Current Doctoral Students
is examining information exfiltration on personal health devices. She is comparing the perceptions and reality of personal and health information, considering both security and privacy.
works on perceptions and reality of PKI and privacy on the Internet, in smart cities, and in the IoT.
Gary Deckard is bridged two divides: military and academic, computer
science and education. With extensive experience in operations and training,
his dissertation examined the factors that lead to individual and collective success in a series of exercises and in classroom
practice. His interests are security, privacy, cybersecurity pedagogy, and
security for Cyber Physical Systems.
DongInn Kim became a member of
the research group in summer 2017. His background is in computer
networking. He is our new lead on the CUTS CertProbe and the
CertWarehouse to more effectively share our data.
Momenzadeh is examining how to evaluate risk in IoT and mobile devices,
how to combines these risk measures, and how to communicate the
risk to the user.
Gopavaram is evaluating human risk taking. Currently he is
completing analysis on web-based risk-taking and will move to
Jacob Abbott is
a doctoral student who previously worked with me on human-centered
design. His particular focus is cognitive alignment between human decision-making and
the demands of security interactions. He is moving into accessible
design with Sameer Patil.
Das is focused on usable privacy and security, particularly
in the context of social computing. Her background is in
networking. Her current research uses human subjects experiments
in the lab and online (jointly supervised with Sameer Patil.)
Andalibi is currently working on both vulnerability hunting in
IoT devices and web-based device fingerprinting. He is also a
member of the CTF team, ambitiously expanding his red-teaming technical skills.
brings a mastery of wireless communications to social components of
security and privacy.
combines full time employment at Mitre with a research-focused
masters. He has published with Gianpaolo on vulnerability
policy. He is currently on leave.
Tonya R. S. Thompson
is a recipient of the highly competitive NASA Research
Fellowship. Her work with me had focused on effective risk
communication. First, she was working on effective risk
communication to end users using narratives, where she has
developed narrative communication mechanisms. Secondly, she
investigated effective communication from highly
non—expert users to secure systems designers in
order to enable designs that address the legitimate but highly
variable privacy concerns of individuals. She is currently on leave.
Graduate Students, Primary Advisor
Ashwin Dev focuses
on secure network programming.
Pratik Patel is
maintaining the certificate telemetry.
Minor, now outreach coordinator for Data to Insight,
provided data and analysis support to all the projects.
Soumya Achar is
modeling BGP hijacks and how to identify them with Pablo.
Iyer is also working with Pablo on BGP anomalies.
is working on mobile security with Behnood.
is working on mobile vulnerabilities, also with Behnood.
Shravan Kumar works with risk estimates of online behaviors in browsing and in mobile systems.
Sowmya H. Achanta also works on risk contexts and behaviors online.
Doctoral Student Committee Member
building crypto on constrained devices for the next generation IoT while
simultaneously engaging in threat analysis for this
generation. His threat models include every layer, from bit
leakage to human error. (Jointly supervised with Ryan Henry,
with whom he is working on lattice crypto.)
Doctoral Alumni, Primary
is a post-doctoral scholar. He received his PhD from Dartmouth College, and his interests include security and privacy issues in pervasive computing, particularly in healthcare, usable security, and continuous authentication. He recently completed a post-doctoral fellowship at the University of Washington.
develops innovative models and methods for large-scale networks that can help in the understanding of the dynamical evolution of empirical network data. A direct application of this approach is in the field of anomaly detection in routing data. These research efforts are multi-disciplinary and encompass contributions from computer science, statistics, and physics.
focused on the dynamics of network security in both SDN and BGP. In the past, in his
internships at the Cambrigde University Computer Security
Laboratory and now at BigNetworks, his focus was on SDN. His work
reminds us that engineers are humans too.
is a pioneer in using machine learning in the service of computer security. His dissertation applied machine learning to the detection of phishing sites (using certificate analysis), rogues certificates, and banking certificates. He finished his masters thesis in spring 2010 on the topic of the marginal return for adding an individual into a social network for the purposes of recommendations or discovery. He works at Microsoft Seattle.
Post doctoral fellow Prashanth
has moved to Carnegie Mellon. He is focused on the
psychology of security not only of individuals, but also as a
function of group processes.
human experimentation with large scale modeling. His implements
complex systems models that integrate human behaviors as critical
variables. He is currently employed in a joint position at Indiana
University Department of Psychology and Crane Naval, continuing to
combine brain science with network science.
on ecrime, risk communication, and usable security. His work brought perceived risk methods to the study of on-line risk, as well as pioneering applications of crime science from criminal justice to online crime. He is Director of Security Awareness at VISA.
on risk-based access control and usable security. His work included a mastery of quantitative tools combined with economic theories of security; such as applying contract theory to access control. After his time as a senior researcher at PayPal, he returned to China to built the country's first consumer credit rating agency.
on Tor. His redesign of TCP in Tor reduced delay, jitter, and prevented timing attacks. He is a senior scientist at Mozilla.
on making programming easier, usable security. Alex combined programming languages with usability to make the creation of secure code easier for developers. Alex was a post-doctoral fellow rather than a doctoral student. He is now at MITRE.
on user-centered design, with a focus on ethical design of security experiments. He is a lecturer at IU.
on ICT for development with an interdisciplinary dissertation
on Internet diffusion in East Africa. She is a professor at the University of Arkansas.
on security and privacy. By combining game theory and social network modeling he was able to examine how information flowed across the combination of social and computing networks. His work pioneered the use of crowd-sourcing and peer production for diffusion of information sharing for community security and privacy (beyond open source communities). He is the Director of Cybersecurity Initiatives at National Telecommunications and Information Administration in the US Department of Commerce.
Somewhere between this and the next category lies Christopher Soghoian
on electronic civil liberties. He is currently the Principal Technologist with the Speech, Privacy, and Technology Project at the ACLU.
Doctoral Alumni, Joint Advisor or Committee
on mobile security.
on malware and security in ecommerce.
on ICT for development, innovation, security and privacy.
for whom I was a doctoral opponent.
on reliability and hardening by using commodity computing in satellites.
on trust in the Internet.
Selected Excellent Nondoctoral Alumni
has done breakthrough work in interdisciplinary understanding of why PKI fails
examines the impact of regulation and organizational structure on privacy and permissions.
combined technical excellence with his pursuit of a
JD. He is captain of the CTF team and deep into the bits in his
work on binary analysis in IoT.
has spent his
career innovating for justice and transparency using ICTs in
the intersection of
public policy, traditional usability with security and privacy.
on mental models of security.
on mobile desvice security.
on usable security and social trust, interaction designer on on Net Trust
on usable PGP.
on usable security.
on ICT for development.
on usable security and Net Trust.