pLatform for Analysis of Resilient and secUre Software

LAZARUS is a three-year research and innovation project that aims to heal many of the security issues that befall modern software during its development lifecycle. The recently introduced area of DevSecOps - in medium to large companies - unfortunately lacks automated security tools, while most existing solutions are targeting only one narrow step of the SDLC process but miss a much needed holistic overview of the global security solution. LAZARUS innovates by intervening in multiple steps of the SDLC, performing targeted security checks and collecting valuable information and intelligence from each step, and exploiting advanced ML and AI methods to convert this intelligence into actionable insights and recommendations. Moreover, we provide advanced features for developers, that employing our tools would be able to deploy more intelligent and distributed solutions through dedicated APIs. LAZARUS follows an open-source approach for the core functionality, which is supported by a realistic and viable business model for the sustainability and further exploitation of the project after it reaches the end of this financing phase.
The main research questions that will be investigated by LAZARUS are the following:
* Can we improve, by design, the security and resilience of large and complex systems?
* Can we automate these design processes, and make them cost-effective, easily applicable and deployable?
* What other efficient and effective measures can we use to automatically increase the security of systems against both failure and attack?
* What can be the role of Artificial Intelligence and Machine Learning in these attempts to automate hard design and operational decisions for increasing the security and performance of complex systems?
* How can we best realise automatic self-healing in software?
* Which of the novel techniques discussed above are better suited for improved resiliency, performance and security in embedded systems and other environments where certain environmental or design constraints do not allow for standard solutions?
Objectives:
* Design, develop, test, and validate a novel intelligent framework for the development of secure applications
* Automatically apply self-healing to a system which undergoes an attack
* Develop new methods for discovering vulnerabilities in an information system
* Integrate AI tools and automation in DevSecOps

Development of new tools for detecting and fixing vulnerabilities. Creating an integrated environment where developers can easily pick and choose which tools will be enabled according to their needs and existing pipelines. Moreover, LAZARUS allows the integration of existing tools so that devops teams can easily shift to DevSecOps.
The scientific results illustrate include, but are not limited to new AI/ML models to detect secrets in source code, improved detection of vulnerabilities and more targeted patches, as well as identification of fuzzers and bypassing SAST tools.

* Automated detection of leaked secrets and their context using AI/ML
* Deeper understaning of what vulnerabilities can AI/ML-based solutions detect
* Bypasses of SAST utilities
* Better detection of programming languages
* Better detection of software vulnerabilities
* Automated patching of code vulnerabilities