Skip to main content

CyLab News

news image

2016

Carnegie Mellon researchers create new password strength meter that outperforms state-of-the-art meters and fits in a webpage
Is password1! a good password? Many browser-based password meters would say it is, but they’d be wrong. “It’s just one of many passwords that your typical password meter would classify as strong, when in fact it’s very weak,”

CyLab’s Jason Hong on keeping safe online during the 2016 Olympics
During the 2012 Olympics, cyber criminals ran online scams – offering fake memorabilia, discounts and even tickets – in order to steal personal information and money from the public. The 2016 Olympics will be no different.

Carnegie Mellon sweeps DefCon as team wins third ‘World Series of Hacking’ title in four years
Carnegie Mellon’s competitive computer security team, The Plaid Parliament of Pwning, just won its third title in four years at the DefCon Capture the Flag competition. The win comes on the heels of CMU-spinoff ForAllSecure’s win at the DARPA Cyber Grand Challenge just days earlier.

CMU-spinoff ForAllSecure wins $2 million top prize at the DARPA Cyber Grand Challenge
ForAllSecure, a Carnegie Mellon University spinoff startup, just took home $2 million in prize money as the winners of the DARPA Cyber Grand Challenge (CGC), a first-of-its-kind hacking contest in which all participants are autonomous computer systems. ForAllSecure was one of seven finalist teams in the contest, which took place on Thursday, August 4th, in Las Vegas, Nevada.

CMU-spinoff ForAllSecure to compete for grand prize in DARPA’s Cyber Grand Challenge
Four years ago, Carnegie Mellon professor David Brumley had an idea: automate the process of finding software bugs. These bugs are at an all-time high with the explosion of the Internet of Things—billions of connected devices, like smart thermostats or fitness trackers—which are manufactured with little attention paid to security. Now, building off research that began in Carnegie Mellon’s CyLab, Brumley is heading to a national stage to compete against the country’s best automated bug finders.

NSF awards CyLab’s Vyas Sekar over $1 million to help secure the Internet of Things
Over six billion connected devices in the so-called Internet of Things (IoT) will be in use by the end of 2016, according to a recent Gartner forecast. While the explosion of IoT has the power to transform society, many are concerned as security experts have exposed vulnerabilities in everything from Internet-connected Barbie dolls to SUVs.

It’s Automatic: CMU Smartphone App Manages Your Privacy Preferences
Chalk up one more task a smartphone app may do better than you: figuring out your privacy settings. A field study suggests a personalized privacy assistant app being developed at Carnegie Mellon University can simplify the chore of setting permissions for your smartphone apps. That’s a task that requires well over a hundred decisions, an unmanageable number for the typical user.

NATO partners with CyLab to increase password security
The North Atlantic Treaty Organization (NATO), with its 28 member nations from both sides of the Atlantic Ocean, strives for peace and stability for its members. In doing so, they deal with a myriad of passwords for their authentication systems, but NATO program manager John Boyd realizes its policies are imperfect. “We’re giving people mixed messages. We’re telling them to create great, strong passwords, but don’t fall in love with them because you’re going to have to change them again in a few months,” says Boyd. “People end up making bad passwords because they have no incentive to make good ones.”

Thanks to CyLab’s picoCTF, the Phillips Academy celebrates its own successful hacking contest
In April 2014, a small group of high school students in Andover, Massachusetts huddled around a table with their laptops. Curiously and cautiously, each gradually moved through their first hacking contest, picoCTF, hosted by CyLab’s Plaid Parliament of Pwning hacking team. None of the students imagined that two years later, they’d be launching their own wildly popular “Capture the Flag” (CTF) hacking contest.

CyLab Graduate Student Receives Best Student Paper Award at EUROSYS 2016
In services like cloud computing or supercomputing, thousands of computing tasks are sent for execution on clusters of servers each second. Coordinating the myriad of incoming requests a cluster receives (e.g. which machine should execute job X, how many machines should be used to run process Y, etc.) is a daunting task, and one that peaks the interest of CyLab Ph.D. student Alexey Tumanov.

Carnegie Mellon Transparency Reports Make AI Decision-Making Accountable
Figuring Out Why the Computer Rejected Your Loan Application

Users’ Perceptions of Password Security Do Not Always Match Reality
Think your password is secure? You may need to think again. People’s perceptions of password strength may not always match reality, according to a recent study by CyLab, Carnegie Mellon’s Security and Privacy Institute.

CyLab’s Vyas Sekar wins NSF CAREER Award to improve network security
“What’s critically lacking is a principled way to check if the network correctly implements a given suite of policies,” said CyLab faculty member Vyas Sekar, an assistant professor of Electrical and Computer Engineering. “This problem is already very challenging even for very basic policy intents. As networks and policies both become more complex, and with emerging technology trends like software-defined networking and network functions virtualization, the problem will only become worse.”

CyLab Students Sweep Microsoft Build the Shield Competition
Teams win first, second and third place in security contest

Three CyLab Graduate Students Receive Research Fellowships
Three CyLab Ph.D. students have just received fellowships for their graduate research. Both students work in the Carnegie Mellon Database Group, which focuses on high performance database architectures, experimental systems and graph mining, and the Parallel Data Lab, a storage systems research center.

Clarifying the record: teaching cybersecurity needs to be a national imperative
As Director of CyLab, Carnegie Mellon’s Security and Privacy Institute, I believe that it is imperative that we improve the state of cybersecurity education in America, something I recently wrote about in the Wall Street Journal. A national conversation has begun on this topic, and last week, security firm CloudPassage contributed by producing a report that was well intentioned but factually incorrect. Carnegie Mellon University offers over 50 courses in cybersecurity available both undergraduate and graduate students, including two required courses at the undergraduate level that have large cybersecurity components. However, the CloudPassage report wrongly assigns Carnegie Mellon a “D” rating, denoted as offering 0 required courses and 1-3 electives in cybersecurity. We reached out to the firm and provided them with accurate numbers, and they released a follow-up blog post noting our course offerings.

Recent CyLab research makes big push in improving network testing and verification
To date, network administrators have been challenged with checking whether a network configuration correctly implements a suite of intended security policies. This is hard even for basic reachability policies (e.g. Can X talk to Y?) in simple networks. In practice, network administrators would like to implement more complex security postures using more advanced network functions (e.g., web application firewalls, intrusion prevention systems). “The more complex the policy and the more advanced your network fucntions are, the harder it is to give the network administrator assurance that the policy is realized correctly in the network,” says Vyas Sekar, an assistant professor of Electrical and Computer Engineering (ECE) and principal investigator of the study. “But for the first time, we’ve made network testing for checking dynamic policies with stateful networks practical.”

CyLab Director David Brumley in Wall Street Journal: 'We need to embrace hacking as a pre-eminent skill necessary to secure our digital world'
CyLab Director David Brumley just published an Op-Ed in the Wall Street Journal on ways to address the inadequate pipeline of talent to fill thousands of unfilled cybersecurity jobs. Brumley’s comments about growing the cybersecurity talent pipeline stem from CyLab's long history of cybersecurity training. Through various programs like the Software Engineering Institute’s Federal Virtual Training Environment or Brumley’s picoCTF hacking competition, CyLab has trained over 180,000 people in the field of cybersecurity, more than any other institution.

Newly Released Website Sheds Light on Shortcomings of Privacy Policies, Paves Way for Semi-Automated Summarization of these Policies
Few people read privacy policies. Studies have projected that it would take an average user over 600 hours to read every privacy policy associated with every website they visited in one year. However, research conducted over the past two years by researchers at Carnegie Mellon University, Fordham University and Stanford University, is paving the way to a day where technology might be able to provide users with short summaries of privacy policies.

CyLab-inspired Curriculum Leads to 3rd “Cyberstakes” Hacking Competition for US Service Academies
With the help of CyLab Director David Brumley, Ragsdale created “Cyberstakes,” a full-fledged offense / defense hacking competition in which students from every United States service academy could participate in.

Carnegie Mellon, Stanford Researchers Devise Method To Share Password Data Safely
“This is the first time a major company has released frequency information on user passwords,” said CyLab faculty Anupam Datta, associate professor of computer science and electrical and computer engineering at CMU.

CyLab students hack their way to 3rd place in NSA’s Codebreaker Challenge
Three CyLab students finished in the top 25 individually, placing Carnegie Mellon University’s overall placement at 3rd in the NSA Codebreaking Challenge. Over 2,200 students from over 300 academic institutions participated in this year’s challenge.

Ed Felten Advocates Making Privacy Work for Everyone in Celebration of Data Privacy Day
Last week, Deputy U.S. Chief Technologist Ed Felten met with CyLab researchers and presented his keynote talk to a crowded Rangos Hall in Carnegie Mellon University’s Cohon University Center in celebration of CMU Privacy Day 2016.

CyLab’s Kyle Soska receives the Symantec Research Labs Graduate Fellowship
Kyle Soska, a CyLab Ph.D. student in the Department of Electrical and Computer Engineering, has received the Symantec Research Labs Graduate Fellowship. These fellowships are granted to two to three Ph.D. students each year who are conducting innovative research that has real-world value.

Better Design Improves Understanding of Online Privacy Notices: CyLab Researchers Outline Best Practices
Privacy policies for websites, smartphone apps and, especially, components of the emerging Internet of Things are usually ineffective or ignored by users, but CyLab researchers say properly designed privacy notices — pushed out to users at appropriate times — could help remedy that problem.

CyLab’s David Brumley to Co-Chair First Ever “Enigma” Conference
CyLab director David Brumley will co-chair Enigma -- a uniquely positioned vendor-neutral security conference. Enigma will be held January 25-27, 2016 featuring an impartial program presented by academic and industry experts offering immediately useful responses to security breaches.

2015

How CyLab Researchers are Protecting Consumers This Shopping Season: Distilling Lengthy Privacy Policies
Consumers spent nearly $3 billion on Cyber Monday this year, and the holiday online shopping frenzy will continue through the end of the year.

CyLab's Lorrie Cranor Named 2016 IEEE Fellow
Lorrie Faith Cranor, professor of computer science and of engineering and public policy and co-director of the master's program in privacy engineering, has been named a 2016 IEEE fellow for her contributions to privacy engineering.

Two CyLab Faculty Inducted as ACM Fellows
Two CyLab faculty members have just been inducted as Association for Computing Machinery (ACM) fellows, a recognition only given to the top 1% of ACM members for their outstanding accomplishments in computing and information technology.

CyLab's Lorrie Cranor Named Chief Technologist of Federal Trade Commission
Federal Trade Commission Chairwoman Edith Ramirez has appointed Lorrie Faith Cranor, professor of computer science, of engineering and public policy and a CyLab researcher, as the agency’s Chief Technologist.

CyLab Graduate Students Honored in NYU’s Applied Research Competition
Two CyLab graduate students finished in the top 10 at NYU’s 2015 Cyber Security Awareness Week (CSAW) Applied Research Competition, a contest for graduate student researchers who have published papers in the past 12 months.

CMU's Hacking Team PPP Wins 7th Straight in NYU’s Cyber Security Awareness Week Conference
Carnegie Mellon’s hacking team, the Plaid Parliament of Pwning (PPP), just won its seventh straight capture the flag competition at the annual Cyber Security Awareness Week (CSAW) conference hosted by New York University.

CMU graduate student Melanie Rich-Wittrig receives full scholarship to study information security
“Ever since 'The Matrix' was released, I wanted to be a hacker like Trinity,” said Rich-Wittrig. Competing in college hacking competitions introduced her to CMU's Plaid Parliament of Pwning (PPP), sparking her interest in CMU’s information security programs.

CMU Graduate Student Roger Baker advances to final round of National Cyber Analyst Challenge
A team of graduate students from Carnegie Mellon University (CMU), including Roger Baker of the Information Networking Institute (INI), has advanced to the final round of the National Cyber Analyst Challenge (NCAC), sponsored by Lockheed Martin.

CyLab Faculty Lorrie Cranor Offers Advice on Making Stronger, More Secure Passwords
Cranor was recently featured in the Carnegie Mellon podcast “Make It Real,” talking about her work on making passwords stronger and more secure.

CyLab Researchers Present at ACM Conference on Computer and Communications Security
A group of CyLab researchers delivered nine different presentations at the 22nd Annual Association for Computing Machinery (ACM) Conference on Computer and Communications Security October 12 – 16, 2015 in Denver, Colorado.

Carnegie Mellon Partners with the NSA Day of Cyber Program
Carnegie Mellon University (CMU) has partnered with the NSA Day of Cyber Program, aimed at boosting the national IQ for STEM (Science, Technology, Engineering and Math) and cyber science education paths.

CyLab & ECE Faculty Partner with New Research Center Focusing on Cybersecurity of Nation’s Power Grid
A new national center devoted to cybersecurity for electric power utilities has been announced at the University of Arkansas. The center is made possible by a $12.2 million grant from the U.S. Department of Energy, augmented by $3.3 million in matching funds from the research partners.

CyLab Hosts Annual Partners Conference
Last week, CyLab hosted its 12th annual CyLab Partners Conference, bringing CyLab’s corporate partners to main CMU campus in Pittsburgh, PA. Attendance was limited, exclusively, to representatives of CyLab's corporate partners and Carnegie Mellon University CyLab.

Northrop Grumman Partners with CyLab to Strengthen Mobile Security Applications
Northrop Grumman is leveraging a research project on threat behavior modeling originally developed through its Cybersecurity Research Consortium partner Carnegie Mellon University’s (CMU) cybersecurity institute, CyLab.

Bosch Group, CMU Announce $2.5M for New Faculty Research Chair in CyLab
The Bosch Group, a German-based global supplier of technology and services, and Carnegie Mellon University announced two investments in the university today, including a $2.5 million gift for an endowed professorship at CyLab.

Three CyLab Faculty Receive Google Research Awards
The prestigious Google Research Award aims to support those on the leading edge of computer science and related engineering research. This award is a one-year monetary award given as an unrestricted gift designed to support world-class university faculty from around the world.

Army War College Visits CyLab for Program on Cybersecurity and Privacy
In August, members of the United States Army War College International Fellows Program visited Carnegie Mellon for a day of talks on cybersecurity and privacy.

Paper Wins Honorable Mention at NSA Best Scientific Cybersecurity Paper Contest
A paper by HCII and CyLab researchers that examined how to motivate people to adopt online security measures by sharing information about how their friends use such tools received an honorable mention in the NSA's 3rd Best Scientific Cybersecurity Paper Competition.

Trusted Electronic Hardware: Top 10 List of What Consumers Trust Most
Society puts a lot of trust in its electronic devices. Whether following a GPS to the beach or paying a bill online, consumers rely on their electronics for everyday tasks.

CyLab Researchers Touch On Issues of Cybersecurity, Privacy, and Online Crime at USENIX
Last week, CyLab's Lorrie Cranor gave an invited talk at the 24th USENIX Security Symposium, titled, “Conducting Usable Security Studies: It’s complicated.” Cranor’s talk overviewed a series of studies that CUPS, has performed over the past decade.

Carnegie Mellon Wins Second Place at DEFCON
Carnegie Mellon’s cybersecurity team, The Plaid Parliament of Pwning, took second place at this year’s DEFCON Capture the Flag competition. The competition, widely considered the “World Series of Hacking,” was held Aug. 6 – 9 in the Bally’s Events Center in Las Vegas.

Can Carnegie Mellon Pull Off First Ever Three-peat at This Year’s ‘World Series of Hacking’?
Carnegie Mellon’s cybersecurity team, The Plaid Parliament of Pwning, will compete for its third title in three years at this year’s DefCon Capture the Flag competition. The competition, widely considered the “World Series of Hacking,” will be held August 6 – 9 at the Paris and Bally’s Hotels in Las Vegas.

SOUPS 2015: Usable Privacy and Security and the Human Factor
The CyLab Usable Privacy and Security Laboratory (CUPS) 11th Annual Symposium on Usable Privacy and Security (SOUPS) was hosted by Carleton University in Ottawa, Canada on July 22-24, 2015.

Research Tool AdFisher Monitors Online Ad Ecosystem
Experiments by CyLab researchers showed that significantly fewer women than men were shown online ads promising them help getting jobs paying more than $200,000, raising questions about the fairness of targeting ads online.

David Brumley Named Director of CyLab
Electrical and computer engineering (ECE) professor David Brumley will serve as the third director of Carnegie Mellon’s campus-wide cybersecurity laboratory, CyLab, effective July 1, 2015.

CMU CyLab Again Has Significant Presence at the IEEE S&P 2015
CMU CyLab continued its significant presence at the 36th annual IEEE Symposium on Security and Privacy. Held May 18-20, 2015 in San Jose, CA, the highly respected symposium is the premier forum for presenting developments in computer security and electronic privacy.

CMU’s picoCTF 2014 Contest Winners Receive Awards
The picoCTF 2014 contest winners recently traveled to CMU to receive their awards. The high school student winners represent teams from three national high schools, embodying the best of the brightest, defeating over 10,000 participants in the annual hacking contest.

Carnegie Mellon’s CyLab Biometrics Center Wins Gold at the 2015 Edison Awards
Carnegie Mellon’s CyLab Biometrics Center won Gold at the 2015 Edison Awards in the category of Applied Technology.

CMU CyLab's Alessandro Acquisti Named Andrew Carnegie Fellow
CyLab Researcher Alessandro Acquisti was named today to the inaugural class of the Andrew Carnegie Fellows by the Carnegie Corporation of New York. Acquisti is one of only 32 recipients of the fellowship and was selected from more than 300 nominees.

CyLab Disinguished Fellow Named to Head New Institute for Politics and Strategy
Carnegie Mellon University’s Dietrich College of Humanities and Social Sciences will open a new Institute for Politics and Strategy (IPS), effective July 1. Under the direction of CyLab Distinguished Fellow Kiron K. Skinner, the IPS will serve as a center for research, undergraduate and graduate education, and university-wide initiatives in the fields of political science, international relations, national security policy and grand strategy.

CMU CyLab Biometrics Center Named Finalist in 2015 Edison Awards
Carnegie Mellon University's CyLab Biometrics Lab has been named a finalist in this year’s Edison Awards in the category of Applied Technology.

CyLab's Dr. Lorrie Cranor Speaks at White House Cybersecurity Summit
Dr. Lorrie Cranor, Director of CyLab Usable Privacy and Security (CUPS) Lab will be one of four participants in a panel on "Improving Authentication: Moving Beyond the Password," led by NIST Undersecretary Willie May.

CyLab Technical Director David Brumley Wins Carnegie Science Award
The Carnegie Science Center has announced that David Brumley, an associate professor of electrical and computer engineering, and Jeanne VanBriesen, professor of civil and environmental engineering, have been awarded Carnegie Science Awards.

CMU International Privacy Day: FTC Commissioner Joins CyLab Researchers in Articulating Challenges and Solutions
Every year, CMU observes International Data Privacy Day with events showcasing the university’s current research. Privacy Day keynote speakers offer some key insights into the world of privacy and the conception of its overall decline.

New CMU Study Highlights Challenges of Complex Trade-Off in Privacy Decision-Making
In "Privacy and Human Behavior in the Information Age", CyLab's Alessandro Acquisti and a team of fellow CMU researchers have detailed the privacy hurdles people face while navigating in the information age, and offered some perspectives on what should be done about privacy at a policy level.

What Does Privacy Look Like? CyLab's Dr. Lorrie Cranor Explores Public Attitudes, Concerns Using Drawings
What is privacy? People sometimes have a hard time putting it in words. So Lorrie Cranor, a leading authority on Internet privacy at Carnegie Mellon University, has explored the meaning of privacy by asking people to draw pictures.

FTC Commissioner Julie Brill keynotes 2015 CMU Privacy Day, Participates in Panel with CyLab Researchers
CyLab is honored to be one of the sponsors of Carnegie Mellon University’s 2015 Privacy Day to be held on Jan. 28. This year's keynote speaker will be Commissioner Julie Brill of the Federal Trade Commission (FTC), who will discuss the challenges to personal privacy posed by the growing list of household appliances, cars and other devices that are now linked to the Internet.

CMU CyLab's Dr. Lorrie Cranor named ACM Fellow
Lorrie Faith Cranor, a professor in the Institute for Software Research and director of the CyLab Usable Privacy and Security Lab, is one of 47 computer scientists named as 2014 Fellows by the Association for Computing Machinery.