Coskun receives IBM faculty award

By Colbi Edmonds

Associate Professor Ayse Coskun earned an IBM Faculty Award to advance her research on AI-driven data fusion techniques to inherently increase robustness and security of modern application development and deployment on the cloud, also known as DevSecOps.

Associate Professor Ayse Coskun

Even though developers do their best to prevent security and compliance issues, these problems still arise often in the rapid software development cycles today. DevSecOps’ current approach focuses on automated compliance and vulnerability checks that attempt to reduce the number of non-compliant codes in production by capturing them as soon as possible in the pipeline. However, information compartmentalization is a drawback.

Data from the modern cloud — such as DevSecOps events, infrastructure-level metrics, application-level telemetry, in-production continuous vulnerability and compliance checks, and the DevSecOps pipeline — can be fused with compliance and security incidents to trace back to the offending application code. Designing such data fusion and analytics methods for the cloud is where Coskun’s work will advance DevSecOps. Her team will investigate AI-driven data fusion by navigating the compiled cross-layer data to provide insights on how to fix vulnerable codes and services, identifying whether incidents are related to compliance and security violations, and infusing AI into the DevSecOps pipeline as a preventative measure. Coskun’s PhD students Mert Toslali and Anthony Byrne have been working on related projects already.

Coskun has collaborated with IBM for several years and her team published their research results at prestigious venues such as IEEE Transactions on Cloud, ACM Middleware, IEEE Big Data Conference, HotCloud, and others. In addition to papers, Coskun and her team have earned patents, released tools, held seminars, and created successful internships for PhD and undergraduate students in collaboration with IBM Research. Outcomes of this collaboration also contributed to IBM’s Bluemix Vulnerability Advisor and to the iter8 toolchain. Coskun’s team have demonstrated the promise of AI-based methods in cloud analytics, particularly in detecting vulnerable code rapidly, in projects such as DeltaSherlock, Praxi, and ACE

Previously, Prof. Coskun received several prestigious awards (including IEEE Ernest Kuh Early Career Award, NSF CAREER award, several best paper/artifact awards, and an invitation to the prestigious NAE Frontiers Symposium) and has published over 100 scientific papers at top-tier journals and conferences. Her team has periodically released tools and techniques in open-source repositories to the community. These releases include Praxi, a framework Coskun’s team developed in collaboration with IBM for AI-based vulnerable software discovery in the cloud.