NSF Org:	OAC Office of Advanced Cyberinfrastructure (OAC)
Recipient:	UNIVERSITY OF UTAH
Initial Amendment Date:	June 25, 2024
Latest Amendment Date:	June 25, 2024
Award Number:	2419798
Award Instrument:	Standard Grant
Program Manager:	Daniel F. Massey dmassey@nsf.gov  (703)292-5147 OAC  Office of Advanced Cyberinfrastructure (OAC) CSE  Directorate for Computer and Information Science and Engineering
Start Date:	October 1, 2024
End Date:	September 30, 2027 (Estimated)
Total Intended Award Amount:	$1,200,000.00
Total Awarded Amount to Date:	$1,200,000.00
Funds Obligated to Date:	FY 2024 = $1,200,000.00
History of Investigator:	Stefan Nagy (Principal Investigator) snagy@cs.utah.edu Jack Davidson (Co-Principal Investigator)
Recipient Sponsored Research Office:	University of Utah 201 PRESIDENTS CIR SALT LAKE CITY UT  US  84112-9049 (801)581-6903
Sponsor Congressional District:	01
Primary Place of Performance:	University of Utah 201 PRESIDENTS CIR SALT LAKE CITY UT  US  84112-9049
Primary Place of Performance Congressional District:	01
Unique Entity Identifier (UEI):	LL8GLEVH6MG3
Parent UEI:
NSF Program(s):	Cybersecurity Innovation
Primary Program Source:	01002425DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s):	8027
Program Element Code(s):	802700
Award Agency Code:	4900
Fund Agency Code:	4900
Assistance Listing Number(s):	47.070

ABSTRACT

Recent high-profile software-borne security breaches show that scientific research institutions are particularly targeted for their proximity to national security interests such as nuclear energy. Unfortunately, scientific software security is concerningly overlooked: despite having many exploitable security vulnerabilities and growing calls for more stringent secure development practices, the scientific community currently lacks the suitable tools to thoroughly vet their software. As much of the software world has embraced the vulnerability-finding strategy known as ?fuzzing?, this project aims to transition recent advancements in cybersecurity, software engineering, and computer systems to enable thorough, systematic fuzzing of today?s complex scientific software. The outcomes of this proposal will enhance the overall security of scientific software?reducing the likelihood of future software-borne security breaches against the users, communities, and institutions that use it.

Existing fuzzing tools generally target small, single-language code with well-known input specifications, and thus fail to support the often multi-language, large, and esoteric nature of scientific software. Accordingly, this work aims to tackle these asymmetries by introducing (1) performant instrumentation with cross-language support; (2) fully-automated synthesis of thorough fuzzing harnesses; and (3) automated mining of formal input specifications. Beyond their release to the broader scientific software community, the tools and techniques resulting from this project are projected to be deployed on large-scale cyberinfrastructure through UVA?s ACCORD initiative as well as collaborating National Lab partners.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Please report errors in award information by writing to: awardsearch@nsf.gov.