CMU Lablet Homepage

ABOUT

The broad goal of the Science of Security Lablet (SOSL) is to identify scientific principles that can lead to approaches to the development, evaluation, and evolution of secure systems at scale. The focus on scalability derives from a recognition that modern software-intensive systems have more components and a greater diversity of suppliers. the theme of scalability includes two principal areas of focus, which are composability and usability.  Projects within the SOSL may address diverse and possibly conflicting technical approaches in order to most effectively address the overall thematic goals

Progress in many technical areas can contribute to achieving the overall goals. SOSL projects may draw on multiple technical areas in order to make progress. Examples of contributing technical areas include: safe programming languages, binary and source code analysis, data-intensive systems analysis, self-healing and resilient architecture, assured API and framework compliance, socio-technical ecosystems, development environments, trusted computing, specification and verification, concurrent and distributed systems, requirements and policy, usable security and privacy, intrusion and malware detection, dynamic network analysis, model checking, secure coding practice, secure process separation, verification of cyber-physical systems, and others. Projects within the SOSL will also establish, where possible, collaborations with NSA researchers and others in the community.

LEAD PI

William L. Scherlis is a full Professor in the School of Computer Science at Carnegie Mellon. He is the founding director of CMU's PhD Program in Software Engineering and director of CMU's Institute for Software Research (ISR) in the School of Computer Science. His research relates to software assurance, software analysis, and assured safe concurrency ("speed with safety"). Dr. Scherlis joined the CMU faculty after completing a PhD in Computer Science at Stanford University, a year at the University of Edinburgh (Scotland) as a John Knox Fellow, and an A.B. at Harvard University.

PROJECTS

• A Language and Framework for Development of Secure Mobile Applications - Jonathan Aldrich
• Improving the Usability of Security Requirements by Software Developers Through Empirical Studies and Analysis - Travis Breaux
• Secure Composition of Systems and Policies - Anupam Datta
• Security Reasoning for Distributed Systems with Uncertainties - Andre Platzer
• Systematic Testing of Distributed and Multi-Threaded Systems at Scale - Garth Gibson
• Learned Resiliency: Secure Multi-Level Systems - Kathleen Carley
• Architecture Based Self-Securing Systems - David Garlan
• Using Crowdsourcing to analyze and Summarize the Security of Mobile Applications - Norman Sadeh
• USE: User Security Behavior - Lorrie Cranor
• Trust from Explicit Evidence: Integrating Digital signatures and Formal Proofs - Frank Pfenning
• Composability of Big Data and Algorithms for Social Networks Analysis Metrics - Jurgen Pfeffer
• Race Vulnerability Study and Hybrid Race Detection - Jonathan Aldrich (PI), Du Li, Matthew Dwyer, Witawas Srisa-an
• Geo-Temporal Characterization of Security Threats - Kathleen Carley