SoS Quarterly Summary Report - CMU - July 2014

Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

A). Fundamental Research

[Carley] On the basis of data from a major AV vendor, we able to identify characteristics of countries that are common waypoints for attacks.

[Breaux] An analysis technique based on design patterns and requirements models can help analysts discover and address security issues in proposed designs early in an engineering process.

[Platzer] A technique is developed (a stochastic algorithm) that can facilitate reasoning about large planning and learning problems.

[Garlan, Aldrich, Sunshine] Dynamic adaptation requires extensive runtime monitoring of the operating environment of a system. Techniques are developed to determine optimal placement of runtime monitors to enforce security constraints at runtime.

[Datta, Harper, Jia] Developed a program logic that can support reasoning about adversary-supplied code. The goal is the model ability to sustain service continuity despite attacker actions.

[Acquisti, Cranor, Christin, Telang] Completing development of the sensor platform for the large-scale field study.

[Aldrich, Sunshine, Srisa-an] Developed a technique to support efficient dynamic analysis to detect races at runtime on the basis of up-front static analysis. A catalog of web-related race-related vulnerabilities, based on multiple sources (National Vul DB, Full Disclosure, etc.), will support an appraisal of comprehensiveness of coverage of static and dynamic techniques.

B). Community Interaction
Work to explain or extend scientific rigor in the community/culture. Workshops, Seminars, Competitions, etc.

CMU hosted the first Quarterly Meeting of the new Lablet Community. Approximately 75 people attended from the four universities, multiple subcontractors, and government organizations. Workshop sessions address the planning for updating and disseminating the Hard Problems list, which is intended to provide a key component of the unifying framework for the SoS research undertaken at the Lablets. DIscussions were also held regarding other mechanisms through which the SoS Lablet community could advance the effectiveness and explicitness of the scientific process of cyberseucity research.

Just prior to the Quarterly Meeting, CMU also hosted the CASOS Summer Institute, focusing on network analytics, led by Kathleen Carley and including Juergen Pfeffer. This institute is dedicated to advancing the theory and practice of network analytics.

In addition, Lorrie Cranor was the General Chair for the 10th SOUPS conference (Symposium on Usable Privacy and Security). This conference has served as a premier catalyst for the advancement of scientific practice associated with research related to privacy and to human interfaces associated with security.

C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

CMU ISR is offering a new Masters degree program in Privacy Engineering, led by Lorrie Cranor and Norman Sadeh. Courses are taught by several SoS Lablet faculty including Cranor, Sadeh, and Travis Breaux.

CMU is revamping is undergraduate core course sequence on software engineering, and security topics as well as method-related topics (data analysis, developer studies, and the like) are being augmented. SoS Lablet faculty involved are likely to include Aldrich, Kastner, Breaux, Scherlis, and others.

Partly as a consequence of earlier lablet work, PhD students in several of the CMU PhD programs have made efforts to broaden the range of scientific methods they employ to include a broader range of experimental and data-focused approaches, in addition to the more familiar theoretical work and experimental engineering. This shift is now being recognized in the the structure of the core graduate curriculum.