Meet the Faculty - Stephen McCamant
Stephen McCamant poses by the red window panes in Keller Hall

Tell us about your journey to the University of Minnesota.

In high school, I really liked math and physics, but my school did not have a strong computer science program. I enjoyed playing around with computers in my free time, but it wasn’t until I became an undergraduate that I started to explore computer science as an academic discipline. I ended up majoring in computer science at University of California Berkeley. During that time I did an internship in Silicon Valley one summer during one of the tech booms. I also did some research during my undergraduate studies and I found that I really enjoyed that aspect of the field. I decided to pursue a PhD and went to Massachusetts Institute of Technology in Boston. I had a great advisor at the Computer Science and AI Lab at MIT.  

My initial research interests and background were in programming languages and exploring how we can write tools for the computer so people can better utilize the software they are working on. I worked on the underlying elements of parsing source code in order to understand the structure of a programming language. It falls under software engineering, with a focus on building on top of those technologies through the programming languages. I looked at the day-to-day needs of software developers and to create tools that can help them find bugs or unintended changes in software versions. As time went on, I got more interested in the security aspect of these programming analysis technologies. So now I focus on bugs that pose security risks like data breaches. My thesis was at the intersection of analyzing computer programs with respect to security goals, specifically information flows.

I spent four years after graduate school as a post-doctoral research associate at UC Berkeley working on similar projects that looked at binary software, which looks at the final form of a program after being compiled from source code. We worked on techniques like taint analysis and symbolic execution, which helps us understand how information flows through a program and potentially triggers bugs.

I started as an assistant professor at the University of Minnesota in the fall of 2012, and have continued to expand on those research interests. Coming to Minnesota was a homecoming to the Midwest since I was born and raised in Chicago, and I had some family in the Twin Cities. I liked the urban campus and the culture of the department supporting collaborative research efforts.

We would love to hear more about your research!

One theme that has been important in my recent research has been fuzzing. It is another technique for testing computer software that randomly creates tests for software by creating a slight mutation in the program input to see what happens. Specially, we are looking for weak points that might make the program crash or other undesired outcomes. Early on this was not an area that many academic researchers studied, because it appears to be more “brute force” in nature. However, random testing is surprisingly effective in finding unexpected problems and it has continued to improve as our computing power increases. My research tries to make fuzzing techniques smarter to combine the “brute force” with strategy. Fuzzing helps us verify whether or not potential problems or warning signs are in fact a problem when played out, and lays out the exact situation that would cause something to go wrong. We work on prioritizing potential problems and making it easier to fix them.

What do you hope to accomplish with this work? What is the real-world impact for the average person?

The ultimate guiding light is the quality of computer software. Hopefully my work can push hard enough to eliminate bugs and security vulnerabilities. For end users, when you are prompted to update your software, it generally means that new problems have been found and they need to deploy a new version to fix it. Ultimately, this is an ongoing problem in software engineering and it is challenging to create software without any bugs. So hopefully my work can help decrease these issues over time, catch problems earlier, and provide a better product for the end users. I want to push forward new techniques to decrease these problems while emphasizing practicality and usability of tools for real software.

What courses are you teaching next semester? What can students expect to get out of that class?

I am teaching CSCI 4271W - Development of Secure Software Systems. It is a writing intensive course. It introduces the standard concerns in computer security and how we think about them. It goes over threat modeling and how we think about and plan for things that could go wrong when we design and implement software. This course is oriented towards people who might want to be software engineers and developers in the real world. Ultimately, we go over how to implement the principles of security when you are writing and designing software so you can avoid bad results.

I also commonly teach CSCI 5271, which is the graduate level sister course to 4271. That course has a more research and academic focus, studying research papers and the classic ideas around this topic.

What do you do outside of the classroom for fun?

One thing I really like about the Twin Cities is the ability to get out into nature. I live downtown and I can get home by walking by the river. I also enjoy the walking paths around the lakes and greenery. Basically any light outdoor physical activity is what I do in my free time, at least during the warmer months.

Do you have a favorite spot in the city?

My favorite walking path is the West River Walkway north of downtown. It is a continuous stretch that has been renovated over the past few years. You can walk for quite a while through a number of parks. They are extending that path as well through more industrial areas to add more recreational spaces and parks on the river front. 
 

Share