research on security and programming languages cs696 fall 2005 28 september 2005 david evans and...
TRANSCRIPT
Research on Research on Security and Security and Programming Programming LanguagesLanguages
CS696 Fall 200528 September 2005
David Evans and Research Grouphttp://www.cs.virginia.edu/evans
University of VirginiaComputer Science
2www.cs.virginia.edu/evans/cs696
Menu
• Advice on Advice• Advice• Research Group Overview• Sample Projects
– Ben Cox: N-Variant Systems– Jeff Shirley: Secure Wireless Enrollment– Nate Paul: Thermal Attacks– Jinlin Yang: Dynamic Property Inference
3www.cs.virginia.edu/evans/cs696
Advice on Advice• Two types of advice:
– From Committees• Probably correct (lots of people agree on it)• Generally agreeable (lots of people agree on it)• Always uninteresting (lots of people agree on it)
– From Individuals• Probably wrong (just one arrogant person’s opinion)• Usually disagreeable (everyone’s experience is different)• Often interesting (someone was motivated enough to write
it)
• My advice: read/listen to lots of the second type, but ignore most of it
4www.cs.virginia.edu/evans/cs696
QuizThe truth is that no ideal strategy hasyet been found, and that every approach has strengths and weaknesses. Given the current state of the art in this area, we are convinced that no one-size-fits-all approach will succeed at all institutions. Because introductory programs differ so dramatically in their goals, structure, resources, and intended audience, we need a range of strategies that havebeen validated by practice.
The use of COBOL cripples the mind; its teaching should, therefore, be regarded as a criminal offense.
ACM Computing Curricula 2001, Recommendations of the Joint ACM/IEEE Task Force on Computing Curricula (http://www.computer.org/portal/cms_docs_ieeecs/ieeecs/education/cc2001/
cc2001.pdf)
Edsger W. Dijkstra, How do we tell truths that might hurt?, 1975.http://www.cs.virginia.edu/evans/cs655/readings/ewd498.html
5www.cs.virginia.edu/evans/cs696
Advice on Grad School“Almost everyone hates their dissertation by the time they're done with it. The process inherently tends to produce an unpleasant result, like a cake made out of whole wheat flour and baked for twelve hours. Few dissertations are read with pleasure, especially by their authors.
But thousands before you have suffered through writing a dissertation. And aside from that, grad school is close to paradise. Many people remember it as the happiest time of their lives. And nearly all the rest, including me, remember it as a period that would have been, if they hadn't had to write a dissertation.”
Paul Graham, Undergraduation http://paulgraham.com/college.html
6www.cs.virginia.edu/evans/cs696
“Close to Paradise”• Freedom to spend your time working on
hard and interesting problems• Luxury to fail over and over again without
consequences (as long as you’re trying and learning)– You’re supposed to fail, that’s how you learn to
become a researcher• Opportunity to work with smart,
interesting people you choose• Few responsibilities, no one tells you what
to do• Not quite paradise: low pay, long hours,
have to keep your advisor happy
7www.cs.virginia.edu/evans/cs696
Reasons for Doing PhD• Money, glory, fame, power, parchment, making people
call you “Doctor”• Preparation for academic research job:
– Obtain technical depth and breath in CS– Learn to carry out a research project (especially evaluation)– Develop taste to select good research problems– Learn to present your ideas well in writing, conversation, and
talks
• What you need to get an academic research job:– Publish 2-5 papers in top conferences in your area– One great idea – something you can give a good job talk about
(come to all job talks here)– Become known – build a social network– Be able to interview well: defend your ideas, ask interesting
questions about other people’s idea, know the important work in your area
8www.cs.virginia.edu/evans/cs696
Strategies for Finding an Advisor
1. Hard way: Examine all faculty web pages, read research papers; then start working with profs
2. Easy way: Figure out who the smartest, most successful “senior” grad students are and ask them; then start working with profs
3. Dumb way: Find the best looking students and try to join their group
4. Dumbest way: Sit through all the 696 talks and list your favorites on your matching form, assuming you have to be matched up with someone.
9www.cs.virginia.edu/evans/cs696
Tough Questions You Should Ask• What kind of beer/ice cream/coffee would you like?
• What are you working on? How did you pick it?– Bad answer: “Well, my advisor has this DARPA grant …”
• What are your scheduled meetings with your advisor like?
• What are your informal meetings with your advisor like?
• How do you write papers with your advisor?– Bad answer: haven’t written any
• How does your advisor work with you on learning to present your ideas well? (talks, in conversation, …)
• What has your advisor done to help you build your research network? – Has she/he introduced you to important people in your field?– How do people react when you mention who your advisor is at
conferences?
10www.cs.virginia.edu/evans/cs696
New Faculty
• No current students, so strategy 2 doesn’t work!– Some risk
• Lots of advantages to new faculty:– We have two excellent new professors– New faculty are not yet cynical and
jaded– New faculty are ambitious and tireless– Have funding with no strings attacked
11www.cs.virginia.edu/evans/cs696
More Advicehttp://www.cs.virginia.edu/evans/advice/
To pick an area: be sure you like the incremental results — you should consider them important, or at least fun!
Yannis Smaragdakis, PhD Rants and Raves (Be Afraid. Be very afraid.)
Don't let the dog eat your notebook. Norm Ramsey, A Guide for Research Students
A dwindling minority of traditionalists still oppose academic tipping; they instead cling to the old system whereby graduate students curried favor by emulating the thoughts and actions of their major professor, thus promulgating the "old fogy's" persona indefinitely.Steven Hughes, Academic Tipping Guidelines
Computer Science majors are not, in general, known for their interpersonal skills.
Ronald Azuma, So long, and thanks for the PhD!
12www.cs.virginia.edu/evans/cs696
Research Group• Inexpensive Program Analysis
– Lightweight static analysis– Dynamic property inference [Jinlin Yang] (4)
• Physicrypt– RFID Security [Karsten Nohl]– Wireless Enrollment [Jeff Shirley] (2)– Thermal Attacks [Nate Paul] (3)
• Security through Artificial Diversity– Evaluating security through diversity [Nora
Sovarel]– N-Variant Systems [Ben Cox] (1)