I conduct research on the socio-technical aspects of cybersecurity. My current work includes analysis of gains and losses due to undesirable activity on the Internet, investigating human factors in effective Internet security mechanisms, and building new technological primitives with the goal of increasing the practical security and privacy of Internet users.
I am very interested in new collaborations, motivated students, and lively conversation regarding security research - please reach out via email or twitter if you’d like to chat!
Cloudsweeper allows users to audit, encrypt, and redact sensitive information within cloud storage accounts. This project helps us better understand the role of cleartext password emailing, the underground value of stolen accounts, and new ways to improve the security of sensitive, globally accessible information.
The CRISP project is building a new web front end language and paradigm to enable rich document publishing while providing greatly increased privacy and security over traditional HTML/JS/CSS based sites.
Our Harm Measurement research effort aims to characterize and quantify the damage experienced by victims of cybercrime.
I am the area editor for Information Security and Network Measurement for the ACM SIGCAS Computers and Society newsletter. If you’d be interested in getting your work in front of a broader audience—anything from a really good blog post to a fully formed article—I encourage you to submit.
Beyond that, I do/have done: