Send email Copy Email Address

Empirical & Behavioral Security

Ultimately, we need solutions that work both in theory and practice. However, as truth is stranger than fiction, this means that to attain this grand goal we cannot simply retreat to our study but will need to draw insight from empirical data. That is, unless a tool is easy to use properly, although it may be secure in theory it can still prove a liability in practice -- which goes for both end-users and developers. Moreover, we cannot preempt every possible attack, and hence need techniques that can detect and name subtle patterns in data that we can act upon. In short, this research area aims to devise an engineering process that significantly improves the security and privacy of today's real-world software, that keep pace with the continuing growth in complexity for future IT systems, and that is conveniently usable even by layman users and developers. It provides empirical methods and tools for dealing with unstructured, heterogeneous datasets at scale, techniques for ensuring the security of web applications and services; as well as usable and effective solutions for application development and maintenance.

Tagged Publications

Year 2021

Conference / Medium

ESORICS
ESORICS 2021: Computer SecurityThe 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering

Conference / Medium

USENIX-Security
In 30th USENIX Security Symposium, USENIX Security '21.In 30th USENIX Security Symposium, USENIX Security '21

Conference / Medium

SOUPS
In Proceedings of Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021.Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021.

Conference / Medium

SOUPS
In Proceedings of Seventeenth Symposium on Usable Privacy and SecuritySeventeenth Symposium on Usable Privacy and Security, SOUPS 2021.

Conference / Medium

USENIX-Security
Proceedings of the 30th Usenix Security SymposiumUsenix Security 2021