Please note this CyLab seminar is open only to Carnegie Mellon University faculty, students, and staff.
Speaker: Michelle Mazurek, associate professor, University of Maryland
Topic: Revisiting what it means to be 'usable': Usable security beyond end users
The usable security community has made significant progress in making security and privacy tools, notifications, and warnings more legible for end users. However, many security and privacy problems remain out of the hands of end users, or–even when simplified–require more knowledge and effort than is reasonable to expect. As such, the next important challenge in usable security is to go beyond end users and explore how to make security and privacy more usable for professionals: software developers and security operations personnel, but also professionals who can influence end users at larger scale. In this talk, I will discuss three studies relevant to this goal: a study of the benefits and challenges of adopting secure programming languages, with Rust as a case study; a study evaluating the usefulness of security operations playbooks for incident response; and a study of whether and how product reviewers can help end users make more informed security and privacy decisions.
Michelle Mazurek is an associate professor in the Computer Science Department and the Institute for Advanced Computer Studies at the University of Maryland, College Park, where she also directs the Maryland Cybersecurity Center. Her research aims to understand and improve the human elements of security- and privacy-related decision making. Recent projects include examining how and why developers make security and privacy mistakes; examining how security and privacy information is distributed via YouTube influencers; and analyzing how users learn about and decide whether to adopt security advice. She was Program Chair for the Symposium on Usable Privacy and Security (SOUPS) for 2019 and 2020 and is Program Chair for the Privacy Enhancing Technologies Symposium (PETS) for 2022 and 2023. She has received a number of awards, including the NSF CAREER award, DARPA Young Faculty Award, the NSA's Best Scientific Cybersecurity Paper award, and several distinguished paper awards.
October 3-5 2023
CyLab Security and Privacy Institute
IN PERSON AT CARNEGIE MELLON UNIVERSITY (WITH SOME ASPECTS LIVESTREAMED AND RECORDED)