“Our testing-based approach will help developers find vulnerabilities before they release their code into the wild, before they come under attack.”
— Jon Bell, an assistant professor in the Department of Computer Science
Mason Engineering researcher Jon Bell is fighting cybersecurity attacks on the front lines, defending software from breaches such as the one that hit Equifax in 2017.
He and his research team are creating tools that developers can use to protect software from a dangerous vulnerability called code injection, in which an attacker can run their code on a secure server.
“Our testing-based approach will help developers find these vulnerabilities before they release their code into the wild, before they come under attack,” says Bell, an assistant professor in the Department of Computer Science. “Code-injection attacks have become increasingly common and are generally regarded as the number one web security risk.”
He recently received a prestigious CAREER Award, an honor that recognizes early career researchers, from the National Science Foundation, for his research proposal Amplifying Developer-Written Tests for Code Injection Vulnerability Detection.
“To be selected for the award is an indication that not only does the recipient have a strong track record but that their research proposal is both highly innovative and credible,” says Sanjeev Setia, chairman of the Department of Computer Science.
Bell’s research focuses on making it easier for developers to produce reliable software. “One thing that’s unique and interesting about our project is that it’s taking a holistic view of the defense process to include everyday software developers and security experts,” he says.
The tools his team, including senior Katherine Hough and master’s student Aaron Massey, are developing can be used by any software developer, even those at small companies that can’t afford to hire security professionals. So far, prototypes show promising results in finding existing vulnerabilities, he says.
Setia says Bell is an outstanding teacher, as well as researcher. “He has made an impact on the department by modernizing two popular undergraduate courses and through his strong contributions to departmental discussions on a variety of issues, notably those related to the computer science PhD program.”
Bell plans to integrate his research results into his graduate and undergraduate courses, which focus on tools and skills for building distributed and web-based applications.
He finds teaching fulfilling and interesting. “I have the opportunity to make a difference in many students’ academic careers and lives—it’s very rewarding.”
It’s also rewarding when recent graduates contact him to say they landed a job because the interviewer asked them software questions, “and they were able to answer them because of what they learned in my class.”
“To be selected for the award is an indication that not only does the recipient have a strong track record but that their research proposal is both highly innovative and credible.”
— Sanjeev Setia, chairman of the Department of Computer Science