TruX

TruX is a software engineering and software security research group that develops innovative approaches and tools towards helping the research and practice communities build trustworthy software. We are part of the Interdisciplinary Centre for Security, Reliability and Trust (SnT) at the University of Luxembourg.

What is a Trustworthy Software: It is software that can be relied upon: it has reduced vulnerabilities; when it fails, it can be repaired automatically; when it operates, it can justify its execution drives.

Why do we focus on Software: Software is a ubiquitous artefact in our modern lives. Today, and in the foreseeable future, software is at the heart of critical operations as well as common activities. This situation will be even more amplified with the emergence of 5G, the development of connected cars, or the reinforcement of the Fintech domain. Software development remains, however, a complex engineering effort that increasingly requires from the research community novel techniques to accelerate feature integration, systematize vulnerability scanning, and automate bug fixing.

Main Research Focus: TruX explores the huge data on software development artefacts (including source code and textual information in repositories, such as bug reports, reviews, etc.) to derive knowledge on how to automate the analysis, construction, and repair of software programs. In particular, TruX conducts research in three main axes:

1. Software Security: by developing new tools and approaches to assess and ensure security and privacy properties of software applications. Examples of research activities are the detection of privacy leaks in Android apps or the detection of vulnerabilities in open-source software at “commit time”.

2. Software Repair: by devising and implementing novel algorithms, methodologies and tool support for automatically repairing programs. This is performed by identified bug or vulnerability locations and applying code change operations that will make the programs satisfy a correctness criterion. In TruX, we are particularly focused on inventing software repair solutions that are in line with practitioners’ constraints.

3. Explainable Software: by ensuring that software engineering solutions to business problems are not black-box solutions but, instead, convey explanations and contextual information to help end-users. This research direction is in line with an emerging requirement in the field of Artificial Intelligence where models and techniques must be devised such that the results of an AI solution can be understood by human experts. Given, the use of AI algorithms in several of our research axes, we also investigate directions on making the analyses tractable.

Tools for Practitioners: TruX aims at developing both practical and fundamental research solutions. “Practical”, because TruX directly targets practitioners with the ambition to release tools that are relevant for developers. “Fundamental”, because TruX investigates key open and hard software engineering problems such as the definition of code similarity (e.g., representation learning techniques for semantic code clone identification), the derivation of abstract repair operators that are less prone to test overfitting, etc.

Management: About 15 researchers are working in the TruX research group which is jointly led by Prof. Jacques Klein and Prof. Tegawendé F. Bissyandé.

Home SnT