Lujo Bauer is a professor in the Electrical and Computer Engineering Department and in the Institute for Software Research at Carnegie Mellon University. He received his B.S. in Computer Science from Yale University in 1997 and his Ph.D. in Computer Science from Princeton University in 2003.
Bauer's research interests span many areas of computer security and privacy, and include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for run-time enforcement of security policies on programs, and generally narrowing the gap between a formal model and a practical, usable system. His recent work focuses on developing tools and guidance to help users stay safer online, and in examining how advances in machine learning can lead to a more secure future.
Bauer served as the program chair for the flagship computer security conferences of the IEEE (S&P 2015) and the Internet Society (NDSS 2014) and is an associate editor of ACM Transactions on Information and System Security.
Helping Users Manage Online Data
On the Future of AI
2003 Ph.D., Computer Science, Princeton University
1999 MA, Computer Science, Princeton University
1997 BS, Computer Science, Yale University
- access control and authorization
- AI and ML for security
- Applications of security and privacy
- authentication and passwords
- cyberphysical systems (CPS)
- data security and privacy
- data/network science systems
- emerging applications security
- Formal methods
- formal methods for security
- Internet of Things (IoT)
- IoT security and privacy
- language-based security
- ML and AI
- mobile and app security and privacy
- network security
- secure systems
- security of AI and ML
- smart infrastructure
- social networks security and privacy
- software security
- systems security
- Usability and human behavior
- usable privacy and security
- usable security
- web security
After a breach, users rarely change their passwords, and when they do, they’re often weaker
A recent study authored by CyLab researchers shows that only a minority of people change their passwords after a security breach, and those that do often change them to weaker ones.
Passwords research group awarded the 2020 Allen Newell Award for Research Excellence
A group of CyLab faculty and graduate students were just awarded the Allen Newell Award for Research Excellence for their contributions from a decade of passwords research.
Q&A with Lujo Bauer
Many Americans are entering their fifth of working remotely, which has resulted in new paradigms in their own and their employers’ cybersecurity and privacy. CyLab's Lujo Bauer has been monitoring the situation.
Edge computing, ad-blocking, and more: CyLab announces 2020 seed funding awardees
Over $500K in seed funding has been awarded to 10 different CyLab faculty in six different departments across three colleges at CMU.
Second round of Secure and Private IoT Initiative funded projects announced
Carnegie Mellon CyLab’s Secure and Private IoT Initiative (IoT@CyLab) has announced its second round of funding, which will support ten IoT-related projects for one year.
Bauer and Sharif’s “special glasses” mentioned in The Atlantic
CyLab/ECE’s Lujo Bauer and Mahmood Sharif’s “special glasses” were mentioned in The Atlantic in an article about online privacy.
Why people (don’t) use password managers effectively
A recent study by a team of CyLab researchers, including Pearman, provides some insight into how ineffectively people may be using password managers, potentially nullifying the benefits the managers are meant to provide.
Security and privacy need to be easy
In 2005, Carnegie Mellon hosted a first-of-its-kind conference that brought together researchers from dozens of universities and companies around the world with one mission: make privacy and security tools easier to use. That conference, the Symposium On Usable Privacy and Security (SOUPS), is holding its 15th annual meeting next month. SOUPS, as well as the entire usable privacy and security field, have deep roots at CMU.
Overcoming the privacy paradox
Why do some people say they value their privacy, but then willingly give up personal information when downloading an app? Understanding this so-called “privacy paradox” would help answer lots of questions about how privacy could be better dealt with.
Blame the tech, not the users
A recent study led by researchers in Carnegie Mellon University’s CyLab found that when a personal device has fallen victim to some sort of cyberattack, users often misdiagnose what exactly is going on–but they’re not the ones to blame.
First round of Secure and Private IoT Initiative funded projects announced
CyLab’s Secure and Private IoT Initiative (IoT@CyLab) has broken ground as the first round of funded proposals have been announced. Twelve selected projects will be funded for one year, and results will be presented at the IoT@CyLab annual summit next year.