seminar: User-Controllable Security and Privacy
 |
Monday, March 23, 2009 |
 |
User-Controllable Security and Privacy: Are the Expectations Realistic? |
 |
Norman Sadeh, Professor, Computer Science |
 |
12:00pm |
Talk Abstract
Increasingly users are expected to configure a variety of security and privacy policies on their own, whether it’s the firewall on their home computer, their privacy preferences on Face book, or access control policies at work. In practice, research shows that users often have great difficulty specifying such policies. This in turn can result in significant vulnerabilities.
In this presentation, I will provide an overview of findings from research conducted over the past several years in the area of user-controllable security and privacy. Our work, which has been conducted through the deployment and evaluation of a series of mobile location sharing applications, combines user studies with the development of novel policy authoring and auditing technologies aimed at mitigating the gap between what application developers expect users to be able to do and what users show us they can actually do. In the process, I will also discuss what we have learned when it comes to better understanding users’ privacy preferences when it comes to sharing their locations with others.
Speaker Bio
Norman Sadeh is a Professor in the School of Computer Science at Carnegie Mellon University and a member of CyLab. His broad research interests include Web Security, Privacy and Commerce. He is co-Director of the School of Computer Science’s Ph.D. Program in Computation, Organizations and Society and of the MBA Track in Technology Leadership. Norman is also co-founder and chairman of Wombat Security Technologies, a company commercializing novel training and filtering technologies aimed at combating phishing attacks. He received his PhD in Computer Science from Carnegie Mellon University in 1991.