We are a group consisting of students and faculty at SITE, University Of Ottawa collaborating with IBM for research related to software security. Our current main focus includes research on the latest security attacks/vulnerabilities as well as their implications with regard to rich internet applications.

We are particularly interested in the challenges associated with automatic crawling rich internet applications, and have developped a promising new technique called "Model-Based Crawling".

The security of applications and automatic security testing is an important, ongoing, and growing concern. Among the applications needing security, Web-based applications are at the forefront: being on the Internet, they are intrinsically exposed to attacks. Easily produced and rapidly changing, web-based applications are often found at the low end of software engineering standards. So-called "Rich Internet Applications" (RIAs), which execute important parts of the application logic in the browser on the user's side, just make the matter worse by providing new attack vectors and creating much more complex architectures. In addition to security, application developers are also interested in testing the accessibility of their application and in content indexing. To automate the testing of RIAs we are working on two projects:

 1. Model Based Crawling: Building models is important not only for indexing content, but also for automated testing, automated security and accessibility assessments, and in general for using software engineering tools. Our objective is to efficiently construct models for RIAs. The focus of this project is on discovering most states as early as possible during the crawl.

 2. Distributed RIA Crawling: One can reduce the time it takes to crawl a RIA by executing the crawl in parallel on multiple computational units. The objective of this ongoing project is to create distributed architectures, protocols, and load balancing algorithms that harness the computational power available on multiple computers and thus reduce the time required to crawl a RIA.

We are often looking for prospective graduate students who are interested in working on topics related to software security and application modeling. Please see our current openings

Our industrial partner