Suraj Kothari

The digital age, with all its complexity, began at Iowa State University in 1942 when ISU physics professor John Atanasoff and assistant Clifford Berry built the “ABC” (Atanasoff Berry Computer), the world’s first digital electronic computer – to save them the trouble of cranking out calculations on a simple adding machine.

Managing the world’s digital complexity is the mission of another ISU professor, Suraj Kothari, and EnSoft Corp., the company he founded in the Iowa State University Research Park (ISURP) in 2002 – to save software analysts from the trouble of painstakingly examining every single line of computer code when changes or corrections are needed.

Kothari, Richardson Professor of Electrical and Computer Engineering, and his team and ISU and EnSoft create specialized software tools that enable sophisticated analysis of huge pieces of computer code (“EnSoft” is short for “Enabling Software”). A human analyst using EnSoft tools can detect hidden defects (“bugs”) and malicious programs (“malware”) much faster and more thoroughly than with other methods.

As software becomes an integral part of nearly all technology, ensuring the safety and reliability of computer code has become crucial, especially in high-stakes applications such as defense, aerospace, automotive and financial services.

“Our technology is like an MRI machine,” Kothari explains. “Just as a doctor can see what’s inside a human body with an MRI, we can see what’s inside complex code. Although understanding code never becomes as simple as ABC, it is exponentially faster to understand a piece of code using our tools.”

Kothari first saw the need for better ways to analyze software code when working on a project for the National Center for Atmospheric Research (NCAR) and Environmental Protection Agency (EPA) during the 1990s. When Congress mandated the use of US-built supercomputers for all federal agencies, NCAR and EPA had to move millions of lines of code to new computer hardware.

As part of the team working on this project, Kothari says he was frustrated that it took four people 3 1/2 years to convert just one climate model to the new hardware. The software engineers had spent too much time on mind-numbing, repetitive tasks that (theoretically) could be done by a computer – and not enough time making strategic choices that only human beings can make.

As someone once said, “there is nothing as practical as a good theory.” The problem was – there was no such theory yet. A mathematician by training, Kothari knew the answer lay deep in mathematics and he could not rest until he solved it.

“We needed to have theory—and tools supported by theory—to reason about complex software to automate the time-consuming parts of the analysis process,” Kothari says. “If not completely automated, the analysis tool would at least do a bulk of the work so human beings could focus on the high level intellectual tasks.”

Driven, at first, by the same practical, labor saving motive that drove Atanasoff, Kothari built Par Agent, a software tool designed to make the transformation of the climate models faster and easier.

It is hard to overstate how well this tool succeeded. A task that had taken 28,000 hours to do in the first instance, Par Agent accomplished in only 120 hours: more than 200 times faster.

“What took 3 ½ years for a team of four people to do, one of the post-doctoral students in my lab using Par Agent did in 15 days,” Kothari says. “As a result, we got funding from the EPA and we were able to take their climate change models and ensure they could run efficiently on supercomputers.”

Kothari realized that Par Agent was not just a one-shot shortcut for the NCAR and EPA project. He recognized that the theory he developed could be applied to many similar challenges and decided it was time to start a business that provided the service not only to government agencies, but also to the private sector.

“Since our novel approach to working with large software saved so much human time and at the same time avoided human error,” Kothari says, “in 2002, we founded EnSoft to commercialize our research.”

With cutting-edge technology but no business background, Kothari turned to ISURP Director Steve Carter and Small Business Development Center (SBDC) Director Mike Upah for help.

“They had facilities that met our needs, but most importantly people who could help us get going as a high tech startup,” Kothari says. “We had only a very vague idea of how to do things and they were very helpful in giving us the assistance we needed.”

The ISURP and SBDC staff assisted Kothari and the EnSoft team with business plans, strategic planning, pricing and marketing, all while offering an open door to talk through difficulties and challenges.

Kothari says it was initially difficult for EnSoft to find the right markets, focusing first on the financial sector. Insurance and banking giants close by in Des Moines were the avenues EnSoft first explored.

While EnSoft made modest inroads with financial companies, its first substantial project involved avionics company Rockwell Collins, based in Cedar Rapids. Rockwell funded further refinement of the core technology underlying Par Agent – in this case, a tool that, guided by engineers, could analyze millions of lines of code crucial to validating the safety of avionics software.

Meanwhile, a manager at Rockwell expressed a need for a tool to track differences in graphical models of control systems software. Mathematician Kothari immediately recognized the mathematical problem underlying the need as an instance of a well-known mathematical conundrum called the graph isomorphism problem. The trick was to find an algorithm that provides a quick approximation to a problem whose exact solution is impossible. SimDiff, EnSoft’s most commercially successful product so far, resulted from this engagement with Rockwell.

As soon as the tool, SimDiff, was developed, engineers everywhere clamored for it, especially in the auto industry. Without any marketing effort at all, EnSoft had a hit software product on its hands.

When General Motors (GM) heard about EnSoft’s SimDiff tool in 2006, GM sought out EnSoft and requested 1,200 licenses – a huge coup for EnSoft. Days later, National Instruments (NI) sued EnSoft for patent infringement.
Kothari was surprised the patent office had erred in granting NI a patent related to an ages-old math problem. The lawsuit hung like a dark cloud over SimDiff sales in the US, while sales in Japan and Europe took off. Through waves of testimony, meetings and emotionally exhausting rulings, EnSoft continued to fight. Finally in 2012, NI gave up and withdrew the lawsuit. The settlement set the stage for a period of rapid growth in the United States.

“We look back at 2012 as the reverse of the ‘when it rains it pours’ saying,” Kothari says with a smile.

After a dozen years in business, EnSoft’s journey has taken another unexpected turn: working with the Defense Advanced Research Projects Agency (DARPA) of the US Department of Defense on a series of multi-million dollar projects designed to increase security as the military makes more extensive use of digital technology.

In February 2015, EnSoft, collaborating with researchers at Iowa State, completed a project to develop a way to identify malware in Android apps for smart phones. Like the private sector, the US military would like to supply its smart phones with apps, but wants to screen them to make sure they don’t compromise security.

The $4.1 million project was funded through DARPA’s Automated Program Analysis for Cybersecurity (APAC) program to detect malware in Android apps.

“Let’s say a general’s phone conversation is being leaked because somebody has sneaked in malicious software that allows someone to eavesdrop,” Kothari explains. “And the person who is using the phone doesn’t even know that’s what’s happening. That would be a very serious problem.”

Kothari says challenges were regularly presented during the DARPA APAC program to the six university teams participating in the effort—Iowa State University, Stanford University, MIT, University of Washington, University of California-Berkeley and University of Utah—and the EnSoft/ISU team consistently stood out as a top performer.

On the heels of that project, in 2015, the EnSoft/ISU team was awarded another $4.6 million DARPA STAC project for broader research to detect highly complex safety and security vulnerabilities in software.

The DARPA APAC project enabled EnSoft to advance its Atlas technology to build tools to understand, validate, and transform large software. Atlas maps software to graph databases as program artifacts and relations between them. The database can be queried and the results can be visualized interactively through an interpreter, or programs embedded with Atlas APIs can be written to create custom tools. With its underpinnings in discrete mathematics, Atlas enables powerful mathematical reasoning to solve complex software problems that are intractable with conventional program analysis tools.
EnSoft now offers Atlas as a commercial product.

Kothari says “Atlas is a game-changing automation technology, critically needed to make software safe, secure and its development far less labor-intensive. It has brought EnSoft/ISU unprecedented success with DARPA projects and it has already started opening vast commercial opportunities for EnSoft.

“I have always wanted to do more as a full professor than write papers for my colleagues to read,” he says. “I want to have an impact on society and that is happening with the revolutionary software products we are offering at EnSoft.”