languages. Compilers are error-prone, especially concerning less-used language features. Existing compiler testing techniques often rely on weak test oracles which prevents them from finding deep semantic errors. The project aims to develop a novel specification-based fuzzing method named SpecTest for compilers. SpecTest has three components: an executable specification of the language, a fuzzing engine which generates test cases for programs in the language, and a code mutator which generates new programs for testing the compiler. SpecTest identifies compiler bugs by comparing the abstract execution of the specification and concrete execution of compiled program. Furthermore, with the mutator, SpecTest can systematically test those less-used language features.

Today’s malware analysis tools, especially those on kernel attacks, face the barrier of insufficient code path coverage to fully expose malicious behaviours, as that requires systematic exploration of kernel states. Although symbolic execution is the well-established solution for benign programs’ code coverage, it does not overcome that barrier because of its susceptibility to attacks from the running target under analysis and incapability of managing complex kernel execution. This project aims to innovate cutting-edge techniques to automatically and systematically generate code paths for maliciously-influenced kernel behaviours.

Control-Flow Integrity (CFI) enforcement is a promising technique in producing trustworthy software. This project focuses on function signature recovery, which is a critical step in CFI enforcement when source code is not available. Current approaches rely on the assumption of matching function signatures at caller and callee sites in an executable; however, various compiler optimisations violate well-known calling conventions and result in unmatched function signatures recovered. The project aims to design and implement an automatic system to produce CFI-enforced program executables.

Artificial Intelligence (AI) technologies have been under rapid development thanks to machine learning based on deep neural networks and their applications. Despite the exceptional performance of deep neural networks, these complex models are often beyond human understanding and thus work in a black-box manner. The research aims to address the problem of explaining AI for AI system designers and expert AI system users who are required to know how AI makes decisions.

This project aims to provide secure remote access control over identity information of Internet-of-Things (IoT) devices to prevent sensitive information from being stolen.

The research team will work with Singapore Chemical Industry Council (SCIC) on SCIC’s strategy creation. The objectives of the study are to:

• Solicit views on what SCIC’s member organizations consider as their important opportunities and threats in the next five years;
• Solicit views on what SCIC’s member organizations consider as SCIC’s roles in the next five years, beyond what SCIC has been doing;
• Highlight prevalent views from SCIC’s member organizations on SCIC’s roles in the next five years, with special notice on what they perceive as opportunities and threats; and
• Distil action items for SCIC based on views from its member organisations.

Software development today relies on Application Programming Interfaces (APIs), and identifying suitable APIs to use can directly influence the success or failure of a software development project. While a large number of third-party APIs are available on the internet, selecting suitable APIs for a project can be challenging. This research proposes a big-data, deep-learning, and exploratory-search approach for API recommendation called DeepSense to improve software developers’ productivity, and the success of this project will benefit the software engineering and artificial intelligence research community, software developers, and institutions developing IT solutions.

This research aims to explore ways in which employees who are low on positional power in an organisation can speak up or act when they witness moral transgressions in the workplace. One way to do so is by increasing employees’ personal power by increasing (a) others’ liking towards them, (b) others’ dependence on them, and (c) their centrality in formal and informal networks in the organisation. The research team will conduct both surveys and experimental studies in multiple countries to test their proposed model.

This project aims to show how an innovative multiple speed assessment approach permits more comprehensively assessing a key 21st century skill such as adaptability, and demonstrate that multiple speed assessment has added value over prior adaptability measurement approaches.