Cyber-attacks are an international problem. Cyber threat from any country is a concern around the world. Identifying the most threatening countries is an important step towards reducing the global cyber threat. Two types of countries pose great cyber security threats. The first type of country fosters favorable conditions to hosting cyber-criminal infrastructure. The second type of country develops cyber warfare capabilities. These countries are even more threatening if they also have weapons of mass destruction such as bioweapons.

In this work I identify countries that foster a favorable environment to hosting cyber-criminal infrastructure. I also identify factors that make the environment in these countries favorable to hosting such infrastructure. In my analysis I use Symantec WINE data which consist of attack reports from more than 10 million Symantec customer computers worldwide. I also present a methodology for assessing countries’ cyberwarfare and bioweapon capabilities. My methodology assesses countries’ motivations and latent abilities. In my assessment I use socio-political data as well as measures of relevant expertise and infrastructure.

Thesis Committee:
Kathleen M. Carley (Co-Chair)
L. Richard Carley (Co-Chair, Electrical and Computer Engineering)
Nicolas Christin (Electrical and Computer Engineering, Cylab)
Mathew Elder (Symantec Research Labs)

Copy of Proposal Document


We study the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or free-form gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose.

Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. Our work shows that free-form gestures present a robust method for mobile authentication.


Janne Lindqvist is an assistant professor of electrical and computer engineering and a member of WINLAB at Rutgers University. Janne directs the Rutgers Human-Computer Interaction Laboratory. From 2011-2013, Janne was an assistant research professor of ECE at Rutgers. Prior to Rutgers, Janne was a post-doc with the Human-Computer Interaction Institute at Carnegie Mellon University’s School of Computer Science. Janne received his M.Sc. degree in 2005, and D.Sc. degree in 2009, both in Computer Science and Engineering from Helsinki University of Technology, Finland.

He works at the intersection of human-computer interaction, mobile computing and security engineering. Before joining academia, Janne co-founded a wireless networks company, Radionet, which was represented in 24 countries before being sold to Florida-based Airspan Networks in 2005. His work has been featured several times in MIT Technology Review and recently also in The New York Times, Computerworld, IEEE Spectrum, Yahoo! News,, Tech Republic, and over 200 other online venues around the world. During his first year at Rutgers, Janne was awarded three NSF grants totaling nearly $1.3 million and a MobiCom best paper award.

The value that domain-specific languages provide to their users is the domain-specific features they contain. These features provide notations from the domain of interest, as well as domain-specific analyses and optimizations. But domain-specific languages are sometimes a poor means of delivering these features to their users. An alternative approach is to provide domain-specific language features to programmers as composable language extensions that they can easily and reliably import into their general-purpose programming language, such as C or Java.

AbleC is a extendible specification of ANSI C into which programmers can import such extensions; examples include algebraic data types as in ML or Haskell, regular expression operators and literals as in Perl or Python, and matrix operations as in MATLAB.  A distinguishing characteristic of AbleC is the modular analysis that extension developers can perform on their extension specifications to ensure that a working translator can be generated from the programmer chosen set of independently developed language extensions. These analyses ensure that the composed specification will define a deterministic parser and scanner and a well-defined attribute grammar for semantic analysis and translation. Thus, the programmer has some assurance that the language extensions that they choose will, simply, work well together.

About the Speaker.

Program comprehension is an important cognitive process that inherently eludes direct measurement. Thus, researchers are struggling with providing suitable programming languages, tools, or coding conventions to support developers in their everyday work. In this presentation, we describe a study in which we used functional magnetic resonance imaging to measure program comprehension. We discuss the requirements for fMRI studies and for program-comprehension measurement. We show that program comprehension is closely related to language comprehension and that fMRI studies to measure program comprehension have great potential to revolutionize program-comprehension research, programming-language and tool design, as well as education of beginning programmers.


Janet Siegmund works at the University of Passau as Postdoc. In her research, she focuses on program comprehension, especially how it can be reliably measured, for example, with functional magnetic resonance imaging. This cross-cutting research area is based on the psychological and computer-science domain, in which she holds master's degrees. In her Ph.D. thesis "Framework for Measuring Program Comprehension", she developed guidelines that help researchers to reliably measure program comprehension in human-based experiments. In her lecture "Empirical Methods for Computer Scientists" she teaches computer-science students how to conduct empirical research in the context of software engineering. In 2013, she managed the chair for software engineering at the University of Magdeburg and gave held software engineering 101.

Software developers primarily rely on experience and intuition to make development decisions. I will describe speculative analysis, a new technique that helps developers make better decisions by informing them of the consequences of their likely actions. As a concrete example, I will consider collaborative development and the conflicts that arise when developers make changes in parallel. This is a serious problem. In industry, some companies hire developers solely to resolve conflicts. In open-source development, my historical analysis of over 140,000 versions of nine systems revealed that textual, compilation, and behavioral conflicts are frequent and persistent, posing a significant challenge to collaborative development. Speculative analysis can help solve this problem by informing developers early about potential and existing conflicts. Armed with this information, developers can prevent or more easily resolve the conflicts. I will demonstrate Crystal, a publicly available tool that detects such conflicts early and precisely. Crystal has inspired a collaboration with Microsoft and some Microsoft teams now use a version of the tool in their everyday work


Dr. Yuriy Brun is an assistant professor at the University of Massachusetts, Amherst. Yuriy’s research interests are in software system modeling, design, and development. Previously, he served as a CI Fellow at the University of Washington, received his Ph.D. degree in 2008 from the University of Southern California, as an Andrew Viterbi Fellow, and received his M.Eng. degree in 2003 from MIT. He was recognized with the IEEE TCSC Young Achiever in Scalable Computing Award in 2013, and his doctoral research was a finalist in the ACM Doctoral Dissertation Competition in 2008. His work on speculative analysis, the subject of his talk, won a 2011 ACM SIGSOFT Distinguished Paper Award and was the spotlight paper in the October 2013 issue of IEEE Transactions on Software Engineering.

This talk will report on research projects undertaken within the Human-Computer Interaction (HCI) field of Computer Supported Cooperative Work (CSCW) that investigate collaboration in the development of scientific cyberinfrastructures. Our research takes what we call an infrastructural perspective in order to shed light on the social and organizational processes of scientific work and software development work so that we can better understand and therefore better support scientific practice. In order to support innovative scientific research, we must understand how data, software, and systems embody scientific practices and values. We use qualitative social science methods such as interviewing and observation to understand not only the social side of scientific work and information infrastructure development, but also the interaction between the social and the technical. Our work has included investigations of data sharing and database and software development in fields such as metagenomics, epidemiology, and computer science.


Dr. Charlotte P. Lee is an Associate Professor in the Department of Human Centered Design & Engineering, Adjunct Associate Professor in the Information School, and Director of the Computer Supported Collaboration Laboratory at the University of Washington. Dr. Lee is also an Associate Editor of the Journal of Computer Supported Cooperative Work. She has a B.A. in Sociology from the University of California, Berkeley, and a Ph.D. in Information Studies from the University of California, Los Angeles. Dr. Lee’s research is in the field of Computer Supported Cooperative Work (CSCW) with a focus on studying cyber infrastructure development as a way to understanding highly dynamic, emergent collaborations. Her work empirically describes and theorizes the informational practices, artifacts, and collaborative structures of communities of practice working towards a shared goal: collaborative design.

David Garlan (CS’83,’87) is a professor in the Institute for Software Research and the Computer Science Department, and director of SCS’s Professional Software Engineering Programs. A graduate of Amherst and Oxford, he is a fellow of the IEEE and a senior member of the ACM, and is considered one of the founders of the field of software architecture. In 2005, Garlan received a Stevens Award Citation for “fundamental contributions to the development and understanding of software architecture as a discipline in software engineering,” and in 2011 he received the Outstanding Research Award from ACM SIGSOFT for “significant and lasting software engineering research contributions through the development and promotion of software architecture.”  Garlan spoke to Link Editor Jason Togyer.

Why is your office decorated with items related to Frank Lloyd Wright?

I’ve always been inspired by Wright. There’s integrity to his designs, because they’re held together by consistent elements and themesAnd they worry a lot about context. It’s not just the buildings themselves that he was concerned with, but how they fit into their surroundings. When Robert Allen and I created a language for specifying architecture, I decided to call it “Wright.”

How do Wright’s design principles apply to software architecture?

There are interesting parallels. I’m interested in systems whose design naturally matches the domain they attempt to serve—ones that fit neatly into their contexts without creating abrupt changes in experience for their developers or users. The world of software has become increasingly comples—we need to make sure that developers aren’t just creating nice standalone applications, but ones that also fit well into their environments. The iPhone is an interesting example: Apple created the ecosystem and maintained its consistency, so users have a seamless experience as they go from application to application.

What are the ingredients for good software architecture?

Good systems have clean, consistent structures that make them easy to understand, analyze and maintain over time. Sometimes what happens is that the software architect comes up with a good design and the programmers mess it up because they don’t understand the architectural principles; or simply because it’s easier for them to do it some other way.

What were your early computing experiences?

My father was a professor of philosophy at Reed College in Portland, Ore., and my stepmother was in charge of the computing lab there. They let me sneak in and play with the IBM equipment. Unfortunately, at that time, computers were not really mainstream at most colleges. When I got to Amherst, I did some programming for the physics department, but when I got to Oxford, I wasn’t exposed to any. Instead, I studied mathematics, later deciding that I didn’t want to become a mathematician.

What did you do instead?

Many things: I worked in a bakery, I worked in a brewery, I played in a band, and I taught high school and community college. While I was at the community college, one of the other instructors got sick, and I was asked to come in and teach a Fortran class.

You must have enjoyed that.

I did! So much so, someone suggested I apply to grad school at Carnegie Mellon for computer science. I have no idea why I was accepted. Perhaps I was one of those high-risk, high-potential people they were open to accepting in the early days of the department? I was lucky to have Nico Habermann as my advisor.

What was he like?

Nico was inspirational in terms of his vision, his dedication to his students, and his ability to nurture creative thought. It was a wonderful time, too, to be at CMU—a time when many people were thinking about how to support software development with good tools.

What was in the “toolbox” then?

A text editor, a compiler and a debugger, and that’s about it. Nico said, no, no, no, it should be much more. He felt that, along with the tools you needed, we should provide a rich environment to support the development of software, as well as the management of different groups of people who were working together on that software.

You didn’t stay at CMU, though.

No, when I finished my Ph.D., I went to Tektronix in Portland, where I discovered software architecture and the concept of reusing pieces of software as a way to reduce the complexity of systems. But you can’t reuse pieces of software without having a conceptual framework in which to place them. So I came back to CMU to pursue, along with my colleague Mary Shaw, this idea of architecture and help bring it into the mainstream.

Is the idea of software architecture more widely accepted now than it was then?

Yes, but for many people today, the architecture is constrained by the domain in which they’re working—a system for a bank, for instance—and there’s still a long way to go in the industry, because there’s a lot of the attitude, “I build it today the way I built it yesterday.”  Moreover, people struggle with maintainability because they don’t think about the long-term evolvability of systems.

Has the need for software to work across multiple platforms improved architecture?

The agile movement has actually somewhat exacerbated the problem, because programmers are often focused on adding features without thinking about sustainability. If people want certain properties built into the bones of a system, then it has to come through a framework and a platform – an architecture – that can evolve over time.

How do you predict what your later needs will be?

The design-time side of software was the traditional focus of software engineering. Over the past few years, there’s been a shift in thought because systems are deployed in ways that we didn’t expect. They need to work when things around them are breaking. We’re now shifting our focus from design-time to run-time.

How does that change software architecture?

New systems need to support much, much more capability for monitoring themselves and fixing problems without being taken off-line. Take security—you can build into the system defenses against all of the known security risks, but what you really want is the capability to deal with unknown attacks as they will necessarily arise. Engineers need to be asking themselves, do I have an adequate number of probes, looking for faults? Do I have enough run-time repair strategies? If I execute certain repairs, will it lead to loss of data or other bad results?

How are universities preparing software engineers for this new world?

Educating practitioners is one of the best ways to spread these new ideas. One of the things that makes our software engineering programs unique is that many of our tenure-track faculty are involved not just in research but in creating our courses for professional masters students that expose students to cutting edge ideas.

How much reverse flow is there, from students to faculty?

A lot, actually. I once received a letter from a graduate who said, “your course in architecture taught me a lot, but it’s not helping me in my current job, because I’m working with existing systems that have lousy architecture, and your course didn’t teach me how to handle that.” That led to a whole new research area for me called architecture evolution.

What activities do you enjoy in your free time?

I enjoy Argentine tango dancing. I also do a lot of gardening. I like to create landscaped spaces—I think of this as the antithesis of what I do at work. When gardening the boundaries are very soft and the time frame is very long—you plant a tree without knowing fully what it will look like in 50 years. It’s very non-algorithmic. There’s also a constant adaptation process of evolving the garden itself to make it what you want to be you and your garden are having a dialog over the course of many years.

# # #

The goal of my thesis is to provide an improved metric for evaluating the security of password policies, compared to previous machine-learning approaches. It will make five major contributions to passwords research. First, I develop a guess calculator framework that learns a model of adversary guessing from a training set of prior data mixed with samples. Second, I conduct a thorough analysis of user-created passwords and the password-creation process. Third, I use the guess calculator framework to evaluate the guessability of passwords for an entire university (CMU) and compare this to other sources of passwords, namely subsets of leaked datasets and passwords collected in research studies. Fourth, I make several improvements to the guessing model to increase the power of the learning algorithm and improve guessing efficiency. Fifth, I provide methodological guidance on using the framework for policy evaluation.

Thesis Committee:
Lorrie Cranor (Chair)
Lujo Bauer (ECE, CMU)
Nicolas Christin (ECE/Cylab CMU)
Paul C. Van Oorschot (Carleton University)

As the size and complexity of modern IT systems increases, there is greater need for automatic recovery from failures. Recently, self-adaptive control loops have started to replace human oversight as means to ensure high availability of software systems. Two critical pieces of the self-adaptive loop for high availability are failure identification and fault localization.

Failure identification, figuring out something is not working, is a challenging activity as (1) the monitoring is not done at the same abstraction level as the failures manifest themselves, and (2) because systems perform several activities concurrently, incorrect behavior will appear mixed with correct behavior. Identifying faults, pinpointing the source of the failure, is also challenging as (1) there may be multiple explanations for a fault and (2) diagnosis must be performed in a useful time frame.

In this thesis, we propose to improve self-diagnosis through a framework that allows a system to identify failures and pinpoint the corresponding faulty parts in a running system. This framework is based in two key principles: reasoning about the system's behavior at the software architecture level and providing a declarative approach to describe system behavior. The use of architectural models allows the diagnostic infrastructure to scale gracefully, supports efficient run-time execution of common fault localization algorithms, and supports failure diagnosis of system-level properties such as end-to-end performance. The use of a declarative approach to behavior allows one to systematically specify rules for bridging the gap between low-level monitoring and higher-level problem detection. It also supports reuse across systems that share a common architectural style.

Thesis Committee:
David Garlan, (Chair)
Mario Zenha-Rela (Co-Chair, Universidade de Coimbra, Portugal)
Jonathan Aldrich
Claire LeGeous
Antónia Lopes (Universidade de Lisboa, Portugal)
Raul Barbosa (Universidade de Coimbra, Portugal)
Rui Abreu (Universidade do Porto, Portugal)

Application Programming Interfaces (APIs) often define protocols–restrictions on the order of client calls to API methods. API protocols are common and difficult to follow, which has generated tremendous research into the specification and verification of protocols. However, verification techniques do little to alleviate several major challenges programmers face when using API protocols: fixing protocol violations, learning protocol rules, and finding state transitions.

To understand these challenges better, I mined developer forums to identify problems that developers have with protocols. Then, I performed a think-aloud observational study, in which I systematically observe professional programmers struggle with these same problems to get more detail on the nature of their struggles and how they use available resources. In our observations, programmer time was spent primarily on four types of searches of the protocol state space.

To alleviate the protocol programmability challenges, I embed state modeling techniques directly into code and developer documentation. I design and formalize a programming language, Plaid, in which objects are modeled not just in terms of classes, but in terms of changing abstract states. Each state may have its own fields and methods, as well as methods that transition the object into a new state. I also developed a documentation tool called Plaiddoc, which is like Javadoc except it organizes methods by state instead of by class and it includes explicit state transitions, state-based type specifications, and rich state relationships.

I evaluate Plaid through a series of examples taken from the Plaid compiler and standard libraries of Smalltalk and Java. These examples show how Plaid can more closely model state-based designs, enhancing understandability, automating error checking, and providing reuse benefits. I evaluate Plaiddoc with a user experiment and show that participants using Plaiddoc can perform state search significantly more quickly and accurately than participants using Javadoc.

Thesis Committee:
Jonathan Aldrich (Chair)
James D. Herbsleb
Brad A. Myers
Éric Tanter (University of Chile)


Copy of Thesis Document


Subscribe to ISR