IEEE Military Communications Conference
28 October – 1 November 2024 // Washington, DC, USA
C5I Technologies for Military and Intelligence Operations Today and Tomorrow

Workshop on the Applications of Artificial Intelligence in Code Analysis

Code analysis plays a crucial role in ensuring the security and reliability of software systems by identifying and mitigating vulnerabilities. In recent years, significant advancements have been made in code analysis techniques, tools, and methodologies to address emerging challenges posed by complex software architectures and evolving threat landscapes. This workshop explores various aspects of code analysis, ranging from the detection of cross-language and cross-architecture bugs to the application of AI in formal proof construction and vulnerability detection. The proposed topics are as follows:

Detection of Cross-Language and Cross-Architecture Bugs: With the increasing prevalence of multi-language and multi-platform software development, the detection of cross-language and cross-architecture bugs has become a pressing concern. Modern code analysis tools leverage advanced static and dynamic analysis techniques to identify and mitigate such vulnerabilities, ensuring the compatibility and robustness of software across different environments.

Advanced Vulnerability-Finding Tools and Methodologies: The development of sophisticated vulnerability finding tools, frameworks, and methodologies has significantly enhanced the effectiveness of code analysis processes. These tools leverage techniques such as symbolic execution, fuzzing, and taint analysis to uncover vulnerabilities in source code, enabling developers to proactively address security threats before deployment.

Vulnerability Correlation in Source Code: Analyzing vulnerabilities and making inferences from source code patterns and correlations is essential for identifying potential security risks. Advanced code analysis tools utilize machine learning algorithms and data mining techniques to correlate vulnerabilities across codebases, enabling developers to prioritize and address critical security issues efficiently.

Team and Collaborative Bug Finding: Effective collaboration among development teams is crucial for identifying and mitigating software vulnerabilities. Collaborative bug finding platforms and tools facilitate communication and knowledge sharing among team members, enabling them to collectively identify and address security threats in a timely manner.

Shifting Vulnerability Finding to Earlier Design Stages: To improve software security, it is essential to shift vulnerability-finding processes to earlier stages of the software development lifecycle. Adopting secure coding practices, conducting security reviews during design phases, and integrating automated code analysis tools into development workflows can help identify and mitigate vulnerabilities before they escalate into critical security risks. 

Characterizing Highly Complex Composable Vulnerabilities: Modern software systems often comprise highly complex and composable vulnerabilities that pose significant challenges for traditional code analysis techniques. Advanced vulnerability characterization methods, such as attack surface analysis and dependency mapping, enable developers to gain insights into the structure and behavior of complex vulnerabilities, facilitating more effective mitigation strategies.

Emerging Vulnerabilities from LLM-Generated Code: The emergence of large language models (LLMs) has introduced new challenges in code analysis, particularly regarding the detection of vulnerabilities in LLM-generated or LLM-modified code. Novel approaches leveraging AI and machine learning are being developed to identify and mitigate vulnerabilities arising from the use of LLMs in software development.

Formal Proofs for Software Assurance: Formal proof techniques provide a rigorous approach to ensuring software correctness and security. By formally verifying code properties and correctness assertions, developers can achieve a higher level of assurance in software systems. Advanced formal proof frameworks and methodologies support automated theorem proving and model checking, enabling developers to verify complex software systems efficiently.

AI Applications in Formal Proof Construction and Repair: Artificial intelligence (AI) techniques are increasingly being applied to formal proof construction and repair processes. AI-powered tools assist developers in generating and validating formal proofs, automating tedious proof construction tasks, and identifying and repairing inconsistencies in formal verification processes.

Designing Proof-Friendly Software Systems: Designing software systems that are amenable to formal proof techniques is essential for ensuring the scalability and effectiveness of formal verification processes. Methods for designing proof-friendly software architectures and reducing the proof repair workload are being developed to streamline the formal verification process and enhance software security.

Advancements in code analysis techniques, tools, and methodologies are essential for addressing evolving software security challenges. By leveraging advanced static and dynamic analysis techniques, collaborating effectively within development teams, and integrating AI-powered solutions, developers can identify and mitigate vulnerabilities more effectively, ensuring the security and reliability of modern software systems.

Format of the workshop
The workshop will span a full day. We anticipate to receive approximately 20-25 submissions, with the intent to accept around half of the most promising works. Our strategy for attracting submissions involves disseminating the Call For Papers (CFP) across relevant mailing lists and extending invitations to authors engaged in the code analysis domain, as well as research scientists involved in NATO IST research groups. Furthermore, we plan to promote the CFP within the MILCOM community and extend invitations to DARPA, IARAP, AFRL PMs, and scientists active in this area, with the expectation that these invitations will be further
disseminated among program performers.

Additionally, we are organizing a panel discussion at the conclusion of the workshop to facilitate idea exchange and encourage ongoing research endeavors in the field. Prospective attendees include members of the program committee, authors of submitted papers, invited speakers, and interested participants from other tracks of the main conference.

Invited Speakers
We are pleased to announce that Dr. Kristopher Reese (IARPA), the program manager of the SoURCE CODE program, has confirmed his participation as the keynote speaker for this workshop.

Program committee

Dr. Hossain Shahriar, Center for Cybersecurity at the University of West Florida
Dr. Guillermo Francia III, Center for Cybersecurity at the University of West Florida
Dr. Mehrdad Mahdavi, Department of Computer Science, Pennsylvania State University
Dr. J. Todd McDonald, Director, Center for Forensics, Information Technology, and Security, University of South Alabama
Dr. Wayne Henry, Director of the Center for Cyberspace Research at Air Force Institute of Technology

Dr. Andrew Mahyari is a research scientist at the Florida Institute for Human and Machine Cognition (IHMC) and holds an adjunct faculty position at the Department of Intelligent Systems and Robotics at the University of West Florida, where he advises Ph.D. students. Dr. Mahyari earned his BSc., MSc, and Ph.D. in Electrical Engineering, along with an MSc in Statistics from Michigan State University. His research focuses on the theory of statistical machine learning and its diverse applications. His recent work centers on leveraging machine learning (ML) and large language models (LLM) for source code analysis and addressing adversarial attacks on ML models.

Dr. Scott Moore is a principal scientist at Galois, Inc. He earned his Ph.D. in Computer Science from Harvard University. His research interests are in security and privacy, program analysis, vulnerability discovery, systems security, and programming languages.

Dr. Adam Bryant is a principal scientist at Galois, Inc. He earned his M.S. and Ph.D. degrees in Computer Science from the U.S. Air Force Institute of Technology. His research interests are in secure systems engineering, rigorous digital engineering, software and systems analysis, and in improving the speed, accuracy, scalability, and accessibility of systems development via interdisciplinary cognitive systems research.