CMU'S SCIENCE OF SECURITY LABLET INITIATIVE
The broad goal of the Science of Security Lablet (SOSL) is to identify scientific principles that can lead to approaches to the development, evaluation, and evolution of secure systems at scale. The focus on scalability derives from a recognition that modern software-intensive systems have more components and a greater diversity of suppliers. the theme of scalability includes two principal areas of focus, which are composability and usability. Projects within the SOSL may address diverse and possibly conflicting technical approaches in order to most effectively address the overall thematic goals.
Progress in many technical areas can contribute to achieving the overall goals. SOSL projects may draw on multiple technical areas in order to make progress. Examples of contributing technical areas include: safe programming languages, binary and source code analysis, data-intensive systems analysis, self-healing and resilient architecture, assured API and framework compliance, socio-technical ecosystems, development environments, trusted computing, specification and verification, concurrent and distributed systems, requirements and policy, usable security and privacy, intrusion and malware detection, dynamic network analysis, model checking, secure coding practice, secure process separation, verification of cyber-physical systems, and others. Projects within the SOSL will also establish, where possible, collaborations with NSA researchers and others in the community.
LEAD PI
William L. Scherlis is a full Professor in the School of Computer Science at Carnegie Mellon. He is the founding director of CMU's PhD Program in Software Engineering and director of CMU's Institute for Software Research (ISR) in the School of Computer Science. His research relates to software assurance, software analysis, and assured safe concurrency ("speed with safety"). Dr. Scherlis joined the CMU faculty after completing a PhD in Computer Science at Stanford University, a year at the University of Edinburgh (Scotland) as a John Knox Fellow, and an A.B. at Harvard University.
CMU QUARTERLY REPORT HIGHLIGHTS
SoS Quarterly Summaries for CMU
2017:
January 2017
2016:
October 2016
July 2016
April 2016
January 2016
2015:
October 2015
July 2015
April 2015
January 2015
2014:
October 2014
July 2014
PROJECTS
A Language and Framework for Development of Secure Mobile Applications
Lead PI: Jonathan Aldrich
Architecture-based Self Securing Systems
Lead PI: David Garlan
Composability of Big Data and Algorithms for Social Networks Analysis Metrics
Lead PI: Juergen Pfeffer
Epistemic Models for Security
Lead PI: Robert Harper
Geo-Temporal Characterization of Security Threats
Lead PI: Kathleen Carley
Highly Configurable Systems
Lead PI: Juergen Pfeffer
Improving the Usability of Security Requirements by Software Developers through Empirical Studies and Analysis
Lead PI: Travis Breaux
Learned Resiliency: Secure Multi-Level Systems
Lead PI: Kathleen Carley
Limiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation among Configuration Options
Lead PI: Juergen Pfeffer
Multi-model run-time security analysis
Lead PI: Juergen Pfeffer