NCSU SoS Lablet Quarterly Executive Summary
A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.
We continued to produce science of security outcomes. The following are the major contributions from Lablet projects.
- We improved the accuracy of our security bug detection schemes. We designed algorithms to rank functions based on their vulnerability that include truly vulnerable functions within top ranked functions. This work is significant because modern server systems can have millions of functions.
- We continued working on a user study of the Taxonomy For Human Errors in Software Engineering (T.H.E.S.E.). This study is about identifying and classifying human errors according to our taxonomy. Semi-structured interviews help glean insights for improving the taxonomy.
-
We identified a set of 13 security requirements to detect ways in which Android applications can misuse Payment Service Provider (PSP) SDKs.
-
We conducted an empirical study to evaluate our Ember framework, an automated approach to suggest actions for mitigating HIPAA violations given a text-based input breach description. This study seeks to establish whether Ember is competitive with humans in extracting relevant actions from a breach description.
B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.
We performed a virtual focus-group with four subject matter experts who discussed the effectiveness of the guidelines when reporting cyber security research, specifically focusing on their area of expertise within cyber security research.
C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.
- NSA Program Manager
- Metrics
- Policy-Governed Secure Collaboration
- Resilient Architectures
- NCSU
- Coordinated Machine Learning-Based Vulnerability & Security Patching for Resilient Virtual Computing Infrastructure
- Development of Methodology Guidelines for Security Research
- Predicting the Difficulty of Compromise through How Attackers Discover Vulnerabilities
- Reasoning about Accidental and Malicious Misuse via Formal Methods
- 2023: January