Using Deep Learning Natural Language Processing to Predict Software Vulnerabilities; Using Utilitarian Ethics to Analyze the Equifax Breach of 2017

Gumabay, Ethan, School of Engineering and Applied Science, University of Virginia
Tian, Yuan, EN-Comp Science Dept, University of Virginia
Laugelli, Benjamin, University of Virginia

My technical and STS research projects are connected by the idea of user configuration. Specifically, the two projects explore the growing disparity between modern security practices and user integration. The foundation of my work is that modern security practices change too quickly for user configuration to keep up. Moreover, modern security practices are trending towards giving the responsibility of security to software developers and security professionals instead of allowing users to manage it themselves. My STS project and my technical project address this problem in different ways. My STS project explores the problem itself by outlining possible consequences of continuing with the current trajectory of security practice development, while my technical project focuses on a potential solution. Though my two projects approach the problem from different angles, both are necessary in arriving at a realistic and effective solution to the growing disparity between modern security practices and user integration.

In my technical report, I aim to develop a modern solution that will remove the responsibility of employing modern security practices from either the software developers or the users. I created a machine learning model that is able to detect potential software vulnerabilities based on previously known software vulnerabilities. The model will also improve over time as more vulnerabilities surface because it will receive more data to learn on. The purpose of developing such a model is to remove the responsibility of software developers to handle all security. With the use of this model, software developers and security professionals would not have to force users to use black-boxed security measures, instead a third-party software would be able to manage vulnerability detection.

My STS research project also explores the concept of user integration by analyzing a shortcoming of software developers’ integration of modern security practices. My research analyzes the Equifax data breach of 2017 with respect to utilitarian ethics. In my STS research, I argue that Equifax and its software developers were indeed at fault for the massive data breach in 2017. This case study proves that software developers, despite their expertise, are also incapable of integrating modern security practices and in some cases, can even hurt innocent users by attempting to do so. The goal of this research is to reveal the potential consequences of failing to lessen the disparity between modern security practices and user integration.

By exploring these two projects simultaneously, I gained an understanding of why and how the disparity between modern security practices and user integration is growing so rapidly. I was able to analyze the repercussions of this problem in a real case study that impacted millions of Americans in the Equifax data breach. Perhaps more importantly, I was able to devise a solution to the problem with my technical project. Without the STS research project to complement the technical project, the problem seems too impossible a problem with no real solution. It would be easy to assume that places the responsibility of security in the hands of developers is clearly better than places it in the hands of users, but performing these two projects concurrently revealed that this is not the case and there is in fact a realistic solution.

BS (Bachelor of Science)
Vulnerability detection, Deep learning, Equifax data breach, Utilitarian Ethics

School of Engineering and Applied Science
Bachelor of Science in Computer Science
Technical Advisor: Yuan Tian
STS Advisor: Benjamin Laugelli

Issued Date: