CMU'S SCIENCE OF SECURITY LABLET INITIATIVE
The broad goal of the Science of Security Lablet (SOSL) is to identify scientific principles that can lead to approaches to the development, evaluation, and evolution of secure systems at scale. The focus on scalability derives from a recognition that modern software-intensive systems have more components and a greater diversity of suppliers. the theme of scalability includes two principal areas of focus, which are composability and usability. Projects within the SOSL may address diverse and possibly conflicting technical approaches in order to most effectively address the overall thematic goals
Progress in many technical areas can contribute to achieving the overall goals. SOSL projects may draw on multiple technical areas in order to make progress. Examples of contributing technical areas include: safe programming languages, binary and source code analysis, data-intensive systems analysis, self-healing and resilient architecture, assured API and framework compliance, socio-technical ecosystems, development environments, trusted computing, specification and verification, concurrent and distributed systems, requirements and policy, usable security and privacy, intrusion and malware detection, dynamic network analysis, model checking, secure coding practice, secure process separation, verification of cyber-physical systems, and others. Projects within the SOSL will also establish, where possible, collaborations with NSA researchers and others in the community.
LEAD PI
William L. Scherlis is a full Professor in the School of Computer Science at Carnegie Mellon. He is the founding director of CMU's PhD Program in Software Engineering and director of CMU's Institute for Software Research (ISR) in the School of Computer Science. His research relates to software assurance, software analysis, and assured safe concurrency ("speed with safety"). Dr. Scherlis joined the CMU faculty after completing a PhD in Computer Science at Stanford University, a year at the University of Edinburgh (Scotland) as a John Knox Fellow, and an A.B. at Harvard University.
PAST PROJECTS
- A Language and Framework for Development of Secure Mobile Applications
- Architecture-based Self Securing Systems
- Composability of Big Data and Algorithms for Social Networks Analysis Metrics
- Epistemic Models for Security
- Geo-Temporal Characterization of Security Threats
- Highly Configurable Systems
- Improving the Usability of Security Requirements by Software Developers through Empirical Studies and Analysis
- Learned Resiliency: Secure Multi-Level Systems
- Limiting Recertification in Highly Configurable Systems: Analyzing Interactions and Isolation among Configuration Options
- Multi-model run-time security analysis
SOS QUARTERLY SUMMARIES FOR CMU
2017: January 2017
2016: October 2016, July 2016, April 2016, January 2016
2015: October 2015, July 2015, April 2015, January 2015
2014: October 2014, July 2014