CMU

group_project

Visible to the public Characterizing user behavior and anticipating its effects on computer security with a Security Behavior Observatory

Systems that are technically secure may still be exploited if users behave in unsafe ways. Most studies of user behavior are in controlled laboratory settings or in large-scale between-subjects measurements in the field.

event

Visible to the public  CERT Data Science in Cybersecurity Symposium 2018
Aug 29, 2018 8:00 am - 4:00 pm EDT

PITTSBURGH, July 30, 2018 /PRNewswire/ -- The Carnegie Mellon University Software Engineering Institute CERT Division today announced the 2nd annual CERT Data Science in Cybersecurity Symposium, a free one-day symposium to be held in Arlington, Va., on August 29. Registration is now open.

group_project

Visible to the public Obsidian: A Language for Secure-By-Construction Blockchain Programs

This project considers models for secure collaboration and contracts in a decentralized environment among parties that have not established trust. A significant example of this is blockchain programming, with platforms such as Ethereum and HyperLedger.

group_project

Visible to the public Model-Based Explanation For Human-in-the-Loop Security

Effective response to security attacks often requires a combination of both automated and human-mediated actions. Currently we lack adequate methods to reason about such human-system coordination, including ways to determine when to allocate tasks to each party and how to gain assurance that automated mechanisms are appropriately aligned with organizational needs and policies.

group_project

Visible to the public Securing Safety-Critical Machine Learning Algorithms

Machine-learning algorithms, especially classifiers, are becoming prevalent in safety and security-critical applications. The susceptibility of some types of classifiers to being evaded by adversarial input data has been explored in domains such as spam filtering, but with the rapid growth in adoption of machine learning in multiple application domains amplifies the extent and severity of this vulnerability landscape.