The Ivannikov Institute for System Programming of the Russian Academy of Sciences and the company "Basis" have signed a cooperation agreement in research activities. The parties plan to jointly conduct research and development in the areas of software verification and testing, big data processing, software engineering and information security.
Cooperation between ISP RAS and "Basis" began in 2023, when the parties agreed to provide static and dynamic analysis tools developed at the institute, including fuzzing and attack surface detection, and related services. These tools have already been implemented in secure development processes deployed at "Basis".
In accordance with research agreement No. 3021-23-137, ISP RAS is implementing a project for "Basis" on static and dynamic analysis to search for errors and vulnerabilities in the company's products. During the preparatory phase, twenty software components were identified (including QEMU, libvirt, etc.) to be analyzed.
The planned analysis is already being carried out at the facilities of the System Software Security Research Center, created on the basis of ISP RAS on the initiative of the FSTEC of Russia. A Consortium to support the Center has been created around the Center, which includes more than 30 companies and universities. Thus, the Center is engaged not only in technical research, but also in forming a domestic community of experts who are engaged in improving the security of system software.
The results of the component analysis will be open; in particular, all fuzzing targets will be distributed in accordance with the Center's regulations; proposed fixes are planned to be submitted for inclusion in the main branches of the components under study. At the moment, 4 such fixes have already been accepted into the Apache ActiveMQ and ApacheDS repositories.
"The signing of this agreement takes cooperation with "Basis" to a qualitatively new level. Now our joint work consists not only in the implementation of secure development tools created at the institute. Together, we are creating a community around the ecosystem of trusted system software, including the involvement of educational organizations – Bauman Moscow State Technical University, Chuvash State University. The results of the work will serve to strengthen the technological independence of the country, and the participation of students in research projects will help improve their skills as future specialists in secure software development," said Arutyun Avetisyan, Director of ISP RAS, Academician of the Russian Academy of Sciences.
"Improving the quality and security of the "Basis" product ecosystem is one of the priorities of our work. Therefore, we are pleased that such an authoritative organization as the Institute for System Programming of the Russian Academy of Sciences will take part in the development of this area. I also cannot fail to note the importance of building an expert community and involving students in this process. The Russian market is currently experiencing a shortage of qualified personnel, and this problem is hindering the development of domestic IT companies. I hope that together with the System Software Security Research Center, we will contribute to its solution," said Dmitry Sorokin, Technical Director of "Basis".
