CMU SoS Lablet Quarterly Executive Summary - July 2021

A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.

Jonathan Aldrich

Obsidian: A Language for Secure-by-Construction Blockchain Programs

We are adding a second target to the Obsidian compiler. We had previously compile Obisidan code to Hyperledger fabric to run on open-source Hyperledger blockchains. We are now adding the ability to compile to the Ethereum Virtual Machine (EVM) to run on the more widely used Ethereum blockchains. Our work is in partnership with the Ethereum foundation. Ethereum tracks contract running cost with a unique mechanism called "gas." Tracking "gas" usage is an interesting and challenging use case for Obisidian's resource tracking mechanisms.

We are conducting a study of contracts running on the Ethereum virtual machine written in the Solidity language. Our goal is to understand how these contracts track resources, own or share state, and enforce ordering constraints. This will help us understand when and how Obisidian's existing mechanisms can be applied. In addition, it will help us design new language features in a data-driven way.

Lujo Bauer

Securing Safety-Critical Machine Learning Algorithms

We continue along the same directions as previously, including investigating more powerful attacks on malware classifiers, and explaining malware classifier decisions to better understand the potential strengths and weaknesses of different malware classifiers.

We began studying safe ordering properties, a class of non-relational safety properties that capture a broad range of safety concerns for classification models. Our current work in this direction is aimed at transforming existing classifiers into variants that provably satisfy a given set of safe ordering properties. Key concerns that we aim to address are runtime efficiency and preservation of accuracy.

Lorrie Cranor

Characterizing user behavior and anticipating its effects on computer security with a Security Behavior Observatory

We have updates on multiple ongoing projects that seek to address the hard problem of "understanding and accounting for human behavior."

Accepted paper: How Do Home Computer Users Browse the Web? Kyle Crichton, Nicolas Christin, and Lorrie Cranor. To appear in an upcoming issue of the ACM Transactions on the Web journal.

Using data collected through the SBO, we provide new insights into how users browse the internet

First, we compare our data to previous studies conducted over the past two decades and identify changes in user browsing and navigation. Most notably, we observe a substantial increase in the use of multiple browser tabs to switch between pages.

Using the more detailed information provided by the SBO, we identify and quantify a critical measurement error inherent in previous server-side measurements that do not capture when users switch between browser tabs. This issue leads to an incomplete picture of user browsing behavior and an inaccurate measurement of user navigation and dwell time.

In addition, we observe that users exhibit a wide range of browsing habits that do not easily cluster into different categories, a common assumption made in research study design and software development.

We find that browsing the web consumes the majority of users' time spent on their computer eclipsing the use of all other software on their machine.

While browsing, we show that users spend the majority of their time browsing a few popular websites, but also spend a disproportionate amount of time on low-visited websites on the edges of the internet.

We find that users navigating to these low-visited sites are much more likely to interact with riskier content like adware, alternative health and science information, and potentially illegal streaming and gambling sites.

Finally, we identify the primary gateways that are used to navigate to these low-visited sites and discuss the implications for future research.

Accepted paper: What breach? Measuring online awareness of security incidents by studying real-world browsing behavior. Sruti Bhagavatula, Lujo Bauer, and Apu Kapadia. To appear at the IEEE Workshop on Technology and Consumer Protection (ConPro 2021).

In this analysis, we used the SBO dataset to study how people come to learn about breaches online and the actions people take in the aftermath of breaches.

This relates to the hard problem of understanding and accounting for real human behavior: in particular, we seek to understand what influences people to learn about breaches and to take actions to protect the security of their accounts and information.[SP1]

David Garlan

Model-Based Explanation For Human-in-the-Loop Security

We have made progress on the following:

For realistic self-adaptive systems, multiple quality attributes need to be considered and traded off against each other. These quality attributes are commonly encoded in a utility function, for instance, a weighted sum of relevant objectives. Utility functions are typically subject to a set of constraints, i.e., hard requirements that should not be violated by the system. The research agenda for requirements engineering for self-adaptive systems has raised the need for decision-making techniques that consider the trade-offs and priorities of multiple objectives. Human stakeholders need to be engaged in the decision-making process so that constraints and the relative importance of each objective can be correctly elicited. This paper presents a method that supports multiple stakeholders in eliciting constraints, prioritizing relevant quality attributes, negotiating priorities, and giving input to define utility functions for self-adaptive systems. We developed tool support in the form of a blackboard system that aggregates information by different stakeholders, detects conflicts, proposes mechanisms to reach an agreement, and generates a utility function. We performed a case study with 14 contextual inquiry interviews to assess the approach with respect to its understandability and user satisfaction. Our case study sheds light on how humans reason about and how they negotiate around quality attributes. The mechanisms for conflict detection and resolution were perceived as very useful. Overall, our approach was found to make the process of utility function definition more understandable and transparent.

Joshua Sunshine

Security Science Research Experience for Undergraduates

• The Security Science Research Experience for Undergraduates is funding four students to work with Carnegie Mellon Resrachers:

  • Benito Geordie, Rice University, "Democratizing and Decentralizing Collaborative Web Apps." Advisor: Heather Miller.
  • Crystal Li, University of Pittsburgh, "User Awareness of Social Media Algorithms." Advisor: Daniel Klug.
  • Megan Li, Harvey Mudd College, "Usable Consent Interfaces." Advisor: Lorrie Cranor.
  • Sophia Roshal, Cornell University, "Wyvern: Designing a Next-Generation Programming Language." Advisor: Jonathan Aldrich.