From the fall of 2015 to the summer of 2016 the UT Dallas Computer Science Department has seen a number of PhD students graduate and go on to jobs in prestigious universities, top tier research facilities, government, and numerous technology based companies.
Dr. Frederico Araujo, who this past May obtained his doctoral degree in Software Engineering at the Software Languages Security Lab at UT Dallas under the supervision of Dr. Kevin Hamlen, has received 12 tenure-track offers from U.S. universities, including universities in the top-40 nationwide. Of those universities, eight of them aggressively pursued Araujo. Ultimately, Dr. Araujo accepted a research position at IBM T.J. Watson, one of the most acclaimed computer science research facilities in the world. The center is the headquarters for IBM Research – the largest industrial research organization in the world, with 12 labs on six continents.
Araujo’s research employs scientific approaches to make software systems more secure and resilient against cyber threats, with a focus on leveraging language-based techniques to engineer applications with proactive and deceptive capabilities that degrade attackers’ methods and disrupt their reconnaissance efforts.
On May 31st, Araujo defended his dissertation entitled, “Engineering Cyber-Deceptive Software.” His dissertation proposes language-based software cyber deception as a new discipline of study, and introduces five representative technologies in this domain including honey-patching, process image secret redaction, deception-enhanced intrusion detection, deception as a service in the cloud, and moving target deception. His experiments indicated that software cyber deception can be effectively realized for large, production-level software networks and architectures–often with minimal developmental effort and performance overheads. Language-based cyber deception is therefore concluded to be a low-cost, high-reward, yet heretofore largely unexplored methodology for raising attacker risk and uncertainty, toward leveling the longstanding asymmetry between attackers and defenders in cyber warfare battlefields.
We spoke with Dr. Araujo to learn more about him, his research, his time at UT Dallas, and his plans for the future.
Q: What is your primary area of research? I read that you graduated with a PhD in Software Engineering and worked with Dr. Hamlen in the field of cyber security. Please explain.
A: I completed my Ph.D. degree in Software Engineering at UTD, working under the supervision of Dr. Kevin Hamlen in the field of cyber security. My research seeks ways to make software systems more secure and resilient against cyber threats, with a focus on leveraging language-based techniques such as compilers and program analysis to engineer applications with deceptive attack-response capabilities that degrade attackers’ methods and disrupt their reconnaissance efforts.
Q: What made you decide to pursue a PhD?
A: There is something fascinating about the process of discovery, which includes the pursuit of new knowledge and the solution of difficult problems. I decided to pursue a PhD because I wanted to continue fostering my curiosity and passion for learning, while being able to make meaningful contributions through the creation of new technologies to address societal problems and improve people’s lives.
Q: Why did you choose to pursue your PhD at UT Dallas?
A: I chose UT Dallas because it has one of the largest and most comprehensive CS departments in the US, boasting an impressive research track record and excellent professors.
Q: Do you have any advice to future students who wish to obtain a PhD at the UT Dallas Computer Science department?
A: I think it is important to take the time to get to know the department, its faculty, and their fields of expertise, and find a research area that truly impassions you; things become much easier if you combine great supervision, hard work, and passion. From my own experience, it is very important to develop excellent written and verbal communication skills. These will benefit you throughout your educational and professional careers. For students nearing graduation, being able to find connections and articulate their technical contributions to a broad audience (including people outside CS) can greatly improve their chances of attracting other people’s attention to their research and landing a great job.
Q: During your time studying at UT Dallas, in what other projects did you take part?
A: While at UT Dallas, I was involved in CS diversity projects such as the Women in Cyber security Conference (WiCyS), and CS education outreach activities such as the Texas Security Awareness Week (TexSAW), TCEA Statewide Programming Contest, and the Hour of Code, where I taught computer programming classes to K-12 students.
Q: I understand you have accepted a research position at IBM T.J. Watson. On what will you be working there? Why did you choose to work there and when will you start?
A: Yes! I am extremely excited to be joining a world-class team of researchers at IBM T.J. Watson this fall. There, I will pursue an interdisciplinary research agenda in cyber security, and I hope to help make our cyber space a safer place.
Q: I read that you also fielded many offers from universities across the nation; what draws you to academia? Congratulations!
A: I have always been passionate about teaching since I started tutoring middle school students when I was still in high school. I also love doing research and finding technological solutions to societal problems. I think curiosity, love of learning, and freedom are the things that instill in me an interest in academia.
Q: Please explain your dissertation in layman’s terms.
A: For my dissertation, I invented a way to make computer software react to cyber attacks in a way that deceptively misdirects cyber criminals into attacking the wrong targets, or divulging information that reveals their identities to authorities. I call this new approach to cyber security “Cyber-deceptive Software Engineering.” Most software today is not deceptive—if it detects an attempted cyber attack, it blocks the attempt in a way that reveals to the attacker that his attack has failed. Criminals therefore keep trying new attacks until they succeed. My dissertation introduces a method of programming software to respond to attempted attacks so that it looks like the attack has succeeded even when it hasn’t. This makes it much more difficult for criminals to find and exploit true software vulnerabilities—many apparent vulnerabilities that criminals see and exploit are actually traps that alert defenders when triggered. If adopted on a mass scale, this new approach to security could make the internet significantly safer because it makes many vulnerabilities that criminals presently depend upon to hijack computers much more difficult to find. Moreover, it is effective even when defenders cannot find and fix every single vulnerability (which is often an intractable task because computer software today is so large and complex).
Q: Describe your experience studying at UT Dallas.
A: I really enjoyed working with my PhD advisor, whose patience, knowledge, and technical breadth inspired and reassured me throughout the process of completing my dissertation, and taught me the art of computer science research. I am also thankful for the many opportunities to teach guest lectures for professors I assisted, and took special joy in attending cultural and artistic events taking place on campus.
Q: I know you won many Awards, what are the top 3 that have made you the most proud?
A: I am very proud of winning the NYU-Poly CSAW Best Applied Security Research Paper award, which identifies the best applied security research discoveries of the year across all top security research publication venues. I’m also proud of having been the primary contributor of an awarded NSA research grant, and for having received the Outstanding Academic Award for excellence in graduate studies at UT Dallas.
Q: I understand that you have brought in approximately $1 million in federal funding; where did some of the funding come from and what was it for?
A: My research has been funded by several agencies, including ONR, AFOSR, NSF, and NSA. In particular, my work on cyber deception helped UTD win for the first time a NSA CAE Cyber Security Research grant to investigate active cyber defense responses against targeted attacks.
Stay tuned for our interview with Dr. Laura Moreno next week.
ABOUT THE UT DALLAS COMPUTER SCIENCE DEPARTMENT
The UT Dallas Computer Science program is one of the largest Computer Science departments in the United States with over 1,600 bachelor’s-degree students, more than 1,100 master’s students, 160 PhD students, and 80 faculty members, as of Fall 2015. With The University of Texas at Dallas’ unique history of starting as a graduate institution first, the CS Department is built on a legacy of valuing innovative research and providing advanced training for software engineers and computer scientists.