Visible to the public CMU SoS Lablet Quarterly Executive Summary - October 2019Conflict Detection Enabled

Submitted by Jamie Presken on Mon, 09/23/2019 - 7:47am

A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.

Obsidian Project (Jonathan Aldrich)

Highlights: Blockchains have been proposed to support transactions on distributed, shared state, but hackers have exploited security vulnerabilities in existing programs. We applied user-centered design in the creation of Obsidian, a new language that uses typestate and linearity to support stronger safety guarantees than current approaches for programming blockchain systems.

 

Adversarial AI (Lujo Bauer)

Highlights: We've made progress on understanding the weaknesses of ML algorithms another practical settings: as used by anti-virus programs for the detection of malware. This setting is interesting -- aside from it's practical relevance -- because previous techniques for creating evasion attacks usually assumed that the input belonged to a continuous domain, whereas malware binaries are drawn from a discrete domain.

 

Security Behavior Observatory (Lorrie Cranor)

Highlights: We conducted interviews with a separate sample of 30 participants to follow up on previous findings that suggested that people using password managers did not necessarily have stronger passwords or decreased password reuse. Our results suggested that users of built-in password managers may have different underlying motivations for using password tools (i.e., mostly focused on convenience) and may thus use those tools to aid their insecure password habits, whereas people using separately installed password managers seem to be more motivated to prioritize security.

 

Model-Based Explanation (David Garlan)

Highlights: We propose a model of APT defense that elevates observability as a first-class concern. We evaluate this model by showing how an informed approach that uses observability improves the defender's utility compared to a uniform random strategy, can enable robust planning through sensitivity analysis, and can inform observability-related architectural design decisions.

Groups: