CyLab researchers touch on issues of cybersecurity, privacy and online crime at USENIX


August 24, 2015

“It’s complicated,” Lorrie Cranor said to a room full of eager computer security experts at last week’s 24th USENIX Security Symposium in Washington, D.C. “In order to study usable security, we have to simulate risk and do it in a believable way, without actually putting people at risk.”

Last week, CyLab faculty member Lorrie Cranor gave an invited talk at the 24th USENIX Security Symposium, titled “Conducting Usable Security Studies: It’s Complicated.” Cranor’s talk overviewed a series of studies that her lab, the CyLab Usable Privacy and Security Lab (CUPS), has performed over the past decade. It’s complicated, she explained, because the subjects taking part in usable security studies must be placed in realistically risky situations. In many cases, it is also important that participants focus on a task unrelated to security and be unaware that security is the focus of the study.

Cranor was joined by several CyLab researchers at USENIX who presented three CyLab papers:

  • Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem, co-authored by CyLab researchers Kyle Soska and Nicolas Christin, shows the results of a two-year comprehensive study of the contents of 35 “Dark Web” marketplaces, showing how contraband narcotics sales have risen and fallen over the course of the Dark Web’s brief history. The authors explain that to date, they have found no evidence supporting that takedowns of these markets have been effective.
  • Measuring Real-World Accuracies and Biases in Modeling Password Guessability was co-authored by CyLab researchers and alumni Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Cranor, Saranga Komanduri, Darya Kurilova, Michelle Mazurek, William Melicher and Richard Shay. The study investigated a variety of password-cracking approaches and found that a combination of state-of-the-art automated guessing techniques can approximate guessing by professionals. The CyLab team also announced that they have launched a free service to provide password guessability data to researchers (
  • Bohetei: Flexible and Elastic DDoS Defense, co-authored by Seyed Fayaz, Yoshiaki Tobioka and Vyas Sekar, highlights Bohetei, a flexible and elastic defense system against distributed denial of service (DDoS) attacks. The system is flexible and elastic such that it is able to handle complex attack routing and variable attack patterns.