The Carnegie Mellon Science of Security Lablet is currently focusing on projects in three areas. These areas relate to Hard Problems in Secure Collaboration, Security-Driven Metrics, and Resilient Architecture. Three projects are currently active: (1) Models for secure collaboration and contracts in a decentralized environment among parties that have not established trust. A significant example is blockchain programming, which requires high security but also, in implementations, demonstrates the often-dramatic consequences of defects. This project, Obsidian, addresses the opportunity of directly incorporating models that address the kinds of errors that can occur in distributed systems with shared state and transferable resources. (2) Metrics and models to improve robustness in machine learning algorithms. This includes understanding both how classifiers can be spoofed, including in ways that are not apparent to human observers, and also how robustness of classifiers can be enhanced, including through explanations of model behavior, and also means to harden models against attacks. (3) Combining human and automated actions in response to security attacks. Models that support attack-resiliency in systems need to address the allocation of tasks to humans and systems, and how the mechanisms align with organizational policies. These models include, for example, identification of when and how systems and humans should cooperate, how to provide self-explanation to support human hand-offs, and ways to assess overall effectiveness of coordinated human-system approaches for mitigating sophisticated threats.

In 2020 and 2021 the CMU Lablet hosted undergraduate researchers for a Research Experiences for Undergraduates (REU) as part of the CMU REUSE program.  Professor Joshua Sunshine leads the experience. 

Travis Breaux

Jonathan Aldrich

Securing Safety-Critical Machine Learning Algorithms    
Lujo Bauer and Matt Fredrikson (CMU)    
Mike Reiter (UNC)

Model-Based Explanation For Human-in-the-Loop Security    
David Garlan and Bradley Schmerl (CMU)

Obsidian Language for Blockchain    
Jonathan Aldrich, Brad Myers, and Joshua Sunshine (CMU)    
Jonathan Bell, Thomas LaToza, and Foteini Baldimtsi (GMU)

Characterizing user behavior and anticipating its effects on computer security with a Security Behavior Observatory    
PIs: Lorrie Cranor, Nicolas Christin, Alessandro Acquisti, and Rahul Telang (CMU)    
Researchers: Sarah Pearman and Jeremy Thomas (CMU)