ISR Interface - Winter 2017 by S3D at Carnegie Mellon University

Content 05

Succeeding at Scale

New Faces

Awards and Honors Student Awards

Program Updates Ph.D. programs Masters programs Undergraduate programs

News from the Faculty

Staff News and Updates

Software Engineering Ph.D. student Ivan Ruchkin blends the formalism of system modeling with a grassroots approach to tackle the challenges of the cyber-physical world.

Departmental Events Alumni Events

Grad Profile: Ciera Jaspan

The Institute for Software Research is a proud part of:

New sponsored research has ISR faculty taking on some of the most complex and pressing challenges.

The Simulated Sage

Modeling from the Ground Up

Societal Computer Ph.D. student Hanan Hibshiâ&#x20AC;&#x2122;s work pushes the boundaries of interdisciplinary research to create a better way to secure software systems

Originally from Visalia, California, Ciera Jaspan graduated from Carnegie Mellon University in 2011 with her Ph.D. in software engineering. She spoke with ISR about how she came to study software engineering and the work that she now does as a part of Googleâ&#x20AC;&#x2122;s Developer Infrastructure group.

STATEMENT OF ASSURANCE Carnegie Mellon University does not discriminate in admission, employment, or administration of its programs or activities on the basis of race, color, national origin, sex, handicap or disability, age, sexual orientation, gender identity, religion, creed, ancestry, belief, veteran status, or genetic information. Furthermore, Carnegie Mellon University does not discriminate and is required not to discriminate in violation of federal, state, or local laws or executive orders. Inquiries concerning the application of and compliance with this statement should be directed to the university ombudsman, Carnegie Mellon University, 5000 Forbes Avenue, Pittsburgh, PA 15213, telephone 412-268-1018. Obtain general information about Carnegie Mellon University by calling 412-268-2000.

Message from the Director Dear ISR Alumni and Friends, I am excited to present to you this first edition of a new publication from the Institute for Software Research (ISR). As you know, ISR is one of the seven departments in the School of Computer Science (SCS) at Carnegie Mellon University. With 35 faculty and many others who are affiliated, we support a wide range of research and educational activities related to software engineering and societal computing. Our educational activities include two PhD programs, more than a half-dozen MS programs, and the undergraduate minor in software engineering. We are initiating this newsletter to help build connections within our broad community of alumni, faculty, students, and staff, as well as our friends in industry and government. We hope you will take a moment to give us feedback on this inaugural edition of the newsletter: Is it useful and interesting? How can we improve it? The pace of recent events has been fast, and there is much to report on. To frame all this, here is an overall summary of our educational and research activities:

Education ISR is home to two doctoral programs, seven professional masterâ&#x20AC;&#x2122;s programs, an undergraduate minor, as well as distance and executive education programs. In the past two years, we have seen broad growth in the extent and quality of our applicant pools. We have an extraordinary community of students in our programs, and we benefit from the diversity of this community--for example, in the MSIT-eBusiness Technology program, half of the incoming students are women. Our PhD programs are in Software Engineering (SE, led by Jonathan Aldrich) and Societal Computing (SC, formerly COS, led by Jim Herbsleb). These PhD programs have been in operation for more than a decade, and are continuing to grow in scale and impact. We have just released a video (awesomely produced by Josh Quicksall) that describes the SC program [watch on YouTube].

ISR Ph.D. students and post-doctoral researchers gather to hear a lecture by senior faculty. Our educational programs continue to experience broad growth in both applicant pools and quality.

Building on the strength of our PhD and MS programs, we are now taking steps to expand the range of our undergraduate offerings. With the commitment of the School of Computer Science to expanding its world-class educational experience for undergraduates, the department has recently embarked on two new ventures. Our minor in software engineering (led by Claire Le Goues) is designed to expose students to the fundamental tools, techniques, and processes of software engineering to complement traditional undergraduate coursework in computer science. Additionally, we have launched a Research Experience for Undergraduates (REU) in Software Engineering program (led by Claire along with Charlie Garrod and Josh Sunshine). This is a summer research program that brings promising undergraduates from across the nation to Carnegie Mellon to partner with many of our faculty and graduate students in research projects. We were surprised at the extent of the applicant pool this past summer, and we benefited from a great diversity of backgrounds and interests in this group of students.

Launched recently, our Research Experience for Undergraduates in Software Engineering program draws driven undergraduates to campus for a summer of intensive research work alongside our wold-class faculty.

FA L L 2 0 1 6

I S R U P D AT E

intro Research Many of our faculty highlight the multidisciplinary nature of much of the research in the Institute for Software Research. This can create tremendous opportunity to address new problems, but it is also very challenging. Everyone talks about multidisciplinary research, but it is in fact hard to succeed at it. We have identified patterns of success, and this has led to novel and significant research results relating to topics ranging from usability in cybersecurity and the human realities of password management to architectural concepts for the Internet of Things (IoT) and use of genetic algorithms for automatic defect repair in software code. We build on an extraordinary track record of significant innovation: software architecture, dynamic network analysis, socio-technical coordination, APIs and program analysis, privacy engineering, mobile privacy, and many other topics. In the past year, we have initiated three major new DARPA projects (led by Jonathan

ISR continues to host one of four NSA Science of Security Lablets. Led by Bill Scherlis, the ISR team organized the 2016 HotSoS Symposium and Bootcamp on the Science of Security this past year.

Aldrich, by Norman Sadeh, and by Jason Hong, HCII, with Yuvraj Agarwal), ONR MURI and Minerva projects (Kathleen Carley), an NSF Frontier project (Norman Sadeh), an NSF BIGDATA project (Jim Herbsleb), and many other new projects from NSF and other sponsors. We continue to host a Sloan Center focused on scientific software sustainability (Jim Herbsleb), one of the four NSA Science of Security Lablets (Bill Scherlis), two active NSF CAREER projects (Christian Kastner, Travis Breaux), and other larger projects. Our research sponsors are enthusiastic about what we do, and support our pursuit of the many aspects of the ISR vision.

People The success of ISR derives directly from the world-class faculty, awesome students, and an unusually capable and committed staff. We have been fortunate to augment the ranks of our faculty and staff with some great people. On the faculty side, we welcome Joshua Bloch (since Fall 2015), Lujo Bauer (since Fall 2015, joint with ECE),

Lorrie Cranor, faculty in ISR, was tapped this past year to serve as the Chief Technologist at the Federal Trade Commission where she advises the FTC Chair and the Commission on developing technology and policy matters.

Bogdan Vasilescu (UC Davis), Mayank Goel (Univ. of Washington), Fei Fang (USC and Harvard, who will join us in Fall 2017), Nicolas Christin (moving from ECE and INI, now joint with EPP). Our long-standing faculty member Lorrie Cranor (joint with Engineering and Public Policy) was recruited to serve for a year as Chief Technologist at the Federal Trade Commission; she will rejoin us in January 2017. On the staff side, we are excited to welcome Joshua Quicksall as the departmentâ&#x20AC;&#x2122;s new Communications Specialist, Vaishali Gakhar as student/alumni and corporate relations manager for the Masters of Software Engineering professional programs (MSE), and Lisa Dougherty as course coordinator/administrative assistant. I want to mention also that several of our staff, including our entire research administration team (led by Monika DeReno), won SCS-wide staff awards at the recent SCS convocation (details later in this publication).

I S R U P D AT E

FA L L 2 0 1 6

Masters of Software Engineering alumni gathered at the 25th anniversary of the MSE Program in 2015. With record turnout and engagement, the MSE program continues to set the bar for alumni relations across campus.

Pictured (left to right): Software Engineering Ph.D. students Roykrong Sukkerd, Sudhi Wadkar, and Daniel Smullen gather to discuss their most research ideas. Collaborative work across research areas is a hallmark of the department and not only leads to a more collegial environment, but also radical new approaches to challenging problems.

Alumni This year we are focusing our efforts to better connect with our extensive community of alumni. I believe that a more tightly coupled network will benefit all of us, including internship and employment opportunities for students and alumni, alumni access to our faculty, “reality transfer” from experienced alumni back to our students (and faculty), partnership opportunities, and, needless to say, potential philanthropic support for our programs. The MSE program has set the standard for this, with a very active network of alumni that benefits all participants--including the fun of re-connecting and socializing with old friends, peers, and mentors. This publication is a first step in our program of outreach. We are doing this because we feel that it will yield benefits to all of us, including alumni, students, faculty, and staff. Please share your feedback with me (complaints) and the editor Josh Quicksall (compliments). We hope to make it, and our outreach efforts, as useful as we possibly can. Years ago, SCS took the risk in creating the ISR department, just as it did for other first-of-their-kind departments such as Robotics, Language Technology, Machine Learning, Human-Computer Interaction, and most recently Computational Biology. We are excited at what has been accomplished – and not just at the great research results and educational outcomes, but also the emerging intellectual coherence in many of our multidisciplinary activities. We even more excited about our future, and we do hope you will be an active part of it. Best regards,

William L Scherlis Professor of Computer Science Director, Institute for Software Research School of Computer Science Carnegie Mellon University

FA L L 2 0 1 6

I S R U P D AT E

SUCCEEDING AT SCALE New sponsored research has ISR faculty taking on some of the most complex and pressing challenges. FEATURED STOR Y // R ES EA R C H

Systems in the world are more complex, more interconnected, and

The community and culture of the department have contributed to our

more entangled in the human experience than ever before. We are

ability to build these programs. “We are an extremely cross-disciplinary

becoming heavily dependent on software, so much so that software is

institute,” says Yuvraj Agarwal, another DARPA Brandeis principal inves-

perceived by many as both the solution to many problems, but also the

tigator. “We have people who work on the user side, the systems side,

cause of others. Our software-based systems are becoming both more

the policy side. But all of us are departmental colleagues who interact

pervasive and more invisibly woven into the infrastructure of our lives.

frequently in a variety of work settings. So, when it comes to these

Our research focus, therefore, must not be just on how to build good

multi-year, multi-faceted research projects, it makes collaboration very

software, but also on understanding the entanglement of that software

organic.”

with society, including individuals and organizations, business and government, policy and commerce. Increasingly, the ISR research portfolio

It is not easy to pursue these extremely complex, demanding projects.

focuses on these entanglements, embracing both significant technical

Not only are the problems messy and complex, but the research to

challenge and messy real-world problems.

address them can be exceedingly difficult to manage. It’s all about the potential for impact and a strong support system that enables us

ISR faculty are stepping up to this challenge. Just in the past year, ISR

to accommodate the uncertainty, explains ISR Director Bill Scherlis.

faculty have been tapped to lead research on three major initiatives:

“Software has emerged as the most significant building material of

privacy and security for the DARPA Brandeis program, resilient and

our time. Software capability has become a key determiner of success

adaptive systems for the DARPA BRASS program, and dynamic network

– and failure – in the development and operation of major systems in

statistical analysis for the Department of Defense’s Minerva Initiative.

all sectors, including healthcare, transportation and vehicles, financial services, national security and intelligence, infrastructure, and so on.

Norman Sadeh, one of the principal investigators on the DARPA

We need ways to understand and to manage the complexity, both from

Brandeis project, notes, “This confirms that ISR and Societal Computing

the standpoint of how we undertake the engineering of systems (SE)

are perceived as being at the forefront of research trying to address

and how the systems can and should interact with people and institu-

societal challenges that arise in the development many of the new

tions, including business, legal, and policy aspects (SC). This confluence

technologies that people are working on today.”

of systems, software, and society is the defining characteristic of ISR.”

We need ways to understand and to manage the complexity, both from the standpoint of how we undertake the engineering of systems (SE) and how the systems can and should interact with people and institutions, including business, legal, and policy aspects (SC). This confluence of systems, software, and society is the defining characteristic of ISR. FA L L 2 0 1 6

I S R U P D AT E

feature

SUCCEEDING AT SCALE DARPA BRANDEIS Privacy is about people having control. But in an age when every interaction you have with technology tends to give rise to the collection of data and the sharing of data with different entities, control is slipping from our grasp. Whether it is the 50+ apps on your smartphone or the IoT systems in your home or car, the scale of this collection and distribution is mind-boggling. The DARPA Brandeis Program, created in order to address this growing need for privacy and security while preserving the wealth of possibility created by data, extended sponsorship of two projects this past year to teams led by ISR faculty.

Privacy Assistants for the Internet of Things PIs:

Norman Sadeh (CMU-ISR) Alessandro Acquisti (CMU-HEINZ) Lujo Bauer (CMU-ISR)

Lorrie Cranor (CMU-ISR) Anupam Datta (CMU-CSD)

Norman Sadeh and his team are no strangers to privacy. Their Person-

“You are entering these different environments where there are

alized Privacy Assistant (PPA) project has shown tremendous success

different sensors that are not being advertised - cameras with facial

over the past several years in helping mobile app users manage their

recognition, bluetooth sensors, microphones and more; you don’t

privacy settings. With a forthcoming app and significant findings under

know what they are collecting or what they do with that data and you

their belt, they are now bringing their work into the Internet of Things

certainly don’t know if there any settings available such as opt-out or

(IoT).

opt-in settings. We want to know: How do we effectively communicate this information to users without overwhelming them with details they

It all comes down to quality – not the quantity – of privacy notifica-

may not care about?”

tions, Sadeh believes. “To date, users are expected to manually manage all their privacy - from reading entire privacy policies to configuring all their privacy settings. Many entities, such as application and OS developers, have attempted to do the right thing by offering users more privacy settings,” Sadeh says. But due to the sheer number of apps and features requiring attention from the user, this has created an untenable situation. “We are now in a place where, while in the-

Sadeh and his colleagues are

The world around us is now full of sensors and applications that gather data on us completely without our knowing... How do we effectively communicate this information to users without overwhelming them with details they may not care about?

tackling this challenge using their privacy assistant work as a springboard. Developing an infrastructure for their Personalized Privacy Assistant application, the group hopes that by establishing a system of registries for IoT resources, users can be made aware of sensors in their vicinity. “Using this infrastructure to discover nearby IoT resources, Personalized Privacy

ory users have more control over their privacy than ever before, they

Assistants will be able to selectively notify their users about those

are actually less likely to exert any control over their privacy due to the

practices they would want to know about and help them configure any

overwhelming number of settings.”

available settings. This is about understanding what individual users already expect, what they care about, and selectively entering into di-

But Sadeh says it doesn’t need to be that complex. Leveraging artificial

alogues with them to better understand their preferences in different

intelligence, machine learning, and dialogue technologies to selectively

contexts.”

interact with users, their research aims to develop a system which provides the right amount of information to the users about how

It is this real-world application that Sadeh finds most exciting about

their data is being captured and shared. The system can then learn a

the project. “We get to not just build the technology but also evaluate

user’s privacy preferences and automatically configure or recommend

it with real users going about their regular day-to-day activities,” Sadeh

privacy settings accordingly.

explains. “How will people respond to this type of technology; is this useful or is it too intrusive? What does it take to configure this technol-

Extending this process into the IoT space is the next step the group

ogy to maximize value and minimize disruption, giving users the level

is now undertaking, with support from the DARPA Brandeis Program.

of control they desire - nothing more and nothing less? We believe

“The world around us is now full of sensors and applications that

that the proof is in the pudding.”

gather data on us completely without our knowing,” Sadeh explains.

I S R U P D AT E

FA L L 2 0 1 6

M OD UL AR C ONCEP T FOR PERS ONA LIZED PRIVACY A S SI STANT IoT Resource Registry Apps

Interaction Primitives

Learning

IoT Resources

privacy notice

Personalized Privacy Assistants User Model

IoT Services

DESIGN SPAC E FO R PRIVACY NOTICES

Personal Contexts

Personal Data Flow Analysis

Organizational Context

timing

channel

modality

control

at setup

primary

visual

blocking

just in time

secondary

auditory

non-blocking

context dependent

public

haptic

decoupled

periodic

machine readable

persistent

Shared Services

Privacy Profile Service

Data Flow Analysis Service

Figure 1. Overall project concept. The infrastructure that is built in the project consists of multiple, modular components. The IoT Resource Registry is used to register and advertise IoT services and resources. The PPA offers an interface for the user to interact with the IoT. Depending on the user’s choices and the contexts of these choices, the PPAs learning module creates a model of the user’s preferences.

on demand

Figure 2. Design space for privacy notices. Current privacy notices often are either overwhelming or not recognized at all. The project evaluates how different factors influence the understandability and awareness of privacy notices.

Figure 3. Screen captures of the IoT Resource Registry (IRR) web portal (left) and IoT Assistant (IoTA) mobile application (right). The IRR can be easily set up in any IoT environment and allows facility managers to register resources, specify what data is gathered, how that data is processed and stored, as well as make control choices available to users. The IoTA, installed on a user’s mobile device, allows for the discovery of resources from available IoT Resource Registries, such as a registry for the building or room a user enters. Users can then review privacy policies, opt in/out of resources, as well as download and use nearby IoT resources. Future releases of the IoTA will be able to learn users’ privacy preferences and use them to selectively inform users and help them configure available settings.

FA L L 2 0 1 6

I S R U P D AT E

feature

SUCCEEDING AT SCALE DARPA BRANDEIS Privacy and Security in the Mobile/IoT Space PIs:

Yuvraj Agarwal (CMU-ISR) Matt Fredrikson (CMU-CSD) Jason Hong (CMU-HCII)

Control requires insight and it is not a zero-sum game. This is the underlying principle of research by Yuvraj Agarwal and his colleagues, Jason Hong and Matt Fredrikson. Supported by another DARPA Brandeis grant, the team is no stranger to privacy and security issues having collective experience of over a decade working on topics in this area. Agarwal led the idea and the creation of the ProtectMyPrivacy application for iOS and Android. The application provides actionable information and granular control over the permission requests made by 3rd Party Apps on a mobile device. It is this experience with highly granular information and control that led Agarwal and his team down a two-pronged approach to the question of privacy and security. Agarwal and his team noted that permissions were being lumped together in an all-or-nothing configuration. For example, an application might want to have access to a variety of components on your phone, some of which are privacy sensitive. It doesn’t tell you why it needs those permissions and how that data collected about you will be used.

ProtectMyPrivacy, an application for iOS and Android developed by Agarwal and his team, allows end-users access to actionable information and granular control over the permission requests made by 3rd party applications in the mobile space.

And while you may not mind a particular application having access to your location (e.g. to show you businesses near you), you don’t want it having access to your microphone without a clear purpose. In the current paradigm, you can either grant it permission to all the components it requests or you can choose to not use that application at all. “We believe this model is fundamentally broken,” Agarwal says. “The user’s intention is to use this application. But making it an all-or-nothing scenario, you are still restricting a user’s control over their privacy.” Agarwal and his team believe that an approach that allows users to selectively control different permissions on a line-item basis is the right one to take. But it was the first prong of this approach that spawned the second. Having the ability to selectively permit access does very little good if the user doesn’t understand what granting that permission actually means for their privacy. “When your apps access data, they almost never tell you WHY they are accessing your data,” Agarwal notes. “Sometimes a user can infer why information, like location data, is being requested. However, the developer doesn’t explicitly point out how that data is going to be used.” Agarwal therefore notes that in addition to providing granular controls over privacy, it is critical to provide users with pertinent information so that they can make timely, and informed privacy related decisions on what accesses to allow and what to deny.

I S R U P D AT E

FA L L 2 0 1 6

What we really need is to address this problem from the start, i.e. by devising methods and tools that enable honest developers to reason about user privacy and to provide annotations about why they are accessing private user data, and to output clear a privacy policy that describes its exact uses.

Research Thrusts App

Decompiled App

RESEARCH THRUST 1 Inferring Purposes

App Purposes

RESEARCH THRUST 3 User Controls

RESEARCH THRUST 2 Models of Privacy

Privacy Models

RESEARCH THRUST 4 Developer Tools

Privacy Policies

Figure 1. Research thrusts. Agarwal and team’s approach is comprised of four interlinked thrusts. Research thrusts 1 and 2 focus on building foundational tools and models, while thrusts 3 and 4 use the outputs from thrusts 1 and 2 to help end-users and developers respectively.

Crowd Workers

App Users

Pu rp o s e- b a sed P r ivacy Acc e s s C o nt ro l Rul e S et App Type

App Name

Data Type

Purpose

Context

Actions

Games

Location, Contacts

Advertising

Deny

Google Maps

Location

Maps

Allow

Location

Geotagging

Work

Deny

Social Media

Photos

AskMe

Utilities

Contacts

Backup

Allow

Figure 2. Example rules for a new kind of access control mechanism for privacy based on purposes. The first rule can be stated as “Deny use of location and contracts for advertising in games”. Purpose lets users differentiate between different uses. Users can also change behaviors based on context, e.g. at work, at home, driving, etc. Some rules might be user-specified, while others come from one’s employer. Note that this is separate from the user interface for specifying rules.

Further complicating matters, third-party interfaces and libraries that

However, the challenges in this approach are great, Agarwal explains.

developers include in their code base can request and use data in rad-

“Not only do we need to extract meaningful purposes from bare binary

ically different ways than the core functionality itself. All of this com-

code, with no annotations or other contextualizing information, but

plexity clouds the ability of the user to infer the purpose behind the

we also have to figure out how to create a taxonomy of purposes that

request. “Say I download a game and this game requests my location

are representative of all app behavior; purposes that will be easily

data. You’d likely be really confused why a game needs to know my

understood by the user.” But, Agarwal notes, all of the above tech-

location,” explains Agarwal. “But you may infer that it is to find nearby

niques are only applicable post-fact: when users are trying to protect

players to match you with for online play, which is okay to you. But, in

themselves from apps that are privacy invasive on their phone. “What

reality, it is an advertising library which is using your location to push

we really need is to address this problem from the start, i.e. by devis-

you targeted ad content, which perhaps is not okay.”

ing methods and tools that enable honest developers to reason about user privacy and to provide annotations about why they are accessing

Agarwal and his team are addressing this issue by exploring how to

private user data, and to output clear a privacy policy that describes its

take an existing app and use static analysis as well as dynamic instru-

exact uses.”

mentation to extract purpose from the code itself. “In this way, users could know that a particular location call is actually part of the core

But, at the end of the day, Agarwal is optimistic. This is due, in no small

application and not a third party library,” he says. In addition to being

part, to the colleagues that surround him. “ISR is leading this Brandeis

able to selectively control permissions, Agarwal notes, users would

initiative because of the strength of our faculty working in this field.

gain insight into each request’s distinct purpose, like “personalization”

They know that we can get the job done.”

or “match making” or “advertisement.”

FA L L 2 0 1 6

I S R U P D AT E

feature

SUCCEEDING AT SCALE DARPA BRASS Model-Based Adaptation for Robotic Systems (MARS) PIs:

Jonathan Aldrich (CMU-ISR)

Christian Kästner (CMU-ISR)

David Garlan (CMU-ISR)

Manuela Veloso (CMU-MLD)

Claire Le Goues (CMU-ISR)

How do you build a software system that can function for a century

properties that it has,” he points out. “Then when the software or the

without being touched by a human engineer? This is the herculean

environment changes, we can look at the effect of those changes on

task being undertaken by the DARPA Building Resource Adaptive Soft-

the model. From there, we can then search the space of models similar

ware System’s (BRASS) program, a task on which a research team led

to the one that we already have for a system configuration that would

by ISR’s Jonathan Aldrich is leading the charge.

be better adapted to this new setting, environment, etc.”

Software today operates in a variable ecosystem. Change in libraries,

A complex problem with this many facets requires a team with a

protocols, and physical platforms is rapid. An application developed

range of expertise and Aldrich’s group is no exception. To address the

today would likely become non-functional in a few years’ time without

challenges in developing an expansive set of models for the project,

routine maintenance and upgrades, tasks typically handled by a

David Garlan was an obvious choice to work alongside Aldrich, whose

human engineer at significant cost. The vision of the DARPA BRASS

speciality lies in connecting abstract models to code. Manuela Veloso,

program is to design technologies that will enable the creation of long-

Chair of the Machine Learning Department and robotics visionary,

lived complex software systems that are autonomously reactive to

provides much needed expertise on robotic platforms.

changes in both the physical and computational resources available to them. The Model-based Adaptation for Robotic Systems (MARS) team chose to approach the problem via robotic platforms for a variety of reasons. “We are excited by the challenge,” says Aldrich. “These are some of the most difficult platforms for which to develop software as they are almost entirely custom-built. Every robot, for every task, is running highly

There are likely very few people who haven’t become frustrated with software that is in constant need of maintenance. The technologies we are working on can make this a more seamless process. Ultimately this will allow people to work with much richer, more interactive, more cohesive electronic devices.

Two other ISR faculty play important roles in the project. Claire Le Goues, who has done research in automated bug repair, is looking to adapt some of her work for automatically searching out bug fixes to address the need to find reconfiguration strategies on the fly. And Christian Kästner, an expert on variability, will develop analytical models that tie crucial robotics properties to choices between algorithms and tunable parameters on components.

customized software.” While assuredly a significant challenge, the potential benefits of this What’s more, Aldrich notes, is that robotics is a field tightly coupled

technology are endless, Aldrich says. “There are likely very few people

to the physical world. DARPA was concerned with not only changes in

who haven’t become frustrated with software that is in constant need

the software space, but a system that could also adapt to changes in

of maintenance.” He notes that users want the security and features

its environment or hardware. “Even the slightest bump to a sensor on

that upgrades bring. However, most software components are devel-

the robot can throw its ‘vision’ out of alignment,” Aldrich explains. “So,

oped in isolation. Currently, running updates and installing patches

how can the system detect this misalignment, assess the degree of

manually to make these disparate components interoperable is the

misalignment, and autonomously reconfigure itself to compensate?”

only path to those enhancements. “The technologies we are working on can make this a more seamless process. Ultimately this will allow

The MARS team are approaching this extremely complex problem

people to work with much richer, more interactive, more cohesive

through higher level modeling of the system, allowing them to incor-

electronic devices.”

porate a level of flexibility. “We want to abstract the software and its environment into models that explain how it works and why it has the

I S R U P D AT E

FA L L 2 0 1 6

MODELS

VE LOPER DE

SYSTEM

D IS C OV E RY

MO DEL-BASED ADAPTATIO N

TR A N S FO R MATIO N

DELS’

DA DA

P TA

TEM’

SYS

M CO

STE

TION

AVERAGE CPU USAGE

AVERAGE LOCALIZATION ERROR

Figure 1. Model-based Adaptation for Robotics Systems (MARS). Robotic systems must deal with a changing environment, but today they can only adapt to these changes through a labor-intensive, manual adaptation process (the dashed arrow). The MARS team proposes to raise the level of abstraction at which robotics systems are implemented, using high-level models that are written by developers or discovered from the source code or the running system. When changes are needed, their approach automatically finds an appropriate adaptation at the model level, then transforms the system to one that is suitable for the new environment.

N U MB E R O F R E F I N E ME N TS

Figure 2. Localization based on point clouds. State of the art mobile robotics systems localize themselves (i.e. learn where they are) based on point clouds, where each point is a possible location for the robot and clusters of points represent where the robot is most likely to be. The algorithm used for localization, along with its parameters, is one of the components that can be adapted if needed.

Figure 3. Power-aware adaptation of localization. During localization, the robot iteratively refines the point cloud to get a more precise idea of where it is. The researchers can adapt the number of times the point cloud is refined to trade off accuracy of localization against CPU usage. Using more refinements reduces the localization error, resulting in a more accurate estimation of the robot’s location (purple line). However, if the robot’s battery is low, it can adapt by doing fewer refinement cycles, reducing CPU usage (blue line) and thus conserving power.

FA L L 2 0 1 6

I S R U P D AT E

feature

SUCCEEDING AT SCALE MINERVA INITIATIVE Dynamic Statistical Network Informatics PIs:

Kathleen M. Carley (CMU-ISR)

Joel Levine (Dartmouth)

How can you identify communities around the globe which are more susceptible to societal collapse in the event of a natural disaster? Will raising the educational level in a city change which ethnic groups will work together? Can you predict the societal effect that the building of a new well may have in a rural African village? What might happen to the regional sociopolitical power structures in the Middle East should there be a military intervention against ISIS by the West? These are the sorts of questions that new research by a team led by ISR’s Dr. Kathleen M. Carley may be able to answer. Entitled “Dynamic Statistical Network Informatics,” the project is funded by the United States Department of Defense’s Minerva Initiative through the Office of Naval Research. The initiative is designed to leverage the nation’s top universities to provide foundational information to the DoD, particularly from a joint social-science-and-computer-science interdisciplinary perspective. According to Carley, this program is critical as “there is a gulf between what the DoD can do, wants to do, and needs to do.

Figure 1. Traditional. Layout minimizes overlap of lines, edges length and color have no meaning.

New technologies that support not just analyzing data, but making predictions are needed.” The Dynamic Statistical Network Informatics project addresses this gulf by providing a mechanism to better assess social context and the state of affairs in a given community, or what is referred to in military circles as the lay of the land. “What we’re trying to do is create a technique that takes data from diverse sources like surveys and newspapers and builds out a network representation of that community in terms of the relations among different groups that can be used to assess the lay of the land, predict changes in it, and so assess community resilience and stability,” Carley explains. “For example, our new technology will help you predict whether a seemingly simple intervention such as building a well or a hospital, will alter the local power structure. It would allow you to understand the second and third order consequences of your actions.”

Figure 2: New Socio-cognitive Cultural Maps (SCM). Edge length and color indicate similarity, blue is highly similar while red is not.

Methodologically, this approach is completely unique as it links a

using individual agents’ observed relationships and interactions. In this

statistical approach for analyzing similarity between individuals based

new approach, broader psychological, sociological, economic and po-

on their attributes with a network science approach for analyzing how

litical data on the population in a community is gathered and networks

groups constrain and enable each other. The approach is called so-

are built which can infer which groups are likely to work together or be

cio-cultural cognitive mapping and allows the analyst to use informa-

hostile to each other. “Rather than [in social network analysis] saying

tion about how individuals are similar or different to understand the

‘Oh, you two are friends because you are connected on Facebook,’ we

relative power and influence of different groups.

can say ‘I think you two could be friends because you have all these features in common and that means the groups to which you belong

This is what Carley refers to as a “high-dimensional dynamic inferred

will work together, vote similarly, and support each other on new pol-

network.” In traditional social network analysis networks are built

icies.’ ” More importantly, this technique would let you infer on what

I S R U P D AT E

FA L L 2 0 1 6

Figure 2. Socio-cognitive Cultural Maps (SCMs) are the best-fit model of the underlying relations like identifying decision makers, alliances, and conflicts among actors in the region of interest. SCM’s are based on a socio-cognitive understanding of the social & cultural similarities and differences among actors expressed through their activities and attention to issues.

issues two groups will align. This could be used, e.g., for determining

weeks, much less years. “These situations arise and are gone in the

that – on an economic issue – african-americans and hispanics agree

blink of an eye. We need the ability to gain insight and act quickly. And

with one another, but disagree with white-males; whereas, on a health

with this method, we are able to do just that.”

issue african-americans and white males agree. Carley’s work may also be able to predict how changes in the community may affect group dynamics such as when two groups will temporarily ally. As Carley explains, groups continually shift alliances, because those alliances are rooted in the differences and interests of their members. “Rather than observe these interactions our goal is to predict them using information about the network of connections between groups inferred from potential member characteristics.” From the nuclear proliferation to community sentiment on proposed changes to healthcare policies, the potential applications of Carley’s work are boundless. Of particular interest to the DoD, however, is the ability of this technique to support the resiliency of communities. “Communities are said to be ‘resilient’ if you can make changes to them without causing significant damage; i.e., civil unrest, government upheaval, etc.,” says Carley. “In the case of a natural disaster, a community struck by a tsunami would be said to be resilient if they are able to rebuild, elect a new mayor, and get civil services up and running without having riots or lawlessness. The DoD wants to not break the resilience of local communities. This technique can help in choosing actions which will prevent this sort of damage from being done.” While Carley finds the broad applicability of this research and groundbreaking methodology to be the most exciting aspects of this new endeavor, she is also energized by the new methods her work has developed for undertaking these sorts of analyses at scale. “Previously these analyses took years. We believe that we’re going to be able to reduce that time down to under a day.” With conflicts and natural

What we’re trying to do is create a technique that takes data from diverse sources like surveys and newspapers and builds out a network representation of that community in terms of the relations among different groups that can be used to assess the lay of the land, predict changes in it, and so assess community resilience and stability.

disasters arising more frequently, the need for actionable analyses of community impact is something that will grow rapidly and cannot wait FA L L 2 0 1 6

I S R U P D AT E

The Simulated Sage Societal Computer Ph.D. student Hanan Hibshi’s work pushes the boundaries of interdisciplinary research to create a better way to secure software systems What if you had the expertise of the world’s foremost security experts at your fingertips? Hanan Hibshi, a Ph.D. student in societal computing, is interested in building a system that can do just that. Having completed a bachelor’s in computer science at King Abdul-Aziz University and a master’s in information security at Carnegie Mellon University’s Information Networking Institute (INI), Hibshi found herself excited by the collaborative environment and cross-disciplinary approach here at CMU. “While at INI, I began working with Lorrie Cranor and the CyLab Usable Privacy and Security Lab (CUPS)” Hibshi explains. “When I began to research doctoral programs, what ended up happening was that I wound up just hunting research groups like CUPS, something more interdisciplinary which was focused on real-world problems.” She found this interdisciplinary real-world focus in ISR’s Societal Computing Ph.D. program where she now works with Travis D. Breaux, an expert in the field of requirements engineering. Concerned with security requirements, Hibshi’s research focuses on trying to improve usability through the way security requirements are applied in practice. Attempting to understand and model how experts make security decisions, the end goal of her work is to build better support systems for security decision makers. This can be thought of as an “security advisor,” Hibshi explains. “It isn’t recommending products or solutions; it is advising you on the security status of your system and how it might be improved based on what you already have available.” It may, for example, analyze the settings available to a developer and provide options to increase security or mitigate existing risks.

This isn’t a project where you can just dive into building a tool or a model. There are many factors at every juncture that you need to figure out before you can proceed. 14

I S R U P D AT E

FA L L 2 0 1 6

I S R U P D AT E

profile assessment. “We can then see which factors have more of an impact on their decisions than others. And looking across the entire study, we can both begin to understand expert decision-making processes but also start to identify commonalities with regard to which security factors are considered more important than others.”

Modeling Uncertainty These experts are human, however, and humans are notoriously “messy” when it comes to gathering data on opinion-based topics like decision-making. Hibshi notes that it is rare to have unified consensus across participants, the responses aren’t “certain.” Oftentimes, she explains, experts varied widely in their assessments and responses. “Sometimes there is disagreement between individuals – what we call interpersonal uncertainty. Respondents can also give different judgments when asked at different times – what we call intrapersonal uncertainty.” Figure 1. Results from Hibshi’s survey of security experts. Participants were asked to provide start and end points of an interval representing each word. Blue areas represent the interval between the Mean start and Mean end points, while the grey areas represent the standard deviation.

Mimicking Wisdom

The challenge, says Hibshi, comes in choosing a mathematical modeling method which can incorporate this uncertainty. Leveraging the resources available to them at Carnegie Mellon, they reached out to Stephen Broomell in Carnegie Mellon’s Department of Social and Decision Sciences, as well as Christian Wagner in the University

This endeavor is massively complex, Hibshi notes. “This isn’t a project

of Nottingham’s Lab for Uncertainty in Data and Decision Making, to

where you can just dive into building a tool or a model. There are

help them better understand the options available.

many factors at every juncture that you need to figure out before you can proceed.”

Eventually, Hibshi chose an approach which utilized fuzzy logic to capture the uncertainty in her research data. “By basing the model on

Perhaps the most significant hurdle she has yet had to overcome

Type 2 fuzzy logic, we are able to work with the variation in opinion

is central to the research’s purpose: How do you build a model

that we see across responses,” she says. “Take, for example, an ap-

that mimics the decision-making process of security experts? “The

proach where we modeled based off the average response. Essen-

approach to identifying and deciding upon the ‘most secure’ op-

tially, what you are doing is removing some of the data. What about

tion available is hidden away inside the heads of our experts,” she

a response which is close to average but is not average?” Hibshi goes

explains. “What logical processes do they walk through in order to

on to explain, “Such an approach doesn’t account for variation in defi-

understand the context of a given situation, identify the components

nition. Say, for example, I wanted to rate the security of a system on a

available to them, weigh and reason about the trade-offs, and arrive

scale from 0 to 10. Would I always model “adequate” to be 5? What if

at a decision?” And, Hibshi notes, eliciting these processes from their

someone believes “adequate” is closer to a rating of 3?”

experts is a delicate affair. “We have to be certain that we are asking the right questions to get enough data without inadvertently biasing

Fuzzy logic, Hibshi explains, enables her to take the data from her

their answers.”

researchers and model it “as is,” including this layer of uncertainty.

To tackle this challenge, Hibshi and her fellow researchers constructed a study where they would show security experts a series of scenarios. Each of these scenarios incorporated a number of key security factors. “We asked the experts, ‘What do you think of this scenario?’ You make them feel as if their opinion matters and that you are seeking their help. This approach removes the psychological pressure of evaluating the person’s skills or knowledge.” From there, Hibshi then changes a number of security factors in the next scenario. What the expert sees seems to be a new scenario, so they approach it again in the same way. They ask themselves a similar set of questions, apply their decision-making process, and arrive at an

I S R U P D AT E

FA L L 2 0 1 6

I can say ‘this isn’t my bias coming through in the system; this is built from the decision-making processes of the foremost security experts in the world’

Figure 2. Graph showing three type 2 fuzzy logic membership functions developed by Hibshi to account for various opinions on how to mathematically represent adequacy. After distilling the 18 terms from Figure 1 into a set of three that encompass the full range of intervals, these functions were mapped to represent the percentage of participants who ranked each term. Bands were used to represent these functions, rather than lines, to reflect the uncertainty collected from the data.

This approach, she notes, builds in a layer of assurance to the even-

tween other fields and computer science can seem so wide. “We can

tual system which will allow the results to hold water. “This isn’t my

find common ground, though,” she points out. “And in finding that

personal assumptions forced upon the data,” Hibshi points out. “I can

common ground, there are a wealth of resources available to help us

say this isn’t my bias coming through in the system; this is built from

build better systems that work as envisioned.”

the decision-making processes of the foremost security experts in the world.”

Hibshi believes that by compelling researchers to question assumptions earlier in the project cycle, higher quality work will result. To

Beyond faithfully representing the distribution of data, fuzzy logic

illustrate this, she points to the term ‘security’. “What does it really

operates on a basis of if/then rules, allowing greater transparency.

mean when we say something is highly secure?” Hibshi asks. “We, as

“Users can see into the decision-making process of the system,” she

computer scientists, may enter into a project with an assumption of

explains. “You can see a breakdown of the system’s reasoning where

what high, medium, and low security means. This assumption may

it says, ‘If this is the network factor, this is your encryption, and this

even be affirmed by our peers in our research group. But is that

is your password, then this is your security level.’ ” From that point,

assumption true enough to base an entire system on?”

Hibshi says, users can agree or disagree with an assessment, making adjustments accordingly. “If, for example, it is an exclusively internal

There are, she notes, many decades of research in the humanities

network, perhaps password complexity isn’t such a high priority and

and social sciences – particularly psychometrics – regarding how

your approach may change slightly.”

researchers can authoritatively define a scale for something like

Leveraging the Interdisciplinary

“security,” through rigorous testing and experimentation. “We test and question aspects of a system’s architecture or its implementation

In the long run, Hibshi hopes that her work will not only benefit secu-

plan, but we need to also question the more fundamental compo-

rity practitioners but also the field of computer science more broadly.

nents that lead to these higher level technical features,” Hibshi says.

“I am trying to help the field of computer science to reach out to other

“It is my hope that my work and the approach that we are taking will

disciplinary fields.” Too often, Hibshi points out, computer scientists

help computer science to recognize this and work to become more

are quick to jump into exploring a solution because the gulf be-

interdisciplinary for this exact reason.”

FA L L 2 0 1 6

I S R U P D AT E

MODELING FROM THE GROUND UP Software Engineering Ph.D. student Ivan Ruchkin blends the formalism of system modeling with a grassroots approach to tackle the challenges of the cyber-physical world. Troubleshooting a system model is no simple task. Now imagine that

architecture that led me to my current research focus: modeling

you were not only attempting to weed out potential issues in a single

methods for cyber-physical systems.”

model but also reconciling potential conflicts across several models – each originating from a unique engineering perspective.

A cyber-physical system is an intelligent, autonomous system which, while driven by software, often interacts substantially with the

This is the challenge faced by Software Engineering Ph.D. student Ivan

physical world. “These systems aren’t sitting on a server somewhere,

Ruchkin. “There is a wealth of research and established practice when

calculating how many calories I burned today,” Ruchkin points out.

it comes to modeling complex systems,” Ruchkin notes. “What we

“They are moving shipping containers, managing smart grids, and

don’t have is a way for these various engineers from various back-

driving my car.”

ground and disciplines to play together nicely.” Composed of numerous different Originally from Moscow, Russia, Ruchkin – now in his final year of the Ph.D. program – was drawn to formal approaches as an undergraduate at Moscow State University. “In Russia, there is a great deal of importance placed upon theoretical computer science and mathematics. The formal approaches inherent to modeling a software system were, at some basic level, really appealing to me.”

There is a wealth of research and established practice when it comes to modeling complex systems. What we don’t have is a way for these various engineers from various background and disciplines to play together nicely.

software and hardware components, cyber-physical systems are notoriously difficult to model. Ruchkin explains that to deal with this complexity teams will often isolate the various components of a system. “The control engineers build the control module, the mechanical engineers work on physical components, and the software engineers develop the glue code to do the networking.” But, as he explains, this separation

However, he notes, something was missing. “While I was studying for

poses significant problems when it comes time to integrate. “When

my undergraduate degree, I was also working as a software develop-

you plug these pieces together, you may discover all sorts of issues.

er. I had a hard time reconciling the high-level theoretical work with

These issues all come back to teams making implicit assumptions

the daily challenges I faced as a developer,” Ruchkin explains. “The

about how the system will work.” Some of these assumptions are at a

real world is messier than what I experienced in the classroom.” But it

very fundamental level, such as two components modeling time in en-

was this messiness – this complexity – that energized Ruchkin. “I won-

tirely different ways, Ruchkin notes. “When there is an inconsistency

dered if there was a way to bring the clarity of this high-level modeling

at this level, you get defects in the system that are extremely difficult

research to bear on the state of the practice.”

to detect, much less correct.”

And so, in 2011, Ruchkin joined the Software Engineering Ph.D. pro-

This is where Ruchkin’s work comes in. Using abstraction techniques

gram, where he came under the mentorship of Dr. David Garlan. “It

to draw out the relevant information in the various models that make

was David’s background in practical formal approaches and software

up a cyber-physical system, Ruchkin can then develop techniques

I S R U P D AT E

FA L L 2 0 1 6

I S R U P D AT E

profile ANALYSIS

ANALYTIC DEPENDENCIES

ANALYSIS

READ, WRITE, ASSUME, GUARANTEE

VIEW

VIEW-VIEW RELATIONS

VIEW

MODEL-VIEW RELATIONS

MODEL

MODEL Informal or vague relations

SYSTEM

Formalized relations Artifacts in current practice Elements introduced to facilitate integration

Figure 1. Ruchkin’s approach to integrating modeling methods to cyber-physical systems. Engineering artifacts, such as models of system components, existing in current practice are unable to be directly compared. However, abstractions of models allow for more formalized relationships to be reasoned about.

to detect and reconcile any inconsistencies that may exist. “This is a

Ruchkin’s approach is rather novel in the field of systems modeling.

very bottom-up approach to the problem.” Cyber-physical systems,

“Much of the work up until now has been concerned with addressing

he notes, present a unique challenge in that each module team often

inconsistencies in static models,” Ruchkin says. “But models change

builds their model based on a unique set of domain-specific tech-

over time. It is really difficult to take a snapshot of the model from the

nologies. “Rather than demanding standardization across languag-

repository and tell that something bad is going to happen three or four

es, frameworks, tools, etc., my work is looking at ways that we can

versions down the line.” Taking a change-oriented approach, Ruchkin’s

detect these inconsistencies and remediate them regardless of what

abstraction methods attempt to identify potential points of failure,

development environment or engineering perspective comes into play.

flagging inconsistencies before or as they arise.

This isn’t about making a unified model out of numerous, disparate models. It is about getting the models to work together. ”

My work is about how to make things work together as they are and not as we wish they would be. 20

I S R U P D AT E

FA L L 2 0 1 6

But this non-prescriptive, dynamic approach is not without its frustrations. “It is intentionally messy. We are committing to the fact that we are going to be dealing with some diversity and we’re not trying to confine ourselves to a nice context where we control everything,” Ruchkin explains. “We are taking what real development teams are doing in the real world and building upon it. It is not likely that a development team is going to dump their entire approach and toolkit to adopt some new approach. My work is about how to make things work together as they are and not as we wish they would be.”

Whether you are passionate about addressing the most pressing issues of the day through rigorous research or are driven to accelerate your career, ISR offers numerous opportunities to make your mark on the field.

LEARN MORE:

ISRI.CMU.EDU/EDUCATION

GRAD PROFILE

Ciera Jaspan Originally from Visalia, California, Ciera Jaspan graduated from Carnegie Mellon University in 2011 with her Ph.D. in software engineering. She spoke with ISR about how she came to study software engineering and the work that she now does as a part of Google’s Developer Infrastructure group.

Thanks for taking the time to talk to us, Ciera. Can you tell us

That experience changed the sort of topics I was interested in. I

a little bit about how you found your way to computer science

realized that I was never that interested in computer science theory.

and software engineering?

I knew I wanted to go to grad school, but the more I worked the more interested I became in software engineering, so much so that I

Oddly enough, I am a computer scientist by accident. When I was

changed my major from computer science to software engineering.

growing up in California, I knew I was going to study architecture. In high school, I was looking at a list of courses and there was one

What did you find so interesting about software engineering?

where you could design a house that would actually get built. I really wanted to take this course. But my dad told me that since architects

The practicality of the field is what got me interested. I think I actu-

rely heavily on software, like AutoCAD, that it would be helpful to

ally wrote that I wanted to find a way to automatically repair bugs

take a programming course to understand how those tools work.

in my code. This was something that was coming up for me at work and so it interested me. Theory is great but I was really inspired by

I had never programmed anything. But I knew that this was a step-

real world problems and how to fix them here and now.

ping stone to my dream of being an architect. My high school guidance counselor had other thoughts and told me that I couldn’t take it

And while the practicality of software engineering is what grabbed

because I would fail; I should take a course on keyboarding instead.

my attention, it was the complexity of the problems that kept my

I wouldn’t take no for an answer and – having taken all the prerequi-

interest. Computer science problems always have a “right” answer.

sites – I eventually convinced them to allow me into the course.

In software engineering there isn’t a “right” answer; it is always highly dependent on the context that you are in. And more so, these

I loved it. I was hooked. So much so that I ended up taking AP Com-

problems aren’t often well-defined. I like that the first thing you have

puter Science afterwards. Never did take that architecture course,

to do is ask a lot of questions about what problem you are trying to

though!

solve and what an adequate solution to that problem might look like.

And eventually you went on to California Polytechnic State

And complexity is definitely present in the work that you did

University in San Luis Obispo. Did you study computer science

during your Ph.D. here at Carnegie Mellon. Can you tell us a bit

during your undergraduate?

more about what you studied?

Yes and no. While I was an undergrad at Cal Poly, I also was working

It absolutely was. I studied static analysis of code that uses software

as a software engineer for a small consulting company called Vizolu-

frameworks. So, if someone is using one of these large software

tions. I was project lead on two projects: one for a company that did

frameworks like Spring or ASP.NET, which have extremely complex

software to support oil well drilling and the other developing website

APIs and protocols for how you need to use them correctly, how can

content management systems. It was a great experience. I was able

we check to see that they are using the framework correctly? Often-

to really get hands-on with the software process all the way from

times, the developers using these frameworks aren’t experts in the

inception to delivery.

framework itself and so it is very easy to make mistakes.

I S R U P D AT E

FA L L 2 0 1 6

I was focused on producing a solution that would be useful in

like an email you have to respond to right away. But there are also

practice. I didn’t want a solution that was perfect, that could catch all

other types of context switches, like waiting on a long-running oper-

possible errors. I wanted one that had the lowest cost to use and the

ation.

greatest benefit, a solution that would be most likely for developers to use in practice.

We know that these context switches have cost. They cause a developer to lose their focus or their internal stack trace, so there is a cost

And this focus on tools which helps developers work more

associated with that movement. We are interested in exactly what

effectively is what landed you at Google, it seems. What do you

causes these context switches, how often developers at Google do

do at Google?

them, and how we can make that better.

When I joined Google, I came in on the Tricorder team, which is

It sounds like this sort of research has a significant sociological

the team that runs the static analysis tools all Google developers

component to it. Is that the case?

use. So, my research at CMU was actually very related to the work I was doing. But the work at Google was interesting because it was

Absolutely. And my experience here can be traced to the supportive

different as well. Not only was I writing static analyses but I was also

and collaborative research community that makes up ISR. While

learning to run a production system on Google’s infrastructure that

I was doing my Ph.D., I did a couple of user studies and dabbled

was running these analyses across a massive codebase.

in this sociological approach. But where I really gained a foothold was in working alongside my peers and mentors, the other Ph.D.

That experience, coupled with some things I picked up during my

students and our faculty. Whether it was conversations with Brad

time in ISR, allowed me to move into my current role as the Tech

Myers’ students about user experience or talks by Jim Herbsleb, it

Lead of the Engineering Productivity Research Team within the De-

was this exposure to a wide range of methods that allowed me to

veloper Infrastructure. Developer Infrastructure is responsible for all

have a rough framework for this sort of sociological research work.

the development tools inside Google such as our code review tool, version control system, source browsing tool, and more.

What is perhaps most useful in the work that I am doing now is what I learned from Mary Shaw. Mary taught me how to approach prob-

In this role, I am looking at not just static analysis tools but all devel-

lems. This harkens back to problem and solution definition – how do

oper tools across the Google ecosystem. My team is trying to better

you define the problem that you are trying to solve and what a solu-

understand which tools make the developers more productive,

tion might look like. In my work, it is imperative that the problem be

which don’t, and where we may be missing tools.

defined, that the approach match the problem, that the solution is verifiable, and that it all traces clearly back to your original problem

We are also interested in their behaviors. For example, we are in-

statement. I think that is why a lot of productivity work to date has

vestigating what causes a developer to switch from working on one

had a difficult time showing results; you can’t just throw a user study

development task to working on something else; this is called a “con-

or survey at the problem without thinking about these things first.

text switch.” We know that some of those are interruption-based,

Mary helped me understand how to do that.

FA L L 2 0 1 6

I S R U P D AT E

profile Why is this sort of research, both in terms of tooling and developer behavior, so important right now? This research is important because humans are expensive. At Google, we use up a lot of machine resources and that is expensive. But humans are more expensive. There is a massive amount of time, energy, and money that goes into sourcing, interviewing, hiring, and training even a single software engineer to the point of productivity. And once they are here, they are expensive to maintain in terms of keeping them happy and excited about the work they are doing. There is years of cost associated with each engineer and we can’t afford to lose them or their productivity. So, we are extremely concerned with keeping all the engineers at Google productive and happy while doing so. The last thing we want is for someone to leave or to waste time because they are frustrated. What do you find challenging about your work at Google? Remember how I said that I like complex problems? Well, people are the ultimate problem in complexity! They have their own goals. Sometimes they are in conflict with others or the tools they are using. Sometimes they aren’t honest about what their goals are, either to a researcher or to themselves. So you’re trying to figure out the real problem, and if it is a problem I can even fix. One of the biggest challenges we face comes in terms of scoping. There are lots of problems that developers deal with day-to-day but there are only some of these problems that I can realistically handle. So we have to scope these problems down in such a way that I can ask questions that will lead to a solution which will make a meaningful difference to the developer.

Are you an ISR alum interested in sharing your journey? Contact the editor: Josh Quicksall jquick@cmu.edu

I S R U P D AT E

FA L L 2 0 1 6

New Faces N E W E S T FA C U LT Y A N D S TA F F A D D I T I O N S

Joshua Bloch Joshua Bloch joined the ISR faculty during Spring 2016. He holds a B.S. in computer science from Columbia University and a Ph.D. in computer science from Carnegie Mellon University. Josh has decades of experience in software research and development. After completing his Ph.D., he joined Transarc, a CMU spinoff, as Senior Systems Designer. He later became a Distinguished Engineer at Sun Microsystems, where he wrote the Collections library for Java. He then left Sun to join Google as Chief Java Architect. Josh led the design and development of countless Java platform features, including heavy contribution to the foundations of the Java programming language and also to key libraries including the Java Collections Framework, the java.math package, enums, annotations, the for-each loop, try-with-resources, and assert. He is the author of the seminal work Effective Java, which was the recipient of the 2001 Jolt Award.

Lujo Bauer Lujo Bauer joined the faculty of ISR in Fall Semester of 2015 with a joint appointment with the Electrical and Computer Engineering Department (ECE). A graduate of Yale University (B.S., Computer Science) and Princeton University (Ph.D., Computer Science), Lujo has served in various faculty roles with ECE and CyLab where he has done extensive work on computer security. His research interests include proof-carrying authorization, distributed access control, program monitors, security automata, languages for specifying security policies, and usable security.

Nicolas Christin Nicolas Christin joined the ISR faculty in Fall Semester of 2016. He has a joint appointment with the Department of Engineering and Public Policy (EPP). Christin holds a Diplôme d’Ingénieur from École Centrale de Lille as well as a Master’s and a Ph.D. in Computer Science from the University of Virginia. Nicolas was previously a member of the research faculty in ECE. He served as faculty-in-residence with CyLab Japan and Associate Director of the Information Network Institute. His research is concerned with computer and information systems security and often gravitates towards the boundary of systems, security, networking, and policy. More specifically, he is currently working on projects that examine online crime modeling, security economics, and usable and secure authentication.

FA L L 2 0 1 6

I S R U P D AT E

New Faces N E W E S T FA C U LT Y A N D S TA F F A D D I T I O N S

Mayank Goel Mayank Goel joined the ISR faculty in Fall 2016. Goel received his Ph.D. in Computer Science and Engineering from the University of Washington, his MS in Computer Science from Georgia Tech, and his B.Tech. from Indraprastha University, Delhi. Mayank has a joint appointment with the Human Computer Interaction Institute. Mayank’s research is focused on designing, implementing, and testing new sensing systems. His research aims to maximize the potential of existing consumer devices, and define the capabilities of future devices. Collaborating closely with medical professionals, bio-engineers, and designers, Mayank’s work focuses on solving hard problems in various domains, including health sensing, global development, and novel interactions. One of his inventions, SpiroSmart, measures a patient’s lung health using a smartphone microphone. It is currently deployed in clinics across the world, and has been used by more than 10,000 patients.

Vaishali Gakhar In April 2016, the department’s Master of Software Engineering Professional Program welcomed Vaishali Gakhar as its newest member of the MSE staff. Vaishali holds a bachelor of arts in psychology from Rajasthan University and a master of arts in clinical psychology from Amity University. In addition, Vaishali holds a master of science in personnel and human resources development from the Illinois Institute of Technology. Prior to joining the MSE, she worked in career services at the University of South Florida where she developed programming to facilitate the placement of USF graduates in a wide range of industries. In her new position as Student/Alumni and Corporate Relations Manager, Vaishali serves as an ambassador of the programs to industry where she works to identify, cultivate, and secure lasting and meaningful partnerships. Additionally, Vaishali serves the program through the support of students’ professional development and alumni community building initiatives.

Josh Quicksall We are pleased to announce that Josh Quicksall assumed the newly-created role of Communications Specialist for ISR this past January. No stranger to the department, Josh held the role of Student-Alumni Relations Manager in the Master of Software Engineering Professional Program for several years before transitioning. A graduate of the Ohio State University and Carnegie Mellon University, Josh brings with him extensive experience in visual and written communications. In this newly-created communications role, Josh will work to produce content and communications vehicles that enhance the visibility and reputation of the department while also fostering a closer connection with alumni, friends, and partners.

I S R U P D AT E

FA L L 2 0 1 6

Bogdan Vasilescu Bogdan Vasilescu joined the ISR faculty in Fall 2016. He holds a Ph.D. in computer science from Eindhoven University of Technology and was a postdoc in Computer Science at the University of California, Davis. Bogdanâ&#x20AC;&#x2122;s research is concerned with composition and efficiency in distributed development environments. Leveraging social coding platforms like GitHub, his work employs data-driven research methods which draw from empirical software engineering, social computing, and CSCW to develop or validate theories about software engineering processes and outcomes.

We are hiring! Looking to work at the intersection of software, systems, and society? The Institute for Software Research seeks candidates with outstanding academic credentials and compelling research vision for teaching-track and tenure-track faculty appointments. We enthusiastically encourage applicants across all areas of software engineering foundations and applications to apply.

Learn more and apply online: isri.cmu.edu/jobs

FA L L 2 0 1 6

I S R U P D AT E

New Faces POSTDOCS AND VISITING RESEARCHERS

Sudershan Boovaraghavan

Jens Meinicke

Visiting Bachelors Student, SRM University, India

Visiting PhD Student, Otto-von-Guericke University Magdeburg, Germany

Project: Mobile Applications and Computing, Systems and Energy Efficiency

Project: Variational Execution

Host:

Yuvraj Agarwal

Christian Kästner

Darko Bozhinoski

Jean Melo

Visiting Ph.D. Student, Gran Sasso Science Institute, Italy

Visiting Ph.D. Student, IT University of Copenhagen, Denmark

Project: Assurances for Adaptive Cyber-physical Systems

Project: Debugging of Highly-Configurable Software Systems

Host:

David Garlan

Christian Kästner

Saksham Chitkara

Stefan Mühlbauer

Visiting Bachelors Student, SRM University, India

Visiting Masters Student, Technical University of Braunschweig, Germany

Project: Mobile Applications and Computing, Systems and Energy Efficiency

Project: Analyzing Staged Web Applications through Symbolic Execution

Host:

Yuvraj Agarwal

Christian Kästner

Anupam Das

Swarup Kumar Sahoo

Visiting Ph.D. Student, University of Illinois at Urbana Champaign

Post Doctoral Fellow, University of Illinois at Urbana Champaign

Project: Personalized Privacy Assistants

Project: Holistic Privacy Management

Host:

Norman Sadeh

Yuvraj Agarwal

Anna Filippova

Stefan Stanciulescu

Post Doctoral Fellow, National University of Singapore, Singapore

Visiting Ph.D. Student, IT University of Copenhagen, Denmark

Project: Community Code Engagements

Project: Analysis and Support for Fork-Based Software Development

Host:

Jim Herbsleb

Christian Kästner

Martin Degeling

Vamsavardan (Vamsi) Sai Kuma Vemuru

Post Doctoral Fellow, University of Passau, Germany

Visiting Research Scholar, IIIT Hyderabad, India

Project: Personalized Privacy Assistant for the Internet of Things

Project: Universal Digital Library

Host:

Norman Sadeh

Ram Konduru

Pooyan Jamshidi

Sebastian Zimmeck

Post Doctoral Fellow, Imperial College London, UK

Visiting Ph.D. Student, Columbia University

Project: Model-Based Adaptation for Robotics Systems

Project: Frontier Project

Host:

Christian Kästner

I S R U P D AT E

FA L L 2 0 1 6

Norman Sadeh

Awards and Honors Mary Shaw Mary Shaw, the AJ Perlis University Professor of Computer Science, was named a recipient of the National Medal of Technology and Innovation. The award, presented by President Obama, represents the nation’s highest honor for achievement in the field of technology, innovation, and invention. Additionally, Shaw was also the recipient of the 2016 George R Stibitz Computer & Communications Pioneer Award. Awarded by the American Computer and Robotics Museum, Shaw was tapped for her “seminal and pioneering contributions to software architecture and computer science curricula”. Also receiving the award this year, posthumously, are Alan Turing and Joseph Desch, for their work breaking the Enigma code. Shaw has been a member of the faculty since 1971 and is widely recognized as a foundational figure in the field, pioneering the discipline of software architecture and contributing substantially to the development of computer science curricula over the course of her career. She is a co-recipient, with CMU colleague David Garlan, of the 2011 Outstanding Research Award from the Association for Computing Machinery’s (ACM) Special Interest Group on Software Engineering for contributions to software architecture. She was the first recipient of the Distinguished Educator Award presented by the IEEE Computer Society’s Technical Council on Software Engineering, and the first recipient of the Conference on Software Engineering Education and Training’s Nancy Mead Award for Excellence in Software Engineering Education. Shaw is a fellow of the ACM, the IEEE, and the American Association for the Advancement of Science. She is a past member of the National Research Council’s Computer Science and Telecommunications Board (CSTB) and the Information Science and Technology (ISAT) Study Group of the Defense Advanced Research Project Agency (DARPA).

Pictured: Mary Shaw recieving the National Medal of Technology and Innovation from President Barack Obama during a White House ceremony in November, 2014.

FA L L 2 0 1 6

I S R U P D AT E

awards

Jim Herbsleb Jim Herbsleb, well known for his research in collaboration and coordination on large-scale software engineering projects, received the 2016 Association for Computing Machinery’s Special Interest Group on Software Engineering (SIGSOFT)’s Outstanding Research Award. The award is “the single most prestigious award a researcher in our community can receive,” said Nenad Medvidovic, chair of the SIGSOFT executive committee. It is presented annually to an individual or individuals who have made significant and lasting research contributions to the theory or practice of software engineering. Herbsleb, who directs the ISR Ph.D. program in Societal Computing, has focused his research on developing theory, conducting empirical studies, and designing practical applications of his work on coordination in software development. He takes a “socio-technical” approach, in which the pattern of technical dependencies in a project is related to organizational str and communication patterns. Among the topics he has addressed is how development teams can function and collaborate even when, as is increasingly the case, the team members are geographically dispersed. He also has explored issues related to open-source development, both in individual projects and in large-scale ecosystems of interdependent projects. He has focused particularly on the role that communication media, collocation and transparent environments play in coordinating technical work. “Jim’s work has led to the development of a rigorous theory of collaboration in software engineering,” said William L. Scherlis, ISR director. “He has led in the study of interdependencies between engineering decisions in software design, and the human and organizational activities that produce and act on those decisions.” This is particularly significant for modern software engineering projects, which typically involve both diverse sourcing of software components and complex organizational structures, Scherlis noted. Herbsleb has pioneered a strongly empirical approach based on in-depth study of large software projects, including both commercial and open-source projects. Among his previous awards are SCS’s Allen Newell Award for Research Excellence in 2014, a Distinguished Paper Award at ICSE 2011 and the Most Influential Paper Award at ICSE 2010.

I S R U P D AT E

FA L L 2 0 1 6

Jim’s work has led to the development of a rigorous theory of collaboration in software engineering. He has led in the study of interdependencies between engineering decisions in software design, and the human and organizational activities that produce and act on those decisions.

Christian Kästner Christian Kästner, Assistant Professor in the Institute for Software Research, was named a 2016 recipient of the National Science Foundation’s Career Award for his work on variational execution and feature interaction in highly configurable software systems. The NSF Faculty Early Career Development (CAREER) award recognizes early career achievement by junior faculty whose work exemplifies the integration of research and education while building a solid basis for a lifetime of meaningful work to come. Kästner was recognized for his innovative work in studying the intricacies of highly configurable systems. “Most software these days is configurable in some form or another,” Kästner explains, “Whether it’s a set of plug-ins for your web browser or the configuration options in your phone’s operating system, there is a tremendous amount of variation that is either built into or built on top of software we use every day.” But the freedom to customize comes at a cost, Kästner warns. “Oftentimes these features are developed in isolation. When they interact with one another for the first time, all sorts of interactions can occur.” Feature interaction is a real concern in a world where the capability to customize your software is becoming standard. The ability to test for interactions, though, is daunting. “WordPress alone has approximately 40,000 plug-ins available. Brute force testing of all possible configurations simply isn’t an option,” explains Kästner. “A system with 320 independent options would generate more possible configurations than there are atoms in the universe.” If testing each option in sequence isn’t feasible, surely testing 10,000 all at once is impossible. But not so, says Kästner. “Most of the configurations in a system are relatively similar.” Since so much of the execution is shared across options, Kästner executes all features configurationally enabled but he shares almost all parts of the execution, except for where the configurations matter. From there Kästner can see where there are interactions in a much more efficient way. As for the award itself, Kästner is excited and honored. “There are a lot of potential applications out there if we can better understand how to test for these interactions and design systems with them in mind. This award can bring us just a little bit closer to software that works well right

WordPress alone has approximately 40,000 plug-ins available. Brute force testing of all possible configurations simply isn’t an option. A system with 320 independent options would generate more possible configurations than there are atoms in the universe.

out of the box, no matter how we set it up!”

FA L L 2 0 1 6

I S R U P D AT E

awards

David Farber

David Garlan

Travis Breaux

David Farber, Distinguished Career Professor of

David Garlan, Professor of Computer Science

Travis Breaux, Assistant Professor of Computer

Computer Science and Public Policy at the School

and former Director of the Master of Software

Science in ISR, was the recipient of the National

of Computer Science and a member of the ISR core

Engineering Professional Programs, was the

Science Foundation’s Faculty Early Career

faculty, was tapped this year to become one of their

recipient of the 2016 Coach Award.

Development (CAREER) Award in 2015, the

first inductees to Stevens Institute of Technology’s Hall of Achievement.

agency’s most prestigious award for junior faculty. The award, granted by ISR’s Master of Software Engineering Professional Programs, is named in

The five-year award will support the study of

Established to acknowledge Stevens alumni who

honor of the late, beloved professor and former

privacy and security policies and their impact on the

have made extraordinary impacts which shaped

program director, James “Coach” Tomayko. Current

evolution of software requirements for pervasive

their respective fields, the first class of inductees to

program director, Tony Lattanze notes that the

and distributed systems. The study aims to help

the Stevens Hall of Achievement include Lawrence

award serves to recognize those who embody many

end users, lawyers and software engineers predict

Babbio Jr, Elizabeth Bailey, Charles Stewart Mott,

of the characteristics that made Tomayko an iconic

changes to software due to changes in contextual

Frederick Reines, and David Farber.

figure. “During his 16-year tenure at the university

and environmental assumptions.

and as Director Emeritus of the Master of Software Farber, a Stevens alumnus (‘56, M.S. ‘61, Hon.D.Eng.

Engineering Professional program, Jim dedicated

“Mobile and web applications that make our

’99), is considered by many to be the “Grandfather

himself to the development of our rigorous,

lives easier and more productive are composed

of the Internet.” His distinguished career spans

challenging, ever-evolving and industry-responsive

of complex systems and services that lack

more than 50 years and he has made foundational

graduate program.”

transparency and accountability,” Breaux said. “Our

contributions to electronics, programming

goal is to use this award to study new ways to help

languages, and distributed computing, to name but

The Master of Software Engineering program was

industry and government agencies better protect

a few. His work has earned him countless awards

founded in 1989 as one of the first master’s degrees

personal privacy by demonstrating how systems

and honors, including induction as an IEEE Fellow,

in the newly minted School of Computer Science.

conform to changing privacy and security policies.”

ACM Fellow, the 1995 SIGCOMM Award for lifelong

Growing exponentially over the next decade, the

contributions to computer communications, and

program now features five master’s degrees, two

Breaux’s research has been funded by the National

a spot in the Pioneers Circle of the Internet Hall of

certificates, numerous continuing and executive

Science Foundation, Department of Homeland

Fame.

education programs, and several international

Security, National Security Agency and Hewlett-

collaborative educational partnerships.

Packard Labs. He earned a bachelor’s degree in computer science from the University of Oregon and

Assuming the role of director from Tomayko in

a Ph.D. in computer science from North Carolina

2001, Garlan is credited with much of that growth.

State. He joined the CMU School of Computer

“Throughout David’s 14 years as director of the

Science faculty in 2010.

MSE / MSIT program, he continued to build upon Jim’s work, strategically mapping a vision for the

In addition to teaching and research, he has chaired

program’s future,” Lattanze says. “He expanded

the U.S. Association for Computational Mechanics

our educational portfolio, advanced our impact

(USACM) Privacy and Security Committee and was

regionally, internationally and at CMU proper,

a member of the USACM Public Policy Executive

and devotedly nurtured our community. Under

Council. He is also a member of the International

his leadership, we all learned to be better – better

Federation for Information Processing (IFIP) Working

students, better teachers, better citizens of the

Group 2.9 on Requirements Engineering.

world.”

I S R U P D AT E

FA L L 2 0 1 6

Student Awards and Honors Will Frankenstein Will Frankenstein, Engineering and Public Policy Ph.D. affiliated with ISR’s Center for Computational Analysis of Social and Organizational Systems (CASOS), was the 2016 recipient of Carnegie Mellon University’s Graduate Student Service Award for his commitment to broadening the inclusiveness of graduate organizations, particularly among underserved segments of the graduate population at CMU.

Bin Liu Bin Liu, Ph.D. student in Societal Computing, joined with co-authors Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, Shikun Zhang, Norman Sadeh, Alessandro Acquisti, and Yuvraj Agarwal in taking home the IAPP SOUPS Privacy Award for their paper “Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions” at the 2016 Symposium On Usable Privacy and Security (SOUPS) in Denver, Colorado.

FA L L 2 0 1 6

I S R U P D AT E

awards STUDENT AWARDS AND HONORS

Ivan Ruchkin Ivan Ruchkin, Ph.D. Student in Software Engineering, received the ACM Student Research Award Gold Medal for his paper “Architectural and Analytic Integration of Cyber-Physical System Models” at the ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS 2015). Ruchkin was also awarded an ACM SIGSOFT Distinguished Paper Award for his paper “Architectural Abstractions for Hybrid Programs” at the 18th International ACM SIGSOFT Symposium on Component-Based Software Engineering (CBSE 2015) as well as a Best Paper Award for “Challenges in Physical Modeling for Adaptation of CyberPhysical System” [co-authored by Selva Samuel, Bradley Schmerl, Amanda Rico, and David Garlan] at the 2016 IEEE World Forum on the Internet of Things (WF-IoT).

Daniel Smullen Daniel Smullen, Ph.D. student in software engineering, received the 2015 Ready-Set-Transfer Award at the 23rd IEEE International Requirements Engineering Conference for his work on “Eddy: A Privacy Requirements Specification Language”. The award is awarded for stellar performance in conveying research to a panel of industry technology transfer experts.

I S R U P D AT E

FA L L 2 0 1 6

Ben Towne Ben Towne, Ph.D. student in Societal Computing, won 1st Place at HUBweek’s first annual hackathon: Data Science, Journalism and the Future of Justice. Using open data from the city of Boston regarding “Field Interrogation and Observation” (FIO) encounters (aka “stop and frisk”), exploratory data analysis by Towne found that racial and gender minorities were disproportionately affected by these tactics as well as an uneven distribution of use across officers and units, with only eight supervisors out of more than 200 accounting for the majority of cases.

Blase Ur Blase Ur, a 2016 Societal Computing Ph.D. grad, is the 2016 recipient of the John Karat Usable Privacy and Security Student Research Award. Acknowledging strong research, a commitment to mentorship, and service to the usable privacy and security community, the award is presented every third year at the annual Symposium on Usable Privacy and Security (SOUPS). Ur was also a part of the research group which won this year’s Best Paper Award at USENIX Security Symposium 2016. The paper outlined a new advanced password meter that leverages artificial neural networks to outperform current state-of-the-art password meters in significantly less space. Other authors on the study included ISR faculty Lujo Bauer, Nicholas Christin, and Lorrie Cranor as well as ECE PhD student, William Melicher, ECE alumnus Sean Segreti, and Software Engineering PhD alumnus, Saranga Komanduri.

FA L L 2 0 1 6

I S R U P D AT E

program updates

Software Engineering Ph.D.

Director: Staff:

Jonathan Aldrich Connie Herold

Learn More: isri.cmu.edu/education/se-phd

R E C E N T G RA D U AT E S

YoungSeok Yoon Ph.D., Software Engineering, 2015 Advisor: Brad Myers YoungSeok Yoon’s dissertation work was concerned with “backtracking” capabilities in modern code editors. Yoon undertook an extensive empirical studies of existing code management and editing platforms to assess current functionality. This led to the creation of a novel selective undo mechanism for code editors, implemented as an IDE plug-in, which enabled visualizations for coding history, selective backstepping, and a robust code history search. In a controlled lab experiment with this tool programmers were shown to be twice as fast as a control group when completing typical backtracking tasks. Since graduation, Yoon has joined Google as a Software Engineer in Mountain View, California, where his work to make developers more productive by providing better development tools continues.

Michael Maass Ph.D., Software Engineering, 2016 Advisor: Jonathan Aldrich and Bill Scherlis Michael Maass’s dissertation work focused on sandboxes, a mechanism for imposing a security policy on a component. Michael surveyed existing research on sandboxes and proposed the first precise yet comprehensive definition of this technology. He proposed a novel, cloud-based sandboxing technique, showed how to use run-time monitoring to strengthen Java’s sandbox, and developed a tool suite to help developers to securely sandbox applications. Michael is now a Research Scientist at Bosch Research, working on an Internet of Things framework with improved security and privacy properties.

I S R U P D AT E

FA L L 2 0 1 6

Societal Computing Ph.D.

Director: Staff:

Jim Herbsleb Connie Herold

Learn More: sc.cs.cmu.edu

R E C E N T G RA D U AT E S

Saranga Komanduri Ph.D., Societal Computing, 2016 Advisor(s): Lorrie Cranor Saranga Komanduri’s dissertation work focused on password security. Specifically, Komanduri’s work sought to provide an improved metric for evaluating the security of password-composition policies, compared to previous machine-learning approaches. His work resulted in the development of a guess-calculator framework that automatically learns a model of adversary guessing from a training set of prior data mixed with samples, and applies this model to a set of test passwords. Komanduri used the guess calculator framework to study the guessability of passwords under various policies and provides methodological and statistical guidance for conducting these studies and analyzing the results. After graduation, Saranga Komanduri joined Civis Analytics as the Engineering Technical Lead. Civis Analytics is a Chicago-based information technology company specializing in cloud-based analytics platforms.

Ghita Mezzour Ph.D., Electrical and Computer Engineering, 2015 Center for Computational Analysis of Social and Organizational Systems (CASOS) Affiliate Advisor(s): Kathleen M. Carley (ISR) and Rick Carley (ECE) Ghita Mezzour’s dissertation work focused on cyber-attacks; and, in particular, how to identify countries that foster a favorable environment to hosting cyber-criminal infrastructure as well as factors that make the environment in these countries favorable to hosting such infrastructure. Through the analysis of attack reports from more than 10 million Symantec customer computers worldwide, sociopolitical data, and measures of relevant expertise and infrastructure, Mezzour presented a methodology for assessing countries’ cyberwarfare and bioweapon capabilities as well as countries’ motivations and latent abilities. Since graduation, Mezzour has joined the faculty of the Université Internationale de Rabat, Morocco.

FA L L 2 0 1 6

I S R U P D AT E

program updates

Societal Computing Ph.D. [cont] R E C E N T G RA D U AT E S

Richard Shay Ph.D., Computation, Organizations, and Society, 2015 Advisor(s): Lorrie Cranor Richard Shay’s dissertation work focused on usable password policies. Focusing on password-composition policies which aim prevent users from creating easily guessed password, Shay conducted extensive online, crowdsourced human-subject studies with randomized, controlled password-composition policies. This study resulted in a scientific comparison of how different password-composition policies affected password strength and usability. Outcomes from Shay’s research included a tested method for collecting passwords under different policies, a comparison between password policies that enables researchers to make evidence-based recommendations to service providers, and insights into conducting large-scale online studies in privacy. Since graduation, Shay has joined the technical staff at MIT Lincoln Laboratory.

Michael Jay Lanham Ph.D., Computation, Organizations, and Society, 2015 Advisor(s): Kathleen M. Carley LTC Michael Lanham’s dissertation work focused on organizational assurance and socio-technical modeling. Concerned with the command-level effects of cyber-attacks, Lanham’s research presented a rapid data-tomodeling and assessment approach for organizations to develop and analyze complex models of their people, resources, tasks, knowledge, beliefs, and other characteristics that impact the ability of the organization to continue its mission. Through the use of graph-theoretic analysis techniques used in the social network analysis research as well as meta-network analysis and research, Lanham’s work shows that that most attacks are in the nuisance range and that only multi-prong targeted or severe stochastic attacks cause meaningful failure. His dissertation also demonstrates that structural and functional mitigations are feasible and effective at reducing the impacts of contested cyber environments on the organizations’ performance as well as that organizations can design for resiliency and provide guidelines in how to do so. LTC Lanham is the current Director of the Cyber Research Center, United States Military Academy, West Point, NY. He also holds an appointment as an Assistant Professor within the Department of Electrical Engineering and Computer Science.

I S R U P D AT E

FA L L 2 0 1 6

Professional Masters Programs Masters of Software Engineering Professional Programs (MSE) Founded in 1989 as one of the first master’s degrees in the School of Computer Science, the Masters of Software Engineering Professional Programs has grown into family of five master’s degrees concerned with training the next generation of software engineering practitioners. Focusing on core, foundational engineering principles, students complete coursework in topics ranging from Software Architecture to Managing Software Development. Additionally, all student

Director: Tony Lattanze Staff: Jane Miller Linda Smith Lauren Martinko Vaishali Gakhar

Learn More: mse.isri.cmu.edu

participate in a multi-semester applied capstone project, applying lessons learned in courses to a real-world development challenge faced by the project sponsor.

Incoming Class This year, the MSE programs welcomed 50 students across their degree programs, all from a wide variety of backgrounds and with an average experience of more than 1.5 years.

Top 10 Employers

Amazon Amazon Web Services AppDynamics Apple

Google Intel Navis Oracle

Pure Storage Yelp

*Companies listed alphabetically, not in order of how many graduates hired.

Members of the Fall 2016 MSE/MSIT cohort gather outside the program’s facility on South Craig St during their campus orientation session.

FA L L 2 0 1 6

I S R U P D AT E

program updates

Professional Masters Programs Master of Information Technology Strategy (MITS) The Master of Information Technology Strategy (MITS) is a cooperative endeavor of the College of Engineering (CIT), School of Computer Science (SCS) and Dietrich College of Humanities and Social Sciences (H&SS).

Board: Staff:

David Brumley Baruch Fischhoff David Garlan David Root Kiron Skinner Jane Miller Linda Smith Katie Slater

Learn More: cmu.edu/mits

The MITS program provides a multidisciplinary education that prepares students to define and conceptualize the emerging environment of threats caused by cyber operations; opportunities for enhanced information analysis and exploitation; development and management of innovative information technology systems; and decision-making challenges. The program has four areas of concentration: Data Analytics, Politics and Strategy, Information Security, Software and Networked Systems. And this year, the program is pleased to announce an entering class of 13 students from a range of backgrounds and experience levels

Pictured: Members of the Fall 2016 MITS cohort spare a moment for a fun photo during their new student orientation.

I S R U P D AT E

FA L L 2 0 1 6

MSIT eBusiness Technology (MSIT-eBiz) The MSIT eBusiness Technology program prepares students to play a variety of mission critical roles in leveraging the power of technology across the enterprise. Based around a story-centered curriculum, in-lieu of traditional, distinct courses the program consists of an integrated series

Director: Michael Shamos Staff: Patricia Mackiewicz Tambria Radomski Amber Vivis Dabney Gordon

of projects designed to help students acquire and practice the essential skills and knowledge

necessary to step into high-performance teams at leading business.

Learn More: ebusiness.cs.cmu.edu

Incoming Class The MSIT eBusiness Technology program is excited to welcome this year’s incoming class of 56 students. While the class features a significant number of students with substantial experience, the percentage of women in the class (50%) is equally impressive.

Top 10 Employers Amazon Apple Ebay Ernst & Young

Facebook Goldman Sachs Google IBM

Oracle Snapchat

*Companies listed alphabetically, not in order of how many graduates hired.

Notable Program Events

Pictured: Team Robotany, 1st place winners of the MSIT-eBiz Practicum competition. Team members developed an automation system for local vertical farming venture of the same name (Robotany).

“Network After Work” Event (March 2016) Sponsored by the MSIT eBiz Program, more than 400 attendees gathered in the Bay Area to mix, mingle, and network with other technology professionals. 1st Annual “Big Data Analytics and its Business” Conference (July 2016) Organized by eBiz alum, Ripudaman Kushwah, in conjunction with the Asian American Chamber of Commerce, Pittsburgh. The conference was hosted in Hamburg Hall, in the heart of Carnegie Mellon. Computers con Chile Project Students from a public school in Chile were provided with a one-week coding class by 2016 graduate, Ignacio Saavedra. Attendees from the ages of 10-12 were taught computer literacy and learned valuable computer skills. Saavedra provided students with a jumpstart in coding with an inspirational code camp and the skills to continue learning by themselves.

Pictured: Team Tiversa, 2nd place winners of the MSIT-eBiz Practicum competition. The competition, held each summer, pits student practicum teams against each other for a grand prize of $10,000.

FA L L 2 0 1 6

I S R U P D AT E

program updates

Professional Masters Programs MSIT Privacy Engineering (MSIT-Privacy) The Master of Science in Information Technologyâ&#x20AC;&#x201D;Privacy Engineering (MSIT-PE) degree is a oneyear program designed for computer scientists and engineers who aspire to play a critical role in building privacy into future products, services, and processes. In addition to coursework taught by leading researchers in privacy and security, the program

Directors: Lorrie Cranor Norman Sadeh Staff: Tiffany Todd

Learn More: privacy.cs.cmu.edu/

concludes with a summer-long learning-by-doing, capstone project, where students are brought in as privacy consultants to work on client projects.

Incoming Class This year, the Privacy Engineering program welcomed its newest class of 12 students. With a cohort that boasts a variety of backgrounds and interests, the program is excited to see what the next year will hold for this promising group of students.

Top Employers In recent years, our graduates have gone on to take up privacy engineering roles at top organizations around the globe, including Adobe, eBay, Google, and others.

Notable Program Events CMU Data Privacy Day Hosted by Dr. Lorrie Cranor and Dr. Norman Sadeh of the MSIT Privacy Engineering Program in late January, this day-long event was open to the public and featured a privacy clinic; talks by Deputy US Chief Technology Officer, Ed Felten, and Dean of the Carnegie Mellon School of Computer Science, Andrew Moore; a roundtable of notable privacy researchers and experts; and a privacy research poster session by researchers and Privacy Engineering Students.

Pictured: MSIT Privacy Engineering students, Ludi Li and Shanshan Zhao speak with visitors at the Privacy Day Clinic as a part of CMU Privacy Day.

I S R U P D AT E

FA L L 2 0 1 6

Undergraduate Programs Research Experience for Undergraduates in Software Engineering (REU-SE) This past summer, the Institute for Software research welcomed a new cohort of undergraduate researchers as a part of the department’s Research Experience for Undergraduates in Software Engineering (REU-SE) program.

Leads: Staff:

Joshua Sunshine Claire Le Goues Charlie Garrod Victoria Poprocky

Learn More: isri.cmu.edu/education/reu-se

With support from the National Science Foundation’s Research Experiences for Undergraduates’ program, the REU-SE is geared towards providing undergraduate students from institutions with limited software engineering research opportunities the chance to work on challenging, innovative research projects. Students spend the summer on campus working closely with ISR’s renowned faculty to explore topics ranging from mining software repositories to green computing. Capitalizing on ISR’s tradition in collaborative and cross-disciplinary research, students in the REUSE program have the chance to work with researchers across the School of Computer Science, including Societal Computing, Human Computer Interaction, Robotics, and more. And this was an exciting year for the REU-SE program. Not only was this batch one of the strongest to date, but they also represented one of the largest and most diverse groups ISR has welcomed to campus. With 18 students hailing from a variety of undergraduate institutions, social groups, and experience levels, their involvement in the community is sure to have an lasting, enriching effect on all.

Pictured: The Summer 2016 REU-SE cohort and faculty enjoys the beautiful Pittsburgh summer by taking a photo with Carnegie Mellon’s iconic “Fence”

FA L L 2 0 1 6

I S R U P D AT E

faculty news

News from the Faculty Yuvraj Agarwal With new funding and numerous papers published, 2015 and 2016 brought a number of exciting developments for Professor Yuvraj Agarwal, particularly in the embedded/Internet of Things (IoT) and privacy spaces: •

Began a collaboration with Jason Hong (HCII) and Matt Fredrikson (CSD), supported by the DARPA Brandeis program, on a suite of tools and techniques to improve privacy practices across the entire mobile ecosystem.

•

Continued work with Anind Dey of Carnegie Mellon’s Human-Computer Interaction Institute (HCII) on GIoTTO – a safe, secure, easy-to-use IoT infrastructure. Sponsored by Google, the project aims to develop an open source stack which makes IoT technology development more accessible and useful across organizations.

•

Continued work with ISR’s Norman Sadeh on Personalized Privacy Assistants. Leveraging Agarwal’s past work with his ProtectMyPrivacy app (protectmyprivacy.org) and with funding from the National Science foundation, the project seeks to develop personalized privacy assistants capable of learning people’s privacy preferences and of semi-automatically configuring many privacy settings on their behalf.

•

Continued work on a project, entitled “Systems and Algorithmic Support for Managing Complexity in Sensorized Distributed System.” The project aims to reduce the complexity of sensorized distributed systems using automated or semi-automated methods to characterize sensors, determine their type based on the sensor data streams and make inferences about the quality of sensor data with minimal operator effort.

•

Won the IAPP SOUPS Privacy Award at the 2016 Symposium On Usable Privacy and Security (SOUPS) for “Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions”, co-authored by CMU colleagues Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi Shikun Zhang, Norman Sadeh, and Alessandro Acquisti.

I S R U P D AT E

FA L L 2 0 1 6

Jonathan Aldrich Mutable state – the ability to change data as a program executes – is an essential programming abstraction. However, its power comes at the cost of complexities that can lead to software defects, especially in concurrent programs. This past summer, Prof. Jonathan Aldrich and his students presented two advances that can help programmers leverage mutable state while avoiding the problems that often accompany it. •

The first advance involves helping programmers to determine which data structures

in a program are mutable state, and which are immutable, meaning that their data cannot be changed. A great deal of prior research has been devoted to specifying immutability in languages such as Java. But do these research systems provide what programmers need? And are they usable in practice? A team including Ph.D. student Michael Coblenz (CSD), Joshua Sunshine (ISR), Jonathan Aldrich (ISR), Brad Myers (HCII), Sam Weber (SEI) and Forrest Shull (SEI) published an ICSE 2015 paper, “Exploring Language Support for Immutability”, that answers this question. •

Through interviews with expert software developers and a review of the research literature, the team determined that developers often wanted to express transitive immutability – the idea that not just a single object, but an entire data structure, should not be changed. Unfortunately, languages commonly used in industry such as Java and C++ cannot express this important concept. Aldrich and his team then carried out a qualitative laboratory study with a research tool that does support transitive immutability, but found that the complexity of the tool made it very difficult for software engineers to use. These results are motivating the team’s current research on a new approach that expresses transitive immutability in a much simpler framework. The goal is to find a better engineering tradeoff between expressiveness and usability, enabling programmers to leverage immutability more effectively in their daily tasks.

•

The second advance enhances programmer reasoning in situations where mutable state is needed. This work was led by recently graduated student Filipe Militão (CS Ph.D., December 2015), who was co-advised by Jonathan Aldrich (ISR) and Luís Caires (Universidade Nova de Lisboa). Militão’s thesis – and a jointly-authored paper to be published at ECOOP 2016 – unifies two ideas, typestate and permissions, that had previously been separate. Typestate helps programmers specify constraints on using a resource such as a file, which must be opened before it is used. Permissions help make sure that different parts of a program have consistent views of each object’s typestate. Militão’s unification of these two ideas allows library developers to define a set of abstract and powerful algebraic rules specifying how clients can use each library object. This allows clients to use those objects in more flexible ways, while also hiding more of the library’s implementation from those clients.

Aldrich and his students plan to build on these lines of research to help programmers deal with state more effectively, both in existing programming languages such as Java and in Wyvern, a new programming language under development in the group.

FA L L 2 0 1 6

I S R U P D AT E

faculty news Travis Breaux Dr. Travis Breaux’s work on privacy engineering continued this year, culminating in a paper, entitled “A Theory of Vagueness and Privacy Risk Perception” led by Jaspreet Bhatia and Fordham University collaborators Joel Reidenberg and Thomas Norton. The paper was nominated for best paper and will appear in the proceedings of the 24th IEEE International Requirements Engineering Conference. Drawing upon research in psychometrics, Breaux and his team employed surveys based on factorial vignettes to study the impact of vagueness and risk likelihood on users’ acceptance of perceived privacy risk, by measuring users’ willingness to share personal information. Additionally, Breaux collaborated with colleagues and students on a number of publications in the last few years, including: •

“Improving Security Requirements Adequacy: An Interval Type 2 Fuzzy Logic Security Assessment System” by Hanan Hibshi, Travis D. Breaux, and Christian Wagner. IEEE Symposium Series on Computational Intelligence (SSCI), 2016.

•

“Privacy Goal Mining through Hybridized Task Re-composition” by Jaspreet Bhatia, Travis Breaux, Florian Schaub. ACM Transactions on Software Engineering Methodology (TOSEM), 2016.

•

“Automated Comparisons of Ambiguity in Privacy Policies and the Impact of Regulation” by Joel R. Reidenberg, Jaspreet Bhatia, Travis D. Breaux, and Thomas B. Norton. Journal of Legal Studies, 2016.

•

“Toward a Framework for Detecting Privacy Policy Violation in Android Application Code” by R. Slavin, X. Wang, M.B. Hosseini, W. Hester, R. Krishnan, J. Bhatia, T.D. Breaux, J. Niu. ACM/IEEE 38th International Software Engineering Conference (ICSE), Austin, Texas, 2016.

•

“Detecting Repurposing and Over-Collection in Multi-Party Privacy Specifications” by Travis Breaux, Daniel Smullen, Hanan Hibshi. 23rd IEEE International Requirements Engineering Conference (RE), pp. 166-175, Sep. 2015

Kathleen M. Carley This was a busy year for Professor Kathleen M. Carley. In addition to her ongoing work with the Minerva Initiative, Carley also traveled widely to speak to a variety of audience on topics relating to network science and dynamic network analysis, including: •

“Dynamic Networks in a Cyber-Mediated World” at PRO-VE 2016 (Porto, Portugal)

•

“Dynamic Network Analysis of Social Media Data, at the New Trends in Social Media” at NATO Strategic Communications Centre of Excellence Stratcom (Riga, Latvia)

•

“Social Media Network Analytics” at the NATO ACT-Sprint conference (Krakow, Poland)

•

“Advances in Dynamic Network Analysis” at the Chinese Academy of Science (Beijing, China)

•

“Dynamic Network Analysis” at Joint Research Institute (Shunde, China)

Carley also briefed over 30 high level members of the US military and government as a part of Carnegie Mellon University’s Institute for Strategic Analysis Executive Short Course. Her briefing on the topic of decision science, risk, and network analysis included the work of her and her students on insider threat and covert group detection in social media Finally, Professor Carley and the Center for Computational Analysis of Social and Organizational Systems (CASOS) provided support as part of the NATO Brilliant Jump Exercise during May 2016. The exercise, designed to prove the concept of NATO’s Readiness Action Plan (RAP), saw the rapid mobilization of NATO forces from their home base in Spain to the final deployment area in Poland. The CMU team led by Carley was tasked with collecting and processing Twitter data to assess changes in sentiment and narrative concerning NATO and Russia before, during, and after the exercise.

I S R U P D AT E

FA L L 2 0 1 6

Nicolas Christin Along with Lujo Bauer and Lorrie Cranor, Christin led a team of students and a researchers who won the 2016 Best Paper at the 2016 USENIX Security Symposium. This work inscribes itself in the body of research on password authentication that Bauer, Cranor, Christin, and their students have been involved for a few years. Nicolas and his students also continued their work on modeling online crime, and started engaging in network measurements of online censorship. An upcoming paper on censorship topic modeling and the usefulness of censorship “blacklists” for network measurement research will appear at the Privacy Enhancing Technologies Symposium (PETS) in 2017.

Lorrie Cranor This year Professor Lorrie Cranor has been serving as the Chief Technologist for the Federal Trade Commission. In this role, Cranor is responsible for advising the FTC Chair and the Commission on developing technology and policy matters. She has made regular contributions to the Tech@FTC blog, which has resulted in Cranor’s work and thoughts on privacy and security being featured in Wired, The Today Show, Buzzfeed, Ars Technica, The Washington Post, and others. Continuing to garner significant attention for her research work. Cranor was not only named a 2016 IEEE Fellow, but also delivered the keynote talks at this year’s Symposium On Usable Privacy and Security (SOUPS), IEEE Cybersecurity Development Conference, Clean Ads I/O, HotSoS, and BSidesLV Information Security Open Forum.

David Garlan In addition to collaboration on the “Intelligent Model-Based Adaptation for Mobile Robotics” project discussed earlier in this edition, Professor David Garlan also began another collaboration this year with ISR’s Claire Le Goues on the “Evolution of Selfadaptive Systems using Stochastic Search.” With support from the National Science Foundation, this project aims to develop a principled foundation for the evolution of adaptation strategies in the self-adaptive domain, using stochastic search. The resulting family of techniques reuse, recombine, and otherwise build upon previous knowledge about a given system to adapt to four major potential change dimensions: (1) the system’s architecture and deployment; (2) the tactics that can be deployed in an adaptation scenario, including mechanisms to choose between them and information regarding their applicability, costs, effects, success likelihood, etc.; (3) the system’s quality goals, and their relative priorities; and (4) the environmental assumptions that control the context in which the system is deployed. Additionally, Garlan has two chapters in forthcoming publications. The first, “Analyzing Self-Adaptation via Model Checking of Stochastic Games,” will be a part of Software Engineering for Self-Adaptive Systems 3. The second, entitled “Evaluating Trade-Offs of Human Involvement in Self-Adaptive Systems,” will be featured in Managing Trade-Offs in Self-Adaptive Systems. Finally, Garlan gave two notable talks this year on the topic of “Self-Adaptive Systems”, the first at the University of Illinois at Urbana-Champaign and the other at the University of Mälardalen University in Västerås, Sweden.

FA L L 2 0 1 6

I S R U P D AT E

faculty news Jim Herbsleb Professor Jim Herbsleb has had a tremendous year. In addition to receiving the 2016 SIGSOFT Outstanding Research Award, he has also been tapped to deliver keynotes at both the ACM SIGSOFT Symposium on the Foundations of Software Engineering Conference and the International Conference on Software and System Processes. Additionally, Herbsleb’s research has also made a number of exciting advances, including: •

Ongoing development of a systematic, empirically-based understanding of how, when, and why hackathons/codefests/sprints are effective collaboration modes.

•

Studying the practices, community values, and technical effects across a range of development ecosystems as they relate to the management of cost in breaking changes.

•

Further exploring the phenomenon of online deliberation and conflict generating increased perceptions of quality – specifically whether this effect extends to other works on the same topic or by the same author (as was seen in the prior study of Wikipedia), and whether there are differences in the impact of conflict depending on the author’s gender.

•

Exploring how developers use highly detailed traces of developer activity to inform key development tasks while using computational and visualization techniques to provide developers with better and easier ways to access the information they need.

Christian Kästner Professor Christian Kästner’s year was an exciting one. In addition to receiving an NSF Career Award for his work on variable execution in complex codebases, such as WordPress, Kästner also collaborated with ISR colleagues Jim Herbsleb and Chris Bogart as well as Ferdian Thung from Singapore Management University on how communities manage change across large development ecosystems. Their work examines how large ecosystems, such as the Node.js and Eclipse communities, develop values, practices, tools, and policies that govern how the cost of breaking changes – i.e., changes that cause software using the code to fail – are managed by members and organizations in these ecosystems. Their theory, which explains how such cost shifts can lead to healthier ecosystems but can also place undue burdens on participants who are unwilling or ill equipped to shoulder them, is the subject of a forthcoming paper in the International Conference on Foundations of Software Engineering. Kästner and his group are also planning a wider survey of developers to refine their understanding of how change costs are managed across a broad swath of development ecosystems. Additionally, Professor Kästner was tapped this year to serve as the Program Committee Co-Chair for the International Conference on Automated Software Engineering 2018. The event, to be held in Montpellier, France, is one of the foremost conferences on software engineering.

I S R U P D AT E

FA L L 2 0 1 6

Tony Lattanze Professor Tony Lattanze took the helm of ISR’s Master of Software Engineering Professional Programs (MSE), effective 2016. Lattanze, an MSE alumnus (MSE ‘95) and longtime director of the Embedded Software Engineering program, succeeds Dr. David Garlan in the role. The Master of Software Engineering Professional Program is one of the School of Computer Science’s longest running professional master’s programs. Geared towards accelerating the career growth of working software professionals, the program features a curriculum which emphasizes the fundamentals of engineering as it is applied to software development. Founded in 1989, the program boasts more than 1,000 alumni leading change in more than 400 organizations across the globe. Lattanze is excited and humbled by the opportunity to guide the storied program. “There’s so many huge sneakers to fill, especially if you are assuming a leadership position like I’m trying to do now. It’s overwhelming. When you look back at my predecessors – the first guy [James “Coach” Tomayko] invented it; the second guy [David Garlan] made it a world-class program – you are forced to ask, “What am I going to do?” This is a big driver for me right now – I don’t feel an obligation to have to one-up them, but I feel an obligation to promote the program, to make sure that it continues to be a world-class program.” But when Lattanze is not busy shaping the minds of young software engineers, you can almost assuredly find him rocking out on guitar. This year not only saw Lattanze stepping onto the stage of the MSE program, but also onto the stage at the Hard Rock Cafe with his band Dr.Kilowatt.

Claire Le Goues Professor Claire Le Goues has made a number of exciting advances in her work over the last few years. In addition to sponsored and collaborative research projects with the United States Air Force, DARPA, the National Robotics Engineering Center, and the National Science Foundation, Le Goues has also made a number of inroads in her research on automated software quality improvement, including: •

Releasing a set of benchmarks to the automatic patch generation community

•

Systematically characterized the quality problem in patch generation, proposed a new way to measure it in a principled manner, and identified several interesting key results, particularly surrounding the relationship between test suite provenance and repair quality

•

Validated an entirely novel technique for patch generation based on semantic code search which shows great promise for repairing different defects as compared to the previous state of the art as well as producing patches of significantly, measurably higher quality

•

Moved to study the human side of debugging, initiating a human study of framework debugging as well as several repository-mining approaches to understand the human bug triage and localization processes and inform defect repair

FA L L 2 0 1 6

I S R U P D AT E

faculty news

Eduardo Miranda Dr. Eduardo Miranda was recently selected to present his paper Nominal Group Interview Technique to Support Lightweight Process Assessments: Description and Experience Report at the 16th International SPICE Conference on Process Improvement and Capability Determination in Dublin, Ireland. The SPICE conference is an annual event hosted by the SPICE User Group. The conference regularly draws technical leaders from around the globe for the three-day summit. Miranda’s paper, which proposes the use of a group interview technique and the use of user stories to conduct lightweight processes assessments while simultaneously promoting the development of a shared understanding of the problems facing the organization, was published in Communications in Computer and Information Science (CCIS) following the conference proceedings.

Mel Rosso-Llopart Mel Rosso-Llopart, faculty member in ISR’s Master of Software Engineering Program, returned this year from a spring trip to conduct an on-site session of his course, “Computer Science for Practicing Engineers,” to students at Carnegie Mellon University’s Rwanda campus. The course, which focuses on bringing students with a background in more traditional engineering up to speed on the core concepts of computer science and programming, has been a staple of Rosso-Llopart’s teaching schedule since 2012. Rosso-Llopart notes that the trip was successful and useful on many levels. “The students got a lot out of the personal interaction and I got a lot out of visiting. Rwanda is a fascinating and beautiful country. I look forward to visiting again in the near future.”

I S R U P D AT E

FA L L 2 0 1 6

Norman Sadeh Professor Norman Sadeh’s work saw many exciting developments this year. Of particular note are his ongoing projects on usable privacy: Sadeh’s team continues to make successful advances on their Personalized Privacy Assistant mobile application, with support for the project coming from DARPA, NSF, the Air Force Research Laboratory, Google, and Yahoo!. The application was piloted with a small test group this past year and Sadeh’s team found that almost 80% of those who used the application on a daily basis adopted its privacy recommendations. Work on Sadeh’s “Usable Privacy Policy Project” showed a number of promising results this year. The project seeks to develop a practical framework based on a website’s existing natural language privacy policy that empowers users to more meaningfully control their privacy, without requiring additional cooperation from website operators. After uncovering the viability of crowdsourcing meaningful privacy policy annotations as well as demonstrating the ability of machine learning and natural language processing techniques to boost crowdworker productivity, the project launched explore.usableprivacy.org. The site allows users to review annotated privacy policies for more than 150 of the most popular websites in the world.

Mary Shaw The past few years have been tremendous for Professor Mary Shaw. In addition to her 2014 National Medal of Technology and Innovation and her 2016 George R Stibitz Computer & Communications Pioneer Award, Professor Shaw, alongside colleagues Brad Myers and Christopher Scaffidi, was honored during when their paper Estimating the Numbers of End Users and End User Programmers was named Most Influential Paper in the 10+/-1 year category at the 2014 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC). Outside of work, Shaw and her husband, Roy Weil, were recognized in the Post-Gazette’s yearly Renovation Inspiration Contest (2014) for the magnificent renovation of their midcentury modern Squirrel Hill home. Additionally, Professor Shaw also joined the Board of Directors of the Squirrel Hill Urban Coalition in 2016.

FA L L 2 0 1 6

I S R U P D AT E

staff news

Staff News and Updates ISR Sponsored Projects Team Takes Home SCS Honors The department is extremely pleased to announce that the Institute for Software Research’s Sponsored Projects Team was the recipient of this year’s School of Computer Science Staff Recognition Award for Outstanding Teamwork. The team of Berndette Dayak and Mike Boydos is led by Monika DeReno. Responsible for all sponsored projects finance in ISR – including proposal writing, submission, pre-award, administration, and post-award – DeReno and her staff work closely with faculty, multiple stakeholders in central administration, and also directly with funding agency staff to execute numerous projects every year. ISR Director Bill Scherlis notes, “Their competence and dedication have enabled ISR to experience a phenomenal growth in the number and complexity of research awards, including major center awards, large and complex DARPA contracts, MURI awards, and others.” One such award is the Science of Security Lablet, which funds faculty and grad students in ISR, HCII, CSD, Heinz, and ECE and includes a half-dozen subcontracts with other universities. “The financial management scheme developed by Monika and the team has been held as the exemplar by the sponsor agency for other major efforts they are funding,” Scherlis says. “And this is just one example. There are three new DARPA contracts in the past few months that

“Their competence and dedication have enabled ISR to experience a phenomenal growth in the number and complexity of research awards” 52

I S R U P D AT E

FA L L 2 0 1 6

The ISR Sponsored Project Team were the recipients of the 2016 SCS Staff Recognition Award for Outstanding Teamwork. Pictured (left to right): Mike Boydos, Bernadette Dayak, Monika DeReno, and Bill Scherlis (ISR Director).

have a similar level of complexity. This is much, much more than spreadsheet skills: It includes also working with a wide range of faculty and business managers across the university and integrating them into our practice. The team is extremely well-regarded inside ISR by our faculty, providing one-stop shopping for all dimensions of sponsored-project finance.” As a result, Scherlis says, ISR faculty rarely need to interact directly with central administration on contract-related matters. “In fact,” says Scherlis, “principal investigators have received thank-you notes from sponsors praising the capability and professionalism of the ISR team. This is thanks to the extraordinary combination of dedication, technical skill, interpersonal skills, and commitment to our organizational purpose.” It is this singular focus on excellence which earned the team the highest honor a staff team can receive in the college. Granted to only one team each year, the School of Computer Science Staff Recognition Award for Outstanding Teamwork is a testament to the leadership of DeReno and the dedication of the team as a whole. “When we speak of teamwork, we are not just speaking of engagement within this group of three people or even the engagement within ISR and the many faculty involved in sponsored projects,” Scherlis explains. “We are also speaking of the outstanding engagement with central administration and with our sponsors – and the tremendous level of respect these organizations show for the talent and initiative of this team.”

departmental events

Departmental Events CONFERENCES // WORKSHOPS // SYMPOSIA

SAF | ART | INT Carnegie Mellon and White House Office of Science and Technology Workshop Explores How Artificial Intelligence Can Be Engineered for Safety and Control Co-hosted by the university and the White House Office of Science and Technology Policy (OSTP), the SAF | ART | INT: Workshop on Safety and Control for Artificial Intelligence offered a program that included 17 speakers from across the country this past June to address the challenge of how to ensure that AI-based systems can operate in a safe and controlled manner. The event filled the Rashid Auditorium in the Gates-Hillman Center. Bill Scherlis, ISR Director and workshop organizer, notes that the workshop – part of a series of four workshops on AI hosted by OSTP – came at a critical time for AI. “We are at a formative stage in the development and deployment of AI systems; we have an opportunity to develop and promote engineering practice for AI-based systems that integrates safety and control. Of course, we want to do this without too much compromise to functionality and learning capability. In fact, we should aspire to enhance the productivity of AI engineers while also improving safety. We have a window of opportunity to get out in front of this issue.”

Pictured: Eric Horvitz (Microsoft), spoke as part of the Exploratory Technical Workshop. Speaking on the methods by which AI touches on a broad swath of daily applications, Horvitz provided context to the presentations throughout.

The workshop featured experts in AI algorithms, safety and systems engineering, and mathematical modeling, and included representatives from government, industry and academic institutions, including the Defense Advanced Research Projects Agency (DARPA); the National Science Foundation; the National Security Council; the Intelligence Advanced Research Projects Agency (IARPA); Google; Microsoft; Uber; ZF TRW; Vanderbilt University; Tufts University; Oregon State University; the University of California, Berkeley; and Carnegie Mellon. Speakers included John Launchbury, Director of DARPA’s Information Innovation Office; Jason Matheny, Director, Intelligence Advanced Research Projects Agency; Jeannette Wing, Corporate Vice President of Microsoft Research; Manuela Veloso, the new head of CMU’s Machine Learning Department; and Tom Dietterich, President of the Association for the Advancement of Artificial Intelligence. Manuela’s presentation

Pictured (from left to right): Bill Scherlis (ISR), Claire Tomlin (UC

was a recorded video [cmu.edu/safartint/watch.html] that was produced by the

Berkeley), Tom Dietterich (Oregon State), Emma Brunskill (CMU),

talented ISR video team.

and Michael Littman (Brown) participated in a panel Q&A, “AI Algorithms, Intrinsic Safety, Explanations, Evaluations”

With over 250 in attendance, the workshop was by all accounts a great success. CMU plans to issue a report on the workshop in the near future. The results of the workshop series also informed a public report recently issued by OSTP. FA L L 2 0 1 6

I S R U P D AT E

departmental events CONFERENCES // WORKSHOPS // SYMPOSIA

HotSoS 2016 This year also marked Carnegie Mellon’s turn to host the HotSoS Symposium and Bootcamp on the Science of Security. Sponsored by the National Security Agency’s Science of Security Lablet (SoS), the research event centered on the Science of Security, which aims to address the fundamental problems of security in a principled manner. The 2016 HotSoS event, held April 19 to 21 at the Carnegie Mellon University, brought together senior and junior researchers from diverse disciplines to promote advancement of work related to the science of security. The program featured refereed papers as well as invited talks from Lorrie Cranor (ISR and Federal Trade Commission), Greg Shannon (SEI and White House Office of Science and Technology Policy), Christos Faloutsos (CMU Computer Science Dept), and Matt Briggs (FireEye) The Science of Security (SoS) emphasizes the advancement of research methods as well as the development of new research results. This dual focus is intended to improve both the confidence gained from scientific results and also the capacity and efficiency through which increasingly technical problems are addressed. Pictured (Left to Right): Vishal Diwedi (ISR PhD student), Javier Cámara (ISR Systems Scientist), and Ashutosh Pandey (ISR PhD student) gathered with other HotSoS attendees for an evening reception at the Carnegie Museum of Natural History.

SPLASH 2015 The ACM SIGPLAN Conference on Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) is the premier conference at the intersection of programming, languages, and software engineering. SPLASH 2015 was hosted in Pittsburgh. Chaired by ISR’s Jonathan Aldrich and with significant volunteer support from ISR faculty and staff, the event was tremendously successful, bringing over 500 scientists, educators, and practitioners to the steel city this past October.

I S R U P D AT E

FA L L 2 0 1 6

CASOS Summer Institute The summer, ISR’s Center for Computational Analysis of Social and Organizational Systems (CASOS) hosted its annual CASOS Summer Institute. Geared to provide and intense and hands-on introduction to network analytics and visualization from a combined social-network, network-science, linkanalysis and dynamic network analysis perspective, the five-day event drew participants from a range of organizations to campus. Since the event’s inception 17 years ago, over 520 participants from 16 countries have taken part. Led by CASOS Director Dr. Kathleen M Carley, participants left the event fully equipped with the latest knowledge and tools to extract networks from texts, JSON files (e.g., news and tweets), or spreadsheets; analyze and visualize networks using one-mode, two-mode, and n-mode metrics; identify groups and clusters; examine networks spatially; examine overtime networks and explore dynamic aspects of these networks; and simulate change in networks and the diffusion/dispersion of information and beliefs through networks.

Pictured: Participants and presenters gathered outside the CASOS Summer Institute 2016. The event, held yearly, draws practioners from across the globe to Pittsburgh for a intensive, multi-day workshop on network analysis tools and techniques.

Want to learn how to leverage the latest and greatest research in network analysis to accelerate your business or enhance your organization’s analytical capabilities?

Learn more about the CASOS Summer Institute:

casos.cs.cmu.edu/events/summer_institute/

FA L L 2 0 1 6

I S R U P D AT E

departmental events ALUMNI EVENTS // COMMUNITY EVENTS

Another Great Year of Alumni Gatherings for the Master of Software Engineering Professional Programs Throughout the past year, the program hosted five separate regional alumni gatherings. In total, more than 100 program alumni turned out at events in the Bay Area, New York City, Pittsburgh, and Seattle. Feedback from these events has been overwhelmingly positive. Alumni stated that not only were they able to enjoy the great company of their MSE and MSIT peers, they also leveraged connections forged at the events to discover new opportunities in terms of career progression and professional collaborations. The MSE program thanks you for reconnecting with us and with old and new friends from near and far. And to those who were not yet able to attend, we hope we’ll see you at the next scheduled event near to you.

MSIT eBusiness Program Wraps Successful West Coast Tour The faculty and staff of ISR’s MSIT eBusiness Technology program returned this spring from a soggy San Francisco on their annual tour of the western region of the US. The two week excursion included meetings with alumni and potential corporate partners from Denver, Portland, and San Francisco. Whether it was a meeting to discuss partnership with Oracle in Denver, an information session delivered to students at Portland State University, or entertaining 400 professionals as a sponsor of the Bay Area’s “Network After Work” event, the eBusiness team was on the go getting the word out about their program. But the trip wasn’t all work and no play. Associate Director, Patty Mackiewicz, pointed out that the yearly outing brings together faculty and staff for an opportunity to debrief and recharge outside the office – and outside Pittsburgh itself! Despite many days of torrential rain, the eBusiness team spent a day riding the Bay Ferry from San Francisco to Sausalito where they were able to discuss upcoming work with a refreshed perspective. The trip concluded by reuniting 85 alumni at the program’s annual West Coast Alumni Reunion. Their largest reunion to date, held at Fisherman’s Wharf in San Francisco, brought together both MSEC and MSIT eBusiness alumni. The highlight of the night was the unveiling of the program’s new logo (to be revealed more widely soon). Tami Radomski, eBusiness’ Recruiting Coordinator, recounted the pleasure of seeing so many students she helped guide through the program. “It is amazing to see them all again. We knew them while they were students - but here they are, all grown up, many having married, started families, but all of them doing exceptionally well in their careers. It warms all of our hearts to see how well they have done!”

I S R U P D AT E

FA L L 2 0 1 6

Pictured: Bay Area alumni, faculty, and staff of the Masters of Software Engineering Professional Program gathered this past fall. Each year, the MSE programs travels to three regional events across the country, providing graduates a yearly opportunity to reconnect and network.

Pictured: Faculty, staff, and alumni of the MSIT eBusiness program gathered at Fishermanâ&#x20AC;&#x2122;s Wharf in San Francisco for an all-classes reunion this past spring. More than 85 graduates turned out to share their stories since graduation.

Want to host or organize an alumni gathering in your area? Contact a program coordinator! SE/SC PhD: MSE Programs: MSIT-eBiz : MSIT-Priv:

Connie Herold Vaishali Gakhar Tami Radomski Tiffany Todd

cherold@andrew.cmu.edu vgakhar@andrew.cmu.edu tambria_radomski@cmu.edu ttodd@cs.cmu.edu

FA L L 2 0 1 6

I S R U P D AT E

Carnegie Mellon University 5000 Forbes Ave Pittsburgh, PA 15213