CAREER: At-scale Analysis of Issues in Cyber-security and Software Engineering

One of the most significant challenges in cybersecurity is that humans are involved in software engineering and inevitably make security mistakes in their implementation of specifications, leading to software vulnerabilities. A challenge to eliminating these mistakes is the relative lack of empirical evidence regarding what secure coding practices (e.g., secure defaults, validating client data, etc.), threat modeling, and educational solutions are effective in reducing the number of application-level vulnerabilities that software engineers produce. This research aims to perform experiments analyzing programming assignment submissions to Massively Open Online Courses (MOOCs) before and after secure coding and threat modeling techniques are taught to empirically measure their impact on the rate of security vulnerabilities in assignment implementations. A key component of this research will be the use of MOOC assignment specifications and variations that have the potential to be affected by common cybersecurity vulnerabilities, such as problems with input validation to web applications or privilege escalation on mobile platforms. Because these critical security implementation issues will be known ahead of time, the MOOC assignments will allow automated assessment of how successfully each assignment implementation manages these security issues.

Key questions investigated by this research include analyzing the impact of varying secure coding and threat modeling techniques on vulnerability production in software, what level of abstraction these techniques need to be taught at to be effective, the relative return on investment of threat modeling vs. automated vulnerability assessment effort, and the comparative effectiveness of making developers aware of security issues versus requiring active application of secure coding and threat modeling techniques. The broader impact of this research is substantial. Very little empirical data is available for organizations to use to properly value the secure coding and threat modeling techniques that have been developed. By creating a large body of rigorous evidence to illustrate how effective (or possibly not effective) different techniques are, the research will allow organizations to evaluate their return on investment and improve the use of these techniques in the software engineering process.

Award Number: 1552836
Sponsor: National Science Foundation
Lead PI: Jules White

Benching Computer Vision Algorithms for Basketball

Sponsor: Noah Basketball
Lead PI: Jules White

Design.R - AI-assisted CPS Design

The project is part of the Symbiotic Design for CPS (SDCPS) program, with a goal to develop AI-based approaches to enable correct-by-construction design of military-relevant CPS. Beyond novel theoretical discoveries we focus our innovation and research efforts to deliver AI-based Co-Designers that are integratable with the dominantly model-based Cyber-Physical System (CPS) design flows and tool suites. Our vision is the reformulation of the conventional engineering process of CPS as a continuously learning, self-improving process of collaborative discovery. Breakthroughs will emerge from the symbiosis of new, AI-based data-driven approaches in design flows to complement human intuitions and classical analytics for synthesizing and validating candidate solutions.

The project is led by the Institute for Software Integrated Systems of Vanderbilt, and includes collaborators from University of Alberta, Canada and University of Szeged, Hungary. Vanderbilt’s Péter Völgyesi (PI) has over two decades of experience with model-based design, design automation and integration platforms. The Institute for Software Integrated Systems has pioneered generations of metaprogrammable tool suites for modeling and model transformation and their use in design automation. The University of Alberta team, led by Prof. Csaba Szepesvári, has developed several fundamentally novel AI/ML algorithms that led to breakthroughs, such as DeepMind's AlphaGo. As the lead of the foundation group at Google's DeepMind, Prof. Szepesvári has a broad perspective on recent advancements in AI that can change the status quo in model-based design automation. Prof. Miklós Maróti, the lead of the mathematics research team at University of Szeged, has foundational work in applying AI methods within mathematics: augmenting SAT solvers with AI-based approximations to solve algebraic problems and proving stability properties of dynamical systems by learning their Lyapunov functions.

Press Release:

Sponsor: Defense Advanced Research Projects Agency
Lead PI: Peter Volgyesi
Co-PI: Christopher White

SCC-IRG Track 1: Mobility for all - Harnessing Emerging Transit Solutions for Underserved Communities

Public transportation infrastructure is an essential component in cultivating equitable communities. However, public transit agencies have historically struggled to achieve this since they are often severely stressed in terms of resources as they have to make the trade-off between concentrating service into routes that serve large numbers of people and spreading service out to ensure that people everywhere have access to at least some service. A solution that holds great promise for improving public transit systems is the integration of fixed-route services with microtransit systems: multi-passenger transportation services that serve passengers using dynamically generated routes and may expect passengers to make their way to and from common pick-up or drop-off points. However, most microtransit systems have failed in the past due to the lack of community engagement, inability to handle the uncertainty of operations when integrating the fixed transit, and inability to handle the system-level optimization challenges. The project takes a socio-relational approach to community engagement in collaboration with the Chattanooga Area Regional Transportation Authority (CARTA), design a community-centric micro-transit service that augments fixed-line public transit networks (improving transit accessibility), and demonstrate its effectiveness in the representative city of Chattanooga. The outcome of the project will be a deployment-ready software system that can be used by an agency to design and operate a micro-transit service effectively. The algorithmic toolchain will be complemented by mechanisms to optimally select the parameters and sustainably manage the data required by the algorithms. In addition, this project will provide a set of exemplar case studies and a validated social methodology to engage the community and learn their requirements, which will be fed into the algorithms. This will potentially impact a wide range of cities in the U.S. that do not have well-developed transit systems as the project will not only provide a reusable operations system but also demonstrate how integrated socio-technical research and strong community engagement can provide a pattern for sustainability and expansion.

The intellectual merit of this project lies in the novel community engagement approach and combined operations research and data-driven, learning-based integrated system optimization. Towards this goal, the project will make four key contributions. First, the project will develop a novel targeted outreach approach that uses the relational networks of social capital (e.g., outreach to community centers, congregations and faith communities, schools, and similar organizational structures) and builds a categorical demand model to design an innovative micro-transit system. The project's hypothesis is that the behavioral impact on public-transit ridership with the proposed method will be significantly higher than with an approach that focuses only on the economic or time-saving benefits of the improved transit system. Second, the project will introduce a sustainable and resilient data-integration platform that dynamically adjusts the location of the sensor data used to affect the design parameters and assess performance of the transit system. This is crucial because cloud computing is still very expensive for community partners, especially for real-time high-velocity and high-volume data analysis. Further, this data store provides us an opportunity to take a privacy by design approach for the datasets collected during the project. Specifically, the project will develop novel integrated anonymization mixers for multi-modal datasets (e.g., mixing information of different modalities, such as location traces and transactions, together in a spatiotemporal-transactional mixer) that achieve a given level of privacy (quantified using the notation of differential privacy) while maximizing the accuracy of transit queries, relying on not just the privacy-properties of the data but also on the needs of the queries. Third, the project will develop uncertainty-aware fleet management and dispatch algorithms that incorporate demand aggregation and environmental uncertainty caused by congestion, incidents, and their impact on the system (both for the users and fleet operations). Fourth, the project will leverage recent advances in active learning for non-stationary environments with contextual side information to design algorithms that will aid in the exploration and optimal selection of hyperparameters for microtransit algorithms.

Award Number: 1952011
Sponsor: NSF
Lead PI: Abhishek Dubey
Co-PI: Paul Speer

Rapid Scenario-Driven Integrated Simulation Experimentation Framework

Cyber-Physical Systems (CPS) are composed of a wide range of networked physical, computational, and human/organization components. These systems are highly complex as they have many different heterogeneous components, such as physical, computational, and human. Simulation-based evaluation of the behavior of CPS is complex, as it involves multiple, heterogeneous, interacting domains. Each simulation domain has sophisticated tools, but their integration into a coherent framework is a difficult, time-consuming, labor-intensive, and error-prone task. This means that it is difficult to conduct computational studies rapidly and provide timely answers to the planners, operators, and policy makers. Furthermore, CPS behavior has to be tested against a number of scenarios and situations, meaning that a large number of simulations must be executed covering the entire space of possibilities. This project leverages our Cyber-Physical Systems Wind Tunnel (CPSWT) framework -- that enables rapid, model-based integration of a variety of simulation tools -- to develop methods, tools, and approaches for creating a scenario-driven experimentation environment that can support rapid investigation of CPS using a large combination and variants of experiment scenarios. The objectives of this project are to develop: (1) Scenario-driven experimentation capability of the CPS simulation integration framework by supporting the modeling, parameterization, configuration, execution, and monitoring of integrated simulation experiments; and (2) Capability to enable instrumentation of experiment data-generation dynamically (i.e., at run-time) according to the requirements of scenarios designed to experiment with integrated simulations -- which will enable generation of pertinent datasets for conducting specific analyses as well as training Artificial Intelligence (AI) algorithms for detecting and analyzing rare events in the simulations.

Key Outcomes

The project has been successfully transitioned to the Communications Technology Laboratory (CTL) within the US National Institute of Standards and Technology (NIST).

Sponsor: National Institute of Standards and Technology
Lead PI: Himanshu Neema

FW-HTF Theme 1: Collaborative Research: Augmenting and Advancing Cognitive Performance of Control Room Operators for Power Grid Resiliency

The Future of Work at the Human-Technology Frontier (FW-HTF) is one of 10 new Big Ideas for Future Investment announced by the National Science Foundation. The FW-HTF cross-directorate program aims to respond to the challenges and opportunities of the changing landscape of jobs and work by supporting convergent research. This award fulfills part of that aim. Effective decision making by power grid operators in extreme events (e.g., Hurricane Maria in Puerto Rico, the Ukraine cyber attack) depends on two factors: operator knowledge acquired through training and experience, and appropriate decision support tools. Decision making in electric grid operation during extreme adverse events directly impacts the life of citizens. This project will augment the cognitive performance of human operators with new, human-focused decision support tools and better, data-driven training for managing the grid especially under highly disruptive conditions. The development of new generation of tools for online knowledge fusion, event detection, cyber-physical-human analysis in operational environment can be applied during extreme events and provide energy to critical facilities like hospitals, city halls and essential infrastructure to keep citizens safe and avoid economic loss for the Nation. Higher performance of operators will improve worker quality of life and will enhance the economic and social well-being of the country. The project's training objectives will leverage existing educational efforts and outreach activities and we will publicize the multidisciplinary outcomes through multiple venues.

The proposed project will integrate principles from cognitive neuroscience, artificial intelligence, machine learning, data science, cybersecurity, and power engineering to augment power grid operators for better performance. Two key parameters influencing human performance from the dynamic attentional control (DAC) framework are working memory (WM) capacity, the ability to maintain information in the focus of attention, and cognitive flexibility (CF), the ability to use feedback to redirect decision making given fast changing system scenarios. The project will achieve its goals through analyzing WM and CF and performance of power grid operators during extreme events; augmenting cognitive performance through advanced machine learning based decision support tools and adaptive human-machine system; and developing theory-driven training simulators for advancing cognitive performance of human operators for enhanced grid resilience. A new set of algorithms have been proposed for data-driven event detection, anomaly flag processing, root cause analysis and decision support using Tree Augmented naive Bayesian Net (TAN) structure, Minimum Weighted Spanning Tree (MWST) using the Mutual Information (MI) metric, and unsupervised learning improved for online learning and decision making. Additionally, visualization tools have been proposed using cognitive factor analysis and human error analysis. We propose a training process driven by cognitive and physiometric analysis and inspired by our experience in operators training in multiple domain: the power grid, aircraft and spacecraft flight simulators. A systematic approach for human operator decision making is proposed using quantifiable human and engineering analysis indices for power grid resiliency.

Award Number: 1840052
Sponsor: NSF
Lead PI: Gautam Biswas
Co-PI: Abhishek Dubey

Air Taxi (Hybrid or Electric) aeroNautical Simulation (ATHENS)

Sponsor: DARPA
Lead PI: Ted Bapty
Co-PI: Jason Scott
Subscribe to Human/AI/Machine partnerships