Computer scientist Cynthia Sturton shows how a research tool she developed analyzes hardware designs to find vulnerabilities. (photo by Donn Young)
Carving out a niche
Cynthia Sturton has found her place researching computer hardware security. Now she’s helping the next generation of computer scientists find theirs.
In 2018, the public was made aware of a flaw in many common computer processors that makes computer hardware vulnerable even when it is running secure software. Multiple attacks exploited this vulnerability, with ominous names like Spectre, Meltdown and Foreshadow.
Cynthia Sturton, assistant professor of computer science and Peter Thacher Grauer Fellow, had already been developing ways to prevent attacks like these. Her project, Coppelia, analyzes the operation of a computer’s processor to identify vulnerabilities that could enable unauthorized access to the machine. It then automatically generates attacks to exploit them and helps researchers test whether the vulnerabilities have been fixed.
Sturton’s research has helped establish a growing branch of computer science that stems from the idea that a processor does not need to be tampered with to be vulnerable; a computer can be exploited while running exactly as intended.
“The field of hardware security, and especially my area of focusing on hardware vulnerabilities that aren’t caused by malicious attacks, was very small when I first started,” Sturton said. “It’s grown a lot.”
Prior to her work in hardware security, she worked on projects that sought to verify that electronic voting machines would perform as users expect. This work led to new designs that facilitate consistent operation and testing. At the same time, Sturton undertook research in software security, analyzing software using symbolic execution — a method of working through code line-by-line to find conditions that will cause the software to run differently.
In developing Coppelia, Sturton has applied the skills she learned working in these disparate areas to her current work. She now leads a research group in hardware security. In addition to her research, she has made an impact through her ability to help students feel like they belong.
According to the National Center for Women in Technology, women earn 57 percent of all undergraduate degrees but only 18 percent of all computer and information science degrees. The Carolina computer science department has been working to make the field more inclusive, and Sturton is a big part of that effort. As the faculty adviser for both the Women in Computer Science and Graduate Women in Computer Science clubs, Sturton directly and indirectly mentors a large number of women, helping to foster a community where women empower and support one another.
“Cynthia acts not only as an academic adviser to her students, but as a personal mentor as well,” doctoral student Alyssa Byrnes said. “It’s really nice to have an academic adviser that asks how I’m doing emotionally in addition to talking about my research.”
Doctoral student Marie Nesfield said the course she took with Sturton featured more participation than any other class she has taken. Nesfield attributed that to Sturton’s focus on respectful dialogue and her encouragement of all students.
“If I could steal personality traits from Cynthia,” Nesfield said, “two of them would be the way she always asks the right questions and the way she sees value in people and encourages them.”
Sturton grew up in New York City and also lived in Milwaukee, Phoenix and Berkeley. She never imagined herself settling in a small town in the South, but says she is now here to stay. She and her husband own Gray Squirrel Coffee Company in Carrboro.
“I always thought I would settle in a big city,” Sturton said, “but now I can walk to work and to get groceries, everything is green, and I get to know my neighbors here. I appreciate that.”
By Brett Piper ’13