Chair’s Message | Creative Conflict and Shared Goals

Nov. 5, 2021 

Dear Cybersecurity and Privacy community, 

There has been a great deal of internal discussion recently about community and shared goals as well as how to bring together individuals with differing interests in a space where they can achieve at the highest levels possible. I wanted to continue this dialog and expand it to all our audiences. It is vital that we stay honest with ourselves and each other when it comes to these conversations. 

Can we have a community without shared goals? The short answer, no. Our shared goals drive us all forward to the future. Personal goals are important and natural, but without shared goals, we are just a group of individuals competing over the same fixed resources. Without shared goals we are no longer in a contest for who has the best ideas to achieve something of value to us all. Sadly, as we see daily in other aspects of life, that kind of competition is not creative. It is usually destructive and leads to chaos.  

Competition is no stranger to science. Our field is full of smart people who are working to advance knowledge while trying to stay ahead of the competition. These rivalries are important. There are many important discoveries that would not have made had it not been for competition to be first or best. However, as I have mentioned in past letters, sometimes we get in our own way. 

This is where shared goals come into play. They are the structure–the guide posts–that keep us from tripping over ourselves as we rush to get our everyday tasks done. They also build communities. Shared goals bring people together and give them something in common, whether it be a set of values, a project outcome, or simply the next milestone along a path. 

So, what are our common goals? I posed this question to faculty, staff, and student gatherings this week. It should come as no surprise that, as Georgia Tech’s newest academic unit, we are still trying to come up with answers. Take the MS (Master of Science) in Cybersecurity for example. Three different schools participate and operate different tracks, but graduates all receive the same diploma. To satisfy degree requirements, students must attain specific learning objectives that are shared across the entire degree.  It doesn’t matter which school a student is admitted to. All graduates must demonstrate the same level of attainment. Courses may differ. Depth requirements may vary. But at the end of the day, we share the same educational goals. 

As interim chair, I have tried to emphasize what I believe our shared goals should be. It is entirely possible my successor will have an entirely different idea of what these should be, but whoever the next chair might be, we will still have shared goals that we are all responsible for. Shared goals inevitably come into conflict with personal goals, but that conflict must be creative, because when you fail to achieve a shared goal it reflects badly on you—even if you did not contribute to the failure.  

Other items of note this week: 

  • The Association for Computing Machinery (ACM) released the list of research papers that have been accepted to November’s Conference on Computer and Communications Security (CCS). Among the papers accepted from submissions around the world, eight were co-written by SCP faculty and their students.  
  1. “An Inside Look into the Practice of Malware Analysis” Authors: from SCP, Miuyin Yong Wong, Matthew Landen, Manos Antonakakis, Douglas M. Blough, Mustaque Ahamad and Elissa Redmiles from Max Planck Institute for Software Systems 
  2. “Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis” Authors: Carter Yagemann, Simon P. Chung, Brendan Saltaformaggio and Wenke Lee 
  3. “C3PO: Large-Scale Study Of Covert Monitoring of C&C Servers via Over-Permissioned Protocol Infiltration” Authors: Jonathan Fuller, Ranjita Pai Kasturi, Amit Sikder, Haichuan Xu, Berat Arik, Vivek Verma, Ehsan Asdar and Brendan Saltaformaggio 
  4. “Don’t Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password” Authors: Sena Sahin and Frank Li 
  5. “HardsHeap: A Universal and Extensible Framework for Evaluating Secure Allocators” Authors: From SCP, Taesoo Kim and from the Korea Advanced Institute of Science and Technology, Yun, Woosun Song, Seunggi Min,  
  6. “Hardware Support to Improve Fuzzing Performance and Precision” Authors: Ren Ding, Yonghae Kim, Fan Sang, Wen Xu, Gururaj Saileshwar and Taesoo Kim 
  7. “One Hot Garbling” Authors: David Heath and Vladimir Kolesnikov 
  8. “Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks” Authors: From SCP, Carter Yagemann, Simon Chung, Wenke Lee and from the University of Illinois Urbana-Champaign, Mohammad Noureddine, Wajih Ul Hassan, and Adam Bat 
  • Another research accolade that was not mentioned above, yet impressive none-the-less, is the work done by Yechan Bae, Youngsuk Kim, Ammar Askar, Jungwon Lim, and Taesoo Kim in finding memory-safety bugs in Rust programming. Their paper “Rudra: Finding Memory Safety Bugs in Rust at the Ecosystem Scale,” has received the Distinguished Artifact Award from the ACM Symposium on Operating Systems Principles which ran from Oct. 26-29. Rudra, the program developed by Taesoo and his students, was able to analyze and report potential memory safety bugs in Rust programming. Our researchers were able to identify 264 previously unknown memory safety bugs in just over six hours. The number of memory safety bugs identified by SCP researchers represents half of what has been detected by traditional means since 2016. Their work was selected as standout research amongst their conference peers.  
  • These students and faculty are being recognized for their years of research and hard work represents the future of our school. One that is on the cutting edge of cybersecurity and privacy research in ways that will improve the lives of people around the globe. 

I want to continue this discussion of shared goals as well as communicating the accomplishments of our shared goals. I am keeping my weekly office hours open for those of you who want to drop in and talk. I am holding them every Wednesday from 12:30 – 1:30 p.m. (EST) and they are open to any student who wants to drop in virtually or in person. You can find the link on Slack or the SCP website. I am available to answer questions, help you navigate Georgia Tech’s mysterious bureaucracy or simply shoot the breeze on matters related to cybersecurity. 

We are also working to improve how our messaging is sent out. Our Communications Officer is setting up a mailing list service to make sure our messages (and my letters) are getting sent out in a more efficient manner. If you would like you unsubscribe, you are certainly free to do so. We are trying to move away from the emailing systems in place at Georgia Tech, due to the fact they are incredibly unreliable and tedious.  

I hope this Friday finds you well, and I hope you reach out and let me know any thoughts or opinions you might have. Do you agree with what our shared goals are at SCP? Do you disagree? Shoot me an email or drop by my open office hours and let me know. An honest and open discussion is the best way to make sure we are on the right track. 

Best wishes, 

Richard DeMillo 

Charlotte B. and Roger C. Warren Professor of Computing and 

Chair, School of Cybersecurity and Privacy.