Skip directly to content

Minimize RSR Award Detail

Research Spending & Results

Award Detail

Awardee:UNIVERSITY OF ARKANSAS SYSTEM
Doing Business As Name:University of Arkansas
PD/PI:
  • Qinghua Li
  • (479) 575-6416
  • qinghual@uark.edu
Award Date:07/28/2021
Estimated Total Award Amount: $ 50,000
Funds Obligated to Date: $ 50,000
  • FY 2021=$50,000
Start Date:07/15/2021
End Date:12/31/2021
Transaction Type:Grant
Agency:NSF
Awarding Agency Code:4900
Funding Agency Code:4900
CFDA Number:47.041
Primary Program Source:040100 NSF RESEARCH & RELATED ACTIVIT
Award Title or Description:I-Corps: Automated Software Security Vulnerability and Patch Management
Federal Award ID Number:2139458
DUNS ID:191429745
Parent DUNS ID:055600001
Program:I-Corps
Program Officer:
  • Ruth Shuman
  • (703) 292-2160
  • rshuman@nsf.gov

Awardee Location

Street:1125 W. Maple Street
City:Fayetteville
State:AR
ZIP:72701-3124
County:Fayetteville
Country:US
Awardee Cong. District:03

Primary Place of Performance

Organization Name:University of Arkansas
Street:504 J B Hunt Center
City:Fayetteville
State:AR
ZIP:72702-3124
County:Fayetteville
Country:US
Cong. District:03

Abstract at Time of Award

The broader impact/commercial potential of this I-Corps project is to decrease the vulnerability and improve the patch management practices in the electric power sector as well as many other critical infrastructure sectors such as oil and natural gas, healthcare, and manufacturing. The project may bring automation and optimization to cybersecurity operations that now often rely heavily on manual processes. The project will enhance the cybersecurity of the nation's critical infrastructures by performing more timely and more effective risk assessment and vulnerability mitigation. Through automated analysis and decision-making, the technology also seeks to reduce the cost associated with cybersecurity operations, addressing a pain point faced by many organizations in critical infrastructure sectors. The technology is particularly beneficial to small- and medium-sized organizations that often have limited cybersecurity personnel and resources to keep pace with the large number of potential cybersecurity vulnerabilities. This I-Corps project will explore the feasibility of commercializing an automated vulnerability and patch management technology that leverages recent advances in artificial intelligence to automate and optimize vulnerability analysis and decision-making. This technology's novelty includes: 1) a method for identifying the vulnerabilities applicable to given assets in an organization; 2) methods for assessing the risk of vulnerabilities; 3) a method to predict and recommend risk-aware remediation actions for vulnerabilities; 4) a method to identify potential strategies for mitigating vulnerabilities when patching is unavailable; and 5) a method for optimal scheduling of vulnerability mitigation actions to minimize security risks. The research addresses several key limitations of current solutions and practice, such as the high cost, long delay, and high risk rooted in manual operations. The project also addresses coarse granularity of risk assessment and the largely unguided or poorly guided mitigation action scheduling. Preliminary research results show that the technology may reduce the remediation decision-making time of the current practice from weeks or months to seconds. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

For specific questions or comments about this information including the NSF Project Outcomes Report, contact us.