I conduct research on the socio-technical aspects of cybersecurity. My current work includes analysis of gains and losses due to undesirable activity on the Internet, investigating human factors in effective Internet security mechanisms, and building new technological primitives with the goal of increasing the practical security and privacy of Internet users.
I am very interested in new collaborations, motivated students, and lively conversation regarding security research - please reach out via email or twitter if you’d like to chat!
Cloudsweeper allows users to audit, encrypt, and redact sensitive information within cloud storage accounts. This project helps us better understand the role of cleartext password emailing, the underground value of stolen accounts, and new ways to improve the security of sensitive, globally accessible information.
The CRISP project is building a new web front end language and paradigm to enable rich document publishing while providing greatly increased privacy and security over traditional HTML/JS/CSS based sites.
Our Harm Measurement research effort aims to characterize and quantify the damage experienced by victims of cybercrime.
This year I’m chairing the Second Workshop on Targeted Attacks co-located with the Financial Cryptography conference in Curaçao on March 2, 2018. I encourage you to submit any research that focuses on targeted attacks, whether it’s their methods, targets, defenses, impacts, or any other aspect. The paper submission deadline is December 12th.
Beyond that, I do/have done: