2025 CyLab Partners Conference

October 28-29, 2025

Photo of Lorrie Cranor speaking to attendees of the CyLab Partners Conference

Photo of Assane Gueye lecturing at the CyLab Partners Conference

Photo of a Ian McCormack presenting his research poster at the CyLab Partners Conference

We are pleased to announce the 2025 CyLab Partners Conference!

All main events and presentations will be held on the Carnegie Mellon University Campus in the Rangos Ballroom at the Jared L. Cohon University Center.

The CyLab Annual Partners Conference highlights the latest research in security and privacy with an interactive forum between faculty, students, and industry. We are excited to welcome our guests back to campus for this year’s two-day event, which will include more than 30 faculty and student presentations. All sessions will consist of brief talks, followed by active dialogue with our attendees.

Attendance is limited to invited guests, representatives of CyLab's partners, and CMU CyLab faculty, staff, and students. We will provide additional information in the coming weeks.

If you have any questions regarding the 2025 CyLab Partners Conference, please contact Isabelle Glassmith at iglassmi@andrew.cmu.edu.

For information on hotels and transportation please see our "Visiting CyLab" page.

Not a CyLab partner? Learn how your company can benefit from becoming one. Contact the Senior Director of Partnerships, Michael Lisanti, at mlisanti@cmu.edu or 412-268-1870.

Agenda

This agenda is subject to change.

Day 1: Tuesday, October 28, 2025 (EDT)

8:00 a.m. - 9:00 a.m. - Breakfast and Registration

9:00 a.m. - 9:15 a.m. – Welcome and Opening Remarks

9:15 a.m. - 10:12 a.m. – Session I: Partnerships and Initiatives

Moderator: Michael Lisanti

CyLab Partnership Program Updates: Jason Griess
CyLab Venture Network: Michael Lisanti
CyLab Robotics Security and Privacy Initiative: Sarah Scheffler
Future Enterprise Security Initiative: Lujo Bauer
Cyber Autonomy for Future Enterprise Initiative: Vyas Sekar
CMU Secure Blockchain Initiative: Ariel Zetlin-Jones
Security and Privacy Undergraduate Research (SPUR) fellows: mentoring the next generation of security and privacy researchers: Joshua Sunshine

10:12 a.m. - 10:30 a.m. – Break

10:30 a.m. - 11:15 a.m. – Session II: Privacy (Part 1)

Moderator: Giulia Fanti

Steven Wu: Does Machine Unlearning Really Forget?
Lorrie Cranor: Finding Privacy Notice and Choice Threats with UsersFirst
Joseph Calandrino: The Impact of Third-Party Library Settings Defaults on Mobile App Privacy

11:15 a.m. - 12:05 p.m. – Session III: Privacy (Part 2)

Moderator: Giulia Fanti

Shuaiqi Wang: Statistic Maximal Leakage: A Framework for Hiding Global Properties in Data Sharing
Niloofar Mireshghallah: What you should *really* worry about when it comes to Generative AI and Privacy
Aswin Sankaranarayanan: Passive Privacy Screens for Cameras
Dima Berezin: Privacy-aware engineering at Meta

12:05 p.m. - 1:30 p.m. – Lunch and Student Poster Session

1:30 p.m. - 2:30 p.m. – Session IV: Software Security (Part 1)

Moderator: Lujo Bauer

Bryan Parno: Using Verus to Produce formally verified, high performance protocol components
Limin Jia: Learning to Triage Taint Flows Reported by Dynamic Program Analysis in Node.js Packages
Ruben Martins: Generative AI for Automated Vulnerability Repair
David Svoboda: Automated Repair of Static Analysis Alerts for C/C++ Source Code

2:30 p.m. - 3:15 p.m. – Session V: Software Security (Part 2)

Moderator: Lujo Bauer

Eunsuk Kang: Resilient Enterprise System Architectures
Jonathan Aldrich: Structural Information Flow Types
Erik Shreve: Open Source Software Risk Framework OSS-P4/R

3:15 p.m. - 3:30 p.m. – Break

3:30 p.m. - 4:15 p.m. – Session VI: Generative AI and ML (Part 1)

Moderator: Vyas Sekar

Lujo Bauer: (Un)intended outcomes: LLM bias and consistency
Yorie Nakahira: LLM for autonomous control systems and inside threats
Daphne Ippolito: Poisoning Language Model Pre-Training Data

4:15 p.m. - 5:05 p.m. – Session VII: Generative AI and ML (Part 2)

Moderator: Vyas Sekar

Mahmoud Shabana: Automated Evaluation of AI Red Teaming Engagements
Kathleen Carley: AI Enabled Network Science for Integrated Cyber Environment Training
Carlee Joe-Wong: Exploring Data Provenance in Generative AI
Partha Madhira: Chaos in Multi-Agent conversations (Agentic AI)

5:05 p.m. - 5:10 p.m. – End-of-day remarks

5:45 p.m. - 8:15 p.m. – Dinner at Mansions on Fifth

Day 2: Wednesday, October 29, 2025 (EDT)

8:00 a.m. - 9:00 a.m.– Breakfast and Registration

9:00 a.m. - 9:05 a.m. – Opening remarks

Lorrie Cranor

9:05 a.m. - 9:30 a.m. – CyLab Distinguished Alumni Award Presentation

Moderator: Lorrie Cranor

Serge Egelman (Distinguished Alumni Award honoree): Anonymity, Consent, and Other Noble Lies: An Empirical Study of the Data Economy

9:30 a.m. - 10:15 a.m. – Session VIII: System and Hardware Security (Part 1)

Moderator: Osman Yağan

Riccardo Paccagnella: Security Challenges Due to Modern Microarchitectural Optimizations
Bill Scherlis: The 2025 NASEM Cyber Hard Problems Study
Vyas Sekar: Incalmo: An LLM-assisted System for Autonomously Executing Multi-host Network Attacks

10:15 a.m. - 10:30 a.m. – Break

10:30 a.m. - 11:20 a.m. – Session IX: System and Hardware Security (Part 2)

Moderator: Osman Yağan

Nataliya Shevchenko: Modeling cyber threats with MBSE
James Hoe: Developing an FPGA-Accelerated Log Monitoring System using SYCL
Robert Garrett: Behavior-based Confidence Scoring to Support Access Management in Zero Trust Systems
Glenn Gasmen: Effectiveness of standards-based or regulated approaches to mitigating risk to transport refrigeration systems

11:20 a.m. - 12:05 p.m. – Session X: Crypto and Blockchain (Part 1)

Moderator: Nicolas Christin

Nicolas Christin: Blockchain Address Poisoning
Dimitrios Skarlatos: Scale-out Encrypted AI
Elaine Shi: Oblivious computation: From theory to practice

12:05 p.m. - 1:30 p.m. – Lunch and Student Poster Session

1:30 p.m. - 2:15 p.m. – Session XI: Crypto and Blockchain (Part 2)

Moderator: Sarah Scheffler

Sarah Scheffler: Privacy in an ID-Verified World
Rose Silver: Towards Simple and Private Algorithms and Data Structures
Ken Mai: PQC acceleration in customized embedded FPGAs

2:15 p.m. - 2:30 p.m. - Break

2:30 p.m. - 3:30 p.m. - Session XII: Usability/Human Factors

Moderator: Lorrie Cranor

Hana Habib: Improving the Usability of Private Machine Learning Tools
Clement Fung: Adopting AI to Protect Industrial Control Systems: Assessing Challenges and Opportunities from the Operators’ Perspective
Elijah Bouma-Sims: Leveraging Generative AI to Protect Users from SMS Scams
Prasoon Patidar: Enabling Smart Building Chatbots for Privacy Preserving Sensing

3:30 p.m. - 3:35 p.m. – Closing remarks

4:00 p.m. - 6:00 p.m. – Cyber Innovators Connect – Connan Room, downstairs

Agenda:

4:00 p.m. - 4:30 p.m. – Grab a bite and network over drinks
4:30 p.m. - 5:00 p.m. – Lightning talks from AWS Startups and CyLab Venture Network startups including Abstract Security, Apacen, Incalmo, LensAI, Rockfish Data, Tensor Machines, and Trent AI (subject to change)
5:00 p.m. - 6:00 p.m. – More networking to connect with cyber leaders and innovators

Special thanks to our program committee: Lorrie Cranor, Lujo Bauer, Mark Sherman, Osman Yagan, Michael Lisanti, Jason Griess, Isabelle Glassmith, Beth Bucher, Michael Cunningham, Ashley Bon, and Danyel Kusbit.