SEMLA: Securing Enterprises via Machine-Learning-based Automation

Purpose and goal

The SEMLA project seeks to make the development of software systems more resilient, secure, and cost-effective. SEMLA leverages recent advancements in machine learning (ML) and artificial intelligence (AI) to automate critical yet common & time-consuming tasks in software development that often lead to catastrophic security vulnerabilities. SEMLA aims to achieve the following three objectives: (i) quickly learning about new vulnerabilities, (ii) enabling developers to generate secure code, (iii) realizing resilient infrastructure.

Expected effects and result

SEMLA will enable industry to (i) tackle security breaches, (ii) reallocate economic resources to the pursuit ofinnovation, (iii) improve productivity and time-to-market, and (iv) grow faster, easier, & cheaper (e.g., startups and SMEs). We aim to build a prototype that detect vulnerabilities and improve code capabilities aided by verification tools. Our secondary goal is to generate competences by distilling the insights of the project related to Large Language Models and code generation into two new courses established at KTH.

Planned approach and implementation

The main development contributions will take place between KTH and RISE. KTH focuses on automating vulnerability scanning and system configuration and designing disruption-free ML model updates. RISE focuses on automating code refinement & transformation and striking the best trade-off among model size, accuracy, update frequency, and power consumption. Saab and RedHat will be active throughout the entire project, providing support on all tasks based on the internal use cases, and testing the results.