video |
|
Judith Bishop |
-
Keynote: All work and no play makes software
engineering dull
+
Abstract: What can software engineering learn from gaming? What can gaming learn
from software engineering? Can the hard problems of software engineering
be converted into games that can be crowdsourced and solved by ordinary
players? What are the broader implications for the research community?
I don't have the answers to these questions. However, this talk presents
one perspective. I aim to inspire researchers to apply new ideas and
techniques to a variety of tasks in software engineering, gaming, and
beyond.
Bio: Michael D. Ernst is an Associate Professor in the
Computer Science & Engineering department at the
University of Washington.
Ernst's research aims to make software more reliable,
more secure, and easier (and more fun!) to produce.
His primary technical interests are in software
engineering and related areas, including programming
languages, type theory, security, program analysis,
bug prediction, testing, and verification. Ernst's
research combines strong theoretical foundations with
realistic experimentation, with an eye to changing the
way that software developers work.
Dr. Ernst was previously a tenured professor at MIT,
and before that a researcher at Microsoft Research.
More information is available at his homepage.
|
Michael Ernst |
|
|
|
video |
-
On building a science for software security
+
Abstract: Cyber systems must inspire trust and
confidence, comply with applicable security and other
policies, predictably protect the integrity of data and
resources as well as the privacy of data owners, and
perform reliably and safely. For this predictability,
scientific principles must underlie the design, analysis
and operation of these systems because adversaries
present ever-changing threats. Solving today's security
problems with targeted "engineering" solutions will not
help us outsmart the adversaries. The determination to
attack hard security problems through the advancement of
science drives an emphasis on being explicit regarding
the scoping of problems, on hypothesis formation, on
data gathering, and on analysis of that data. In this
talk, we will explore how software engineering research,
in general, has become more empirical, scientific, and
substantiated through sound, scientific research
methods, and what needs to happen for a similar
advancement in the science of software security.
Bio: Laurie Williams is a Professor of Computer
Science at North Carolina State University (NCSU).
Laurie has taught software engineering, software
testing, software reliability, and software security at
NCSU since 2000. Laurie's software security research
includes security metrics, authentication/logging,
access control, software security engineering, and
security testing. Laurie is a co-director of the NCSU
Science of Security Lablet funded by the US National
Security Agency. She is the Senior Research Director of
the Institute of Next Generation Systems (ITnG). Laurie
was named an ACM Distinguished Scientist in 2011. Laurie
has a PhD in Computer Science from the University of
Utah, an MBA from Duke University, and a BS in
Industrial Engineering from Lehigh University. Laurie
worked at IBM for nine years before returning to
academia.
|
Laurie Williams |
-
On the naturalness of software
+
Abstract: Programming languages, like their
"natural" counterparts, are rich, powerful and
expressive. But while skilled writers like Zadie
Smith, Aravind Adiga, and Salman Rushdie delight us
with their elegant, creative deployment of the power
and beauty of English, most of what us regular mortals
say and write everyday is Very Repetitive and Highly
Predictable. This predictability, as most of us
have learned by now, is at the heart of the modern
statistical revolution in speech recognition, natural
language translation, question-answering, etc. We will
argue that in fact, despite the power and
expressiveness of programming languages, most
<<Software>> in fact is
<<also>> quite repetitive and
predictable, and can be fruitfully modeled using the
same types of statistical models used in natural
language processing. We present some practical
applications of this rather unexpected finding, and
present a research vision arguing that this phenomenon
is potentially rich in both scientific questions, and
engineering promise. This is an international
effort is currently funded by the U.S NSF and the UK
EPSRC. Active collaborators include Zhendong Su at UC
Davis, Roni Rosenfeld and William Cohen of CMU, Earl
Barr and Mark Harmon of University College, London,
Mark Gabel of UT Dallas, and Charles Sutton of the
University of Edinburgh. There's lots to do, and we
welcome more collaborators. Bio: Prem Devanbu
is Professor of Computer Science at UC Davis. His
research interest is mainly in exploiting Good Data to
help Software Engineers live better, longer, happier,
more meaningful lives.
|
Prem Devanbu |
-
The human element
+
Abstract: Have you ever been at a gathering and
someone asks you what you do for a living? Often,
explaining that you do software engineering research
ends the discussion pretty quickly. Other times, I
have had people engage and suggest that it will all be
passe in a few years when computers program computers.
In this talk, I'll provide one person's perspective on
why humans are critical for building great software
and how we need to do a much better job as a software
engineering community in taking advantage of the
incredible resource on the other side of the
screens.
|
Gail Murphy |
|
|
|
video |
-
Software engineering support for human intensive systems
+
Abstract: Society is becoming increasingly
dependent upon human-intensive systems, namely systems
that involve complex interaction and cooperation among
software applications, hardware devices, and human
participants. In such systems, humans typically
participate as experts, often making important
decisions based upon the information provided by the
software and hardware components. This specialization
of roles requires new and innovative approaches to
modeling, analyzing, and executing such systems. This
talk will describe some of those concerns, including
modeling approaches that support human-desired
flexibility and complex exception management, analysis
approaches that focus on the fallibility of human
participants, and execution support to help reduce
human errors.
|
Lori Clarke |
-
Multiplicity computing
+
Abstract: The growing demand for ever more complex
and sophisticated applications outpaces our
understanding of how to build, modify, or configure
them to meet the basic behavioral goals of
reliability, performance, and security. We envision a
new approach to engineering software systems wherein
we treat an application as a large family of
automatically generated variants. These variants
derive from such things as mutations to the code base,
alternative configuration settings, and changes to
thread scheduling policies. The variants are then
deployed for live use and executed in parallel in such
a way that the cumulative effect of their behavior
probabilistically exhibits higher reliability,
performance, and security than either the original
application or any individual variant. We refer to our
approach as "multiplicity computing", owing to the
large and potentially diverse family of variants, each
competing with the other to see which one best
achieves the behavioral goals. This talk
reviews some of the challenges in multiplicity
computing, including: (1) finding sources of variation
and formulating techniques to automatically generate
variants from those sources; (2) designing a run-time
infrastructure for managing and coordinating the
simultaneous execution of multiple variants; (3)
providing an execution platform that manages the
resources required for this execution; (4) developing
a framework for conducting rigorous live experiments
with variants; and (5) deriving general-purpose
architectural principles and design methods to support
the technique.
|
Alex Wolf |
|
|
|
video |
-
Blended analysis: an effective combination of static and dynamic analyses
+
Abstract: A new analysis paradigm, blended program
analysis combines a dynamic representation of program
calling structure with a static analysis applied to a
region of that calling structure. Traditionally,
compilers have used static analysis to enable
semantics-preserving program transformations. Blended
analysis supports tool-building to aid software
developers improve the security of their applications
and enhance program understanding. We have
built a framework for blended analysis of JavaScript
codes from popular websites from alexa.com. We will
show results of a blended taint analysis to
demonstrate how it deals with the dynamic features of
JavaScript, including eval and variadic functions. Our
results show that blended taint analysis discovered 13
unique violations in 6 of the 12 websites analyzed. In
contrast, each 'strawman' static analysis identified
less than ½ of these violations. Moreover, new results
show the effectiveness of a second blended analysis in
a reference analysis of JavaScript website codes,
enabling developers to more accurately trace object
usage. *This research was performed with my
PhD student Shiyi Wei and has been funded by the IBM
Open Collaboration Research program and NSF-CCF
0811518.
|
Barbara Ryder |
-
Prospects for integrated software assurance
+
Abstract: Semantics-based software assurance has
been a focus for both practitioners and researchers
for at least a half century. For much of that period,
the ambitions of both sides were frustrated by
challenges related to scaling, composition, and
usability. More recent experience has demonstrated
that these challenges are not insurmountable, and that
advanced techniques for modeling, analysis, and
traceability — when supported by capable tools,
process realism, and clear thinking regarding adoption
incentives — can make a significant difference.
Indeed, recent technical and practical developments
have brought researchers and practitioners closer
together, and the pace of advancement does appear to
be increasing. In this talk, I discuss some ideas
related to incremental evidence-based approaches.
These approaches focus on integrating the production
of assurance-related evidence with the production of
software-related artifacts such as models, code, test
cases, etc. These approaches complement and augment
current assessment methods which tend to emphasize
process compliance.
|
Bill Scherlis |
-
Panel: Future directions and open problems
chaired by Yuriy Brun
|
David Garlan Gail Kaiser Jim Larus Mary Shaw |
|
-
Closing and call to action
|
Judith Bishop Yuriy Brun Michael Ernst |
|
|
|
FuSE 2013 had a strong participation by a diverse student body. Thank
you to our sponsors for supporting student participation!
Any opinions, findings, and conclusions or recommendations expressed
in this material are those of the organizers and do not necessarily
reflect the views of the National Science Foundation.