Clemson University

School of Computing Seminar with Michelle Mazurek, University of Maryland

Usable Security Beyond End Users

Abstract:

For 20 years, the human-centered security community has investigated how to improve the usability and utility of security tools and interfaces aimed at end users. End users, however, are not the only people who make critical security decisions -- we must also consider how to make security easier for information-technology professionals such as software developers, software testers, and sysadmins. In this talk, I will discuss a research agenda for applying the methods and findings of human-centered security research to this constituency. I will report on findings from several studies exploring the human reasons why secure development and operation often fails and possible approaches for improvement. These include the effects of information resources (such as Stack Overflow), API design, and choice of programming tools on developers' likelihood of writing secure code; how white-hat hackers and software testers approach the vulnerability discovery process; and the efficacy of educational tools such as capture-the-flag contests and threat modeling frameworks for improving software development and security operations.

Bio:

Michelle Mazurek is an Assistant Professor in the Computer Science Department and the Institute for Advanced Computer Studies at the University of Maryland, College Park. Her research aims to understand and improve the human elements of security- and privacy-related decision making. Recent projects include examining how and why developers make security and privacy mistakes; investigating the vulnerability-discovery process; evaluating the use of threat-modeling in large-scale organizations; analyzing how users learn about and decide whether to adopt security advice; and contrasting user expectations with app behavior in Android apps. Her work has recently been recognized with an NSA Best Scientific Cybersecurity Paper award and a USENIX Security Distinguished Paper award. She is Program Chair for the Symposium on Usable Privacy and Security (SOUPS) for 2019 and 2020.

Friday, November 8 at 2:30pm to 3:30pm

McAdams Hall, 114
821 McMillan Rd., Clemson, SC 29634, USA

Event Type

Lectures / Seminars / Speakers

Departments

College of Engineering, Computing and Applied Sciences, School of Computing, Research Seminars

Target Audience

Students, Faculty

Website

https://www.cs.clemson.edu/socseminar...

Contact Name:

Dida Weeks

Contact Phone:

864-656-5555

Contact Email:

didaw@clemson.edu

Subscribe

Recent Activity