Professor Joshua Garcia borrows a page from the book of building design in using architecture as a lens to address software evolution. “A building’s architecture is essential to its shape and functioning. Similarly, every piece of software has an architecture that must be designed right for it to last and gracefully absorb future changes,” he observes. Identifying how and why software breaks down at the architectural level, Professor Garcia uses this understanding to design techniques and associated tools for restructuring software architectures so it becomes easier to add new features and fix bugs.
Software analysis and testing is another area of interest for Professor Garcia, as he studies new ways to identify security vulnerabilities. Rather than waiting for unsavory types to find — and maliciously exploit — problems, he takes a proactive approach. “What I’ve done, particularly in the mobile space, is to create the first technique that automatically generates a broad range of possible exploits, each of which may expose a different program vulnerability.” His techniques are so effective that numerous companies and agencies, including IBM and the Department of Homeland Security, have adopted them to safeguard the software we all use every day.
Pushing further, Professor Garcia is now working on techniques that can automatically repair new vulnerabilities. “Automatic repair frees up developers’ time, letting them focus on developing new features or testing non-security-related functionality.” In particular, he is developing search techniques that leverage test suites of existing applications to identify possible repair operations. He is currently focusing on Android applications but intends to expand to the emerging Internet of Things, recognizing that “automatically securing software systems is a major step forward in protecting user data and privacy.”