Mentor: Lorrie Cranor

Description and Significance
If you have visited a website in the last few years, you have probably seen (and ignored) a notice telling you about cookies. In the wake of global privacy regulations like the EU's General Data Protection Regulation (GDPR), cookie consent interfaces have become common across the internet. While they are intended to allow users to make an informed choice about their privacy, prior research has found that users often fail to make their preferred decisions.[2]. Moreover, these interfaces annoy users, with some utilizing tools to automatically interact with the interfaces or hide them completely [1]. In this project, we will conduct an interview study to evaluate 1) what users need from an automated cookie consent solution and 2) evaluate how well existing automatic cookie consent tools meet user needs. The insights from this study will help to develop improved cookie consent interfaces and improve academic understanding of automated consent more broadly.

Student Involvement
Students will learn how to conduct research in usable privacy and security by working with a Ph.D. student to conduct an interview study. Students will be involved in the entire research process, from the initial study design to the final analysis of results. Based on individual interests, students may help to develop an interview script, conduct interviews, perform qualitative analysis of interview results, and perform usability evaluations of existing computing systems. Depending on student interest and project needs, students might also help prototype new cookie consent tools.

References
1. Brave Privacy Team. September 2022 "Blocking annoying and privacy-harming cookie consent banners." Brave Privacy Updates. Retrieved from https://brave.com/privacy-updates/21-blocking-cookie-notices on November 28th, 2022.

2. Hana Habib, Megan Li, Ellie Young, and Lorrie Cranor. 2022. “Okay, Whatever”: An Evaluation of Cookie Consent Interfaces. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI ’22). Association for Computing Machinery, New Orleans, LA, USA, Article 621, 27 pages. https://doi.org/10.1145/3491102.3501985

Mentor: Andrew Begel

Description and Significance
Neurodiversity describes natural variations in human cognition that differ from the dominant neurotype. All cognitive variations, including autism and ADHD, each have their own strengths, yet are rarely included in design processes for creating web-based experiences. This results all too often in software embodying normative expectations that are ill-adapted for the particular strengths and limitations associated with neurodiverse conditions. Prior research shows that neurodivergent users often experience the same kinds of challenges as neurotypical users, but differ significantly in the severity of their impact. Though these challenges annoy neurotypical users, they completely block neurodivergent users from accomplishing their goals through their mismatch with their cognitive abilities and the resulting negative emotions they induce. The overarching goal of our work is to identify and reduce the divergence between the attributes of our users' cognitive capabilities and the expectations of our software.

Student Involvement
Students will heuristically evaluate existing educational web sites for accessibility issues related to neurodiversity and learning disabilities. Time permitting, students will conduct a user study to identify and diagnose usability issues that study participants have with those web sites, validating their heuristics and qualitatively and quantitatively measuring the effects on neurodivergent and neurotypical participants.

References
Margaret Burnett, Simone Stumpf, Jamie Macbeth, Stephann Makri, Laura Beckwith, Irwin Kwan, Anicia Peters, and William Jernigan. 2016. GenderMag: A Method for Evaluating Software’s Gender Inclusiveness. Interacting with Computers 28, 6 (Nov. 2016), 760–787. https://doi.org/10.1093/iwc/iwv046

Christopher Mendez, Lara Letaw, Margaret Burnett, Simone Stumpf, Anita Sarma, and Claudia Hilderbrand. 2019. From GenderMag to InclusiveMag: An Inclusive Design Meta-Method. In 2019 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC). IEEE, New York, NY, 97–106. https://doi.org/10.1109/VLHCC.2019.8818889

Antonina Dattolo and Flaminia L. Luccio. 2017. A Review ofWebsites and Mobile Applications for People with Autism Spectrum Disorders: Towards Shared Guidelines. In Smart Objects and Technologies for Social Good (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering), Ombretta Gaggi, Pietro Manzoni, Claudio Palazzi, Armir Bujari, and Johann M. Marquez-Barja (Eds.). Springer International Publishing, Cham, 264–273. https://doi.org/10.1007/978-3-319-61949-1_28

Vivian Genaro Motti. 2019. Designing Emerging Technologies for and with Neurodiverse Users. In Proceedings of the 37th ACM International Conference on the Design of Communication (SIGDOC ’19). Association for Computing Machinery, New York, NY, USA, 1–10. https://doi.org/10.1145/3328020.3353946

Laura Benton, Asimina Vasalou, Rilla Khaled, Hilary Johnson, and Daniel Gooch. 2014. Diversity for Design: A Framework for Involving Neurodiverse Children in the Technology Design Process. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’14). Association for Computing Machinery, New York, NY, USA, 3747–3756. https://doi.org/10.1145/2556288.2557244

Kristen Gillespie-Lynch, Steven K. Kapp, Christina Shane-Simpson, David Shane Smith, and Ted Hutman. 2014. Intersections Between the Autism Spectrum and the Internet: Perceived Benefits and Preferred Functions of Computer-Mediated Communication. Intellectual and Developmental Disabilities 52, 6 (Dec. 2014), 456–469. https://doi.org/10.1352/1934-9556-52.6.456

Mentor: Eunsuk Kang

Description and Significance
Given that network protocols are ubiquitous in critical infrastructures, any vulnerability or flaw in widely used protocols could cause damage to our economy, environment, and even human lives. The challenge is that these protocols are deployed in evolving uncertain and malicious environments, which can compromise important protocol properties such as security and reliability. Therefore, these network protocols must be robust against these uncertain environments. The current robustness analysis of network protocols only considers specific network faults, e.g., packet duplication and bit corruption, and specific attack models, e.g., the Dolev-Yao attack model. However, it is unclear how the protocol will behave outside these specific scenarios. We propose a systematic approach for evaluating a network protocol with respect to its robustness against an adversarial environment; i.e., the degree of assumptions about network environment capabilities under which the protocol is capable of maintaining its properties.

So how can we trust this *software supply chain*, even though we have no contractual relations with the developers of all those libraries? Research might involve studying how developers build trust, when trust is justified, what attacks can be automatically detected and mitigated (e.g., with sandboxing and reproducible builds), and what actual attacks in the real world look like. There is a large range of possible research directions from code analysis to empirical studies of developers and their relationships, each of which can help to secure open source supply chains.

Student Involvement
The REU student will participate in one or more of the following activities: (1) help model network protocols; (2) analyze protocol robustness with respect to various properties; and (3) test the robustness of protocol implementations. Students are expected to have a basic background in logic and discrete math. Knowledge in formal methods, networks, and/or programming languages are a plus.

References
A Behavioral Notion of Robustness for Software Systems. Changjian Zhang, David Garlan, and Eunsuk Kang. ESEC/FSE 2020.

Mentor: Hanan Hibshi

Description and Significance
Most software engineers come from a computer science/computer engineering background. Secure coding practices, software bugs, and vulnerabilities are usually taught as a separate course/unit in our CS/CE curriculum. One could argue that this practice could not be in-line with the security-by-design advice that we continue to give developers and could result in developers treating security as a secondary task. How would we expect a developer to incorporate security by design if they haven’t been trained that way from the beginning?

In this research, we will survey traditional programming and coding curricula and we will evaluate example code snippets used in these courses against known secure coding practices. Based on the analysis, we look to further provide a set of recommendations for educators and instructors who teach CS/CE courses to incorporate secure coding practices in their curriculum from the start so we can help achieve the security-by-design goals. We will also survey and interview high school teachers to collect their perspectives on teaching secure coding practices in schools.

Mentors: Jonathan Aldrich and Joshua Sunshine

Description and Significance
The Rust programming language is incredibly popular; it's been voted the "most loved" programming language on StackOverflow's developer survey for the last 7 years [1]. Most notably, its ownership type system provides static guarantees of memory safety, enabling Rust to achieve similar performance to C [2] without the security risks of manual memory management.

However, developers can disable the borrow checker's memory safety protections for particular blocks of code to achieve greater performance, flexibility, and to reach the low levels of abstraction that are necessary for effective systems programming [3]. We focus on a particularly challenging area of unsafe Rust: foreign function calls. Using the abstract gradual typing methodology [4], we strive to apply program analysis and type inference methods to prove that programs written in C and C++ uphold the invariants of Rust's borrow checker.

Student Involvement
In this project, students will have the opportunity to assist with designing, proving, and implementing formal systems, as well as conducting mixed-methods surveys of existing Rust design patterns for safe foreign function interfaces.

References
[1] StackOverflow Developer Survey 2022. https://survey.stackoverflow.co/2022/

[2] Vytautas Astrauskas, Christoph Matheja, Federico Poli, Peter Müller, and Alexander J. Summers. 2020. How do programmers use unsafe rust? Proc. ACM Program. Lang. 4, OOPSLA, Article 136 (November 2020), 27 pages. https://doi.org/10.1145/3428204

[3]Rui Pereira, Marco Couto, Francisco Ribeiro, Rui Rua, Jácome Cunha, João Paulo Fernandes, and João Saraiva. 2017. Energy efficiency across programming languages: how do energy, time, and memory relate? In Proceedings of the 10th ACM SIGPLAN International Conference on Software Language Engineering (SLE 2017). Association for Computing Machinery, New York, NY, USA, 256–267. https://doi.org/10.1145/3136014.3136031

[4] Ronald Garcia, Alison M. Clark, and Éric Tanter. 2016. Abstracting gradual typing. In Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '16). Association for Computing Machinery, New York, NY, USA, 429–442. https://doi.org/10.1145/2837614.2837670

Mentor: Jonathan Aldrich

Description and Significance
Smart contracts automate financial interactions between parties, often running on blockchains such as Algorand or Ethereum. Bugs and vulnerabilities in smart contracts are particularly severe because they lead directly to lost virtual currency and other assets. Building on our prior work on safer smart contract languages [1], we would like to verify smart contracts to ensure they meet their specification. We have recently developed gradual verification [2,3], an approach to combining static and dynamic techniques to support verification in a context where some code is specified and verified and others is not. This approach seems ideal in a smart contract setting, where a verified contract may interact with other contracts that are verified, as well as some that are unverified.

Student Involvement
The student will explore applying gradual verification techniques to smart contracts on the Algorand platform. Depending on the student's interest, the focus of the research could be building a tool for smart contracts that links with our existing verification back end [2], or it could be extending the theory of gradual verification in ways that are helpful in this domain.

References
[1] Obsidian: Typestate and Assets for Safer Blockchain Programming. Michael Coblenz, Reed Oei, Tyler Etzel, Paulette Koronkevich, Yannick Bloem, Brad A. Myers, Joshua S. Sunshine, and Jonathan Aldrich. ACM Trans. Program. Lang. Syst. (TOPLAS) 42, 3, Article 14, December 2020. https://dl.acm.org/doi/pdf/10.1145/3417516

[2] Gradual verification of recursive heap data structures. Jenna Wise, Johannes Bader, Cameron Wong, Jonathan Aldrich, Éric Tanter, and Joshua Sunshine. Proc. ACM Program. Lang. 4, OOPSLA, Article 228, November 2020. https://dl.acm.org/doi/pdf/10.1145/3428296

[3] Gradual C0: Symbolic Execution for Efficient Gradual Verification. Jenna DiVincenzo, Ian McCormack, Hemant Gouni, Jacob Gorenburg, Mona Zhang, Conrad Zimmerman, Joshua Sunshine, Éric Tanter, Jonathan Aldrich. arXiv:2210.02428

Mentor: Mayank Goel

Description and Significance
The World Health Organization defines self-care as "the ability of individuals, families, and communities to promote health, prevent disease, maintain health, and to cope with illness and disability with or without the support of a healthcare provider". We plan to support the patient's and the doctor's needs concerning at-home care using situated and context-aware voice-based guidance. The system will use multimodal sensing via consumer smartwatches to guide patients through care procedures. It will intervene as needed, and augment doctors' understanding of patients' situations when a problem occurs. It will adapt to the user’s changing needs as they develop familiarity with the procedure.

Mentor: Sauvik Das

Description and Significance
At their current trajectory of adoption, cryptocurrency technologies are poised to have outsized impact on society. Yet, we have seen few human-centered approaches towards evaluating or designing end-user facing cryptocurrency technologies. Interested students can get involved in a few different ways:

- Understanding the social dynamics of crypo-twitter, crypto-discord, and crypto-reddit: Cryptocurrency users frequently converse in public social spaces, like Twitter, Discord, and Reddit. We are seeking students with skills in both quantitative and qualitative analysis to make sense of trends in these public conversations to understand, e.g., common challenges faced by these users, the goals of these users, the attacks they face.

- Developing a usable, secure mobile smart contract wallet: Mobile wallets will onboard a large swathe of the the next wave of cryptocurrency users. We are seeking students who are interested in developing usable, secure smart contract wallets that help users avoid phishing attacks, simplify receiving and sending funds, and reduce the likelihood of unforced errors.

- Proof-of-ethics: Today, distributed consensus algorithms in blockchain technologies predominantly rely on proof-of-work or proof-of-stake. In both cases, however, those who participate in consensus are not directly considered with the content of the transactions they are validating, leading to social concerns corresponding with unethical activities. Can we create a ""proof-of-ethics"" distributed consensus algorithm that codifies ethical principles? We are seeking students who have experience with applied cryptography and/or smart contract development

Mentor: Christian Kästner

Description and Significance
The advances in machine learning (ML) have stimulated widespread interest in integrating AI capabilities into various software products and services. Therefore today’s software development team often have both data scientists and software engineers, but they tend to have different roles. In an ML pipeline, there are in general two phases: an exploratory phase and a production phase. Data scientists commonly work in the exploratory phase to train an off-line ML model (often in computational notebooks) and then deliver it to software engineers who work in the production phase to integrate the model into the production codebase. However, data scientists tend to focus on improving ML algorithms to have better prediction results, often without thinking enough about the production environment; software engineers therefore sometimes need to redo some of the exploratory work in order to integrate it into production code successfully. In this project, we want to analyze collaboration between data scientists and software engineers, at technical and social levels, in open source and in industry.

Student Involvement
We want to study how data scientists and software engineers collaborate. To this end, we will identify open source projects that use machine learning for production systems (e.g., Ubuntu's face recognition login) and study public artifacts or we will interview participants in production ML projects. This research involves interviews and analysis of software artifacts. We may also develop exploratory tools to define and document expectations and tests at the interface between different roles in a project. The project can be tailored to the students’ interests, but interests or a background in empirical methods would be useful. Familiarity with machine learning is a plus but not required. Note, this is not a data science/AI project, but a project on understanding *software engineering* practices relevant to data scientists.

Mentor: Andrew Begel

Description and Significance
Observing communication is a revealing way to indicate comprehension about code at many different abstraction levels. Using an analytic lens from linguistics, we can precisely describe this communication and thus enable us to make inferences about a person’s comprehension of a program. Not only are the speaker’s actions important, but the agency of the listener is vital to establishing a desired states of shared attention (i.e., both parties are thinking about the same thing) and shared intentionality (i.e., the recursive knowledge that they both know the other is thinking about the same thing they are). When both speaker and listener communicate together, they can begin to comprehend code and take actions on it as a single distributed cognitive unit. The pair’s joint knowledge can be used to execute changes to the code that may have been difficult or impossible for each of them apart. The effectiveness of this kind of communication is not robust however, when one or both members of the pair identify with physical or cognitive disabilities, e.g., a programmer is blind or low vision, or another has ADHD or dyslexia. In our research, we employ AI techniques in computer vision, speech recognition, NLP, and physiological sensors to interpret, translate, and convey information between speaker and listener. This increases the likelihood that people of mixed abilities can successfully communicate about code, achieving a desired state of shared intentionality that illustrates their joint distributed comprehension and enables them to efficiently make changes together.

Student Involvement
In this project, students will contribute to the development of a novel gaze and hand-directed pointing mechanism that will enable blind and visually impaired partners of sighted developers to understand what in the source code their partner is referring to. Research tasks include 1) modifying the iTrace framework to include hand-position information recorded from a Leap motion detector, 2) collecting data from real users to create an algorithm that can accurately identify pointing locations from gaze and hand information, and 3) running a user study with blind and visually impaired developers where hand and eye gaze information is conveyed to help them in programming and code maintenance tasks.

References
Sarah D'Angelo and Andrew Begel. 2017. Improving Communication Between Pair Programmers Using Shared Gaze Awareness. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (CHI '17). Association for Computing Machinery, New York, NY, USA, 6245–6290. https://doi.org/10.1145/3025453.3025573

Venkatesh Potluri, Maulishree Pandey, Andrew Begel, Michael Barnett, and Scott Reitherman. 2022. CodeWalk: Facilitating Shared Awareness in Mixed-Ability Collaborative Software Development. In Proceedings of the 24th International ACM SIGACCESS Conference on Computers and Accessibility (ASSETS '22). Association for Computing Machinery, New York, NY, USA, Article 20, 1–16. https://doi.org/10.1145/3517428.3544812

Guarnera, D. T., Bryant, C. A., Mishra, A., Maletic, J. I., & Sharif, B. (2018). iTrace: eye tracking infrastructure for development environments. In B. Sharif & K. Krejtz (Eds.), Proceedings of the 2018 ACM Symposium on Eye Tracking Research & Applications, ETRA 2018, Warsaw, Poland, June 14-17, 2018 (p. 105:1-105:3). ACM. https://doi.org/10.1145/3204493.3208343

Mentors: Hanan Hibshi and Maverick Woo

Description and Significance
picoCTF is a free online Capture-the-Flag (CTF) style game implemented by and maintained at Carnegie Mellon University to promote and facilitate cybersecurity education. The target audience of our service has been middle and high school students since 2013, but it has also been increasingly popular and attracted many other age groups, including college students and adult learners. Each picoCTF release features ~100 cybersecurity challenge problems of increasing difficulty, which are revealed over a storyline to guide players to hone their skills one step at a time. These security challenges cover concepts such as cryptography, binary exploitation, web exploitation, reverse engineering, forensics, and other topics related to security and privacy. As a year-round education platform, the picoCTF team conducts constant research in areas including cybersecurity education methodologies, CTF problem development, and education platform development. This summer, we have multiple research projects for motivated students to get involved in various missions in picoCTF:

(1) Collect empirical data through surveys, user studies, and classroom observations
To improve the design of the picoCTF platform to reach a larger number of students, especially in under-resourced communities, we need to collect and analyze empirical data to inform our design enhancement and platform scalability process. This project includes a research plan to obtain the needed data through conducting user studies, focus groups, and usability and scalability tests that examine picoCTF in a classroom setting. We are interested in understanding how we can enhance our platform to better serve K-12 teachers and students, college students, and independent adult learners in under-resourced communities. The empirical data collected by closely observing participants in focus groups and from surveys and questionnaires will provide informed feedback to the picoCTF research team about possible technical challenges and key design improvements that would enhance the students' experience.

(2) Analyze player data from previous years and develop visualization tools
In addition to the surveys and questionnaires, the current picoCTF platform is rich with player data from previous years that could be a valuable resource to conduct in-depth analysis that would help understand how to improve the game to reach a wider audience, and what/where to include new challenges. The analysis would help reveal patterns that could be mapped to educational goals and help investigate where players fail to solve challenges or where the game becomes less interesting. These findings could ultimately help improve the user experience and retainment. Other areas of analysis include a performance by gender, team diversity, age, educational background, etc. We envision students will learn to use modern data analysis toolkits to analyze our data and build an interactive web-based exploration tool for presenting the findings from these analyses.

(3) Write new CTF challenges for the game and test current CTF challenges
Writing and testing CTF challenges are ongoing tasks in picoCTF. Testing current challenges help identify errors and bugs before a future competition goes live and writing new challenges helps increase our challenges pool. For the latter, we are especially interested in new challenges in areas where we have minimal or no existing coverage on our platform. These include privacy, mobile security (Android / iOS), IoT security (e.g., embedded Linux-based devices), and ICS security (e.g., RTOS, ROS). Students will engage in learning security and privacy problems that arise in these areas and develop new CTF challenges of gradually increasing complexity to cater to players with different stages of technical capability.

Student Involvement
We are looking for multiple students who are interested in cybersecurity and who enjoy working on projects that have a global impact on youth and workforce development. Dr. Hanan Hibshi and Dr. Maverick Woo will be the faculty mentors overseeing students' research activities, and the picoCTF team consists of software engineers and graduate students who work together with student research assistants. The picoCTF project is interdisciplinary in nature and can be attractive to students with different backgrounds. Students with Human-Computer Interaction background can enjoy conducting user studies, collecting empirical data, or examining the picoCTF interface and proposing design changes that can improve user experience. Students with an interest in CS education and/or cognitive psychology could help analyze the data from existing players to investigate ways that can improve learning outcomes. Students who enjoy software development can help the technical team improve the current gaming platform and migrate to the new 2021 picoCTF that has advanced features. Finally, students with a cybersecurity background can join our team and enjoy testing the current challenges (by playing the game!) and help create new challenges or add a new category of challenges.

References
Owens, K., Fulton, A., Jones, L. and Carlisle, M., 2019. pico-Boo!: How to avoid scaring students away in a CTF competition.

Mentor: Steven Wu

Description and Significance
Many modern applications of machine learning (ML) rely on datasets that may contain sensitive personal information, including medical records, browsing history, and geographic locations. To protect the private information of individual citizens, many ML systems now train their models subject to the constraint of differential privacy (DP), which informally requires that no individual training example has a significant influence on the trained model. After well over a decade of intense theoretical study, DP has recently been deployed by many organizations, including Microsoft, Google, Apple, LinkedIn, and more recently the 2020 US Census. However, the majority of the existing practical deployments still focus on rather simple data analysis tasks (e.g., releasing simple counts and histogram statistics). To put DP to practice for more complex machine learning tasks, this project will study new differentially private training methods for deep learning that improve on existing state-of-the-art methods. We will also study how to use DP deep learning techniques to train deep generative models, which can generate privacy-preserving synthetic data—a collection of “fake” data that preserve important statistical properties of the original private data set. This, in turn, will enable privacy-preserving data sharing.

Mentor: Eunsuk Kang

Description and Significance
Unintuitive, badly designed human-machine interfaces (HMI) are not merely an annoyance, but can pose significant risks to users in systems where safety is a key concern. For example, poor HMI design has been attributed as a major factor in numerous fatal accidents involving medical devices, automobiles, and aviation systems. The challenge is that humans are far from perfect and inadvertently make mistakes from time to time, but many interfaces are not designed to deal with such human errors; as a result, when a safety failure occurs, it is often the users who get blamed, even when a better designed interface could have prevented such a failure. To tackle this challenge, Dr. Kang is collaborating with researchers in human factors and cognitive science to systematically design HMIs that are robust against human errors; i.e., an interface that is explicitly designed to recognize and handle potential human errors and prevent them from causing safety failures.

Student Involvement
In this project, students will contribute to the development of a new methodology for designing safe and robust HMIs. Potential research tasks include: (1) developing a theoretical foundation for robust HMIs, (2) a mathematical approach for modeling human behavior and errors, (3) an automated technique for analyzing an HMI for its robustness against human errors, and (4) an automated technique for repairing an HMI to improve its robustness. Students will also get a chance to apply these techniques to realistic case studies, including interfaces for medical devices and intelligent vehicles. Students are expected to have a basic background in logic and discrete math. Knowledge in formal methods, programming languages and/or HCI is a plus.

References
NSF project description: "Preventing Human Errors in Cyber-human Systems with Formal Approaches to Human Reliability Rating and Model Repair”

Mentor: Eunsuk Kang

Description and Significance
Software is increasingly being used to control systems that closely interact with physical entities in the world, and whose failures may result in irreversible damage to users and our environment. These so called cyber-physical systems (CPSs), ranging from autonomous vehicles and drones to medical devices, pose new challenges in software engineering. Unlike traditional software applications, these systems are deployed in a highly dynamic, uncertain environment, and often rely on fragile assumptions about the behavior of users and other environmental agents (some of which may be malicious). Due to this dynamic, adversarial nature, software in CPSs must be designed to handle unexpected interactions with the environment, and guarantee an acceptable level of safety and security even in presence of component failures. Dr. Kang and his collaborators are working on (1) new principles and techniques for designing robust software and (2) algorithms and tools for reasoning about critical properties of CPSs.

Student Involvement
In this project, students will develop new techniques for designing safe and secure CPSs. Potential research tasks include developing (1) a language for specifying the behavior of a complex CPS at a high-level of abstraction, (2) a technique for automatically analyzing a system for potential vulnerabilities, and (3) an architectural mechanism for guaranteeing safety and security even in presence of unexpected inputs. Students will also get an hands-on experience applying these techniques to real-world case studies, such as autonomous drones, intelligent vehicles, and medical devices. Students are expected to have a basic background in logic and discrete mathematics, and will learn about the-state-of-the-art techniques in formal methods, CPS design, software analysis, and programming languages.

References
[1] Runtime-Safety-Guided Policy Repair. Weichao Zhou, Ruihan Gao, BaekGyu Kim, Eunsuk Kang, and Wenchao Li. International Conference on Runtime Verification (RV), 2020.

[2] Synthesis-Based Resolution of Feature Interactions in Cyber-Physical Systems. Benjamin Gafford, Tobias Dürschmid, Gabriel A. Moreno, and Eunsuk Kang. IEEE/ACM International Conference on Automated Software Engineering (ASE), 2020.

Mentor: Christian Kästner

Description and Significance
Essentially all software uses open source libraries and benefits incredibly from this publicly available infrastructure. However, with reusing libraries also come risks. Libraries may contain bugs and vulnerabilities and sometimes are abandoned; worse malicious actors are increasingly starting to attack software systems by hijacking libraries and injecting malicious code (e.g., see event-stream, Solarwinds, and ua-parser-js). Most projects use many libraries and those libraries have dependencies on their own and we also depend on all kinds of infrastructure, such as compilers and test framework, all of which could be attacked. Detected software supply chain attacks have increased 650% in 2021, after a 430% increase in 2020. This has gotten to the point that the government has stepped in and requires software companies to build a “Software Bill of Material (SBoM)” as a first step to identify what libraries are actually used.

So how can we trust this *software supply chain*, even though we have no contractual relations with the developers of all those libraries? Research might involve studying how developers build trust, when trust is justified, what attacks can be automatically detected and mitigated (e.g., with sandboxing and reproducible builds), and what actual attacks in the real world look like. There is a large range of possible research directions from code analysis to empirical studies of developers and their relationships, each of which can help to secure open source supply chains.

Student Involvement
Depending on student interest, we will investigate different ideas around software supply chains. For example, we could study how the concept of “trust” translates from organizational science to software security in an open source context and how open source maintainers make decisions about security risks (literature analysis, theory building, interviews/survey), see [1] on trust in a different context. We could build tools that automatically sandbox Javascript dependencies and evaluate the overhead of doing so, see [2] for some related prior work. We could study packages removed from npm to identify what typical supply chain attacks look like in practice. The ideal student for this project is interested in open source and software security.

References
[1] Jacovi, Alon, Ana Marasović, Tim Miller, and Yoav Goldberg. "Formalizing trust in artificial intelligence: Prerequisites, causes and goals of human trust in AI." Proc. FAccT (2021).

[2] Gabriel Ferreira, Limin Jia, Joshua Sunshine, and Christian Kästner. Containing Malicious Package Updates in npm with a Lightweight Permission System. In Proceedings of the 43rd International Conference on Software Engineering (ICSE), pages 1334--1346, Los Alamitos, CA: IEEE Computer Society, May 2021.

Mentor: Christopher S. Timperley

Description and Significance
Robotic systems play an increasingly important role in today's society. Due to their importance, ensuring the correctness of the system is crucial. Formal specifications provide a way to guarantee the well functioning of the system. Nevertheless, manually specifying can be tedious, complex, and error-prone. Alongside manual oracle specification, software testing is also essential in ensuring the safety and quality of cyber-physical systems (CPS).[1] However, ensuring that a robotic system performs the intended task is not trivial. Prior work by Afzal et al. [1] introduced Mithra, an unsupervised oracle learning technique for the Robot Operating System (ROS) [2]. When provided with telemetry data, Mithra identifies common behaviors to construct its oracle to verify the correct working of the system.

This work aims to build upon prior work, to study and develop a technique to learn specifications given positive and negative data examples. The specifications should be readable and interesting to users. To address the explainability of the models, one of the objectives is to use techniques involving a human in the loop as an oracle. The user will iteratively define the quality of the specifications. Finally, the tool should detect the parts that fail from the generated specification.

Student Involvement
In this research, the student will engage in different areas of computer science ranging from robotic systems and software testing to programming language design. The objective of the work is to build upon prior work with Mithra. The student would be involved in designing the language and developing the tool for learning the specifications. Depending on the student's interests, there is flexibility in the direction this research project may follow. Students will gain experience in designing programming languages, software testing techniques, and developing robotic systems using the Robot Operating System.

References
[1] Mithra: Anomaly Detection as an Oracle for Cyberphysical Systems, Afsoon Afzal, Claire Le Goues, and Christopher Steven Timperley, IEEE Transactions on Software Engineering, pp. 1–1, 2021.
[2] Morgan Quigley, Ken Conley, Brian Gerkey, Josh Faust, Tully Foote, Jeremy Leibs, Rob Wheeler, and Andrew Y. Ng. Ros: an open-source robot operating system. In International Conference on Robotics and Autmation, volume 3 of ICRA ’09, page 5, 2009.

Mentors: Claire Le Goues and Bogdan Vasilescu

Description and Significance
In today's digital world, cybersecurity is more important than ever. Unfortunately, analyzing malware is a difficult and time-consuming process. This is because programs that are executable threats are stripped of much of the structure, information, and abstraction that makes most software readable by humans. To analyze threats, experts known as reverse engineers must either read code at a very low-level (like assembly code), or use a tool called a decompiler, which tries to reconstruct the source code as best it can, though decompiled code is a shell of its former self. Our group treats software as data that can be analyzed to automate difficult parts of the reverse engineering process, making it easier for reverse engineers to understand compiled code including but not limited to malware. Join us this summer for multidisciplinary work at the intersection of data science, machine learning, and cybersecurity.

Student Involvement
We have flexibility on projects that students could work on. One example of such a project could involve curating using a new dataset of malware for novel machine learning-based decompilation approaches. Much existing research on big-data reverse engineering is technique-focused - that its, it focuses on creating algorithms and models for helping reverse engineers more easily interpret code. However, to date, this work has been trained and tested on conventionally compiled, general open source software - everything from video processing libraries to compilers to systems software. But, what if real malware is systematically different from software in general? This problem is compounded by the fact that malware is often obfuscated to make it more difficult for reverse engineers to analyze. A REUSE student will have the opportunity to work throughout the machine learning pipeline, from mining a dataset of malware source code to building a dataset of labeled, obfuscated malware to training, tuning, and testing state-of-the-art machine learning models. In doing so, they'll have the opportunity to publish a valuable contribution to the field by validating or revealing the limits of an important assumption underpinning recent work.

This project is a good fit for students interested in security; it would also be a good fit for a student interested in using machine learning to make better tools, but a student does not need experience with machine learning to work on this project. A student should have experience programming in Python, and ideally running programs in one other language. Additionally, experience EITHER navigating and running commands on a command line like Terminal or Bash, OR writing and running programs in a language like C or C++, would also be beneficial.

Mentor: Sauvik Das

Description and Significance
The subversive AI project is fundamentally about employing human-centered research and engineering processes with advances in adversarial machine learning to develop anti-surveillance technologies. There are a number of different possibilities for involvement with this project:

- Community-centered research: We are partnering with hacking//hustling, a sex worker collective, to understand image surveillance concerns in sex worker communities and to develop obfuscation technologies that can address these concerns. We are a seeking students who can read through articles written by folks from these communities to understand their lived experience with institutional surveillance as well as to work with folks from the community to come up with guidelines for researchers to work with sex workers in a manner that is mutually beneficial and not extractive.

- Qualitative explorations: We are partnering with hacking//hustling, a sex worker collective, to understand image surveillance concerns in sex worker communities and to develop obfuscation technologies that can address these concerns. We are seeking students who can run interviews and focus groups with folks in these communities.

- App development: We are building a mobile phone application that allows users to easily apply subversive filters to images they take. We are seeking students who can help develop this application.

Mentors: Bogdan Vasilescu and Christian Kästner

Description and Significance
Reuse of open source artifacts in software ecosystems has enabled significant advances in development efficiencies as developers can now build on significant infrastructure and develop apps or server applications in days rather than months or years. However, despite its importance, maintenance of this open source infrastructure is often left to few volunteers with little funding or recognition, threatening the sustainability of individual artifacts, such as OpenSSL, or entire software ecosystems. Reports of stress and burnout among open source developers are increasing. The teams of Dr. Kaestner and Dr. Vasilecu have explored dynamics in software ecosystems to expose differences, understand practices, and plan interventions [1,2,3,4]. Results indicate that different ecosystems have very different practices and interventions should be planned accordingly [1], but also that signaling based on underlying analyses can be a strong means to guide developer attention and affect change [2]. This research will further explore sustainability challenges in open source with particular attention to the interaction between paid and volunteer contributors and stress and resulting turnover.

Student Involvement
Students will empirical study sustainability problems and interventions, using interviews, surveys, and statistical analysis of archival data (e.g., regression modeling, time series analysis for causal inference). What are the main reasons for volunteer contributors to drop out of open source projects? In what situations do volunteer contributors experience stress? In which projects will other contributors step up and continue maintenance when the main contributors leave? Which past interventions, such as contribution guidelines and code of conducts, have been successful in retaining contributors and easing transitions? How to identify subcommunities within software ecosystems that share common practices and how do communities and subcommunities learn from each other? Students will investigate these questions by exploring archival data of open source development traces (ghtorrent.org), will design interviews or surveys, will apply statistical modeling techniques, will build and test theories, and conduct literature surveys. Students will learn state of the art research methods in empirical software engineering and apply them to specific sustainability challenges of great importance. Students will actively engage with the open source communities and will learn to communicate their results to both academic and nonacademic audiences.

References
[1] Christopher Bogart and Christian Kästner and James Herbsleb and Ferdian Thung. How to Break an API: Cost Negotiation and Community Values in Three Software Ecosystems. In Proc. Symposium on the Foundations of Software Engineering (FSE), 2016.

[2] Asher Trockman, Shurui Zhou, Christian Kästner, and Bogdan Vasilescu. Adding sparkle to social coding: an empirical study of repository badges in the npm ecosystem. In Proc. International Conference on Software Engineering (ICSE), 2018.

[3] Bogdan Vasilescu, Kelly Blincoe, Qi Xuan, Casey Casalnuovo, Daniela Damian, Premkumar Devanbu, and Vladimir Filkov. The sky is not the limit: multitasking across github projects. In Proc. International Conference on Software Engineering (ICSE), 2016.

[4] Bogdan Vasilescu, Daryl Posnett, Baishakhi Ray, Mark GJ van den Brand, Alexander Serebrenik, Premkumar Devanbu, and Vladimir Filkov. Gender and tenure diversity in GitHub teams. In Proc. ACM Conference on Human Factors in Computing Systems (CHI), 2015.

Mentor: Lorrie Cranor

Description and Significance
The CyLab Usable Privacy and Security Lab (http://cups.cs.cmu.edu) conducts research related to understanding and improving the usability of privacy and security software and systems. Our research employs a combination of three high-level strategies to make secure systems more usable: building systems that "just work" without involving humans in security-critical functions; making secure systems intuitive and easy to use; and teaching humans how to perform security-critical tasks. We have multiple ongoing projects related to privacy and security that involve online surveys, interviews, completing security/privacy or decoy tasks, and other types of user studies. Past studies have investigated ways to make password policies more usable and secure; explored user attitudes about privacy in a variety of areas (Facebook ads, AR glasses, location tracking, etc.); investigated the impact of cookie banner design on user privacy choices; and designed "nutrition labels" for mobile app privacy, website privacy policies, IoT device security and privacy; and broadband internet.

Student Involvement
Students will learn how to conduct research in usable privacy and security by working with a Ph.D. student to conduct a user study. Based on individual interests and project needs, students may help to conduct background research on what has already been done in a particular area of usable privacy and security, develop an interview script or survey, conduct interviews, setup an online survey using an online survey platform and crowd worker platform, perform qualitative analysis, perform quantitative analysis, and design or implement prototypes.

References
L. Cranor (2008) A Framework for reasoning about the human in the loop. UPSEC'08. https://www.usenix.org/legacy/event/upsec08/tech/full_papers/cranor/cranor.pdf

Florian Schaub and Lorrie Faith Cranor (2020). Usable and Useful Privacy Interfaces, An Introduction to Privacy for Technology Professionals, IAPP, executive editor: Travis D. Breaux. https://iapp.org/media/pdf/certification/IAPP-Intro-to-Privacy-for-Tech-Prof-SAMPLE.pdf

Mentors: Joshua Sunshine and Brad Myers

Description and Significance
In the United States alone, software testing labor is estimated to cost at least $48 billion USD per year. Despite widespread automation in test execution and other areas of software engineering, test suites continue to be created manually by software engineers. Automatic Test sUite Generation (ATUG) tools have shown positive results in non-human experiments, but they are not widely adopted in industry.

Prior research provides clues as to why ATUG tools are not used in practice: generation of incorrect tests that the engineer must find and correct, the need for engineers to acquire or synthesize knowledge that may be difficult in practice to obtain, and poor test suite readability, and so on.

In this research initiative, we build upon prior work by viewing the problem through a human-theoretic lens that focuses on supporting the human software engineer’s task of generating a test suite. To that end, we apply a human-focused theory of ATUG tools and explore the theory using cutting-edge human research and prototype tools intended to address this important problem in software engineering.

Mentor: Daniel Klug

Description and Significance
Short-form video apps, foremost TikTok, are the newest and currently also the most popular social media platforms among younger people. The success of short-videos apps is largely based on their high accessibility and ubiquitousness in regards to online social interaction and participation. But a key element of TikTok is the app’s specific, yet, mysterious algorithm that caters individual video feeds for users based on their content consumption and browsing behavior. While first studies are looking to analyze the TikTok algorithm and some basic knowledge exists about it, we have only little understanding about what social media users know about socio-technical aspects of short-video apps when they consume and create video content. In the MINT Lab, we are using qualitative approaches, such as interviews, content analysis, and user observations to research users’ opinions, knowledge, and awareness of social media algorithms as part of using highly popular social media platforms for communication, socialization, and entertainment. Possible research questions are: What are common user understandings of the TikTok algorithm? What are users’ ways of observing how the algorithm might work? How does users’ understanding of algorithms affect their consumption and creation of video content? Such questions aim to better understand social, cultural, and political aspects in social media usage, especially in relation to community guidelines, privacy, ethics, race, gender, and marginalized communities etc. The goal is to study and understand how humans as users interact with social technology and how the use of social media apps is connected to and integrated into our everyday life.

Student Involvement
Students will learn how to design qualitative research projects and how to apply qualitative methods to research socio-technological aspects of social media use and engagement. This can include designing and conducting interviews, designing and conducting user observations, finding and contacting study participants, best practices for conducting user studies, and how to transcribe, code, analyze, and interpret qualitative data (e.g. interviews, observation protocols). Based on quality criteria for qualitative research, students will learn how to develop and validate hypotheses from qualitative user data. The ideal student is familiar with social media platforms, has interest in qualitative research, and is open to conducting interviews and/or observations.

References
- Klug, D., Qin, Y., Evans, M., & Kaufman, G. (2021, June). Trick and please. A mixed-method study on user assumptions about the TikTok algorithm. In 13th ACM Web Science Conference 2021 (pp. 84-92).

- Karizat, N., Delmonaco, D., Eslami, M., & Andalibi, N. (2021). Algorithmic folk theories and identity: How TikTok users co-produce Knowledge of identity and engage in algorithmic resistance. Proceedings of the ACM on Human-Computer Interaction, 5(CSCW2), 1-44.

- Le Compte, D., & Klug, D. (2021, October). “It’s Viral!”-A Study of the Behaviors, Practices, and Motivations of TikTok Users and Social Activism. In Companion Publication of the 2021 Conference on Computer Supported Cooperative Work and Social Computing (pp. 108-111).

- Simpson, E., & Semaan, B. (2021). For You, or For “You"? Everyday LGBTQ+ Encounters with TikTok. Proceedings of the ACM on human-computer interaction, 4(CSCW3), 1-34.

Mentor: Bryan Parno

Description and Significance
Rust is already a rapidly growing mainstream language (e.g., with users in Amazon, Google, Microsoft, Mozilla, and the Linux kernel) designed to produce "more correct" low-level systems code. Rust supports writing fast systems code, with no runtime or garbage collection, but its powerful type system and ownership model guarantee memory- and thread-safety. This alone can rule out a large swath of common vulnerabilities. However, it does nothing to rule out higher-level vulnerabilities, like SQL injection, incorrect crypto usage, or logical errors.

Hence, we are developing a language and tool called Verus, which allows Rust developers to annotate their code with logical specifications for the code's behavior, and it automates the process of mathematically proving that the code meets those specifications. This means we can guarantee the code's correctness, reliability, and/or security at compile time.

Student Involvement
In this project, students will learn more about software verification, write code in Verus and prove it correct, and potentially extend Verus itself with new features.

Mentors: Ben Titzer and Heather Miller

Description and Significance
WebAssembly is a new, portable, low-level bytecode for the web and more. Programs compiled to WebAssembly execute much as if on a native machine, but with more security guarantees (such as sandboxing) and more portability. Engines such as those in web browsers are responsible for translating Wasm into native code and running it fast. Yet even with many years tuning, gaps remain. This project focuses on extending and improving the existing suite of benchmarking tools, suites, and frameworks to make performance aspects of Wasm engines clearer and motivate their optimization.

Student Involvement
Student(s) will work on adding new benchmarks and engines to the benchmarking framework, improving the methods by which data is collected, summarized, and analyzed, and visualizing the data. This requires expertise in shell programming, some web development, and some numerical computing. Depending on the sophistication of the student, we will explore research directions in gleaning new information from benchmarks and/or creating new benchmarks automatically.

References
WebAssembly Specification. https://webassembly.github.io/spec/

WebAssembly Benchmarks. https://github.com/webassembly/benchmarks

Bringing the Web up to Speed with WebAssembly. https://dl.acm.org/doi/pdf/10.1145/3062341.3062363