CMU SoS Lablet Quarterly Executive Summary - January 2022

A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.

Jonathan Aldrich

Obsidian: A Language for Secure-by-Construction Blockchain Programs

Blockchains have been proposed to support transactions on distributed, shared state, but hackers have exploited security vulnerabilities in existing programs. We applied user-centered design in the creation of Obsidian, a new language that uses typestate and linearity to support stronger safety guarantees than current approaches for programming blockchain systems.

COMMUNITY ENGAGEMENTS

The Obsidian project has partnered support from the Ethereum Foundation. Obsidian currently supports the Hyperledger Fabric blockchain platform. We will build a proof-of-concept version of Obsidian for Ethereum. The ultimate goal is to make Obsidian a viable alternative to Solidity for Ethereum developers so that Ethereum users can obtain the usability and security benefits of using Obsidian.

Lujo Bauer

Securing Safety-Critical Machine Learning Algorithms

This project addresses the following hard problems: developing security metrics and developing resilient architectures. Both problems are tackled in the context of deep neural networks, which are a particularly popular and performant type of machine learning algorithm. This project develops metrics that characterize the degree to which a neural-network-based classifier can be evaded through practically realizable, inconspicuous attacks. The project also develops architectures for neural networks that would make them robust to adversarial examples.

Lorrie Cranor

Characterizing user behavior and anticipating its effects on computer security with a Security Behavior Observatory

The SBO addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild."

PhD thesis that includes analysis of SBO data: Measuring and increasing the reach of security information through online media. Sruti Bhagavatula. https://users.cs.northwestern.edu/~srutib/documents/thesis.pdf

Dr. Bhagavatula's work employs SBO data in doing the following: Providing empirical observations of how users engage with security and privacy; Offering analysis of the effectiveness of social media for spreading security and privacy advice, and providing recommendations of how security and privacy information should be shared on social media to promote dissemination of good-quality information

Accepted paper: What breach? Measuring online awareness of security incidents by studying real-world browsing behavior. Sruti Bhagavatula, Lujo Bauer, Apu Kapadia. Presented at EuroUSEC in October 2021. https://www.cs.cmu.edu/~sbhagava/papers/breach-engagement-eurousec21.pdf

This paper utilizes SBO data to examine 1) how often people read about security incidents online, (2) whether and to what extent they then follow up and take action (2) what influences the likelihood that they will read about an incident and take some action.

Accepted paper: How Do Home Computer Users Browse the Web? Kyle Crichton, Nicolas Christin, and Lorrie Cranor. To appear in the Feb 2022 issue of the ACM Transactions on the Web journal. https://dl.acm.org/doi/10.1145/3473343

Using data collected through the SBO, we provide new insights into how users browse the internet. First, we compare our data to previous studies conducted over the past two decades and identify changes in user browsing and navigation. Most notably, we observe a substantial increase in the use of multiple browser tabs to switch between pages. Using the more detailed information provided by the SBO, we identify and quantify a critical measurement error inherent in previous server-side measurements that do not capture when users switch between browser tabs. This issue leads to an incomplete picture of user browsing behavior and an inaccurate measurement of user navigation and dwell time. In addition, we observe that users exhibit a wide range of browsing habits that do not easily cluster into different categories, a common assumption made in research study design and software development. We find that browsing the web consumes the majority of users' time spent on their computer eclipsing the use of all other software on their machine. While browsing, we show that users spend the majority of their time browsing a few popular websites, but also spend a disproportionate amount of time on low-visited websites on the edges of the internet. We find that users navigating to these low-visited sites are much more likely to interact with riskier content like adware, alternative health and science information, and potentially illegal streaming and gambling sites. Finally, we identify the primary gateways that are used to navigate to these low-visited sites and discuss the implications for future research.

David Garlan

Model-Based Explanation For Human-in-the-Loop Security

For realistic self-adaptive systems, multiple quality attributes need to be considered and traded off against each other. These quality attributes are commonly encoded in a utility function, for instance, a weighted sum of relevant objectives. Utility functions are typically subject to a set of constraints, i.e., hard requirements that should not be violated by the system. The research agenda for requirements engineering for self-adaptive systems has raised the need for decision-making techniques that consider the trade-offs and priorities of multiple objectives. Human stakeholders need to be engaged in the decision-making process so that constraints and the relative importance of each objective can be correctly elicited. This paper presents a method that supports multiple stakeholders in eliciting constraints, prioritizing relevant quality attributes, negotiating priorities, and giving input to define utility functions for self-adaptive systems. We developed tool support in the form of a blackboard system that aggregates information by different stakeholders, detects conflicts, proposes mechanisms to reach an agreement, and generates a utility function. We performed a think-aloud study with 14 participants to investigate negotiation processes and assess the approach's understandability and user satisfaction. Our study sheds light on how humans reason about and how they negotiate around quality attributes. The mechanisms for conflict detection and resolution were perceived as very useful. Overall, our approach was found to make the process of utility function definition more understandable and transparent. This can be used to combine security quality requirements with other requirements in an explainable way, tracing the explanation back to stakeholder reasoning and conflict resolution.

Joshua Sunshine

Security Science Research Experience for Undergraduates

The Security Science Research Experience for Undergraduates funded four students to work with Carnegie Mellon researchers in Summer 2021:

1. Benito Geordie, Rice University, "Democratizing and Decentralizing Collaborative Web Apps." Advisor: Heather Miller.
2. Crystal Li, University of Pittsburgh, "User Awareness of Social Media Algorithms." Advisor: Daniel Klug.
3. Megan Li, Harvey Mudd College, "Usable Consent Interfaces." Advisor: Lorrie Cranor.
4. Sophia Roshal, Cornell University, "Wyvern: Designing a Next-Generation Programming Language." Advisor: Jonathan Aldrich.