ISR

The rise of the Islamic State of Iraq and al-Sham (ISIS) has been watched by millions through the lens of social media. This “crowd” of social media users has given the group broad reach resulting in a massive online support community that is an essential element of their public affairs and resourcing strategies. Other extremist groups have begun to leverage social media as well. Online Extremist Community (OEC) detection holds great potential to enable social media intelligence (SOCMINT) mining as well as informed strategies to disrupt these online communities. I present Iterative Vertex Clustering and Classification (IVCC), a scalable analytic approach for OEC detection in annotated heterogeneous networks, and propose several extensions to this methodology to help provide policy makers the ability to identify these communities at scale to understand members’ interests and influence. Ultimately, these methods could provide unique insights to shape information operations, intervention strategies, and policy decisions.

In this thesis, I propose the following contributions:

  • efficient search and discovery of OEC members via semi-supervised dense community detection
  • an active learning framework to incorporate regional expertise and enable monitoring of highly dynamic OECs
  • a formal study of mention strategies used to gain social influence in within a target online community
  • an extended literature review of methods applicable to detection, analysis, and disruption of OECs

The contributions proposed in this thesis will be applied to four large Twitter corpora containing distinct online communities of interest. My goal is to provide a substantive foundation enabling follow-on work in this emergent area so critical to counter-terrorism and national security.

Thesis Committee:
Kathleen M. Carley (Chair, ISR)
Daniel Neill (Heinz)
Dr. Zico Kolter (CSD/ISR)
Randy Garrett (IronNet Cybersecurity Inc.)

Copy of Proposal Document

Social identities, the labels we use to describe ourselves and others, carry with them stereotypes that have significant impacts on our social lives. Our stereotypes, sometimes without us knowing, guide our decisions on whom to talk to and whom to stay away from, whom to befriend and whom to bully, whom to treat with reverence and whom to view with disgust.

Despite the omnipotent impact of identities and stereotypes on our lives, existing methods used to understand them are lacking. In this thesis, I first develop three novel computational tools that further our ability to test and utilize existing social theory on identity and stereotypes. These tools include a method to extract identities from Twitter data, a method to infer affective stereotypes from newspaper data and a method to infer both affective and semantic stereotypes from Twitter data. Case studies using these methods provide insights into Twitter data relevant to the Eric Garner and Michael Brown tragedies and both Twitter and newspaper data from the Arab Spring'.

Results from these case studies motivate the need for not only new methods for existing theory, but new social theory as well. To this end, I develop a new socio-theoretic model of identity labeling - how we choose which label to apply to others in a particular situation. The model combines data, methods and theory from the social sciences and machine learning, providing an important example of the surprisingly rich interconnections between these fields.

Thesis Committee:
Kathleen M. Carley (Chair)
Jason Hong (HCII)
Eric Xing (MLD/LTI,/CSD)
Lynn Smith-Lovin (Duke University)
Robert L. Wilson (Department of Sociology)

Copy of Thesis Document

It is essentially impossible to build modern software without extensive supply chains. Supply chains decrease development risk, but typically at the cost of increased security risk. In particular, it is often difficult to trust or verify that a component contains no unwanted behaviors, vulnerabilities, or malicious code that may harm an application or its users.

Sandboxes provide relief by encapsulating a component and imposing a security policy on it. Instead of trusting or verifying the component, we must trust or verify the relatively simple sandbox. Given this appealing prospect, researchers have spent decades developing new sandboxes. However, sandboxes are rarely used in practice. What is hampering adoption? This thesis advances our understanding of and overcomes some barriers to adoption.

We begin by systematically analyzing a decade of sandboxing research from relevant top-tier conferences. This work uncovers our first two challenges: sandbox researchers often (1) use relatively subjective validation techniques and (2) ignore usability.

We then focus on the Java sandbox to empirically study its use within the open source community. We find unnecessary complexity in the sandbox that has promoted a thriving exploit landscape. We develop run time monitors for the Java Virtual Machine (JVM) that disable these complexity points, stopping sandbox escaping exploits without breaking compatibility with benign applications. However, we found no cases where the sandbox was successfully used for security purposes, which motivated us to overcome necessary complexity via tooling. Our tools help users derive and refine a security policy and impose it on targeted Java application components.

Finally, we observe vulnerability-inducing design and implementation complexity in adopted sandboxes, and thus develop and evaluate a sandboxing technique that leverages cloud computing environments to execute untrusted computations. Any malicious outcomes produced by the computations are contained by ephemeral virtual machines.

We evaluate our tools and sandbox in a series of case studies that investigate hard-to-sandbox cases in collaboration with industrial partners.

Thesis Committee:
Jonathan Aldrich (Co-chair)
William L. Scherlis (Co-chair)
Lujo Bauer (ECE/ISR)
Bruno Amizic (The Boeing Company)

Copy of Thesis Document

With the emergence of the Internet of Things and a data-centric economy, where a growing number of products, services and business processes rely on the collection and processing of user data, people are increasingly confronted with an unmanageable number of privacy decisions. What is needed is a new, more scalable paradigm that empowers them to regain control over their data. Over the past ten years, my group at CMU has been working towards the development of personalized privacy assistants. To be effective, these assistants will have to be capable of incrementally learning the privacy preferences of their users,  semi-automatically configure many privacy settings on their behalf and generally alert their users about privacy practices they may not be expecting. These assistants will have to be minimally disruptive, limiting their interactions with us to the bare minimum, yet knowing enough about us to make many decisions on our behalf.

Through these very selective interactions, they will alert us about practices we may not feel comfortable with, confirm privacy settings they are not sure how to configure, refine models of our preferences, and occasionally nudge us to carefully (re)consider the implications of some of our  privacy decisions. 

As part of this presentation, I will summarize our progress in this area, focusing in particular on a series of pilot studies conducted to evaluate personalized privacy assistant functionality developed to help smartphone users manage their mobile app privacy settings. I will also review some of the ethical and business challenges that the development of this type of technology needs to consider.

Norman Sadeh is a Professor in the School of Computer Science at Carnegie Mellon University. His research interests span mobile and pervasive computing, cybersecurity and privacy, human computer interaction, machine learning and personal assistants. Norman is director of the School of Computer Science’s Mobile Commerce Lab and also co-founder and co-director of the School of Computer Science’s Master’s Program in Privacy Engineering. He also co-founded and served as co-director of the School’s PhD Program in Societal Computing during its first ten years. 

Dr. Sadeh is also co-founder, chairman and chief scientist of Wombat Security Technologies, a CMU spinoff that sells a unique suite of cybersecurity training products and anti-phishing filtering technologies. Norman has been on the faculty at Carnegie Mellon since 1991 and is also well-known for his work on the livehoods project as well as earlier work in scheduling, constraint satisfaction and constrained optimization, supply chain management and Semantic Web technologies. In the late nineties, he served as Chief Scientist of the European Union’s $600M e-Work and e-Commerce program, which at the time included all pan-European research in cyber security and online privacy. 

Norman received his PhD in computer science from Carnegie Mellon University, an MSc, also in computer science, from the University of Southern California, and a BS/MSc in Electrical Engineering and Applied Physics from Brussels Free University.

We need better tools for C, such as source browsers, bug finders, and automated refactorings. The problem is that large C systems such as Linux are software product lines, containing thousands of configuration variables controlling every aspect of the software from architecture features to file systems and drivers. The challenge for software tools is to analyze all configurations of the source code without succumbing to exponential explosion due to variability.

Bug-finding is one area where such capability is useful. Even trivial bugs like linker errors become hard to find when they only appear in certain configurations, because testing each configuration one-at-a-time is infeasible. Previous work shows that such variability bugs do appear in the Linux kernel source but, lacking automated tools, finds them by examining patches to the source. To support variability-aware tools, we focus on two key subproblems, parsing and the build system, and show how these components work together to enable a simple variability-aware bug-finder for linker errors.

A configuration-preserving preprocessor and parser called SuperC collects all function calls and definitions along with their conditions. Then, a configuration-preserving Makefile evaluator called Kmax collects all compilation units and their conditions. To find linker errors, a boolean expression representing the potential linker error is constructed for each function call. The expression combines the conditions at the definition site and its compilation unit, the call site and its compilation unit, and the Linux feature model. A SAT solver then determines whether a linker error exists in any configuration. Evaluation shows that known bugs can be found and that the finder scales across the entire Linux kernel source code.

Paul Gazillo is currently a post-doctoral associate at Yale university where I research static analyses to find complexity attacks on software. I received my PhD from New York University December 2015, where my research focused on enabling software tools for C programs in the presence of the C preprocessor and variability. Before beginning the PhD, I was a research data analyst for Educational Testing Service.

Cyber-Physical Systems (CPS) are software-controlled systems that have complex interactions with the physical world. Many CPS, such as autonomous drones and self-driving cars, are becoming increasingly more embedded in our society, and therefore safety-critical and demanding of rigorous quality assurance. To this end, CPS engineering relies on modeling methods from diverse scientific and engineering fields, for example control theory and real-time scheduling. Diverse modeling methods are difficult to combine with each other due to their complexity and heterogeneity. Inconsistencies between models and analyses that come from different modeling methods often lead to implicit design errors, which subsequently can cause critical CPS failures with loss of lives and substantial material resources.

To detect and prevent inconsistencies between CPS modeling methods, this thesis investigates an improved architectural approach to integration of CPS modeling methods. This approach relies on architectural views (annotated component-and-connector models) to abstract out and check integration-relevant information from detailed models (e.g., hybrid programs). On top of these views I introduce a novel integration perspective based analyses -- algorithms and procedures that interpret and augment models. For each analysis I propose to specify a contract that captures inputs, outputs, assumptions and guarantees of the analysis in terms of view elements. A particularly challenging task is creating a language to express assumptions, guarantees, and consistency statements over heterogeneous models and views. This language needs to strike a balance between expressiveness and decidability to be effective in the CPS context.

The conceptual advances of this thesis enable a new level of automation for CPS modeling method integration. I will implement these advances in a toolset that will support automated model-view synchronization, analysis execution, and verification of semantic consistency between models. This toolset will serve as a means of evaluating the proposed integration approach in case studies of realistic CPS systems, such as autonomous spacecraft and collaborative robots. I will validate claims about correctness, effectiveness, and generality of my approach.

Thesis Committee:
David Garlan (Chair, ISR)
André Platzer (CSD CMU)
Bruce Krogh (ECE CMU)
Dionisio de Niz (Software Engineering Institute, CMU)
John Day (Jet Propulsion Laboratory/NASA)

Copy of Proposal Document

Solving the expression problem requires a language or system to allow one to add new variants to a datatype as well as new operations over it while ensuring strong static type safety without re-compiling the existing implementation.  The independently-extensible version goes a step further to require that these extensions can be added in any order.  In extensible languages this amounts to adding new (abstract) syntax to a language and new semantic analyses or translations to it.  Attribute grammars solve these versions of the expression problem, but with forwarding and a modular well-definedness analysis they also solve a version that requires that no 'glue' code need be written to combine the various extensions.  This means that the composition can always be done safely and automatically.  Using these techniques we have built ableC, an extensible language framework for C in which non-export programmers can select the language extensions that best fit their task at hand with the confidence that the supporting tools can generate a working compiler for their custom language.

Eric Van Wyk's research focuses on programming languages, in particular extensible programming languages and compilers, applications of temporal logic, and algebraic compilers. In 2005 he was awarded a McKnight Land-Grant Professorship and the National Science Foundation's CAREER award in 2004.

He has authored or co-authored more than 25 publications, including journal and conference papers, articles and technical reports. Van Wyk has developed various software packages including the Silver attribute grammar specification and evaluation system, extensible specifications of Java 1.4 and ANSI C written in Silver, and various domain-specific language extensions for these Java and C specifications. He is a member of ACM, ACM SIGPLAN, IEEE, the IEEE Computer Society, and is involved in numerous conference committees. Van Wyk also does outreach, serving as a member of the St. Louis Park High School School Business and Information Technology Advisory Board.

Faculty Host: Jonathan Aldrich

Structured probabilistic inference has shown to be useful in modeling complex latent structures of data. One successful way in which this technique has been applied is in the discovery of latent topical structures of text data, which is usually referred to as topic modeling. With the recent popularity of mobile devices and social networking, we can now easily acquire text data attached to meta information, such as geo-spatial coordinates and time stamps. This metadata can provide rich and accurate information that is helpful in answering many research questions related to spatial and temporal reasoning. However, such data must be treated differently from text data. For example, spatial data is usually organized in terms of a two dimensional region while temporal information can exhibit periodicities. While some work existing in the topic modeling community that utilizes some of the meta information, these models largely focused on incorporating metadata into text analysis, rather than providing models that make full use of the joint distribution of meta-information and text. 

In this thesis, I propose the event detection problem, which is a multi-dimensional latent clustering problem on spatial, temporal and textual data. The event detection problem can be treated as a generalization of the topic modeling problem where events can be considered as topics that are augmented by location and time. Preliminary models can effectively learn the representations of major events covered in a corpus of Twitter data and can also be used for various prediction tasks such as predicting the spatial coordinates, time stamps of the documents as well as estimating life cycles of new born events. 

The approaches proposed in this thesis are largely based on Bayesian non-parametric methods to deal with steaming data and unpredictable number of data clusters. The research proposed will not only serve the event detection problem itself but also shed light into a more general structured clustering problem in spatial, temporal and textual data.

Thesis Committee:
Kathleen M. Carley (Chair)
Huan Liu (School of Computing, Informatics, & Decision Systems Engineering, Arizona State University)
Tom Mitchell (Machine Learning/CMU)
Alexander J. Smola (Machine Learning/CMU)

Copy of Proposal Document

Software development environments are increasingly integrating social media features that allow transparency of software projects and developers by making visible all work-related activity that software developers can use to enhance their work. Developers in these environments often choose to interact with other projects or developers, whether through forming dependencies, learning from an expert, or evaluating code contributions. Transparency can inform these decisions by allowing interested developers to see an entire network of information, such as all the developers that work on a particular project and their prior development history. With this promise of staying aware and interacting with an ecosystem of potentially millions of projects and developers comes the peril of consuming overwhelming amounts of mostly noisy information generated by the broadcast development activity of these projects and developers. However, by identifying what information developers need to be aware of in transparent environments, there is the opportunity to inform new practices and tools that assist developers in their tasks by only displaying information that is most relevant for the current task.

My dissertation work is to identify signals that developers make use of during tasks in transparent development environments and to use this knowledge to create tools that assist developers in performing these tasks. When developers are evaluating contributions, they make use of technical signals from the contribution and social signals from the submitter such as social connections and prior interaction on the project. Developers solving problems through discussion on contributions use signals such as the political influence of the community and how new the submitter is to inform decisions such as the scope of implemented solutions and the necessary amount of etiquette in a response. When deciding to use or participate in a project, developers make inferences about working dynamics, personal utility, and the project’s community. I propose the development of a tool that uses signals to assist developers in finding and evaluating projects in transparent development environments. Depending on the user’s current task, the tool should visualize different relevant project-related signals to assist the developer in evaluating projects. For example, a user looking to find a project to form a dependency with will see signals for a project’s maturity while a user looking to find a project to learn from might see signals for popularity. The development of this tool will occur in 2 phases: 1) enhanced project summary and 2) personalized project search. The enhanced project summary phase augments potential projects with additional signals that assist the user in evaluating and selecting projects. The personalized project search phase uses information about the user and potential projects to select only relevant projects for the particular user to evaluate.

Thesis Committee:
James Herbsleb (Co-chair)
Laura Dabbish (Co-chair)
Claire Le Goues
André van der Hoek (University of California, Irvine)

Copy of Proposal Document

Pages

Subscribe to ISR