CyLab undergrads take the lead on groundbreaking research

This summer, two CyLab papers that featured undergrads as lead writers were accepted and presented at major international conferences.

“What is cool about this is, while undergrads frequently participate in research, undergrads being the lead authors is not that common,” said Dimitrios Skarlatos, assistant professor in Carnegie Mellon University’s Computer Science Department. 

Skarlatos knows this firsthand, as he collaborated with two undergraduates in CMU’s Computer Architecture and Operating Systems (CAOS) group on a paper that was accepted at the 2024 International Symposium on Computer Architecture (ISCA).

The paper, “Perspective: A Principled Framework for Pliable and Secure Speculation in Operating Systems,” features CMU Computer Science (CS) undergrads Tae Hoon Kim and David Rudo as lead authors. Kim and Rudo presented this work in Buenos Aires, Argentina in June.

“We started this project in January of 2022. I first joined the group while looking for research mentors for the SCS research class 07-300,” said Kim, who is now a fifth-year CS master’s student. “Since then, this 2.5 year project has been a really challenging but rewarding journey. We are very grateful that it got accepted at ISCA, one of the top-tier conferences.”

In the paper, the research team proposes Perspective, a principled framework for building efficient, lightweight speculative execution defenses for operating systems against transient execution attacks. 

“We show that there is a way of mitigating a wide net of malicious speculative attacks with minimal overhead” said Rudo, a rising senior CS major with a security and privacy concentration. “And we specifically focus on the Linux kernel operating system because it is such an important piece of software that holds sensitive data attackers have tried to target in the past.”

“Our approach co-designs software and hardware so that it doesn’t require complex hardware. Another benefit of the software-hardware co-design is that we can obtain a highly pliable design by communicating our security goals through the software to the hardware,” said Kim. “So people can adapt it to their applications based on their security needs.”

While Kim and Rudo focused their research efforts on preventing cyber attacks, undergrads Claire C. Chen and Dillon Shu conducted consumer-facing research designed to empower customers to access reliable security and privacy information about Internet of Things (IoT) devices when making purchasing decisions.

Chen and Shu were lead authors on “Is a Trustmark and QR Code Enough? The Effect of IoT Security and Privacy Label Information Complexity on Consumer Comprehension and Behavior,” which Chen, a CMU School of Computer Science student, presented at the 2024 Association for Computing Machinery (ACM) Conference on Human Factors in Computing Systems (CHI 2024).

For the paper, Chen and Shu’s research team, working with faculty Lorrie Cranor and Yuvraj Agarwal, conducted an online survey with 518 IoT purchasers, through which they sought feedback on the labels that may someday accompany the official U.S. Cyber Trust Mark on IoT device packages to inform consumers about device security and privacy attributes.

The researchers examined survey participants’ comprehension and preferences for three labels of varying complexities, with and without an educational intervention.

“We designed labels with different levels of information and looked to see what difference that made for consumer purchasing decisions,” said Shu. “We learned that consumers preferred higher complexity labels, or labels with more information. Specifically, consumers almost unanimously did not like the labels with only the Trust Mark and QR code, which contained no privacy and security information on the label directly.”

Chen and Shu began working on the research as part of a class project in Cranor’s usable privacy and security course. After the semester was over Cranor and Agarwal hired them as research assistants and they continued working on the project over the summer and submitted a paper for publication.

Shu, an Information Systems student, said that the project helped him with his communication skills, and that he really appreciated the chance to work in a team research setting as an undergraduate student.

“I’m extremely grateful to have been given this opportunity; it was everything I had in mind and more,” said Shu. “On a personal level, I never considered research as a future path for me, but I felt since I was fortunate enough to have the opportunity I should see what it was like. It was a great chance to leave my comfort zone, and I figured this could be something that was a great fit for me that I simply hadn’t experienced yet.”

For Skarlatos, leading research on a major paper represents an invaluable growth opportunity for all undergraduate students, who gain experience and exposure to contemporary skills needed to tackle very challenging problems in the process of conducting their research. And it is an especially valuable résumé-builder for students who want to continue in top industry jobs or their academic studies beyond their undergraduate years.

“If you want to think about doing advanced studies, the earlier you think about conducting research, the better,” said Skarlatos. “Leading top tier research projects as an undergrad is a great pipeline to applying for top jobs in industry and  advanced degree programs.”

“Perspective: A Principled Framework for Pliable and Secure Speculation in Operating Systems”

Tae Hoon Kim, Carnegie Mellon University; David Rudo, Carnegie Mellon University; Kaiyang Zhao, Carnegie Mellon University; Zirui Neil Zhao, University of Illinois Urbana-Champaign; Dimitrios Skarlatos, Carnegie Mellon University

“Is a Trustmark and QR Code Enough? The Effect of IoT Security and Privacy Label Information Complexity on Consumer Comprehension and Behavior”

Claire C. Chen, Dillon Shu, Hamsini Ravishankar, Xinran Li, Yuvraj Agarwal, and Lorrie Faith Cranor; Carnegie Mellon University