Topics for research and also for fun

Software Security

Making Software Sandboxing Practical using Language-based Techniques

(Keywords: Computer Security, information flow control, type systems, WebAssembly)

• Read this article

Recommendations to read

• Language-based information-flow security(IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, 2003)
• RLbox sandboxing framework, rlbox.dev
• Retrofitting Fine Grain Isolation in the Firefox Renderer (USENIX 2020)
• Trusted types : A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.

Code completion

The latest work in a series of studies from our group on automatic syntax completion [1][2][3][10], or also available in Link to Series of Studies on Automatic Syntax Completion.

The paper introduces a method for collecting syntax (structure) completion candidates from open-source software, and then suggests these candidates, ranking them based on the frequency with which each candidate appeared in the software being investigated.

Recommendations to read

• Static Analysis at Github
• Tree-sitter

End-user programming/debugging/explaining in Home Automation Platforms such as SmartThings and Home Assistant

IOTA: a calculus for internet of things automation

Authors: Julie L. Newcomb, Satish Chandra, Jean-Baptiste Jeannin, Cole Schlesinger, Manu Sridharan

DOI link

While this paper was not written by our group, it has greatly inspired us, leading to the publication of a series of software engineering papers focused on IoT and home automation from our research group as [4][5][6][7]

I strongly recommend reading this IOTA calculus paper carefully before delving into our research works, as it will provide you with essential background information.

We have begun the development of a programming language that is based on the IoTa calculus, as in IoTa Calculus Programming Language

• 1)

  Programs for home automation platforms, like SmartThings, are intended to be developed by end-users. Therefore, it is essential to provide a method that enables end-users to write these programs with ease.

  One solution for simplifying programming is a visual programming environment called Smartblock [5]. Rather than writing text-based programs, the end-users can compose home automation programs by dragging and dropping visual blocks, making the process more intuitive and user-friendly.

  Alternatively, a natural language interface that translates everyday language into programming languages based on the IoTa calculus could be developed. The study of recent advancements like LLM (large language models) could be instrumental in implementing the latter solution.

  A single trial translation based on LLM may not be likely to result in satisfactory home automation programs. There must be a method for end-users to intervene and control the translation or the translated programs themselves. The existing Smartblock [5] system could facilitate this by enabling translation from the IoTa calculus based programs into the visual block programs and back.

• 2)

  Debugging home automation programs is notoriously challenging.

  A smart provenance system [4] was one solution where end-users can explore timed events and actions to investigate their problems, for example, why the light would not be turned on when a person opened the door.

  One solution to the challenge of debugging home automation programs is a smart provenance system [4], allowing end-users to explore timed events and actions to diagnose problems. An example of this might be investigating why the light did not turn on when a person opened the door at home.

  We could integrate this system with SmartBlock, enabling debugging to be conducted directly through the visual block programs, thereby simplifying the process and making it more intuitive.

• 3)

  Solutions for the fragmentation problem in home automation programming

  Samsung SmartThings is a leading home automation system, but it is not the only one available. Other intriguing options include IFTTT, OpenHap, and more. A significant issue is that programming methods used for one home automation system are often incompatible with others, leading to what is known as the fragmentation problem. We believe that a programming language based on the IoTa calculus could provide a solution to this challenge by compiling it into the other home automation programming languages as:

  We hope to submit initial results from this topic to the SERP4IoT workshop by January 2024.

Multi-party computation for security and privacy

A design of domain-specific programming language for multi-party computation (MPC) using the polymorphic RPC calculus

(Keywords: Computer Security, privacy, language design, type systems)

• Read this article to understand what is MPC quickly
• Choose to read this MPC book if you can take more time
• Read these articles for the polymorphic RPC calculus, especially, [8] and [9].

Choreographic Programming (Deadlock-free Distributed Programming)

The emerging paradigm of choreographic programming

Motivation: A distributed system consists of a collection of nodes that operate independently and communicate by message passing. One of the challenges of programming distributed systems is the need to reason about the implicit global behavior of the system while writing the explicit local programs that actually run on each node. While running independently, nodes must exchage messages a carefully executed dance: every message sent from one node must be expected by its recipie or we risk deadlock.

Recommendations to read

• HasChor: Functional Choreographic Programming for All(Functional Pearl)

Research directions

• It would be interesting to explore the relationship between the polymorphic RPC calculus, especially, [8] and [9], with the choreographic programming paradigm
• It would also be interesting to think about how to do choreographic programming with Elixir, a higher-order functional programming language that runs on the Erlang VM. It is designed for building scalable and maintainable applications.

Experiencing new programming languages

I encourage students to explore new programming languages that pique your curiosity. If you're unsure where to begin, here's a list to kicstart your journey.

• ZIG, a general purpose programming language and toolchain that strives for simplicity. It avoids hidden control flows, hidden memory allocations, and the use of preprocessors and macros. Instead, ZIG adopts a novel approach to metaprogramming, relying on compile-time code execution and lazy evaluation. Furthermore, it boasts high interoperability with C and C++ software.
• Mojo, a superset of Python designed to combine the usability of Python with the performance of C. Additionally, it offers the programmability of AI hardware and extensibility of AI models.
• Elixir, a higher-order functional programming language that runs on the Erlang VM. It is designed for building scalable and maintainable applications.

Study Recommendations

Before deeply delving into these research areas, I recommend acquiring a solid foundation in programming language and compiler skills. A suggestion for learning these skills is to study the book "Essentials of Programming Languages" (3rd Ed.), a renowned text in the field.

• Essentials of Programming Languages (3rd Ed.)

References

1. Kwanghoon Choi, Sooyeon Hwang, Hyeonah Moon, Isao Sasano, Ranked Syntax Completion Using LR Parsing, ACM/SIGAPP Symposium on Applied Computing, pp.1242-1251, Avila, Spain, April 8-12, 2024. (PDF, DOI, SLIDE)
2. Isao Sasano and Kwanghoon Choi. 2023. A Text-Based Syntax Completion Method using LR Parsing and Its Evaluation.
3. Jintaeck Lim, Gayoung Kim, Seunghyun Shin, Kwanghoon Choi, and Iksoon Kim. 2020. Parser generators sharing LR automaton generators and accepting general purpose programming language based specifications. Journal of KIISE 47, 1 (2020), 52–60.
4. Byeong-Mo Chang, Kyung-Min Lee, Ga-Young Koh, Kwanghoon Choi, SmartProvenance: user-friendly provenance system for internet of things applications based on event flow graphs. IET Soft. 16(6), 576–602 (2022).
5. Na-Yeon Bak, Byeong-Mo Chang, Kwanghoon Choi, Smart Block: A Visual Block Language and its Programming Environment for IoT, Journal of Computer Languages, Vol.60, 100999, October 2020.
6. Na-Yeon Bak, Byeong-Mo Chang, Kwanghoon Choi, SmartVisual: A Visualisation Tool for SmartThings IoT Apps Using Static Analysis, IET Software, Vol.14, Issue 4, pp.411-422, August 2020.
7. Byeong-Mo Chang, Janine Cassandra Son, Kwanghoon Choi, A GQM Approach to Evaluation of the Quality of SmartThings Applications Using Static Analysis, KSII Transactions on Internet and Information Systems, Vol.14, Issue 6, pp. 2354-2376, June 2020.
8. Kwanghoon Choi, James Cheney, Simon Fowler, Sam Lindley, A Polymorphic RPC Calculus, Science of Computer Programming, Vol.197, Article 102499, October 2020.
9. Kwanghoon Choi, Byeong-Mo Chang, A Theory of RPC Calculi for Client-Server Model, Journal of Functional Programming (JFP), Vol.29, pp.1-39, Cambridge University Press, March 2019.
10. Isao Sasano and Kwanghoon Choi. 2021. A text-based syntax completion method using LR parsing. In Proceedings of the 2021 ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation (PEPM 2021).