New Faculty Member Brings Wide Range of Secure Software Development Skills

Published August 7, 2020

news story image

A recent faculty hire to the University of Maryland brings a wide range of secure software development skills to his new role as a researcher and educator in the Maryland Cybersecurity Center (MC2).

Leonidas Lampropoulos, who started July 1 as an assistant professor in the Department of Computer Science, says coming to Maryland is “an incredible opportunity.”

Lampropoulos, who also has an appointment in the University of Maryland Institute for Advanced Computer Studies (UMIACS), notes the attributes that attracted him to UMD: a top-ranked computer science department, distinguished faculty, exceptional graduate students, and a large pool of really strong undergraduates with incredible potential to tap into.

He joins UMD after completing a joint postdoctoral fellowship between the University of Pennsylvania and MC2, where he worked closely with Michael Hicks, a professor of computer science.

Hicks calls Lampropoulos a “fantastic addition” to MC2.

“Leo brings a theorist's mindset and system engineer's disposition to his work on building secure systems,” he says. “This combination ensures he is conveying the problem clearly and with mathematical precision, but also solving it in a way that is practicable.”

In particular, Hicks says, Lampropoulos has developed a clever way to combine machine-discovery and checking of proofs about code with automated testing of that code, which reduces overall engineering costs.

Lampropoulos’s research focuses on using programming language abstractions to make it easier to write, debug, and reason about software and their specifications, with a particular focus on random testing, formal verification, and their interplay.

A large part of his recent work has been on property based random testing (PBT), which checks that a function, program or whatever system under testing abides by a property.

“At a high level, given a property—an executable predicate that specifies the expected behavior of a system—a property-based testing framework generates many random inputs in the hopes of falsifying it,” Lampropoulos says. “How do we generate those inputs, especially when they are highly structured and must satisfy various constraints, which means that a purely random approach has no hope of being effective? That is perhaps the most interesting aspect of PBT.”

Last year, he and Hicks collaborated with Benjamin C. Pierce, a professor in the Department of Computer and Information Science at the University of Pennsylvania.

Their work, described in a paper they published, leverages runtime information to modify the distribution of generated inputs on the fly.

Lampropoulos says that working with Hicks on that project was an “absolute blast.” It set the stage for their current project, a $1.2M National Science Foundation grant on improving correctness and performance in Python, a popular programming language.

Hicks and Lampropoulos are co-PIs on the three-year grant, and will be working once again with Pierce as well as with Emery Berger, a professor in the College of Information and Computer Sciences at the University of Massachusetts Amherst.

Python is used ubiquitously throughout both academia and industry, Lampropoulos says, and it is notorious for being error-prone and slow due to its dynamic nature.

One goal in the NSF-funded project, he adds, is to expand upon the techniques developed with Hicks and Pierce previously, and bring them into the Python ecosystem.

Lampropoulos says he is looking forward to getting involved in other projects in MC2.

“I see immense potential in MC2,” he says. “As an interdisciplinary security-focused center with expertise in traditionally distinct areas—from network and empirical security to programming languages to cryptography—it is a unique environment for fostering collaboration and one I'm looking forward to being a part of.”

—Story by Melissa Brachfeld