Undergraduate Research Opportunities with CS Professors
Antonio Bianchi
I am definitely interested in working with undergrads. Below you can find three project ideas.
I am ok to work remotely.
Human-Assisted Binary Analysis
Binary Analysis focuses on analyzing, typically automatically, compiled binary software (e.g., compiled C/C++ code) without having its source code. In recent years many techniques (e.g., symbolic execution and fuzzing) have been developed and improved to make binary analysis suitable to automatically find software vulnerabilities (e.g., memory corruption bugs). While effective on a small scale, these techniques do not scale enough when applied to large codebases (e.g., an entire browser).
This project aims to augment these techniques by using a human-in-the-loop approach. For instance, a fuzzer (which is software trying many inputs attempting to make a program crash) can detect that just trying random inputs is ineffective in exploring the execution of a particular program. In this case, the fuzzer could ask a human expert for guidance on how to generate more targeted inputs.
Another case is to use human expertise to semi-automatically modify existing compiled software to make it easier to be analyzed automatically.
For instance, using human help, an automated approach could remove checks that are computationally hard to be bypassed using symbolic execution.
Multiplatform Binary-Patching
A few tools already exist to modify compiled binary software without having access to its source code, however, their compatibility is limited to software written for architectures (e.g., Intel x86).
The goal of this project would be to extend those tools to work on different architectures, especially those used by embedded systems, such as ARM and MIPS, and to develop a test suite to evaluate the reliability of these patching solutions.
Studying root-resilient authentication in mobile devices
Modern mobile devices (e.g., smartphones and tablets) are equipped with special hardware features (e.g., Trustzone, Secure Enclave, ...), which are guaranteed not to be compromised even when the main operating system (e.g., Android) gets compromised (rooted). These features can be used by third-party apps to implement authentication protocols that are guaranteed to be "safe" even on compromised devices. Unfortunately, it is currently extremely challenging for developers to use these hardware features correctly, due to the issues in their implementation and the complexity of the APIs designed to control them.
In this project, we will explore this problem in two parallel directions. First, we will study shortcomings of the current APIs and how to simplify, from a developer perspective, their correct usage by, for instance, implementing proper code libraries. At the same time, we will study how these features are currently used by app developers to pinpoint common issues and vulnerabilities caused by improper usage of these APIs.
Interested students may contact me directly. I will then discuss with them their interests and skills to better evaluate how we can work together.
Berkay Celik
I have a couple of projects detailed below that undergraduate students might be interested in working over the summer.
1- Project Title - Program Synthesis for Security and Safety: Program synthesis aims to automatically generate a program that satisfies the user intent expressed through some high-level specifications. For instance, one of the most popular styles of inductive synthesis, Counterexample-Guided Inductive Synthesis (CEGIS), starts with a specification--user defines what the desired program does--a synthesizer produces a candidate program that might satisfy the specification. A verifier decides whether that candidate program meets the desired specification. If the specification is satisfied, we are successful, and if not, the verifier provides feedback to the synthesizer using to guide its search for new candidate programs. While program synthesis has successfully used in the areas including computer-aided education, end-user programming, and data cleaning, the application and scope of program synthesis for security and safety is largely unexplored by the technical community. In this project, we will explore algorithms and techniques to automatically generate programs from formal or informal specifications to improve the security and safety of the users and environments. We will focus on programs used to automate heterogeneous and connected sensors/actuators.
2- Project Title - System Events and Network Traffic Generation for Realistic Cyber Experimentation: This project will focus on developing tools to generate application and network layer semantics that will provide a basis for prudent modeling of benign and malicious actors. We will design and implement attacks on single and multiple hosts that exploit different vulnerabilities through their APT campaigns reports into the SOL4CE platform. Such attacks enable us to emulate realistic attack behaviors present activities in system events and network traffic. The developed tools will be used to emulate users that encompass computational models of human behavior during attack execution. Accomplishing this task will demonstrate the efficacy and breadth of our methods in identifying the artifacts after blending legitimate traces with attack traces, such as system logs and explicit information flows, including network communication.
3-Project Title - Side-Channel Attacks Against Intermittent Computing: Intermittent computing is an emerging paradigm that will potentially dominate the next generation of sensor networks. Specifically, developments in the energy harvesting platforms and ultra-low-power microcontrollers enabled intermittently-powered devices that do not rely on a battery for their operation but only rely on the harvested energy. This eliminates the battery problem in the IoT and wireless sensor networks and opens up many applications and research areas since these devices can operate for long times without any intervention (e.g., battery replacement). Due to the lack of a constant energy source, intermittent devices operate in periods, going into "sleep" stages while the device harvest enough energy to resume operation. We observed that this process opens up a novel attack surface that would potentially leak private information about the environment of the device. In this project, our goal is to leverage the changes in the frequency that the intermittent device reports its measurements to the edge device/cloud, to extract information about its energy source. To achieve this, (i) network sniffing tools and deep packet inspection methods will be employed to obtain sensor report intervals, (ii) the intervals will be statistically modeled to learn the behavior of the device, and (iii) machine learning techniques and laws of physics that allow for energy harvesting will be leveraged to reason about the environment of the intermittent device. For instance, we expect our attack methodology to recover if a person is exercising, sitting, and sleeping based on the sensor reading transmissions from their intermittent medical device that harvests its energy from the heartbeat traffic. To evaluate the effectiveness of the project, simulation techniques, and real intermittent devices (e.g., WISP5, msp430fr5969) will be used.
** You can also join other topics that my group currently research: Exploring sensor fusion algorithms in autonomous vehicles, security and privacy of smart devices, and temporal and causal relations among events in Cyber-Physical Systems.
Please contact Dr. Z. Berkay Celik at zcelik@purdue.edu to learn more about the projects.
Pedro Fonseca
The Reliable and Secure Systems Lab is looking for strongly motivated undergraduate students that enjoy systems programming and would like to work on systems and security research projects. The lab accepts applications all year round and initial projects last for a full semester (spring, summer, or fall). Successful projects may continue beyond the initial semester.
Past research lab interns received competitive national research awards for their work and were accepted to graduate programs at CMU, Georgia Tech, MIT, Purdue, UC Berkeley, UCSD, University of Michigan, and others.
Admitted students will be closely advised by both faculty and graduate students and will be involved in the day-to-day activities of the lab. Prior research experience is not required.
The Reliable and Secure Systems Lab currently has several research projects available on emerging topics that include:
- Efficient automated testing (e.g., fuzzing)
- Operating system testing for concurrency and non-concurrency bugs
- Efficient and practical distributed and serverless computing frameworks
- High-security systems for remote computations that leverage trusted hardware (e.g., SGX, TZ)
- Failure diagnosis for production settings
- Efficient system hardening
Having taken the system programming course or having similar experience is a requirement for these positions. In addition, the following skills and courses are a plus but are not required:
- Operating systems course
- Knowing C and/or python languages
- Knowing assembly language basics (only applies to some projects)
Prospective students should email Prof. Pedro Fonseca (pfonseca@purdue.edu) with their CVs and a short description of their interests.
More information about past projects conducted at the lab can be found at https://www.cs.purdue.edu/homes/pfonseca/.
Christina Garman
I have a couple of projects detailed below that undergraduate students might be interested in working over the summer. Please contact me at clg@cs.purdue.edu if you have any questions.
1. The Applied Cryptography Research lab is seeking interested students to help with a variety of projects in applied cryptography and network security. Please see the below descriptions for the projects and skills/experiences that might be useful for working on them. The specified skill sets are not required but are skills that the student will learn throughout the course of the project if she/he does not already have them. And while these skills are a bonus, we are mainly looking for highly motivated and interested students. Please feel free to apply even if you have no prior research experience!
Please contact me at clg@cs.purdue.edu if you have any questions, and if you are interested in getting involved, fill out the following Google Form: https://forms.gle/NUzpTTEmKYL7kvYRA
Project Name: Automatic Identification of Cryptographic Algorithms in Binaries
Project Description:
Identification of cryptographic primitives can be used to detect the presence of malicious payloads in binaries as well as a tool for binary analysis. This project aims to develop a novel approach to identify different cryptographic algorithms in heavily obfuscated binaries.
Project Tasks:
Students will perform a variety of tasks which may include running C++ code of cryptographic functions to learn about their characteristics, analyzing binary code, testing our various approaches on different obfuscated binaries, and working with machine learning scripts for supervised learning. Some other contributions may include:
- Survey and comparison of existing techniques
- Develop a novel approach to identify specific algorithm/function
- Loop body identification
- Control-flow/data flow analysis
- Function signature identification
- Use supervised learning for better detection
- Targeted Algorithms:
- ECDSA, RSA, AES, AES-GCM, RC4
Helpful skills (suggested but not required):
- Language skill: C/C++, Python
- Algorithm: RSA, AES, ECDSA, RC4
- Others: Binary analysis, supervised learning/machine learning
2. Project Name: TorMB: Bringing Network Function Virtualization to Tor
Project Description:
Tor is a powerful and important tool for providing anonymity and censorship resistance to users around the world. Yet it is surprisingly difficult to deploy new services and functionality in Tor—it is largely relegated to proxies and hidden services—or to nimbly react to new forms of attack. This project seeks to close this gap by introducing programmable middleboxes into the Tor network. In this architecture, users can install and run sophisticated “functions” on willing Tor routers. We will work to demonstrate a wide range of functions that improve anonymity, resilience to attack, performance of hidden services, and more.
Project Tasks:
Students will perform a variety of tasks which may include extending the current set of functions to include privacy preserving statistics gathering for the Tor network, learning about SGX, working to extend the current system to enable function deployment in SGX, and building and deploying their own functions on the Tor network. There is the potential for a large degree of freedom in this project if the student would like, as we are always looking for new functions and functionality to build and deploy.
Helpful skills (suggested but not required):
Programming Language: Python, C/C++ programming in SGX
Concepts and basics: Onion Routing (specifically Tor) and anonymous communication networks, SGX
Coursework: CS422 Computer Networks (or equivalent), CS426 Computer Security (or equivalent)
Majid Kazemian
Description of the research: We are interested in studying mechanisms underlying infectious and immune related diseases using advanced sequencing technologies (https://kazemianlab.com/). We are looking for highly motivated students to learn and help us in our research and analyze RNA sequencing data at bulk and single cell levels.
Qualifications: Programming in R and Python/Perl. Basic knowledge of bioinformatics. Average commitment of 10-12 hours per week.
How to apply: Applicants should directly email Dr. Kazemian (kazemian@purdue.edu) with their CVs and a short description of their interests.
Daisuke Kihara
Each semester I have more than a couple of undergrad students from CS, Biology and other departments (like BME).
They are involved in bioinformatics research. No biology background is required.
Contact Prof. Kihara via email for additional details.
Ahmed Qureshi
The CS department's Cognitive Robot Autonomy and Learning (CoRAL) lab (https://purdue-corallab.github.io/) is looking for 3-4 highly motivated graduate and undergraduate students for the following research projects:
- Augmented/Virtual Reality for Robot Manipulation and Simulation Design: Students will develop a novel VR-driven simulation system for robot control in home-like environments.
- Design and Development of Vision-based Robot Teleoperation System: Students design a low-cost teleoperation system that allows complete control over a given robotic system based on visual perception.
Mandatory Qualifications:
- Strong programming skills (Advanced-level C++/Python).
- Familiar with undergraduate-level linear algebra and calculus.
In addition, candidates with one or more of the following skills are preferred:
- Experience with Deep Learning and Simulation Design.
- Experience with RGBD sensors and oculus rift.
Interested students: Please fill out the following application form and follow the provided instructions:
https://docs.google.com/forms/d/e/1FAIpQLSeq_yN58oOFeWIsxrVfBVMDCkjhBoiHNFs0MeHBe_lW356-Hg/viewform
Lin Tan
To get involved in any of the following three projects, please attach your resume and transcripts in pdf or plain text format with your email to lintan@purdue.edu.
Possible industry involvement: Some of these projects are funded by Facebook research awards and J.P.Morgan AI research awards.
Project 1. Testing Deep Learning Systems
We will build cool and novel techniques to make deep learning code such as TensorFlow and PyTorch reliable and secure. We will build it on top of our award-winning paper (ACM SIGSOFT Distinguished Paper Award)!
Machine learning systems including deep learning (DL) systems demand reliability and security. DL systems consist of two key components: (1) models and algorithms that perform complex mathematical calculations, and (2) software that implements the algorithms and models. Here software includes DL infrastructure code (e.g., code that performs core neural network computations) and the application code (e.g., code that loads model weights). Thus, for the entire DL system to be reliable and secure, both the software implementation and models/algorithms must be reliable and secure. If software fails to faithfully implement a model (e.g., due to a bug in the software), the output from the software can be wrong even if the model is correct, and vice versa.
This project aims to use novel approaches including differential testing to detect and localize bugs in DL software (including code and data) to address the testing oracle challenge.
Good programming skills and strong motivation in research are required. Background in deep learning and testing is a plus.
Early work and background can be found here:
https://www.cs.purdue.edu/homes/lintan/publications/variance-ase20.pdf
https://www.cs.purdue.edu/homes/lintan/publications/cradle-icse19.pdf
Project 2. Inferring Specifications from Software Text for Finding Bugs and Vulnerabilities
A fundamental challenge of detecting or preventing software bugs and vulnerabilities is to know programmers’ intentions, formally called specifications. If we know the specification of a program (e.g., where a lock is needed, what input a deep learning model expects, etc.), a bug detection tool can check if the code matches the specification.
Building upon our expertise on being the first to extract specifications from code comments to automatically detect software bugs and bad comments, in this project, we will analyze various new sources of software textual information (such as API documents and StackOverflow Posts) to extract specifications for bug detection. For example, the API documents of deep learning libraries such as TensorFlow and PyTorch contain a lot of input constraint information about tensors.
Good programming skills and strong motivation in research are required. Background in natural language processing is a plus.
Early work and background can be found here:
https://www.cs.purdue.edu/homes/lintan/projects.html
Project 3. Leveraging Deep Learning to Detect and Fix Software Bugs and Vulnerabilities
In this project, we will develop cool machine learning approaches to automatically learn bug and vulnerability patterns and fix patterns from historical data to detect and fix software bugs and security vulnerabilities.
Good programming skills and strong motivation in research are required. Background in security or machine learning is a plus.
Early work and background can be found here:
- https://www.cs.purdue.edu/homes/lintan/publications/cure-icse21.pdf
- https://www.cs.purdue.edu/homes/lintan/publications/deeplearn-tse18.pdf
Jianguo Wang
The Database Lab is looking for highly motivated undergraduate students who are interested in databases, data science, and big data.
This will be a great opportunity for students who aim to pursue graduate school in the future. You will be working closely with Dr. Jianguo Wang and his graduate students. You are expected to attend weekly meetings, read relevant papers, implement core database components (in C++), and write papers.
Currently, we have a couple of database projects related to (1) cloud-native databases; and (2) databases for data science and machine learning.
It's preferred to have basic knowledge on database systems. Coverage of CS448 or equivalent courses would be sufficient.
Please send me your CV and transcripts to csjgwang@purdue.edu if you're interested. More information can be found at https://www.cs.purdue.edu/homes/csjgwang.
Saurabh Bagchi
We have a project with paid positions for our undergraduate students and one where we have the potential of making a difference to the current healthcare situation. It is meant to create a technological solution that will help many of our local manufacturers.
Faculty members involved in the project are me, Ali Shakouri (ECE), and Ananth Iyer (Management).
Hardware-software design project for human proximity measurement for pandemic regulations
Requirements: At least two semesters of coursework in ECE or CS with a GPA in CS/ECE courses >= 3.5
Skills needed:
- For position 1 - programming of Bluetooth, simple ML models
- For position 2 - microcontroller programming, fabrication of electronic boards
Hours and pay: Average of 10 hours/week, $15/hour.
Starting when: As soon as possible and definitely by mid-May.
Ending when: Commitment from the student is required only till end of summer. Project is likely to continue beyond.
Problem context:
We have manufacturing facilities that would like to resume operation but obviously would like to do this while ensuring the recommended distance is maintained between employees. We have a set of manufacturers in Indiana who have come to us with this problem. The challenge they have in remaining open is how to determine that their personnel on the shop floor are staying the recommended distance away at all times. A second challenge is that a surface on a material being manufactured that has been touched by one employee should not be touched till it has been disinfected or till a certain amount of time has elapsed.
Solution approach:
We want to use wireless communication beacons and the measurement of the Received Signal Strength Indication (RSSI) at the receiving device to determine the distance of separation between any two people. We will estimate the trend of the distance (increasing, decreasing, staying constant) and if the trend becomes of concern, then the device will sound an audible alarm. For this we will need to use RSSI measurement and a ML model since individual measurements are known to be noisy. Further, for detecting surface contact, we will have a small microcontroller attached to parts that can track (again using Bluetooth) when the part was last touched. It will have a visual indicator (red-yellow-green) when the surface can be touched again.
Contact Prof Bagchi if interested.
Yung-Hsiang Lu
Artificial Intelligence for Musicians: This project will use machine learning to understand music (audio, score, video) and help musicians. For more information, please visit: https://ai4musicians.org/
Assistance:
Amber Stanley, MA - Undergraduate Program Specialist
Are you interested in getting involved in undergraduate research? Be sure to check out the CS Brightspace page and the Purdue Office of Undergraduate Research page for information regarding strategies, opportunities, and funding. If you need further assistance, you are welcome to schedule a meeting with Amber to discuss best practices.