I organize the Racket Salon Boston meet-ups for enthusiasts of the Racket programming language. I maintain a website, generate interest via email lists, recruit and coordinate speakers, and arrange meeting spaces at local Universities.
Matthias Felleisen [email protected]
1.5 hr/wk Emmanuel Schanzer [email protected]
I teach programming to middle school students in underprivileged neighborhoods. Through programming video games, I introduce and reinforce mathematical concepts, such as the Pythagorean theorem, as well as computer science techniques such as abstraction and encapsulation. I reinforce the value of college as personal example of its benefits.
- groups of four students
- subimage matching program
- collaborating on-line with source control repository
- use code review process to share ideas and critique one another in a friendly environment
- held meetings to discuss high-level design decisions
I performed full-system tests on an upgrade to the CMS experiment at CERN in collaboration with an international group of engineers. I precisely and concisely conveyed technical details and responded to questions and concerns in three weekly meetings on different aspects of the work. I presented a six-month summary of my group’s progress to a senior group.
Darien Wood [email protected]
I built a system to execute graphical Scheme programs in a web browser. This system enables first-year students to post their source code on-line where it can be executed and dynamically interacted with on any web browser. For the implementation, I wrote a Scheme to JavaScript compiler and a 2D graphics run-time in JavaScript.
I built an optimizer for parsers using pushdown static analysis. The resulting optimization framework unifies the previous array of specialized optimizations for specific parsers. The framework rests on a theoretical model of push-down parser analysis, which I developed with Prof. Shivers. I also developed a BISON-esque parser generator to validate the framework.
I tested and improved new digital electronics for the muon detection system of the CMS experiment at the LHC. I developed and maintained automated testing and analysis frameworks. I applied knowledge of muon physics and technical details of the detection system to build the analysis framework. I leveraged the framework to debug malfunctioning circuit boards with my colleagues.
During my graduate study, I will focus on programming languages research such as ensuring correctness and security of computer programs with static analysis, language design, and compiler design.
Shell scripting exemplifies some of the problems found in ensuring the correctness and security of computer programs. Shell scripts are widely used for system administration, software installation, and automation of tasks. Shell scripting languages, such as bash, do not have adequate systems for specifying and enforcing a security policy. For example, executing arbitrary scripts, downloaded from the web, is gaining traction as an installation method:
curl http://example.org/installer.sh | bash
This approach is convenient, but insecure. Although the script is prevented from meddling other users’ data, the script could read or delete the executing user’s private and important documents. More nefariously, it could perform illegal or disruptive activities in the name of the user.
Object capabilities might be able to ensure security policies such as “only modify directory X” or “only access websites X, Y, Z”. I will investigate what kinds of models can capture the implicit security policies of common applications. Additionally, I will investigate what object capability models can capture the security policies that system administrators and individual users want to enforce. An effective system must be expressive and useful for a technical, but non-expert computer user. I will use the system to preform administration, installation, and use of desktop applications in order to validate its effectiveness.
This investigation lies between research in capability based programming languages, such as the Joe-E language, and capabilities for operating systems, such as Capsicum. An object capability system for a scripting language will rely on a system like Capsicum, but will provide a scripting language interface that suits the needs of administrators and users better than a general purpose language like Joe-E.
This research directly applies to problems faced by the DoD. Adversaries of the state have shown their technical prowess in recent years with computer break-ins of the defense industry, high-tech companies, and political offices. A powerful and expressive security system built into a scripting language provides a tool to administrators and users with which to mitigate these problems.
I intend to become a professor at a research university. I will continue to investigate topics in programming languages and security. Additionally, I will teach a new generation of scientists and engineers, conveying the importance of computer security and training them on practical techniques for ensuring it.
Joe-E: A Security-Oriented Subset of Java by Mettler, Wagner, and Close (NDSS 2010)
Capsicum: Practical Capabilities for UNIX by Watson, Anderson, Laurie, and Kennaway (USENIX Security 2010)