Mazurek Wins NSF Award to Improve Secure Software Development

Published March 11, 2020

A University of Maryland expert in cybersecurity and human-computer interaction has won a National Science Foundation (NSF) Faculty Early Career Development (CAREER) award to improve the validity and reliability of developer-centered software security research.

Michelle Mazurek, an assistant professor of computer science and a core faculty member in the Maryland Cybersecurity Center, is principal investigator of the NSF award, expected to total approximately $550,000 over five years.

The funding supports Mazurek’s efforts to improve the development of secure software by empirically establishing best practices and tradeoffs, building on already established best practices from the usable security and empirical software engineering communities.

Despite significant technical advances in software security, insecure software remains a common problem, sometimes with disastrous results, Mazurek says. Solving this problem will require understanding how human decision-making interacts with technology in the process of secure software development.

Studying these human factors is typically expensive, time-consuming and difficult, Mazurek explains. Professional software developers are typically a small and hard-to-reach study population, and their work is a complex task that can be hard to mimic in a study environment.

Mazurek plans to undertake a series of methodological studies and experiments in three key areas: (a) how to design appropriate programming tasks; (b) how to choose a study environment that effectively balances experimental control with ecological validity; and (c) how to measure relevant outcomes such as developer self-efficacy and application program interface (API) usability.

She will then test these critical questions of study design across multiple underlying research questions, such as comparisons of APIs, documentation resources, and security tools.

By conducting a variety of experiments directly comparing the effects of different experimental design choices on studies of human-centered secure development, Mazurek’s project aims to help future researchers design better experiments and deploy their resources as effectively as possible.

The outcomes will be synthesized into comprehensive guidelines to help researchers conduct better studies, acquire stronger evidence, and therefore improve the process of secure development.

Mazurek received her doctorate in electrical and computer engineering from Carnegie Mellon University in 2014.

—Story by Melissa Brachfeld

“CAREER: Improving the Reliability of Human-Centered Secure-Development Research” is supported by NSF grant #1943215 from the NSF’s Division of Computer and Network Systems.

PI: Michelle Mazurek, assistant professor of computer science with appointments in the University of Maryland Institute for Advanced Computer Studies and the Maryland Cybersecurity Center.

About the CAREER award: The Faculty Early Career Development (CAREER) Program is an NSF activity that offers the foundation’s most prestigious awards in support of junior faculty who exemplify the role of teacher-scholars through outstanding research, excellent education and the integration of education and research within the context of the mission of their organization.