Dr. Lujo Bauer, Associate Professor, Carnegie Mellon University
Title: From password policies to adversarial machine learning, it’s all about the user
One often hears that the weak link in computer security is the human. In response, the research field of usable security has flourished, as a small, mostly independent offshoot from the main body of computer security research. In this talk I’ll argue that this isn’t enough, and that many areas of computer security and computer science — besides the subset that falls into “usable security” — need to consider not just algorithms or systems, but also the humans that will be interacting with them: attackers, defenders, end-users, and programmers. I’ll illustrate this through examples in research areas from passwords, to machine learning, to programming languages.
Lujo Bauer is an Associate Professor in the Electrical and Computer Engineering Department and in the Institute for Software Research at Carnegie Mellon University. He received his B.S. in Computer Science from Yale University in 1997 and his Ph.D., also in Computer Science, from Princeton University in 2003.
Dr. Bauer’s research interests span many areas of computer security and privacy, and include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for run-time enforcement of security policies on programs, and generally narrowing the gap between a formal model and a practical, usable system. His recent work focuses on developing tools and guidance to help users stay safer online and in examining how advances in machine learning can lead to a more secure future.
Dr. Bauer served as the program chair for the flagship computer security conferences of the IEEE (S&P 2015) and the Internet Society (NDSS 2014) and is an associate editor of ACM Transactions on Information and System Security.