top of page
DSC02819.JPG

I am a first-year PhD student in Software Engineering at Carnegie Mellon S3D, starting Fall 2023. I'm interested in using program analysis and synthesis to improve computational law and security developer tools. More generally, I wish to build human-centric technical tools for tech policymakers and security incident responders.

 

Areas of Interest: Program Analysis, Synthesis, and Verification; Programming Languages; HCI

Domains of Interest: Computational Law, Security & Systems

 

I previously worked with lawyers on fraud investigations by analyzing large-scale datasets in SQL. This inspired my interest in improving the technical interface between the legal system and computer systems. Besides the legal system, my internship at a memory forensics security firm solidified my interest in enhancing SWE tools for malware analysts.

 

More specifically:

  • I wish to make tech policy regulations more technical by 1) augmenting legal texts with code, i.e., an inline compiler of sorts to ensure tech compliance (extending Catala for tech law), and 2) applying program analysis to align policy specs with the technical systems they regulate.

  • I believe reverse engineering tools are in sore need of HCI, plus ripe for program synthesis given RE’s challenge of making a black box transparent

I have a master's in computer science from the University of Pennsylvania's MCIT program. Previously, I completed a B.S. with honors from Georgetown University's School of Foreign Service, where I majored in Science, Technology, and International Affairs

Sarah Santos

  • alt.text.label.LinkedIn
  • Octocat
  • Twitter
Software Development Intern, Volexity
I researched Windows system internals and identified a more efficient way to extract Windows kernels from update patches, improving a core part of the company’s product.

Relevant Experience 💻 

Research Assistant, University of Pennsylvania - mLAB (IoT4Ag Group)
I helped my team build an OS for hydroponics IoT by spearheading development of backend data.
Senior Associate, Berkeley Research Group
I supported litigators with financial fraud investigations. I wrote complex SQL scripts to find needles in haystacks (large-scale datasets with 6M+ rows).

SEE CASEWORK
Business Intern (gTech), Google
I resolved technical issues for 43 account managers by analyzing data on AdWords performance.

Projects🏗️  

Hyrdroponics IoT: InfluxDB Pipeline + Grafana Dashboard

As a member of the IoT4Ag group at UPenn's mLAB, I spearheaded all the data pipelines: the backend InfluxDB database and frontend Grafana dashboard. My work directly supported the lab's objective: develop computer vision capabilities for precision agriculture. Here are some highlights I accomplished:

  • Facilitated cleaner data processing by writing a sensor class template to connect physical sensors to InfluxDB loggers and prepping camera data for InfluxDB and Grafana

  • Automated data-loading in Python to easily send JSON payloads from CSV files to InfluxDB database

  • Configured InfluxDB and Grafana containers to run on Docker on a Raspberry Pi

  • Developed website and control board web app using Django/Jinja and Bootstrap frameworks

  • Presented weekly literature review summaries at lab reading group

Website (Draft) | Code

dashboard.jpeg

ROP Gadgets + Buffer Overflows

I used GDB to disassemble target C programs and inject malicious shellcode. My attacks exploited buffer and integer overflows. Some of my exploits used ROP and gadgets to bypass non-executable stack protection and ASLR. In other attacks, I added customized shellcode to set the UID to zero and obtain a root shell. 

This project was completed for CIS-551 (Computer and Network Security). I am not allowed to post my repo publicly due to Penn's academic integrity policies, but I am more than happy to discuss my work.

551_project2_screenshot.png

Mini Dynamic and Static Analyzers (LLVM Instrumentation)

I am currently taking Software Analysis (CIS-547) and successfully completed 6 labs thus far. Most recently, I instrumented an LLVM pass to implement static dataflow analysis in C++ and Python for given test programs. I have also instrumented LLVM passes to measure code coverage for a mini dynamic analyzer. Other labs I completed involved augmenting a delta debugger and statistical debugger.

I am not allowed to post my repo publicly due to Penn's academic integrity policies, but I am more than happy to discuss my work. For now, here's a sketch from my lab notebook for Lab 5:

547_lab5_flowchat.png

LC-4 Complete Disassembler and Partial Assembler

I built a complete disassembler for Penn's LC-4. It takes in a raw binary file and outputs the full assembly code. My disassembler covers the entire LC-4 instruction set, including directives.

 

I implemented a partial assembler for Penn's LC-4 that handles a subset of LC-4 instructions. My assembler takes an LC-4 assembly file and produces an executable binary file for the source code. It ignores all comments and accepts directives for .CODE, .ADDR, and .DATA. 

The disassembler was completed as my final project's optional extra-credit for CIT-593. The assembler was also completed for CIT-593 and includes optional extra-credit portions. I am not allowed to post my repo publicly due to Penn's academic integrity policies, but I am more than happy to discuss my work.

pennsim_disas.png

Teaching 🍎 

Teaching Assistant, Intro to Computer Systems (CIT-593, UPenn)

  • Lead live recitations and support students through private office hours and written forums
  • Grade weekly problem sets and coding assignments for 200+ students
  • Topics: logic gates, CPU architecture, memory management, state machines, assembly, C
  • C Strings Recitation: Slides 
  • Linked Lists Recitation: Slides
m11_rectation.png
Teaching Assistant, Computer Systems Programming (CIT-595, UPenn)
  • Lead live recitations and support students through private office hours and written forums
  • Contribute to course auto-grader development and maintenance (Python)
  • Topics: operating systems and concurrent programming
  • Pipes & Redirects - Open Office Hour: Video (editing for student/staff privacy​)
m13_rectation.png
Computer Science Instructor, Juni Learning
  • Taught Scratch and Python to elementary school students (age 7-10), my favorite part of my week
juni.png
juni_session.png
bottom of page