New faculty member Lemieux uses ML to help solve security problems
When Caroline Lemieux graduated from UBC Computer Science in 2016, and headed off to complete her PhD at the University of California Berkeley, she couldn’t imagine she might return six years later to accept a position as Assistant Professor.
Returning is an exciting venture for Dr. Lemieux for many reasons, not the least of which is her surroundings.
“I am very happy to be back in Vancouver,” said Caroline. She was at Microsoft Research in New York conducting postdoc research preceding her return. “I have a bit of a view of the mountains and the ocean from my office window! It’s also wonderful to be able to ride my bike all over the place and see the mountains at every turn.”
Caroline is keen to start teaching classes in September. “I was a Teaching Assistant during my time at UBC, and I ran the equivalent of a lecture series at Berkeley, but this will be my first time running a class on my own.” Caroline is teaching CPSC 539L, a grad-level class entitled ‘Topics in Programming Languages: Automated Testing, Bug Detection, and Program Analysis.’
The subject matter of the class is based on her research, which is focused on helping developers improve the correctness, security, and performance of software systems.
Improving software, one fuzz test at a time
“I am particularly interested in developing methods that are applicable to large, existing software systems, ranging from complex open-source projects to industrial-scale software,” Caroline writes on her personal home page.
In particular, she is interested in developing algorithms to find bugs that may have serious security concerns. “That’s important because some bugs can have very serious consequences. We can use fuzz testing, which is a kind of random search, to automatically generate test inputs which show correctness and security software."
She says that by using recent advancements in deep learning, one can further improve the results. “The challenge is in making the inputs make some sense, in the context of the code you want to test. These new deep learning tools, large language models applied to code, give us a starting point for what inputs might look like.”
Fuzz testing is a software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities
She cites the example of the 2014 “Heartbleed” security bug, when hundreds of Canadian social insurance numbers were stolen because a bug was found in the web’s https secure communication. “That was due to a basic programming error,” Caroline explained. “But humans will keep on making mistakes. So the goal is to find those bugs automatically through search algorithms.”
These are the kinds of issues her research is working on mitigating, ultimately helping the systems and security communities.
Moments of discovery
“I really enjoy collaborative meetings with my students,” Caroline said. “Sometimes I bring up an algorithmic problem to a student in one meeting, thinking it will take them a while to come to a solution, and then they come back the next week and they’ve figured something out. That’s something I really love. And it’s part of the reason I wanted to be a professor.”
She also appreciates what she calls “moments of discovery.” Caroline explains it’s the stage of research where she’s iterating between modifying algorithms and analyzing data. “That’s when I really get in the zone,” she says. “And when you’re working with others in a group, all of you get those moments together. It’s a great feeling that propels you forward in your research.”
Outside of her research and job, Caroline loves to cook, cycle, and paint her nails with different colours and intricate patterns, an endeavour she took up during COVID. “It’s like doodling on a very small canvas,” she explains.
Clearly, Caroline is a detail-oriented person, a skill that will surely do her well in the field of software engineering and security research. The UBC Computer Science department feels very lucky to have her aboard!