Allen School News

Ten years ago, a team of security and privacy researchers at the University of Washington and University of California, San Diego published a paper, “Experimental Security Analysis of a Modern Automobile,” describing how they were able to override critical safety systems and take control of a range of vehicle functions of what was later revealed to be a pair of 2009 Chevy Impalas. That work, which was first presented at the IEEE’s 2010 Symposium on Security and Privacy in Oakland, California, opened up an entirely new avenue of cybersecurity research while serving as a wakeup call to an industry that was more accustomed to guarding against break-ins of the physical, rather than the over-the-air, kind. This week, the IEEE Computer Society Technical Committee on Security and Privacy recalled the significance of the team’s contributions and their enduring impact with its 2020 Test of Time Award.

The project was originally the brainchild of professor Tadayoshi Kohno of the Allen School’s Security and Privacy Research Lab and one of his mentors, UCSD professor and Allen School alumnus Stefan Savage (Ph.D., ‘02). Fresh off the success of Kohno’s 2008 IEEE Symposium on S&P paper examining the security of wireless implantable medical devices — which also later earned a Test of Time Award — he and Savage turned their attention to another technology gaining in popularity: the computerized automobile. 

Backed by funding from the National Science Foundation and flexible funds from an Alfred P. Sloan Fellowship, the duo pulled together what they refer to as an “all-star team” of students. The lineup included then Allen School Ph.D. students Karl Koscher, Alexei Czeskis, and Franziska Roesner; and UCSD Ph.D. student Stephen Checkoway, postdoc Damon McCoy, and master’s student Danny Anderson. Checkoway and Anderson were no strangers to UW; the former had earned his bachelor’s from the Allen School and the Department of Mathematics in 2005, while the latter had just graduated with his bachelor’s from the Allen School in 2009. Allen School and UW Department of Electrical & Computer Engineering professor Shwetak Patel and UCSD professor Hovav Shacham joined the leadership team during the formative stages of the project, and UCSD research staff member Brian Kantor rounded out the group. 

The team would become the first to drive home to automobile manufacturers, regulators, security experts, and the public the extent to which modern-day vehicles were vulnerable to cyberattacks. According to Savage, one of the main reasons they succeeded in doing so was that the students — all new, or at least, new to this area of research — “didn’t know any better” and were therefore undaunted by the task set for them by their mentors.

“Essentially, we bought two cars and said to the students, here are the keys, go figure it out,” recalled Savage. “To Yoshi’s and my delight, they did. And in the process, they established this entirely new subfield of automotive security research.”

The group called itself the Center for Automotive Embedded Systems Security, or CAESS. It was fairly large, as far as research collaborations go. According to Checkoway, its size was a feature, not a bug.

“This was an extremely collaborative effort; no task was performed by an individual researcher alone. I believe our close collaboration was the key to our success,” explained Checkoway, the lead Ph.D. student on the UCSD side who later joined the faculty of Oberlin College. “On a personal level, the large group collaboration was so much fun, that collaborative research has been my preferred method of research ever since.”

It is a theme that is echoed by Checkoway’s colleagues, even 10 years on.

“It was really exciting to join this great team and contribute to such an impactful project at the very beginning of graduate school,” said Roesner (Ph.D., ‘14), now a professor in the Allen School and co-director of the Security and Privacy Research Lab with Kohno. “I had recently decided to switch my focus from computer architecture to security, after discovering that I really liked the ‘security mindset’ of challenging assumptions in designs. This experience and this paper essentially launched my security research career.”

Koscher (Ph.D., ‘14), who has since returned to his old Seattle stomping ground as a research scientist after completing a postdoc at UCSD, was the lead Ph.D. researcher on the UW side.

“We really were one team, and there was definitely enough work to keep everyone on both sides busy.” Koscher recalled. “We at UW would attack a problem from one direction, while the folks at UCSD attacked it from another. Each side brought the puzzle pieces to complete the other.”

Among the puzzles the team needed to piece together was how to access one or more of a vehicle’s electronic control units (ECUs) — the collection of independent computers that communicate across multiple internal networks. At the time, it was estimated that the average luxury sedan contained as many as 70 ECUs running over 150 megabytes of code. This did not comprise the totality of the potential attack surface of a vehicle, however; additional entry points came in the form of the federally-mandated onboard diagnostic system, optional short-range wireless capabilities such as Bluetooth, and telematics such as OnStar with its long-range cellular radio link.

Beginning with 2008 models, all cars sold in the United States were required to implement the Controller Area Network (CAN) bus for diagnostics — making it the dominant in-car communication network not only for GM, but also other major manufacturers such as Ford, BMW, Honda, and Volkswagen. To facilitate the full range of exploits they wanted to explore, Koscher and the team developed CarShark, a custom CAN bus analyzer and packet injection tool. 

Using this approach, the team determined that weaknesses in the underlying CAN protocol meant that, by infiltrating almost any one of the vehicle’s ECUs, an attacker would be able to leverage that access to circumvent a broad array of safety-critical systems. In a series of experiments, both in the lab and on the road, the researchers demonstrated the ability to control a variety of vehicle functions while overriding or disabling driver input. They also examined scenarios in which malicious actors could exploit multiple components in a composite attack, including using the telematics unit to bridge multiple ECUs and to inject or wipe malicious code.

Czeskis (Ph.D., ‘13), who is currently a Staff Software Engineer at Google focused on authentication, identity, and protection of high-risk users, recalled both the audacity and novelty of what he and his fellow students were doing — particularly when it came to testing.

“We had to verify that our hypotheses and techniques would hold outside of the lab setting,” he explained. “That meant we often had to drive the car up to the computer science building, lift it on jack stands, and then repeatedly rev the engine and honk the horn for extended periods of time while puzzled students walked by.

“We also needed to test our techniques in a safe, real-world setting, so we took our car to a decommissioned airstrip,” he continued. “That involved signing a waiver acknowledging the ‘possibility of death’ as a graduate student while working on this project! Of course, we had appropriate safety precautions in place. As a motorcycle rider with protective equipment and perhaps a higher tolerance for risk than other members of the team, I ended up being the test driver at the airstrip and other test environments.”

The results of those tests ranged from annoying to downright alarming. For example, the team found through its stationary testing that it could gain control of the radio to deliver audible clicks and chimes at arbitrary intervals. The researchers also gained full control of the Instrument Panel Cluster (IPC), including the speedometer, fuel gauge and other displays, to deliver a message to a hypothetical driver that they had been “Pwned by CarShark.” The team found additional ways to interfere with functions that could compromise driver and passenger safety through an ECU called the Body Control Module. These included locking and unlocking the doors, adjusting or disabling the interior and exterior lighting, operating the windshield wipers, and engaging in the aforementioned horn honking. 

While all this sounds frightening enough while stationary, the team demonstrated that they could do these things while the car was moving at 40 miles per hour. They also broke into the Engine Control Module which, as the name suggests, gave them control over the vehicle’s engine. Once they gained access to the ECM, the researchers were able to temporarily boost engine RPM, and even disable the engine completely. But the researchers didn’t stop there; they also infiltrated the Electronic Brake Control Module. That enabled them to lock individual brakes or sets of brakes — a capability they later demonstrated to great effect in a CBS “60 Minutes” segment featuring correspondent Lesley Stahl behind the wheel. They could also release the brakes and then prevent them from subsequently being enabled.

The team knew they were onto something big, but it took a while to figure out who they could go to with their findings. “When we started, we didn’t even know how to get in touch with the right people — if they even existed — at the manufacturer,” Koscher recalled. “It took the industry by complete surprise.”

They eventually did find the right people at GM, opting to initially share their findings directly with the company while declining to “name and shame” them in the paper released to IEEE Symposium on S&P and the public.

“It was clear to us that these vulnerabilities stemmed primarily from the architecture of the modern automobile, not from design decisions made by any single manufacturer,” Kohno explained. “It later came out that our model was from GM, but it was never just about GM. Like so much that we encounter in the security field, this was an industry-wide issue that would require industry-wide solutions.”

Those solutions, which can be directly traced to the UW and UCSD collaboration, include new standards for motor vehicle security, guidelines for original equipment manufacturers (OEMs), and the creation of the Electronic Systems Safety Research Division at the National Highway Traffic Safety Administration. And the impact of the team’s work continues to be felt to this day.

“I think it was a bit unexpected how impactful this work would be,” Koscher said. “Yoshi’s previous work included exploring vulnerabilities in pacemakers and voting machines, but progress had been slow in those industries. It wasn’t clear that automobiles would be any different.

“But it turned out this time was different. Shortly after disclosing the vulnerabilities we found, GM appointed a VP of product security to lead a new division of over 100 employees solely focused on improving the security of their vehicles,” he continued. “In 2012, DARPA announced their $60M+ High-Assurance Cyber Military Systems (HACMS) project, partially inspired by our work. The following year, industry security researchers began to replicate our work. But I think it finally hit me when DEF CON, the world’s largest hacker conference, introduced their Car Hacking Village in 2014.”

In addition to transforming an existing industry, the team’s work has also generated an entirely new one. “Our project spawned dozens of startup companies — and hundreds of jobs — focused on automobile security,” Savage noted.

Following the conclusion of the project, McCoy went on to join the faculty of New York University, while Shacham later left UCSD to join the faculty of the University of Texas at Austin. Anderson launched his own firm, Daniel Anderson Software Consulting, focused on creating independent iOS apps. Kantor later retired from UCSD after more than 30 years of service. He passed away last year.

“This work was really visionary at the time, and it proved to be a game-changer for industry, government, and academia,” Kohno concluded. “I like to think that was due to the high quality of the work, and how thoughtful we were in its execution.”

The team was formally honored today for that quality and execution in a virtual award ceremony during the IEEE Symposium on S&P 2020 online. Read the research paper here, view the team’s award acceptance here, check out the UCSD announcement here, and learn more about this and related work on the CAESS website here.

Congratulations to the entire team!

Read more →

Allen School professor Franziska Roesner has earned an Undergraduate Research Mentor Award from the University of Washington. This honor recognizes her commitment to guiding undergraduate researchers to achieve success as research scholars. Students presenting their work at the annual Undergraduate Research Symposium were invited to nominate their mentors for this award and a committee selected the honorees. This year, five out of 188 nominated mentors were chosen. 

Roesner, co-director of the Security and Privacy Research Lab, mentors eight undergraduate researchers on her team. Savanna Yee, a fifth year undergraduate in the lab, said Roesner’s affable personality made working in the lab less intimidating. 

“Franzi is wonderful to work with. She’s very approachable, and really cares about prioritizing the goals of the undergrad students and makes sure to check in with us frequently,” Yee said. “When I first started working with Franzi I didn’t expect to have so much direct contact with a faculty member, but I am so glad that she makes time to check in with us and really get to know us as individuals. Franzi is honest, and open about her imperfections and struggles, and I really appreciate this because sometimes, when working with an expert leader in a field, we hold them up on a pedestal. But Franzi is so real about being a regular person, and this makes me very comfortable.”

Roesner attributes her passion for undergraduate research mentorship to her own early exposure to it at the University of Texas at Austin, from her professor at the time, Doug Burger. 

“The only reason that my own career even followed this path is because I had an amazing undergraduate research mentor, so I am trying to pay it forward,” she said.

Kimberly Ruth, who is also a fifth year senior in the Security and Privacy Research Lab, said Roesner’s support is inspiring.

“Franzi is an extraordinarily supportive mentor. She empowers me to be a meaningful contributor in project planning and implementation, giving me ample room to grow and contribute. Her communication is always clear, prompt, and friendly,” Ruth said. “Even amidst a busy faculty schedule, she always takes time to comment thoughtfully on works in progress: anything from a brainstormed list of ideas to a section of an academic paper in preparation to a research scholarship application essay. With her guidance and feedback, I’ve taken on increasing levels of autonomy and responsibility in my work, becoming increasingly self-sufficient and skilled as a young researcher. She’s given helpful advice at career decision points I’ve faced, sharing anecdotes that advise and reassure. I feel incredibly lucky to have Franzi as my mentor.”

Roesner, whose research spans a number of projects related to privacy and security in emerging technologies, said that developing research proficiency as an undergraduate is invaluable.  

“I think the skills you learn in doing research are valuable beyond that specific field, or even a research-focused career path,” Roesner said. “You learn how to identify important problems, how to make concrete progress in the face of vast uncertainty about where to even begin or how to evaluate success, how to pick up new skills and knowledge as needed to solve your problem, how to collaborate and ask questions, how to grow from failure, and so on.”

Provost Mark Richards and Dean and Vice Provost for Undergraduate Academic Affairs Ed Taylor recognized the awardees in a recorded video message today before this year’s virtual symposium. 

Congratulations, Franzi — and thank you for being an extraordinary mentor to our students!

Read more →

Allen School research professor Yuliang Wang received the Jaconnette L. Tietze Young Scientist Award from the John H. Tietze Foundation Trust for his work on novel approaches for identifying and restoring intercellular communication in diseases affecting complex tissues such as the heart, kidney, and brain. The award is administered by the University of Washington’s Institute for Stem Cell & Regenerative Medicine (ISCRM), where Wang is a core faculty member, to recognize and support junior faculty conducting stand-out research related to stem or progenitor cell biology or therapies.

Wang’s research focuses at the intersection of computation and biology, integrating multi-omic data (transcriptomics, epigenomics, metabolomics) and network modeling to understand how the metabolic and signaling network states influence stem cell differentiation and tissue development. For his latest project, Wang is exploring new and efficient techniques for capturing intercellular “whispers” — the complex communication between diverse cell types that enable the proper function of organs such as the heart and kidneys — to understand how they are affected by diseases. The project combines concepts from information theory, such as KL divergence, and single cell transcriptomics, which measures gene expression for thousands of genes found in individual cells across 10,000 or more cells simultaneously. 

Single cell transcriptomics enables researchers to identify novel cell types and marker genes as well as uncover the developmental trajectories of individual cell types. Wang is interested in going beyond the analysis of individual cell types to uncover the ligand-receptor interactions that connect different cell types. To that end, he and his team introduced talklr, short for “intercellular crossTALK mediated by Ligand-Receptors.” Talklr identifies and prioritizes ligand-receptor pairings that display distinct expression patterns across interacting cell types, and then infers whether their transcriptional targets are activated. By applying KL divergence, talklr simultaneously considers the expression distributions of both the ligand and receptor genes across all interacting cell types and conditions. This approach enables talklr to capture one-to-many and many-to-many cell type interactions that previous computational methods may miss. It also allows talklr to factor in the context-dependence of gene expression changes in one cell type associated with expression levels in another cell type when determining whether such changes are biologically significant.

Wang aims to make talklr widely accessible to researchers without programming experience and to enable easy integration into existing lab workflows. He hopes one outcome of this work will be new targeted pharmacological interventions for restoring essential intercellular communication where normal cell function has been disrupted through disease.

”By applying advanced computational methods like talklr to single cell gene expression analysis, we will gain new insights into how interactions between different cell types affect disease and developmental processes,” explained Wang. “If we can better understand the impact of these intercellular communications on complex tissue structures, that knowledge could potentially lead to new therapeutics for helping to restore proper organ function in patients.”

Wang joined the UW faculty in 2016 after spending two years as a senior research associate in the Computational Biology program at Oregon Health & Science University. Before that, he completed a postdoc at Sage Bionetworks in Seattle. Wang earned his Ph.D. in Chemical and Biomolecular Engineering and a master’s in Applied Statistics from the University of Illinois at Urbana-Champaign in 2013.

Read the ISCRM announcement here.

Congratulations, Yuliang!

Read more →

Four Allen School undergraduates — Andrew Hu, Jenny Liang, Parker Ruth and Savanna Yee — have been selected for the 2020 class of the Husky 100. Each year, the Husky 100 program honors 100 University of Washington students across its three campuses , in a variety of disciplines, who are making the most of their time as Huskies to have a positive impact on the UW community. 

Andrew Hu

Andrew Hu is a senior majoring in computer science and education, communities and organizations, the first at the UW to combine the two. His education classes taught him to focus on relationships, empathy, equity and allyship and how to incorporate those into computer science. Last summer he worked on a research project in the iSchool with informatics chair and Allen School adjunct professor Amy Ko, creating a class that allowed students to explore what interests them and see how it might be connected to computing. Over the past year, he has been interning at Code.org, a nonprofit dedicated to providing equitable access to K-12 computer education.   

This fall Hu will be starting a Ph.D. program in educational psychology at Michigan State University, researching professional development for K-12 CS teachers, and intends to build a career in helping K-12 students get equitable access to computer science. 

“I see myself as someone who can bridge the communities of CS and education,” Hu said. “Using my background as a teacher and a researcher, I aim to prepare future generations of CS teachers in K-12 by working in teacher preparation, curriculum development and policy.”

Jenny Liang

Jenny Liang is a senior majoring in computer science and informatics. Her academic career began with a passion for engineering and solving ambiguous problems through technology. With six successful internships across Microsoft, Apple and Uber, her skills and experience in software development were shaping her future career. 

After encountering some personal setbacks and working through adversity with the help of supportive friends and student groups, Liang’s focus became more encompassing. While continuing to strengthen her technical skills, she has also focused on building her people skills, working hard to empower others as a compassionate TA, a member of the Allen School’s Student Advisory Council, and her continued work as a  UW Residence Education Programmer. Liang has also worked with Ko in CS education, developing programming strategies which focuses on how they may help build software developers’ skills. And she served underrepresented communities, by working in the Information and Communication Technology for Development Lab, studying the viability of community-maintained Long Term Evolution (LTE) networks in rural areas in Indonesia and Mexico.

“My Husky Experience has transformed me from an engineer to a human-centered technologist who uplifts her community through compassion and technology expertise,” Liang said. “My background in leading tech teams and interning at Microsoft, Apple, and Uber has helped me build technical expertise, which in turn makes me a better computer science teaching assistant, Allen School community leader, and researcher who studies technology for social good.”

Parker Ruth

Parker Ruth is a fourth year student majoring in computer engineering and bioengineering and is part of the university’s interdisciplinary honors program. Throughout his academic career, Ruth has explored the application of computing tools to improve the quality and accessibility of health care, working with  bioengineering professor Barry Lutz and conducting research in the Allen School’s Ubicomp Lab with professor Shwetak Patel. Ruth’s work with Lutz’s group involved automating rapid tests for HIV drug resistance. His Ubicomp projects are focused on sensing and signal processing techniques for screening and diagnosing diseases using commodity and mobile technology. Ruth’s research includes projects to create tools that help with cardiovascular health, osteoporosis and physical activity monitoring. 

Outside of the lab, Ruth founded the BioExplore club, where students could come together and discuss research, host events and encourage freshmen and sophomores to get involved in research. In his research, he serves as a mentor to two other undergraduates and two high school students, and is writing a book to help students in a signal processing course in bioengineering. 

“As an engineer and researcher, I work to develop technologies that use novel hardware and software to expand access to healthcare,” Ruth said. “Research has transformed my Husky Experience by connecting me with communities in need and applying knowledge from my computer engineering and bioengineering courses. Through mentorship, teaching and service, I am sharing my passion for research with other students so that they can make the most of their Husky Experiences.”

Savanna Yee

Savanna Yee is a computer science and informatics major with a focus on human-centered interaction and is in the interdisciplinary honors program. She is in her fifth year as an undergraduate and starting the B.S./M.S. program. She has had four internships, with two more coming up and has worked as a TA and as a researcher in the Security and Privacy Lab for more than a year.

While serving as a mentor/tutor on the Pipeline Project, Yee learned to be a more empathetic leader. After a tragic loss during her junior year, she used what she learned from working through her pain to help others. Reflecting on her own vulnerability, Yee reached out to the Allen School community to encourage everyone to be more open about their own struggles. She created a panel discussion where students, staff and faculty of the Allen School could talk about their failures and vulnerabilities and how they overcame the obstacles. She also joined Unite UW, an organization helping to build a bridge between domestic and international students. She volunteers as a peer advisor in the Allen School, serves on the student advisory council and was an officer last year for the UW Association for Computing Machinery for Women.

“Mentor, maker, teacher, performer, advisor, advocate, researcher, event organizer. I’ve constantly lost and found myself here, uncertainty is something I’ve learned not to fear,” Yee said poetically. “Here I’ve gained new perspectives, been inspired by brilliance, opened up about depression, healing, resilience. U-Dub has fueled my interdisciplinary mind, always enticing me with more connections to find. By combining technology, ethics, wellbeing, and art, this is how I’ll empower people–or at least how I’ll start.”

Read more about the class of 2020 class of the Husky 100 and the about previous Allen School honorees in 2019, 2018, 2017 and 2016. A total of 14 Allen School students have been recognized as part of the Husky 100 program since its launch in 2016.

Congratulations to Andrew, Jenny, Parker and Savanna — and thank you for all of your contributions to the Allen School and the UW! 

Read more →

Earlier this month, the Allen School commemorated Women’s Research Day, an annual event that celebrates the research contributions of women and nonbinary people in the school and the greater Seattle area. While this year’s event was compelled to move from the Allen Center atrium to Zoom due to COVID-19, the online format didn’t dampen participants’ enthusiasm for the program. Allen School professor emerita Susan Eggers, professor and director Magdalena Balazinska, and a virtual poster session in which undergraduate and graduate students shared their latest research, still took place as planned.

“Overall, things went fairly smoothly aside from a few technology hiccups on the day of,” said Allen School Ph.D. student and organizer Emily Furst. “We had a lot of great participation and questions during all of the sessions, and I think it might have been one of our highest turnouts ever. One great thing was that we had a really high turnout of the high school seniors who have received direct admission into the major this year. We try to invite them most years, but due to the event being virtual, they were able to attend from all over.”

During her questions and answers sesssion, Balazinska was asked about her background, advice on research, and advice to students just starting in the CSE major.

“When you’re choosing which classes to take, choose the ones you think will be the most exciting and important,” she said. “Never shy away from classes because you think they’re too hard. Now is the time to learn because it’s easier in the classroom than finding other ways. Be brave, take those classes, don’t just do the bare minimum to get by.”

Participants also heard from one of the leading researchers in computer architecture. Eggers, who joined the University of Washington faculty in 1989, delivered the keynote lecture in which she spoke about her work and what it was like to be among the roughly one percent of computer architects who were female when she entered the field. During her talk, Eggers shared her experience as one of the lead developers of the first commercially viable multithreaded architecture, Simultaneous Multithreading, which was adopted by Intel, IBM, Sun and others and earned her team both the 2010 and 2011 Test of Time Awards from the International Symposium on Computer Architecture (ISCA). 

“I’ve had a lot of wonderful mentors but I also made sure to pass it on,” Eggers said about being a mentor herself. “As far as I can tell, women in academia do this, mentor women behind us in computer science. We pay it back, we don’t just take it.”

As the first woman ever to receive the Association for Computing Machinery and IEEE Computer Society’s Eckert-Mauchly Award, in 2018, Eggers told her virtual audience that during her acceptance speech she thanked the committee for breaking another professional glass ceiling. She spoke of her research highlights, then gave the high school students, undergrads, graduate students and industry attendees, advice on working in a field predominantly populated by men.

Eggers’ talk fit in with the purpose of the day, which as Furst explained, is to give women and non-binary people in the school community an opportunity to make connections with other researchers and learn from them.

“Whether that be undergrads finding grad students to work with or grad students making more connections with industry researchers,” she said. “It’s also a great event for the direct admits and undergrads to learn more about research in general and the different areas of research within computer science.”

While Furst hopes that next year’s event will once again be held in person, she also thinks future programs could incorporate more virtual aspects  based on the success of this year’s event.

“Regardless of the exact format, our goal will always be to make the event a welcoming space where everyone feels comfortable participating and asking questions,” she said.

Videos of the 2020 Women’s Research Day can be viewed on the Allen School’s YouTube channel here. 

Read more →

Jungo Kasai, a Ph.D. student working with Allen School professor Noah Smith on natural language processing (NLP), has been named a 2020 IBM Ph.D. Fellow. Kasai, who is one of only 24 students from a total of 140 universities around the world to be selected for a fellowship, was recognized in the “Artificial Intelligence/Cognitive Computing” category for his focus on the problem of cross-lingual transfer. 

Deep learning has made incredible gains for NLP, but most of the research efforts have been focused on the English language. Real-world applications of NLP need to include a diverse set of languages. Kasai’s work questions whether or not we can exploit annotated data for “rich” languages like English to improve the accuracy of NLP components for other languages as well.

“My fundamental hypothesis is that different natural languages manifest similar characteristics which can be exploited by deep learning models and their distributed representations,” said Kasai. “I want to provide further support for this hypothesis by improving representation learning for diverse languages and ultimately to make contributions toward massively multilingual processing in the real world.” 

So far, his research — which he is pursuing in collaboration with Allen School Ph.D. student Phoebe Mulcaire — is proving that hypothesis to be true. The team has  worked to develop methods to produce multilingual representations from a large amount of monolingual data without extra annotation. They then created a multi-language program that models probability distribution over diverse languages and uses the distributed representations for any downstream task.

Kasai and Mulcaire published two papers last year showing that artificial intelligence models can be effectively expanded to many languages with little or even no labeled training data. The first paper, which the team presented at the 2019 conference of the North American Chapter of the Association for Computational Linguistics (NAACL), described Rosita. Rosita is a method for producing multilingual contextual word representations by training a single language model on text from multiple languages, such as English and Arabic or English and Chinese. The results showed the benefits of polyglot learning, in which representations are shared across multiple languages.

The second paper, presented at the 2019 conference of the ACL Special Interest Group on Natural Language Learning (CoNLL), takes their work even further, showing that the models can translate languages with complex language structures to those with more simplistic structures — or even none at all.

“Jungo and Phoebe’s paper delves into parsing and shows substantial gains in truly low-resource scenarios, including zero-shot parsing — i.e., learn only from English or another helper language — test it on sentences in a language with no training treebank at all,” said Smith. “The team’s work goes well beyond most publications in our field these days, which reveal new state-of-the-art scores on established benchmark tasks, and introduced an innovative technique for probing why the model works. I’m very proud of this work and Jungo’s contributions, which I believe will generate a lot of excitement and follow-on by others.”

Kasai is looking forward to meeting the other Ph.D. fellows and working with IBM.

“I believe working with industry is a great way to see my Ph.D. research on multilingual NLP and machine translation from different perspectives and to put research into practice,” he said. 

Congratulations Jungo — and thanks to IBM for generously supporting student research!  

Read more →

Emerging technologies like augmented and mixed reality have the potential to transform the way we experience the world and interact with each other. But like most technologies that, in their infancy, opened up exciting new avenues of engagement — the web, mobile phones, social networks, and so on — mixed reality also has a potential dark side. And it’s one that is made even more fraught by the interplay between the physical and virtual world. 

To encourage developers of these emerging technologies to employ a privacy and safeguard mindset early on, Allen School professors Tadayoshi Kohno and Franziska Roesner organized a summit last November that brought together representatives of academia and industry. The goal was two-fold: identify potential threats to user privacy, security and safety posed by augmented and mixed reality (AR/MR), and come up with a framework to guide designers and developers in addressing those threats.

With the birth of previous technologies, the world mostly charged full steam ahead, with security and privacy relegated to playing catch-up. This time, according to Roesner, there is widespread interest in addressing potential issues proactively rather than reactively.

“Augmented and mixed reality technologies are unique in their ability to impact a user’s perceptions of and interactions with the physical world compared to other technologies, so the associated risks are fundamentally different from those technologies, too,” explained Roesner, who co-directs the Security and Privacy Research Laboratory at the University of Washington with Kohno. “Last fall, we got together with other security researchers and industry representatives to explore a set of questions that creators of AR/MR technologies should be asking to address user privacy, security, and safety from the start.”

Last week, summit contributors released a report laying out a comprehensive set of issues that should be considered when developing mixed reality hardware, platforms and applications. The report starts by acknowledging what could go right with mixed reality technologies — primarily, the variety of desirable features and functionality that will benefit users and society by enabling people to overcome human limitations of time and space, and in ways that are accessible to everyone regardless of physical, financial, or other capacities. 

But to realize this vision, the authors note, researchers and the industry have to work together to address what could go wrong. Examples range from exposure to undesirable content, to excessive or overly invasive advertising, to actual physical or psychological harm. Unlike other technologies that only capture snippets of a person’s life here and there — a credit card company knows your shopping habits, a health insurance company sees what tests your doctor runs — mixed reality platforms have the potential to build a much more complete picture of a user.

“The potential of MR devices to collect and infer incredibly sensitive information about users compels us to develop platforms that give users the ability to get the benefits of MR without having to hand over a deeply personal picture of themselves and their environment,” said co-author Blair MacIntyre, a principal research scientist at Mozilla and professor at Georgia Institute of Technology’s School of Interactive Computing. “Once this data is out there, it can’t be pulled back, and MR should be available to everyone, not just those willing to ignore the potential downsides of sharing such information.”

Industry has a strong motivation to get these issues right, even at this early stage. As the report points out, just one negative incident that results in actual harm to a user or users could represent an “existential threat” to the industry by discouraging adoption and prompting well-intentioned but overly prescriptive regulation that could stifle future innovation and growth. There are past examples to draw upon, such as the outcry against autonomous vehicles — and the companies developing them — following the death of a pedestrian. In that case, the software in one vehicle failed to correctly register the person’s presence in the road. The incident prompted a federal investigation and compelled several companies to temporarily put the brakes on testing their vehicles on public roadways.

The authors of the report propose that designers apply a threat-modeling approach often used in security and privacy research. This enables stakeholders to systematically consider which assets require protection in the system, along with how and to which adversaries that system might be vulnerable. The report offers a “fill in the blanks” framework to aid discussion of the potential risks and harms — along with the potential benefits — of mixed reality platforms and applications. The goal is to support designers, engineers, researchers, and policymakers as they work through these issues together, to strike the right balance between user security, functionality, and the industry’s ability to innovate.

One of the big issues that the group considered using the threat-modeling approach is how to manage the interaction of virtual content overlaid on the physical world. The group considered questions surrounding the appearance of undesirable content, whether in the form of advertising plastered everywhere, content that is age-inappropriate for children, or content that is disturbing or harassing to an individual. Other questions arose regarding whether virtual content would be allowed to block real-world content in ways that the user would find disruptive, or if content from multiple sources would be permitted to interfere with each other.

There is also the matter of who has access and can alter content that someone else has created in virtual space. In one high-profile example, an augmented reality artwork titled “AR Balloon Dog” was “vandalized” — or rather, a copy was vandalized and superimposed over the original’s geolocation — by a group of artists protesting the notion of corporations monetizing digital art. The original was created by artist Jeff Koons as part of a 2017 collaboration with Snapchat. The incident raised a variety of questions regarding the ownership of virtual objects, whether they should be treated the same as their real-world analogs in physical space, and whether the act even constituted vandalism, given that the virtual object in question was a copy of another virtual object. 

Members of the UW lab have explored this issue before, inspired in part by the saga of AR Balloon Dog. Last year, Roesner and Kohno worked with undergraduate researcher Kimberly Ruth to release ShareAR, a toolkit that enables developers to build fully functional, multi-user AR applications that permit secure content sharing. That was the start of a more robust conversation around how to design platforms and apps that provide users a measure of control, but the researchers acknowledge that there are issues that need to be resolved that go beyond technology.

“In the physical world, if someone vandalized a painting or structure of historical significance, that person would get arrested. A person who posts offensive or trademarked content online would have that content moderated,” noted Roesner. “But those frameworks don’t exist — not yet, anyway — in the virtual world. Many questions around jurisdiction and enforcement, along with issues regarding ownership, attribution or trademark, are yet to be answered.”

There is also the matter of translating societal norms and the types of behavior we deem acceptable in our day-to-day interactions from the physical world to the virtual one. According to Kohno, it is a significant challenge — one made all the more complicated by the fact that the virtual world transcends the physical world’s cultural and geopolitical boundaries.

“This discussion raises a host of issues around how to apply rules that are ingrained in our social fabric into virtual space,” noted Kohno. “In the physical world, it would not be acceptable for someone to put a ‘kick me’ sign on someone’s back. That would violate our notion of personal space and autonomy. But how do we deal with that in a virtual world?”

In this and similar scenarios, Kohno explained, designers might consider what limitations or tools they can provide to prevent offensive content altogether and/or enable users to remove content they find offensive when it appears.

“Perhaps I am not allowed to alter another person’s avatar, because we have decided that is a core tenet of virtual space. Or perhaps we are friends and so you give me permission to alter your avatar, but the platform’s built-in controls allow you to remove alterations that you don’t like,” Kohno mused. “At the summit we discussed a  ‘Bill of Rights’ governing digital spaces, to articulate what people can expect to be able to do and expect to have done to them. What we’ve done with this report is try to provide the scaffolding for the industry to consider the privacy and security issues raised by these platforms and to make conscious decisions about what rules and safeguards they need to incorporate into their design.”

A Bill of Rights, usable controls, and the aforementioned threat modeling are just a few of the potential solutions participants considered during the summit. Other avenues for exploration include early identification of trustworthy and responsible entities, the development of industry standards, support for application developers along the lines of ShareAR that make it easy for them to build security into their products, and — when the time is right — thoughtful regulatory and policy frameworks that will underpin user trust while reflecting the richness and complexity of augmented and mixed reality.

“The summit provided an opportunity for stakeholders to come together and have a collaborative conversation and forge a common language in which we can discuss these issues,” Roesner said. “With this report, we are taking a first step toward enabling a more holistic approach to important questions about security and privacy within this brave, new world that is being created.”

The Security and Privacy Research Laboratory was an early proponent of mixed reality security and privacy. In 2012, Kohno and Roesner co-authored a paper with security researcher David Molnar, then at Microsoft Research, laying out the privacy and security research challenges and new opportunities associated with emerging AR technologies. Two years later, Kohno and Roesner contributed to a primer on AR released by the UW’s Tech Policy Lab that was shared widely with policy makers to inform them about the still-nascent industry, its potential benefits, and associated pitfalls in relation to privacy, distraction and discrimination. That was followed by a series of papers in which the researchers applied what they had learned to supporting AR privacy and security more directly.

“A principled approach to user privacy and security will be a catalyst for innovation and widespread adoption, not an obstacle,” concluded Roesner. “We may still be playing catch-up when it comes to more mature technologies, but with AR/MR, we have an opportunity to build a virtual world that is safe and enjoyable for everyone almost from the ground up.”

The 2019 Industry-Academia Summit on Mixed Reality Security, Privacy, and Safety was co-funded by the UW Security and Privacy Research Lab and the UW Reality Lab. Read the full report here.

Read more →

Our latest Allen School undergraduate student spotlight features Aerin Malana, a sophomore from Kent, Washington, majoring in computer science with a diversity minor. Malana has a passion for advocacy and equity, specifically in tech, and has become a leader in inclusivity at the Allen School. She serves as vice chair of the Association for Computing Machinery for Women (ACM-W) and has co-founded Gen1, an organization for first generation Allen School students. Despite the fact that the University of Washington has moved classes online due to COVID-19, Malana is still actively engaged with both groups, using video conferencing to continue programming for ACM-W and preparing for the rollout of Gen1 in the fall quarter.

Allen School: What do you enjoy about being in ACM-W and what motivated you to become vice chair?

Aerin Malana: Being in ACM-W was a great starting point for my involvement in the Allen School, as it intersected with my interest in advocacy for diversity in tech. I get to work with a great group of women; we all encourage each other to remember our mission of advocating for diversity in tech, as well as to always be the best we can be. I became an associate officer for ACM-W halfway through my freshman year. The experiences I gained and the people I met in my first year through ACM-W not only helped me to further my passion for advocacy, but also helped me to understand how amazingly complex our Allen School community is. I decided to come back this year as Vice Chair, where I could take on a bigger leadership role in the organization. 

Allen School: In that leadership role, what are some goals you hope to accomplish? 

AM: I hope to help ACM-W push for more awareness and increase advocacy for issues that gender minorities face in tech (women, nonbinary folx, etc.). We really aim to help community members question certain biases we’ve grown accustomed to socially and how we can undo those biases in ourselves and in our communities. I also hope to help more of our community members understand the concept of intersectionality and how that plays into each of our experiences with the world and each other. It’s important that we all understand that aspects of our identity (race, gender, sexual orientation, ability, economic class, etc.) do not operate separately, rather they intersect, overlap, and impact you, as an individual, as well as how you interact in institutions. 

Allen School: How do you hope to make computer science more diverse and inclusive, and how is your diversity minor helping you to do that?

AM: While there has been an increase of women, people of color, and other marginalized communities in our institutions, there is often a lack of support for them and a lack of effort to retain them in these spaces. It’s important for all of us to ask the question of why that is. Why isn’t our department or workforce a true reflection of our people? Why aren’t the resources that lead to success truly accessible to everyone? Do the amazing things we build reflect the people that use these things and the people that will be affected by them? If the answer is no, we have to understand why that is and the many active ways we can include every single voice and identity into these institutions and amplify them.

I’m hoping to make diversity and inclusivity more of a focal point in computer science by giving opportunities for the Allen School community to understand how it impacts everything they do, from the way they write code to the way they speak with fellow CSE students. In ACM-W, we have so many events to help students understand diversity in their space: quarterly diversity discussions, allyship panels, impostor syndrome talks, etc. I’m also hoping to make diversity and inclusivity more of a focal point by helping others understand where prejudices and biases in our field come from and how we can be aware of our biases.

My diversity minor helps me in understanding the institutions our everyday life is founded on, how they are intrinsically linked to the marginalization of certain communities, and how I can apply that knowledge specifically to computer science, where our work impacts everyone. 

Allen School: You’re also forming an Allen School organization for first generation students, Gen1. Why is this important to you?

AM: When I first came to UW, I was the only person in my circle of friends and acquaintances that identified as first gen; I was the first in my family to pursue a Bachelor’s degree in the U.S. It wasn’t until an entire year later, when I had a conversation with two of my friends who also identified as first gen, where I realized this community was there, it was just invisible.

We discussed the fact that there was a lack of resources and help for first generation students in a program where everyone is already connected to someone in industry or knows the ins and outs of this institution. They also felt like they were the only people in their entire social circle that were first gen, and it wasn’t until we started having active conversations surrounding this part of our identity that we realized we weren’t alone.

It’s so important for anyone to feel seen and to be heard. When you don’t have a visible community that you know is there for you and can help you succeed, it’s incredibly hard to keep up with others who don’t understand your struggle. It’s important to have a club for first generation students in the Allen School because I understand how hard it is to navigate an institution when you need to figure out everything for yourself, especially in the CSE community. There are so many others out there in the program that feel the same way but don’t know anyone else who shares their experience. With the creation of this club, we hope that we can build a visible community of amazing first gen students to share all of our experiences and support all of our ambitions.

Allen School: Why did you choose to study computer science?

AM: I didn’t necessarily choose computer science, I actually happened to stumble upon it. By the beginning of my senior year in high school, I knew I had to pick a major to apply to schools with. I had no clue what to do. I “flipped a coin” between another major and computer science, and luckily it landed on computer science. I applied to schools as a CS major very blindly, and it wasn’t until after application deadlines that I took my first programming class. Soon after, I fell in love with it. The combination of logical thinking, problem solving, and space for creativity and flexibility that CS offered interested me so much. 

Allen School: What do you like most about being in the Allen School?

AM: I enjoy so many things about this school, but I would have to say that I love the people the most. The staff and faculty of this school really love what they’re doing and it shows immensely. I absolutely love getting to work closely with lecturers, who further my passion for educating our communities, and working with advisers, who help affirm and push my drive to affect positive change in the program.

I also love getting to interact with my peers in the Allen School community. I get to learn so much from fellow students with different perspectives and I have the ability to create amazing things with them, both in the classroom and in the community.

Thanks to Aerin for her advocacy and her commitment to lifting up the voices of first gen students in our school! 

Read more →

Back in February — before the days of widespread flight cancelations, stay-at-home orders and mass Zoom meetings — a group of Allen School students who have a penchant for programming headed to Georgia Tech in Atlanta to do battle in the 2020 North American Championship of the International Collegiate Programming Contest (ICPC). The group, known as Team Combo, had cinched their spot by capturing fourth place in the Pacific Northwest Division 1 regionals the previous November.

It was the first year that ICPC held a North American competition in between regionals and the international competition — and the first time a UW team has faced off against student programmers from outside of their own region.

“The competition in Atlanta was intense, just as we expected,” said team member Phawin Prongpaophan, a junior majoring in computer science. “Despite the fact that the rules were the same — that is, we still had five hours to solve problems — it felt a lot different from the regional competition. The problems were significantly harder and every minute really counts toward the ranking in the nationals.”

The national contest brought together a total of 60 qualifying teams from 11 regional contests. Up for grabs were 18 spots in the world finals in Moscow, Russia. Prongpaophan was joined in Atlanta by sophomore Milin Kodnongbua and junior Nonthakit Chaiwong. The team was coached in both the regional and national competitions by second-year Ph.D. student Sorawee Porncharoenwase, who works with professor Emina Torlak in the Programming Languages & Software Engineering group (PLSE).

According to Porncharoenwase, the chance to participate in an event beyond the regional contest offered a lot of valuable lessons for future competitions, like how to improve the team’s time management. 

“We solved five problems out of 12, which is one too few from getting qualified for the world finals,” he said of his team, who finished in the middle of the pack, in 26th place. “They had an incorrect solution for the seventh problem, which, with a small tweak, would be correct. I think our team has a really high potential for next year.”

“One thing I learned from this journey is that teamwork is key to success,” said Prongpaophan. “The competition isn’t about anyone’s strength, but it is about how we deal with it together as a team. I believe we wouldn’t have made it this far without each other.”

Principal Lecturer Stuart Reges, the team’s faculty sponsor who teaches introductory programming courses in the Allen School, was thrilled by the team’s hard work and dedication. He said this year was especially exciting for both the students and coaches since ICPC added the North American component.

“This year marks the first time we have sent a team beyond our regional contest. Our region includes fierce competitors like Stanford, Berkeley, and UBC, which has kept us from qualifying for the international contest. With the addition of the new North American Championship we were finally able to break through,” said Reges. “We are grateful to Google for providing a tour of their campus to the teams that competed in the regional contest and I am personally grateful to our graduate students Sorawee Porncharoenwase and Victor Reis who did all of the work of hosting a local contest, taking teams to the regional, and helping this team attend the North American Championship.”

Another Allen School team, King Gesar, also placed in the top 10 at the Pacific Northwest regionals. Of the teams representing western Washington, UW teams occupied the top 5 spots in the regional competition. 

Way to go Team Combo, Team Gesar and all of the other hardworking UW teams! 

Read more →

Kimberly Ruth, a senior graduating from the University of Washington this spring with bachelor’s degrees in computer engineering and mathematics, has been awarded the College of Engineering’s Dean’s Medal for Academic Excellence. Each year, the college recognizes two graduating students for academic excellence; Ruth’s combination of exemplary grades, rigorous coursework, hands-on research experience, and leadership on campus and off illustrate why she was chosen for the honor.

“We have a very strong program and many of our students are remarkable, but Kimberly stands out even from this select group,” said Allen School director and professor Magdalena Balazinska. “Her drive, leadership, undergraduate research and academic excellence are admirable, and she has only reached the beginning of her potential.”

As a freshman in the Allen School, Ruth set her sights on research right away. During her first quarter on campus, she reached out to professors Tadayoshi Kohno and Franziska Roesner, co-directors of the Security and Privacy Research Lab. Although she had not been on campus very long, Kohno and Roesner decided to interview her for a position as an undergraduate researcher anyway.

“Though we met with several other promising undergraduates that day, we knew before our meeting with Kimberly even finished that she stood out far above the rest,” recalled Kohno. “She has now been working with us since January of 2016, and her work in the past four and a half years has only strengthened that initial impression.”

Ruth’s research focuses on security and privacy for augmented reality (AR) platforms. These emerging technologies, such as Microsoft’s HoloLens, generate visual and audio feedback to change a person’s perception of the real world. They also raise new privacy and security risks for users. While working in the Security and Privacy Research Lab, Ruth played a critical role in several research projects. In one project, Ruth worked with Ph.D. student Kiron Lebeck to design an AR operating system that can protect against malicious or buggy output from applications. Ruth was second author on the resulting paper, “Arya: Operating System Support for Securely Augmenting Reality,”  which appeared at the 38th IEEE  Symposium on Security and Privacy and was published in the IEEE Security and Privacy magazine in 2017. Ruth followed that up by co-authoring “Securing Augmented Reality Output,” and “Towards Security and Privacy for Multi-user Augmented Reality: Foundations with End Users” the following year.

But that wasn’t quite enough for Ruth, who has made the most of her undergraduate research experience. In June of 2017, she also began leading her own project in AR security, focusing on security for multiuser AR applications like the popular game Pokémon Go. The result was ShareAR, a toolkit that helps app developers build in collaborative and interactive features without sacrificing user privacy and security. Ruth and the team published their paper, “Secure Multi-User Content Sharing for Augmented Reality Applications,” last year at the 28th USENIX Security Symposium, where she presented the results.

“Kimberly’s work on this project was incredible. She independently raised, explored, prioritized, and answered a range of sophisticated research questions,” said Roesner. “She worked through design questions and implementation subtleties that were not only technically but also intellectually challenging—requiring thoughtful framing of the problem space and inventing new approaches.”

Outside of the lab, Ruth is also an adept teacher, helping her fellow students to succeed as a peer tutor for the Allen School’s Foundations in Computing course last year and inspiring the next generation through Go Figure, an initiative she founded to ignite middle school students’ interest in math.

“Kimberly is wholly deserving of all of the honors she has received, and I feel so privileged to have had the opportunity to work with her in this early stage of her career,” said Roesner. “I look forward to seeing all of the great things she will do in the future, whether in computer security research or otherwise.”

In addition to being a Dean’s Medalist, Ruth previously earned the Lisa Simonyi Prize, a 2018 Goldwater Scholarship (Kimberly’s brother Parker, also an extraordinary Allen School senior, received a Goldwater in 2020), finalist standing in the Computing Research Association’s Undergraduate Researcher Award competition in both 2018 and 2019, Washington Research Foundation Fellowships for 2017, 2018 and 2019, and most recently a 2020 National Science Foundation Graduate Fellowship Program. In 2018 she was recognized as a member of the Husky 100, which celebrates UW students who are making the most of their “Husky Experience.” This fall she’ll be pursuing her Ph.D. at Stanford, focusing on computer security and privacy.

Congratulations, Kimberly, and thank you for your commitment to excellence inside and outside of the Allen School!

Read more →