Visible to the public CMU SoS Lablet Quarterly Executive Summary - April 2019Conflict Detection Enabled

Submitted by Jamie Presken on Mon, 03/11/2019 - 11:25am

A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.

Obsidian Project (Aldrich)

Highlights. Blockchains have been proposed to support transactions on distributed, shared state, but hackers have exploited security vulnerabilities in existing programs. We applied user-centered design in the creation of Obsidian, a new language that uses typestate and linearity to support stronger safety guarantees than current approaches for programming blockchain systems. A case study of Obsidian usa written by a student on this project won 2nd place in the SPLASH Student Research Competion, 2018. The team has started to work with the World Bank to develop a parametric insurance platform on the Blockchain with Obsidian to address challenges related to weather disasters.

 

Adversarial AI (Lujo Bauer)

Highlights. Bauer presented at the Aspen Institute's IARPA Emerging Threats Seminar in Washington DC on topics covered by this award. Fredrikson has worked with his PhD student, who has been supported by the project, on developing a course module in which students apply the attribution framework (developed as part of this project) to convolutional networks. Future plans include extending this module to have students leverage the framework for detecting and explaining adversarial examples.

 

Security Behavior Observatory (Lorrie Cranor)

Background. The Security Behavior Observatory (SBO) addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild." This data is the closest to the ground truth of the users' everyday security and privacy challenges that the research community has ever collected. We expect the insights discovered by analyzing this data will profoundly impact multiple research domains, including but not limited to behavioral sciences, computer security & privacy, economics, and human-computer interaction.

Highlights. We have been able to use SBO data to understand how users come to learn about security breaches and how that knowledge affects their behavior.(USENIX Security, submitted). We also interviewed SBO subjects to better understand motivations regarding use of password management tools and, in particular, whether these tools promote good practices (e.g., avoid passwords that are easily guessed or reused across applications). We learned that those using built-in tools do not elevate their practices, but those who acquire separately-installed tools are more likely to adopt better habits.

 

B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.

C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

Groups: