Subscribe
About

Stellenbosch University scholar gets Amazon Research Award

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 25 May 2021
David Baker Effendi, MSc student in Computer Sciences at Stellenbosch University.
David Baker Effendi, MSc student in Computer Sciences at Stellenbosch University.

David Baker Effendi, an MSc student in Computer Sciences at Stellenbosch University (SU), has received an Amazon Research Award based on his innovative research in program analysis with applications in bug-finding and cyber security.

Up your cyber security IQ

Book the dates! ITWeb's Security Summit virtual event, 1-3 June. The definitive gathering of SA's cyber security professionals, with 50+ speakers, including six international keynotes.

The Amazon Research Awards include cash and Amazon Web Services promotional credits for making use of Amazon's cloud computing resources.

Baker Effendi says the award will help to cover his tuition fees and living expenses but, most importantly, it will provide him with much-needed computing resources for his experiments and research.

In his research, co-supervised by professors Brink van der Merwe and Willem Visser, Baker Effendi combines graph theory and machine learning for automated vulnerability detection in software.

According to the university, his research thus far has led to collaboration with Dr Fabian Yamaguchi, chief researcher at the code security platform ShiftLeft, and the introduction of a computer security module on honours level at SU.

He says many companies learn the hard way when neglecting to use thorough analysis and security tests on their software.

“This is often a result of resource cuts in security checking as it takes up a large amount of the project timeline,” Baker Effendi explains.

Recent examples of security breaches and cyber attacks include those at Liberty Life in 2018 and Virgin Active in 2021, he notes.

“The continuous vulnerability discovery engine I am developing with Dr Yamaguchi addresses this by saving results from previous analysis and efficiently updating the results to reflect new code changes. That is, if source code changes, only the intermediate representation of modified functions require recalculation.”

Additionally, he notes the engine enables efficient derivation of data dependencies for whole-program graph representations as employed by machine learning-based program analysis.

This means further research into how machine learning models can be trained to consume program snippets will help to understand how this can be used by the engine to translate newly-added code.

Baker Effendi points out that these machine learning models can then help guide the engine to discover vulnerabilities and thereby reduce unnecessary analysis costs.

The engine was created keeping in mind the workflow of how code is developed and deployed in industry, meaning it can be integrated into code editors and development pipelines.

Baker Effendi says he enjoys seeing the immediate impact of his contributions. “I've been able to work with people from all over the world and see the results of my contributions in enabling others to make better software. I think this holds true in terms of contributing to and maintaining open source projects in general.

“It is also really rewarding to know how to break something someone made and then help them fix,” he adds.

Share