NCSU SoS Lablet Quarterly Executive Summary

A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.

We continued to produce science of security outcomes. The following are the major contributions from Lablet projects.

• We produced a curated dataset by annotating 4,000 app reviews for three categories of misbehavior by malfeasant app users. These behaviors violate the normative expectations of other users and app reviews provide a low-cost resource to determine which apps are more susceptible to such misbehaviors.
• We combined call graph and dataflow analysis (including predicate checking) to localize the root cause functions for different security vulerabilties. Our scheme performs better (in terms both of lower false positives and false negatives) than the popular Spotbugs checker over five CVEs including the log4j CVE.
• We have begun a user study of our Taxonomy of Human Errors in Software Engineering (T.H.E.S.E.).
• We are gearing up to organize an in-person focus group at CCS and a separate virtual focus group to evaluate our guidelines from the perspective of the traditional cybersecurity research community.

B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.

C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

We involved one female graduate student in our research this quarter.