DOCSLIB.ORG

Build It Break It: Measuring and Comparing Development Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Build It Break It: Measuring and Comparing Development Security Andrew Ruef, Michael Hicks, James Parker, Dave Levin, Atif Memon, Jandelyn Plane, and Piotr Mardziel University of Maryland, College Park Abstract and activities, such as code reviews and penetra- tion testing, can improve software’s security. The There is currently little evidence about what tools, question is how effective these (and other) things methods, processes, and languages lead to secure are, in terms of their costs vs. benefits. Companies software. We present the experimental design of the would like to know: Which technologies or pro- Build it Break it secure programming contest as an cesses shake out the most (critical) bugs? Which aim to provide such evidence. The contest also pro- are the easiest to use? Which have the least impact vides education value to participants where they on other metrics of software quality, such as perfor- gain experience developing programs in an adver- mance and maintainability? It is currently difficult sarial settings. We show preliminary results from to answer these questions because we lack the em- previous runs of the contest that demonstrate the pirical evidence needed to do so. contest works as designed, and provides the data desired. We are in the process of scaling the contest In this paper we present Build-it, Break-it, Fix- to collect larger data sets with the goal of making it (BiBiFi), a new software security contest that is statistically significant correlations between vari- a fun experience for contestants, as well as an ex- ous factors of development and software security. perimental testbed by which researchers can gather empirical evidence about secure development. A BiBiFi contest has three phases. The first phase, 1 Introduction Build-it, asks small development teams to build software according to a provided specification in- Experts have long advocated that achieving se- cluding security goals. The software is scored for curity in a computer system requires careful de- being correct, fast, and feature-ful. The second sign and implementation from the ground up [19]. phase, Break-it, asks teams to find security viola- Over the last decade, Microsoft [10, 11] and oth- tions and other problems in other teams’ build-it ers [23, 15, 13] have described processes and meth- submissions. Identified problems, proved via test ods for building secure software, and researchers cases, benefit a Break-it team’s score while penal- and companies have, among other activities, devel- izing the Build-it team’s score. (A team’s break-it oped software analysis and testing tools [8, 6, 14] to and build-it scores are independent, with prizes for help developers find vulnerabilities. Despite these top scorers in each category.) The final phase, Fix- efforts, the situation seems to have worsened, not it, gives builders a chance to fix bugs and thereby improved, with vulnerable software proliferating possibly get some points back if the process discov- despite billions spent annually on security [3]. ers that distinct break-it test cases identify the same This disconnect between secure development in- underlying software problem. novation and marketplace adoption may be due to We designed BiBiFi to give researchers in situ a lack of evidence. In particular, no one would dis- data on how teams develop code—for better or agree that certain technologies, such as type-safe for worse—when security is a first-order design programming languages and static analysis tools, goal. As such, BiBiFi contestants are afforded a 1 significant amount of freedom. Build-it teams can public, large-scale contest whose focus is on build- choose to build their software using whatever pro- ing secure systems. Our contest takes inspiration gramming language(s), libraries, tools, or processes from popular capture-the-flag (CTF) cybersecurity they want, and likewise Break-it teams can hunt for contests [5, 7, 16] and from programming contests vulnerabilities as they like, using manual code re- [21, 2, 12], but is unique in that it combines ideas views, analysis or testing tools, reverse engineer- from both in a novel way. Although no contest can ing, and so on. During the contest, we collect data truly capture the many difficulties of professional on each team’s activities. For example, we keep development, we hope it will provide some general track of commit logs, testing outcomes, and inter- insight nevertheless, and thus provide some sorely actions with the contest site. Prior to and after the needed evidence about what works for building se- contest, we survey the participants to record their cure software. background, mindset, choices, and activities. By correlating how teams worked with how well 2 Build-it, Break-it, Fix-it: Design they performed in the competition, researchers can learn about what practices do and do not work. This section summarizes the BiBiFi contest goals Treating the contest as a scientific experiment, the and how the contest’s design satisfies those goals. contest problem is the control, the final score is the dependent variable, and the various choices made by each team, which we observe, are the indepen- 2.1 Goals, incentives, and disincentives dent variables. To permit repeatable, statistically significant results, we have designed BiBiFi and Our most basic goals are that the winners of the implemented its infrastructure to scale to multiple Build-it phase truly produced the highest quality competitions with thousands of competitors. software, and that the winners of the Break-it phase performed the most thorough, creative analysis of Our hope is to use BiBiFi—and for other re- others’ code. We break down these high-level goals searchers to apply it, as well—to empirically learn into a set of 12 concrete requirements that guide our what factors most strongly influence security out- design. comes: Does better security correlate with: the The winning Build-it team would ideally develop choice of programming language? the use of de- software that is (1) correct, (2) secure, (3) efficient, velopment or analysis tools? the use of code re- and (4) maintainable. While the quality of primary views? participants’ background (e.g., certification) interest to our contest is security, the other aspects and education (e.g., particular majors or courses)? of quality cannot be ignored. It is easy to produce the choice of a particular build process, or perhaps secure software that is incorrect (have it do noth- merely the size of the team itself? As educators, ing!). Ignoring performance is also unreasonable, we are particularly interested in applying answers as performance concerns are often cited as reasons to questions like these to better prepare students to not to deploy defense mechanisms [1, 22]. Main- write responsible, secure code. tainability is also important—spaghetti code might This paper makes two main contributions. First, be harder for attackers to reverse engineer, but it it describes the design of BiBiFi (Section 2) and the would also be harder for engineers to maintain. So contest infrastructure (Section 3), focusing on how we would like to encourage build-it teams to focus both aim to ensure that high scores in the contest on all four aspects of quality. correlate with meaningful, real-world outcomes. The winning Break-it team would ideally (5) find Second, it describes our first run of the contest, as many defects as possible in the submitted soft- held during the Fall of 2014 (Section 4). We de- ware, thus giving greater confidence to our as- scribe the contest problem, the rationale for its de- sessment that a particular contestant’s software is sign, and details of how the contest proceeded and more secure than another’s. To maximize cover- concluded. While participation in this contest was age, each break-it team should have incentive to modest, and thus we cannot view the data we gath- (6) look carefully at multiple submissions, rather ered as significant, the outcomes were interesting, than target a few submissions. Moreover, teams and taught us important lessons that can be applied should be given incentive to, in some cases, (7) ex- to future runs. plore code in depth, to find tricky defects and not To the best of our knowledge, BiBiFi is the first just obvious ones. We would like break-it teams 2 to (8) produce useful bug reports that can be un- domize each break-it team’s view of the build-it derstood and acted on to produce a fix. Finally, we teams’ submissions, but organize them by meta- would like to (9) discourage superficially different data like programming language. When they think bug reports that use different inputs to identify the they have found a defect, they submit a test case. same underlying flaw. BiBiFi’s infrastructure accepts this as a defect if it We also have several general goals. First, we passes our reference implementation but fails on want to (10) scale up the contest as much as possi- the buggy implementation. Any failing test is po- ble, allowing for up to several hundred participat- tentially worth points; we take the view that a cor- ing teams. The more teams we have, the greater rectness bug is potentially a security bug waiting our impact from both a teaching and research point to be exploited. That said, additional points are of view: on the teaching side, more students expe- granted to an actual exploit or to demonstrated vi- rience the desired learning outcomes, and on the olations of security goals; for the latter we require research side, we have a greater corpus of data to special test case formats (see Section 4). To encour- draw on. To support scalability, the contest de- age coverage, a break-it team may submit up to ten sign should (10a) encourage greater participation, passing test cases per build-it submission.
Recommended publications
  • Functional Programming at Facebook

    Functional Programming at Facebook

    Functional Programming at Facebook Chris Piro, Eugene Letuchy Commercial Users of Functional Programming (CUFP) Edinburgh, Scotland ! September "##$ Agenda ! Facebook and Chat " Chat architecture # Erlang strengths $ Setbacks % What has worked Facebook The Facebook Environment The Facebook Environment ▪ The web site ▪ More than 250 million active users ▪ More than 3.5 billion minutes are spent on Facebook each day The Facebook Environment ▪ The web site ▪ More than 250 million active users ▪ More than 3.5 billion minutes are spent on Facebook each day ▪ The engineering team ▪ Fast iteration: code gets out to production within a week ▪ Polyglot programming: interoperability with Thrift ▪ Practical: high-leverage tools win Using FP at Facebook Using FP at Facebook ▪ Erlang ▪ Chat backend (channel servers) ▪ Chat Jabber interface (ejabberd) ▪ AIM presence: a JSONP validator Using FP at Facebook ▪ Erlang ▪ Chat backend (channel servers) ▪ Chat Jabber interface (ejabberd) ▪ AIM presence: a JSONP validator ▪ Haskell ▪ lex-pass: PHP parse transforms ▪ Lambdabot ▪ textbook: command line Facebook API client ▪ Thrift binding Thrift Thrift ▪ An efficient, cross-language serialization and RPC framework Thrift ▪ An efficient, cross-language serialization and RPC framework ▪ Write interoperable servers and clients Thrift ▪ An efficient, cross-language serialization and RPC framework ▪ Write interoperable servers and clients ▪ Includes library and code generator for each language Thrift ▪ An efficient, cross-language serialization and RPC framework ▪ Write
  • The Third Annual ICFP Programming Contest

    The Third Annual ICFP Programming Contest

    The Third Annual ICFP Programming Contest August 26 – 29, 2000 (Version 1.18) 1 The problem This year’s ICFP programming challenge is to implement a ray tracer. The input to the ray tracer is a scene description written in a simple functional language, called GML. Execution of a GML program produces zero, or more, image files, which are in PPM format. A web page of sample images, along with the GML inputs that were used to produce them, is linked off of the contest home page. The feature set of GML is organized into three tiers. Submissions must implement the first tier of features and extra credit will be given to submissions that implement the second or third tiers. Submissions will be evaluated on three scales: correctness of the produced images, run-time performance, and the tier of implemented GML features. GML has primitives for defining simple geometric objects (e.g., planes, spheres, and cubes) and lighting sources. The surface properties used to render the objects are specified as functions in GML itself. In addition to supporting scene description, GML also has a render operator that renders a scene to an image file. For each pixel in the output image, the render command must compute a color. Conceptually, this color is computed by tracing the path of the light backwards from the eye of the viewer, to where it bounced off an object, and ultimately back to the light sources. This document is organized as follows. Section 2 describes the syntax and general semantics of the modeling language. It is followed by Section 3, which describes those aspects of the language that are specific to ray tracing.
  • ICFP Programming Contest 2010 International Cars and Fuels Production

    ICFP Programming Contest 2010 International Cars and Fuels Production

    About Contest Task Running the Contest Background Winners Future ICFP Programming Contest 2010 International Cars and Fuels Production Bertram Felgenhauer, University of Innsbruck, Austria Johannes Waldmann, HTWK Leipzig, Germany June 18–21, 2010 Felgenhauer, Waldmann ICFP Programming Contest 2010 1/31 About Contest Task Running the Contest Background Winners Future About the ICFP Programming Contest programming, problem solving, fun annual contest, since 1998 sponsored by ICFP conference/ACM 2010 contest hosted by HTWK Leipzig, Germany contest format 72 hours (June 18, 12:00 – June 21, 12:00 GMT) participation online, international teams allowed no fixed programming language lightning division (first 24 hours) Felgenhauer, Waldmann ICFP Programming Contest 2010 2/31 earn money by (efficiently) solving instances, or creating instances (with solution, which is hard to find) income tax (devaluates earnings by 1/2 per day) About Contest Task Running the Contest Background Winners Future Contest Task storyline: market for cars (= problem instance) (public) fuels (= problem solution) (private) Felgenhauer, Waldmann ICFP Programming Contest 2010 3/31 About Contest Task Running the Contest Background Winners Future Contest Task storyline: market for cars (= problem instance) (public) fuels (= problem solution) (private) earn money by (efficiently) solving instances, or creating instances (with solution, which is hard to find) income tax (devaluates earnings by 1/2 per day) Felgenhauer, Waldmann ICFP Programming Contest 2010 3/31 About Contest Task
  • ICFP 2009 Final Program

    ICFP 2009 Final Program

    ICFP 2009 Final Program Monday, August 31, 2009 Tuesday, September 1, 2009 Wednesday, September 2, 2009 Invited Talk (Chair: Andrew Tolmach) Invited Talk (Chair: Graham Hutton) Invited Talk (Chair: Lennart Augustsson) 9:00 Organizing Functional Code for Parallel Execution; or, 9:00 Lambda, the Ultimate TA: Using a Proof Assistant to 9:00 Commutative Monads, Diagrams and Knots foldl and foldr Considered Slightly Harmful Teach Programming Language Foundations Dan Piponi; Industrial Light & Magic Guy L. Steele, Jr.; Sun Microsystems Benjamin C. Pierce; University of Pennsylvania 10:00 Break 10:00 Break 10:00 Break Session 11 (Chair: Ralf Hinze) Session 1 (Chair: Shin-Cheng Mu) Session 6 (Chair: Xavier Leroy) 10:25 Generic Programming with Fixed Points for Mutually 10:25 Functional Pearl: La Tour D’Hano¨ı 10:25 A Universe of Binding and Computation Recursive Datatypes Ralf Hinze; University of Oxford Daniel Licata and Robert Harper; Carnegie Mellon University Alexey Rodriguez Yakushev1, Stefan Holdermans2, Andres 2 3 10:50 Purely Functional Lazy Non-deterministic Program- 10:50 Non-Parametric Parametricity L¨oh , Johan Jeuring ; 1Vector Fabrics B.V., 2Utrecht University, ming Georg Neis, Derek Dreyer, Andreas Rossberg; MPI-SWS 3Utrecht University, Open University of the Netherlands Sebastian Fischer1, Oleg Kiselyov2, Chung-chieh Shan3; 11:15 Break 10:50 Attribute Grammars Fly First-Class: How to do As- 1Christian-Albrechts University, 2FNMOC, 3Rutgers University Session 7 (Chair: Robby Findler) pect Oriented Programming in Haskell 11:15 Break
  • Revolutionary Betrayal: the Fall of King George III in the Experience Of

    Revolutionary Betrayal: the Fall of King George III in the Experience Of

    LIBERTY UNIVERSITY REVOLUTIONARY BETRAYAL: THE FALL OF KING GEORGE III IN THE EXPERIENCE OF POLITICIANS, PLANTERS, AND PREACHERS A THESIS SUBMITTED TO THE FACULTY OF THE HISTORY DEPARTMENT IN CANDIDACY FOR THE DEGREE OF MASTER OF HISTORY BY BENJAMIN J. BARLOWE LYNCHBURG, VIRGINIA APRIL 2013 Table of Contents Introduction ......................................................................................................... 1 Chapter 1: “Great Britain May Thank Herself:” King George III, Congressional Delegates, and American Independence, 1774-1776 .................................... 11 Chapter 2: Master and Slave, King and Subject: Southern Planters and the Fall of King George III ....................................................................................... 41 Chapter 3: “No Trace of Papal Bondage:” American Patriot Ministers and the Fall of King George III ................................................................................ 62 Conclusion ........................................................................................................ 89 Bibliography ...................................................................................................... 94 1 Introduction When describing the imperial crisis of 1763-1776 between the British government and the American colonists, historians often refer to Great Britain as a united entity unto itself, a single character in the imperial conflict. While this offers rhetorical benefits, it oversimplifies the complex constitutional relationship between the American
  • Stephanie Weirich –

    Stephanie Weirich –

    Stephanie Weirich School of Engineering and Science, University of Pennsylvania Levine 510, 3330 Walnut St, Philadelphia, PA 19104 215-573-2821 • [email protected] July 13, 2021 Positions University of Pennsylvania Philadelphia, Pennsylvania ENIAC President’s Distinguished Professor September 2019-present Galois, Inc Portland, Oregon Visiting Scientist June 2018-August 2019 University of Pennsylvania Philadelphia, Pennsylvania Professor July 2015-August 2019 University of Pennsylvania Philadelphia, Pennsylvania Associate Professor July 2008-June 2015 University of Cambridge Cambridge, UK Visitor August 2009-July 2010 Microsoft Research Cambridge, UK Visiting Researcher September-November 2009 University of Pennsylvania Philadelphia, Pennsylvania Assistant Professor July 2002-July 2008 Cornell University Ithaca, New York Instructor, Research Assistant and Teaching AssistantAugust 1996-July 2002 Lucent Technologies Murray Hill, New Jersey Intern June-July 1999 Education Cornell University Ithaca, NY Ph.D., Computer Science 2002 Cornell University Ithaca, NY M.S., Computer Science 2000 Rice University Houston, TX B.A., Computer Science, magnum cum laude 1996 Honors ○␣ SIGPLAN Robin Milner Young Researcher award, 2016 ○␣ Most Influential ICFP 2006 Paper, awarded in 2016 ○␣ Microsoft Outstanding Collaborator, 2016 ○␣ Penn Engineering Fellow, University of Pennsylvania, 2014 ○␣ Institute for Defense Analyses Computer Science Study Panel, 2007 ○␣ National Science Foundation CAREER Award, 2003 ○␣ Intel Graduate Student Fellowship, 2000–2001
  • Stephanie Weirich –

    Stephanie Weirich –

    Stephanie Weirich School of Engineering and Science, University of Pennsylvania Levine 510, 3330 Walnut St, Philadelphia, PA 19104 215-573-2821 • [email protected] • June 21, 2014 Education Cornell University Ithaca, NY Ph.D., Computer Science August 2002 Cornell University Ithaca, NY M.S., Computer Science August 2000 Rice University Houston, TX B.A., Computer Science May 1996 magnum cum laude Positions Held University of Pennsylvania Philadelphia, Pennsylvania Associate Professor July 2008-present University of Cambridge Cambridge, UK Visitor August 2009-July 2010 Microsoft Research Cambridge, UK Visiting Researcher September-November 2009 University of Pennsylvania Philadelphia, Pennsylvania Assistant Professor July 2002-July 2008 Cornell University Ithaca, New York Instructor, Research Assistant and Teaching Assistant August 1996-July 2002 Lucent Technologies Murray Hill, New Jersey Intern June-July 1999 Research Interests Programming languages, Type systems, Functional programming, Generic programming, De- pendent types, Program verification, Proof assistants Honors Penn Engineering Fellow, University of Pennsylvania, 2014. Institute for Defense Analyses Computer Science Study Panel, 2007. National Science Foundation CAREER Award, 2003. Intel Graduate Student Fellowship, 2000–2001. National Science Foundation Graduate Research Fellowship, 1996–1999. CRA-W Distributed Mentorship Project Award, 1996. Microsoft Technical Scholar, 1995–1996. Technical Society Membership Association for Computing Machinery, 1998-present ACM SIGPLAN, 1998-present ACM SIGLOG, 2014-present IFIP Working Group 2.8 (Functional Programming), 2003-present IFIP Working Group 2.11 (Program Generation), 2007-2012 Teaching Experience CIS 120 - Programming Languages and Techniques I CIS 552 - Advanced Programming CIS 670/700 - Advanced topics in Programming Languages CIS 500 - Software Foundations CIS 341 - Programming Languages Students Dissertation supervision...................................................................................
  • SEINFELD Revision #1 (Pink) 34. “The Contest” Oct 26 1992 (2/P)

    SEINFELD Revision #1 (Pink) 34. “The Contest” Oct 26 1992 (2/P)

    SEINFELD Revision #1 (pink) 34. “The Contest” Oct 26 1992 (2/P) (Jerry, George, Elaine) ACT TWO SCENE P INT. COFFEE SHOP - DAY (3) JERRY AND GEORGE JERRY So the nurse gave her a sponge bath? GEORGE Yeah. Everynight at 6:30. The nurse is gorgeous. Then I got a glimpse of the patient. I was going nuts. JERRY So, I guess you’ll be back in that hospital. GEORGE Well, my mother... JERRY But you’re still master of your domain. SEINFELD Revision #1 (pink) 35. “The Contest” Oct 26 1992 (2/P) GEORGE I’m king of the county. What about you? JERRY Lord of the manor. ELAINE ENTERS, SITS. ELAINE ...John F. Kennedy Jr. JERRY What? ELAINE He was in the aerobics class. He was exercising in front of me. JERRY Really? Did you talk to him? ELAINE You don’t understand. He worked out in front of me. When the class was over I timed my walk to the door so we’d get there at the same moment. So he says to me, “Quite a workout.” GEORGE “Quite a workout?” What did you say? ELAINE I said, “yeah.” SEINFELD Revision #1 (pink) 36. “The Contest” Oct 26 1992 (2/P) JERRY Good one. ELAINE Then I showered and dressed and I saw him again on the way out. So he holds the door open for me and he says, “Which way are you walking?” and I said, “Which way are you walking?” And he said, “That way.” And I said, “Well, isn’t that a coincidence?” Of course I was going in the opposite direction..
  • Build It, Break It, Fix It: Contesting Secure Development

    Build It, Break It, Fix It: Contesting Secure Development

    Build It, Break It, Fix It: Contesting Secure Development Andrew Ruef Michael Hicks James Parker Dave Levin Michelle L. Mazurek Piotr Mardziely University of Maryland yCarnegie Mellon University experts have long advocated that achieving security in a computer system requires treating security as a first-order ABSTRACT design goal [32], and is not something that can be added after the fact. As such, we should not assume that good Typical security contests focus on breaking or mitigating the breakers will necessarily be good builders [23], nor that top impact of buggy systems. We present the Build-it, Break-it, coders necessarily produce secure systems. Fix-it (BIBIFI) contest, which aims to assess the ability to This paper presents Build-it, Break-it, Fix-it (BIBIFI), securely build software, not just break it. In BIBIFI, teams a new security contest with a focus on building secure sys- build specified software with the goal of maximizing correct- tems. A BIBIFI contest has three phases. The first phase, ness, performance, and security. The latter is tested when Build-it, asks small development teams to build software ac- teams attempt to break other teams' submissions. Win- cording to a provided specification that includes security ners are chosen from among the best builders and the best goals. The software is scored for being correct, efficient, and breakers. BIBIFI was designed to be open-ended|teams feature-ful. The second phase, Break-it, asks teams to find can use any language, tool, process, etc. that they like. As defects in other teams' build-it submissions. Reported de- such, contest outcomes shed light on factors that correlate fects, proved via test cases vetted by an oracle implementa- with successfully building secure software and breaking inse- tion, benefit a break-it team's score and penalize the build-it cure software.

  • Daniel R. Licata

    Daniel R. Licata Personal E-mail: [email protected] Information: Web: http://www.cs.cmu.edu/~drl/ Home Address: 79 Merit Ln. Princeton, NJ 08540 Mobile Phone: +1 (412) 889-0106 Academic Institute for Advanced Study 2012-2013 Background: Member. Post-doc for a year-long special program on Homotopy Type Theory. Carnegie Mellon University 2011-2012 Teaching Post-doctoral Fellow. Designed and delivered a new intro. course, Principles of Functional Programming. Carnegie Mellon University 2004 to 2011 PhD in Computer Science. Advised by Robert Harper. Brown University 2000 to 2004 Bachelor of Science in Mathematics and Computer Science. Awards & FoLLI E.W. Beth Dissertation Award, 2012 Winner Fellowships: CMU SCS Dissertation Award, Honorable Mention, 2011 Pradeep Sindhu Computer Science Fellowship, Carnegie Mellon University, 2009-2010. Finalist for Computing Research Association Outstanding Undergraduate Award, 2004. Funding Cowrote NSF Grant CCF-1116703: Foundations and Applications of Higher-Dimensional Type Theory, which funded part of my post-doc. Cowrote NSF Grant CCF-0702381: Integrating Types and Verification, which funded part of my dissertation work. Publications: Dissertation Dependently Typed Programming with Domain-Specific Logics. February, 2011. Committee: Robert Harper, Frank Pfenning, Karl Crary, Greg Morrisett Journal Articles Robert Harper and Daniel R. Licata. Mechanizing Metatheory in a Logical Framework. Journal of Functional Programming. 17(4-5), pp 613-673, July 2007. Conference Papers Calculating the Fundamental Group of the Circle in Homotopy Type Theory. Daniel R. Licata and Michael Shulman. IEEE Symposium on Logic in Computer Science (LICS), June, 2013. Canonicity for 2-Dimensional Type Theory. Daniel R. Licata and Robert Harper.
  • Universi^ Micrcxilms Liitemational 300 N

    Universi^ Micrcxilms Liitemational 300 N

    INFORMATION TO USERS This reproduction was made from a copy of a document sent to us for microfilming. While the most advanced technology has been used to photograph and reproduce this document, the quality of the reproduction is heavily dependent upon the quality of the material submitted. The following explanation of techniques is provided to help clarify markings or notations which may appear on this reproduction. 1. The sign or “target” for pages apparently lacking from the document photographed is “Missing Page(s)”. If it was possible to obtain the missing page(s) or section, they are spliced into the film along with adjacent pages. This may have necessitated cutting through an image and duplicating adjacent pages to assure complete continuity. 2. When an image on the film is obliterated with a round black mark, it is an indication of either blurred copy because of movement during exposure, duplicate copy, or copyrighted materials that should not have been filmed. For blurred pages, a good image of the page can be found in the adjacent frame. If copyrighted materials were deleted, a target note will appear listing the pages in the adjacent frame. 3. When a map, drawing or chart, etc., is part of the material being photographed, a definite method of “sectioning” the material has been followed. It is customary to begin filming at the upper left hand comer of a large sheet and to continue from left to right in equal sections with small overlaps. If necessary, sectioning is continued again—beginning below the first row and continuing on until complete.
  • Chung-Chieh Shan 單中杰 Luddy Hall, Room 3018 (812) 856-4400 Phone 700 N

    Chung-Chieh Shan 單中杰 Luddy Hall, Room 3018 (812) 856-4400 Phone 700 N

    Chung-chieh Shan ®-p Luddy Hall, Room 3018 (812) 856-4400 phone 700 N. Woodlawn Avenue (812) 855-4829 fax Bloomington, IN 47408-3901 [email protected] Associate Professor, Department of Computer Science, Indiana University (2019–) Assistant Professor, Department of Computer Science, Indiana University (2013–2019) Researcher, Department of Computer Science, University of Tsukuba (Spring 2012) Visiting Assistant Professor, Department of Linguistics, Cornell University (Fall 2011) Assistant Professor, Department of Computer Science and Center of Cognitive Science, Rutgers University (2005–2011) Research I study what things mean that matter. I work to tap into and enhance the amazing human ability to create concepts, combine concepts, and share concepts, by lining up formal representations and what they represent. To this end, in the short term, I develop programming languages that divide what to do and how to do it into modules that can be built and reused separately. In particular, I develop so-called probabilistic programming languages, which divide stochastic models and inference algorithms into modules that can be built and reused separately. In the long term, I hope to supplant first-order logic by something that does not presuppose a fact of the matter what things there are, though there may be a fact of the matter what stuff there is. Teaching Introduction to computer science (BL CSCI C211, Fall 2017, Spring 2018, Fall 2018, Spring 2019, Fall 2019) Probabilistic programming (Invited course at the Scottish school on programming languages