Carnegie Mellon University

INI Practicum Showcase 2024

Teams of Carnegie Mellon master's students will exhibit and present their Practicum projects. Learn how the teams tackled problems, piloted new ideas and developed solutions in collaboration with industry sponsors.

Questions? Email ini-practicum@andrew.cmu.edu.

2024 Practicum Project Summaries

1.pngAmazon AWS: Verify the Rust Standard Library

Our project focuses on verifying and enhancing memory safety within Rust’s standard library by developing and testing safety contracts, with a focus on NonZero types.

Using Kani, we rigorously validate these functions to ensure they meet safety requirements without undefined behavior. With Kani we are able to ensure values are not zero and verify data does not overflow.

By validating these functions (NonZero), we strengthen Rust's role as a reliable, memory-safe language for secure software development.

2.pngAmazon AWS: Verify the Rust Standard Library

This project aims to enhance the safety of Rust's standard library by verifying the correctness of unsafe methods in the core numeric module.

Using Kani, we are developing proof harnesses and implementing checks for overflow, underflow and undefined behavior in numeric types like integers and floats.

Our work ensures that Rust’s core primitives are safe and reliable across diverse use cases, benefiting developers who depend on Rust's safety guarantees.

3.pngAmazon AWS: Verify the Rust Standard Library

Rust is known for its strong memory safety guarantee, yet its standard library includes many unsafe code blocks that bypass safety checks.

As part of the effort to verify Rust's standard library, our project aims to check the safety of pointer arithmetic operations using formal verification tools like Kani. 

Validating these functions proactively ensures that these operations remain bug-free, preventing potential vulnerabilities that could compromise Rust applications.

4.pngAmazon AWS: Verify the Rust Standard Library

Our project aims to ensure memory safety in the APIs in Rust Standard Library NonNull module, which support various operations for the NonNull pointer type.

Using Kani, we rigorously verify these behaviors through symbolic execution, covering all possible execution paths beyond traditional static analysis and fuzzing. This approach preserves Rust’s safety guarantees without modifying the original source code.

By validating ptr::NonNull, a key module used across Rust’s standard library, we strengthen Rust’s reliability and promote formal verification practices. Our work builds trust in Rust’s core primitives, driving safer software development across industries.

5.png99P Labs / Honda Research Institute: SANDS: Security and AI Network Defense Sandbox

AI has revolutionized the way we engage with technology, but it has also expanded the digital attack surface, introducing new vulnerabilities. To tackle these emerging security challenges, we developed SANDS — a secure, experimental sandbox designed for testing AI model vulnerabilities without compromising user security.

SANDS emulates a Kali Linux environment optimized for testing AI vulnerabilities. It includes open-source tools like PyRit, an autonomous AI red-teaming tool that tests the security of language models through jailbreak attempts. 

SANDS provides tutorials on adversarial ML attacks like FGSM for tricking models to misclassify an image, using PyRit for LLM security testing, and setting up new isolated environments to conduct further testing. This support is designed for users at all experience levels — from experienced engineers advancing their AI red-teaming techniques to beginners exploring the dynamic intersection of cybersecurity and AI. 

Through SANDS, we aim to empower engineers at all levels to experiment with AI security, deepen understanding in this rapidly evolving field and contribute to a more secure future for AI.

6.pngCity of Portland, OR: Open311 Implementation and an Open Data Portal

The City of Portland currently lacks a centralized data portal, making it difficult for citizens to access information that is spread across multiple platforms. Existing methods for data extraction are neither flexible nor efficient.

To address these issues, we developed a containerized solution using the Open311 protocol — a standardized system adopted by many cities for managing non-emergency service requests. Our solution includes a backend database, an API layer that complies with Open311 standards and a user-friendly frontend.

The end goals of our project is to enhance transparency, accountability, and citizen engagement. Additionally, by containerizing the solution, we ensure it is scalable, easy to deploy and maintainable.

7.pngCMU / CISO: Information Security Office: Transparency Report and FAQ

The CMU Information Security Office (ISO) FAQ Chatbot project aims to transform how the university community engages with security and data privacy information through an innovative AI-powered chatbot.

Our initiative focuses on developing a responsive, intelligent chatbot that delivers accurate, real-time answers to frequently asked questions about security and privacy while strictly adhering to university policies.

This initiative streamlines access to essential security information, including data security and privacy FAQs, enhances the user experience and provides timely, accurate guidance to the CMU community without requiring navigation through extensive policy documentation.

8.pngCMU / CS: Exploring Interactions between Congestion Control Algorithms, Network Jitter, and Workloads

Our project examines how jitter-based attacks affect the performance and stability of Congestion Control Algorithms (CCAs), which are crucial for managing smooth data flow in networks. 

By introducing controlled variations in data timing, we simulate conditions that test the performance of these algorithms. Through our experiments, we analyze the utilization of CCAs to observe if the theoretical attack works, pinpoint vulnerabilities and measure their adaptability in adverse scenarios. Our findings contribute to a deeper understanding of network resilience and help guide improvements in security protocols. 

This research holds value for industries like healthcare, finance and telecommunications, where stable and secure data transmission is essential.

9.pngCMU / Heinz: The Effect of Tracking, Advertising, Anti-Tracking, and Ad-Blocking on User Behavior

This project explores the impact of tracking, advertising and anti-tracking technologies on user behavior through three targeted data analyses methods, each conducted by a different INI team subgroup.

One subgroup focused on header bidding data, examining how advertisers’ bids vary with user information under anti-tracking, ad-blocking and open conditions. Another subgroup used a large language model (LLM) to analyze ad screenshots, assessing ad traceability. A third subgroup analyzed HTML and email data to extract insights into user transactions and purchases. 

Together, these insights aim to inform policies to improve online user experiences.

10.pngFederal Reserve Bank of Richmond: Generative AI Assistant for NIST Security Control Responses

Our project focuses on developing an AI-powered assistant to streamline how organizations manage NIST security compliance. By leveraging NIST documentation and specific system information, the tool automates much of the manual effort required, streamlining the assessment process to be faster and more accurate.

In collaboration with the Federal Reserve Bank of Richmond, we are creating an AI chatbot solution to help system architects efficiently navigate NIST security controls. This initiative aims to reduce the need for direct involvement of security control expertise, allowing teams to focus on higher-level strategic tasks.

The project demonstrates how artificial intelligence can be practically applied to solve real-world challenges in cybersecurity governance and compliance.

11.pngPost Road Foundation: Red Teaming Maine Transactive Energy Program (MTEP) System

MTEP’s Transactive Energy Service System (TESS) provides periodic electricity usage data from distributed energy resources to electric companies. It helps reduce energy costs, minimize environmental emissions and enhance electricity reliability during emergencies.

However, vulnerabilities in TESS's architecture could allow attackers to gain unauthorized access or manipulate electricity usage for medical equipment or emergency services threatening system availability, could endanger lives.

To address these risks, the CMU team conducts red teaming exercises, including threat modeling, hardware and API penetration testing, and developing a risk register to ensure compliance with security controls. The  team also propose proof-of-concept solutions and mitigation strategies for identified vulnerabilities. This comprehensive approach strengthens the stakeholder’s security posture and promotes long-term system resilience.

12.pngSwift: AWS Microservice-based Synthetic Monitor

SWIFT needs to monitor its services to ensure reliability and availability for its clients. As the range of services expands, SWIFT seeks a scalable cloud-based monitoring solution that accommodates current and future needs while maintaining full control over product capabilities. For security and adaptability purposes, this monitoring tool need to be built and maintained in-house.

To address this, we are designing and implementing a Minimum Viable Product hosted on AWS, leveraging microservices to provide a streamlined user experience for adding new web applications to monitor.

Using our monitoring tool, SWIFT engineers will have the ability to manage tests, schedule their execution and access detailed logs of test results.

13.pngVolkswagen: Digital Twin Interactive Development Environment

The Volkswagen Digital Twin Interactive Development Environment project involves creating a specialized IDE that allows Volkswagen to simulate and test various vehicle behaviors, such as adaptive seat control or emergency braking, in a controlled environment.

This IDE enables Volkswagen personnel to input customized configurations and scenarios, helping validate and optimize vehicle performance, especially in complex driving situations, more efficiently.

Our goal is to streamline the testing process and enhance the accuracy of simulations, ultimately contributing to improved vehicle quality and faster development cycles.

14.pngCMU / INI : Automating Academic Affairs

Administrative efficiency is vital for supporting a thriving academic community. At CMU’s Information Networking Institute (INI), our project focuses on automating essential administrative tasks, specifically file management and petition handling. We are developing innovative solutions using Google App Script that streamline the management of student submissions and automate the petition review process within Google Workspace. These solutions are designed to save time, reduce errors, and simplify workflows for the INI's Academic and Student Services team.

With over 1,400 new files manually processed annually, and approximately 150 petitions requiring multiple reviewers and up to a week for processing, our solutions are estimated to reduce 70% of the steps in these processes and significantly cut required time — saving hundreds of administrative hours annually and allowing staff to focus more on supporting students and fostering academic excellence.

practicum-project-images-2024-website.pngDemocracyLab: Exploring a New Model for Business Formation

DemocracyLab, a non-profit organization, matches volunteer tech skills with social good projects. Scaling to projects in startups requires an equitable Contribution Tracking System (CTS). A subsidiary, Equity Forge, will also bring a sustainable revenue stream for DemocracyLab.

Equity Forge aims to help startups share equity fairly with contributors when the startup attracts investors. The CTS is designed to log and assess the contributions of individuals, ensuring fair equity distribution based on their work.

This team was staffed by students from the Integrated Innovation Institute (III).

2.pngNASA Ames Research Center: A Structured, Requirements-Based Approach to Enabling a Futuristic Smart Building Vision for Sustainability Base

This project focuses on enabling a futuristic smart building vision for NASA’s Sustainability Base at the NASA Ames Research Center. Sustainability Base is one of the most advanced and environmentally friendly federal buildings, designed to showcase how space technologies can be adapted for sustainability here on Earth.

This team was staffed by students from the Integrated Innovation Institute (III).