Current Doctoral Students

Laura Calloway is examining information exfiltration on personal health devices. She is comparing the perceptions and reality of personal and health information, considering both security and privacy.

Hilda Hadan works on perceptions and reality of PKI and privacy on the Internet, in smart cities, and in the IoT.

Gary Deckard is bridged two divides: military and academic, computer science and education. With extensive experience in operations and training, his dissertation examined the factors that lead to individual and collective success in a series of exercises and in classroom practice. His interests are security, privacy, cybersecurity pedagogy, and security for Cyber Physical Systems.

DongInn Kim became a member of the research group in summer 2017. His background is in computer networking. He is our new lead on the CUTS CertProbe and the CertWarehouse to more effectively share our data.

Behnood Momenzadeh is examining how to evaluate risk in IoT and mobile devices, how to combines these risk measures, and how to communicate the risk to the user.

Shakthidhar Gopavaram is evaluating human risk taking. Currently he is completing analysis on web-based risk-taking and will move to embedded systems.

Jacob Abbott is a doctoral student who previously worked with me on human-centered design. His particular focus is cognitive alignment between human decision-making and the demands of security interactions. He is moving into accessible design with Sameer Patil.

Sanchari Das is focused on usable privacy and security, particularly in the context of social computing. Her background is in networking. Her current research uses human subjects experiments in the lab and online (jointly supervised with Sameer Patil.)

Vafa Andalibi is currently working on both vulnerability hunting in IoT devices and web-based device fingerprinting. He is also a member of the CTF team, ambitiously expanding his red-teaming technical skills.

Jayati Dev brings a mastery of wireless communications to social components of security and privacy.

Andrew Dingman combines full time employment at Mitre with a research-focused masters. He has published with Gianpaolo on vulnerability policy. He is currently on leave.

Tonya R. S. Thompson is a recipient of the highly competitive NASA Research Fellowship. Her work with me had focused on effective risk communication. First, she was working on effective risk communication to end users using narratives, where she has developed narrative communication mechanisms. Secondly, she investigated effective communication from highly non—expert users to secure systems designers in order to enable designs that address the legitimate but highly variable privacy concerns of individuals. She is currently on leave.

Graduate Students, Primary Advisor

Ashwin Dev focuses on secure network programming.

Pratik Patel is maintaining the certificate telemetry.

Jill Minor, now outreach coordinator for Data to Insight, provided data and analysis support to all the projects.

Soumya Achar is modeling BGP hijacks and how to identify them with Pablo.

Srivatsan Iyer is also working with Pablo on BGP anomalies.

Pralhad Sapre is working on mobile security with Behnood.

Raghavendra Nataraj is working on mobile vulnerabilities, also with Behnood.

Shravan Kumar works with risk estimates of online behaviors in browsing and in mobile systems.

Sowmya H. Achanta also works on risk contexts and behaviors online.

Doctoral Student Committee Member

Omkar Bhide is building crypto on constrained devices for the next generation IoT while simultaneously engaging in threat analysis for this generation. His threat models include every layer, from bit leakage to human error. (Jointly supervised with Ryan Henry, with whom he is working on lattice crypto.)

Doctoral Alumni, Primary Advisor

Shrirang Mare is a post-doctoral scholar. He received his PhD from Dartmouth College, and his interests include security and privacy issues in pervasive computing, particularly in healthcare, usable security, and continuous authentication. He recently completed a post-doctoral fellowship at the University of Washington.

Pablo Moriano develops innovative models and methods for large-scale networks that can help in the understanding of the dynamical evolution of empirical network data. A direct application of this approach is in the field of anomaly detection in routing data. These research efforts are multi-disciplinary and encompass contributions from computer science, statistics, and physics.

Kevin Benton is focused on the dynamics of network security in both SDN and BGP. In the past, in his internships at the Cambrigde University Computer Security Laboratory and now at BigNetworks, his focus was on SDN. His work reminds us that engineers are humans too.

Zheng Dong is a pioneer in using machine learning in the service of computer security. His dissertation applied machine learning to the detection of phishing sites (using certificate analysis), rogues certificates, and banking certificates. He finished his masters thesis in spring 2010 on the topic of the marginal return for adding an individual into a social network for the purposes of recommendations or discovery. He works at Microsoft Seattle.

Post doctoral fellow Prashanth Rajivan has moved to Carnegie Mellon. He is focused on the psychology of security not only of individuals, but also as a function of group processes.

Tim Kelley combines human experimentation with large scale modeling. His implements complex systems models that integrate human behaviors as critical variables. He is currently employed in a joint position at Indiana University Department of Psychology and Crane Naval, continuing to combine brain science with network science.

Vaibhav Garg on ecrime, risk communication, and usable security. His work brought perceived risk methods to the study of on-line risk, as well as pioneering applications of crime science from criminal justice to online crime. He is Director of Security Awareness at VISA.

Debin Liu on risk-based access control and usable security. His work included a mastery of quantitative tools combined with economic theories of security; such as applying contract theory to access control. After his time as a senior researcher at PayPal, he returned to China to built the country's first consumer credit rating agency.

Camilo Veicco on Tor. His redesign of TCP in Tor reduced delay, jitter, and prevented timing attacks. He is a senior scientist at Mozilla.

Alex Tsow on making programming easier, usable security. Alex combined programming languages with usability to make the creation of secure code easier for developers. Alex was a post-doctoral fellow rather than a doctoral student. He is now at MITRE.

J Duncan on user-centered design, with a focus on ethical design of security experiments. He is a lecturer at IU.

Warigia Bowman on ICT for development with an interdisciplinary dissertation on Internet diffusion in East Africa. She is a professor at the University of Arkansas.

Allan Friedman on security and privacy. By combining game theory and social network modeling he was able to examine how information flowed across the combination of social and computing networks. His work pioneered the use of crowd-sourcing and peer production for diffusion of information sharing for community security and privacy (beyond open source communities). He is the Director of Cybersecurity Initiatives at National Telecommunications and Information Administration in the US Department of Commerce.

Somewhere between this and the next category lies Christopher Soghoian on electronic civil liberties. He is currently the Principal Technologist with the Speech, Privacy, and Technology Project at the ACLU.

Doctoral Alumni, Joint Advisor or Committee

Xiaoyong Zhou on mobile security.
Rui Wang on malware and security in ecommerce.
Carlos Osorio on ICT for development, innovation, security and privacy.
Kristiina Karvonen for whom I was a doctoral opponent.
Serena Chan on reliability and hardening by using commodity computing in satellites.
Sabine Schaffer on trust in the Internet.
Sara Wilford on privacy.

Selected Excellent Nondoctoral Alumni

Nicolas Serrano has done breakthrough work in interdisciplinary understanding of why PKI fails
Jonathan Schubauer examines the impact of regulation and organizational structure on privacy and permissions.
Gianpaolo Russo combined technical excellence with his pursuit of a JD. He is captain of the CTF team and deep into the bits in his work on binary analysis in IoT.
Sanjay Pandey has spent his career innovating for justice and transparency using ICTs in India.
Greg Norcie the intersection of public policy, traditional usability with security and privacy.
Farzaneh Asgharpour on mental models of security.
Ty Bross on mobile desvice security.
Alla Zollers on usable security and social trust, interaction designer on on Net Trust.
Hillary Elmore on usable PGP.
Gayathri Athreya on usable security.
Tony Moore
Taiyu Chen on ICT for development.
Brandon Stephens on usable security and Net Trust.