Lujo Bauer     [loo'yo] Research Scientist CyLab and ECE Carnegie Mellon University Collaborative Innovation Center, Room 2121 4720 Forbes Avenue Pittsburgh, PA 15213 phone: +1-412-268-9745 fax: +1-412-268-7675 email: lb...@cmu.edu

Teaching

Fall 2009: Introduction to Security and Policy (18-630 / 19-631 / 95-830)
Fall 2008: Secure Software Systems (18-732)
Fall 2007: Introduction to Computer Security (18-730)

Advertisements — please consider submitting a paper!

• SACMAT 2010 — 15th ACM Symposium on Access Control Models and Technologies, Jun 2010 in Pittsburgh, PA
• ACNS'10 — International Conference on Applied Cryptography and Network Security, Jun 22–25, 2010 in Beijing, China
• ARSPA-WITS — affiliated with ETAPS 2010, Mar 20–28, 2010 in Paphos, Cyprus
• NDSS 2010 — Network and Distributed System Security Symposium, Feb 28–Mar 3, 2010 in San Diego, CA
• ASIAN'09 — Dec 14–16, 2009 in Seoul, Korea

Research Interests

I do research in computer security—I'm particularly interested in building usable access-control systems with sound theoretical underpinnings, and generally in narrowing the gap between a formal model and a usable system. Key terms: proof-carrying authorization, distributed access control, program monitors, security automata, languages for specifying security policies. The projects I'm currently involved in include the following.

• Grey — an experiment to create a universal and highly secure access-control device via software extensions to off-the-shelf "smart phones". Grey builds from formal techniques for proving authorization that assure sound access decisions and that permit virtually unlimited flexibility in the policies that can be implemented.
• Secure Digital Home — a project that explores an architecture, mechanisms, and interfaces for helping users manage access control in the digital home of the future.
• Polymer — a language and system for specifying and enforcing composable run-time security policies on Java programs. This project studies various facets of the theory, design, and implementation of software program monitors and monitor-specification languages.

Students

I work with a number of talented PhD, masters, and undergraduate students; currently: Yuan Liang (CMU ECE PhD), Michelle Mazurek (CMU ECE PhD), Yannis Mallios (CMU ECE PhD), Kami Vaniea (CMU CSD PhD), Alex Begin (CMU ugrad), Tony Felice (CMU ugrad).

Students I have supervised or worked with closely in the past: Scott Garriss (CMU ECE, PhD 2008), Rob Reeder (CMU CSD, PhD 2008), Sudeep Modi (CMU INI masters), Brad Miller (CMU ECE ugrad).

Publications

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicity permission of the copyright holder.

Access control for home data sharing: attitudes, needs and practices.   [BibTeX]
 Michelle L. Mazurek J.P. Arsenault Joanna Breese Nitin Gupta Iulia Ion Christina Johns Daniel Lee Yuan Liang Jenny Olsen Brandon Salmon Richard Shay Kami Vaniea Lujo Bauer Lorrie Faith Cranor Gregory R. Ganger Michael K. Reiter.
 Technical Report CMU-CyLab-09-013, CyLab, Carnegie Mellon University, October 2009.

Composing expressive runtime security policies.   [BibTeX]
 Lujo Bauer, Jay Ligatti, and David Walker.
 ACM Transactions on Software Engineering and Methodology, 18(3), May 2009.   © ACM   DOI: 10.1145/1525880.1525882

xDomain: Cross-border proofs of access.   [BibTeX]
 Lujo Bauer, Limin Jia, Michael K. Reiter, and David Swasey.
 In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pages 43–52, June 2009. (Full version appears as technical report CMU-CyLab-09-005.)   DOI: 10.1145/1542207.1542216

Real life challenges in access-control management.   [BibTeX]
 Lujo Bauer, Lorrie Cranor, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea.
 In CHI 2009: Conference on Human Factors in Computing Systems, pages 899–908, April 2009.   © ACM   DOI: 10.1145/1518701.1518838

Effects of access-control policy conflict-resolution methods on policy-authoring usability.   [BibTeX]
 Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea.
 Technical Report CMU-CyLab-09-006, CyLab, Carnegie Mellon University, March 2009.

Run-time enforcement of nonsafety policies.   [BibTeX]
 Jay Ligatti, Lujo Bauer, and David Walker.
 ACM Transactions on Information and System Security, 12(3), January 2009.   © ACM   DOI: 10.1145/1455526.1455532

Usable key agreement in home networks.   [BibTeX]
 Ramu Panayappan, Tom Palarz, Lujo Bauer, and Adrian Perrig.
 In Proceedings of the 1st International Conference on COMmunication Systems and NETworkS (COMSNETS), January 2009.

Detecting and resolving policy misconfigurations in access-control systems.   [BibTeX]
 Lujo Bauer, Scott Garriss, and Michael K. Reiter.
 In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pages 185–194, June 2008.   © ACM   DOI: 10.1145/1377836.1377866

A user study of policy creation in a flexible access-control system.   [BibTeX]
 Lujo Bauer, Lorrie Cranor, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea.
 In CHI 2008: Conference on Human Factors in Computing Systems, pages 543–552, April 2008.   © ACM   DOI: 10.1145/1357054.1357143

Expandable grids for visualizing and authoring computer security policies.   [BibTeX]
 Robert W. Reeder, Lujo Bauer, Lorrie Cranor, Michael K. Reiter, Kelli Bacon, Keisha How, and Heather Strong.
 In CHI 2008: Conference on Human Factors in Computing Systems, pages 1473–1482, April 2008.   © ACM   DOI: 10.1145/1357054.1357285

Efficient proving for practical distributed access-control systems.   [BibTeX]
 Lujo Bauer, Scott Garriss, and Michael K. Reiter.
 In Computer Security—ESORICS 2007: 12th European Symposium on Research in Computer Security, volume 4734 of Lecture Notes in Computer Science, pages 19–37, September 2007. (Full version appears as technical report CMU-CyLab-06-015R.)   © Springer-Verlag   DOI: 10.1007/978-3-540-74835-9_3

Lessons learned from the deployment of a smartphone-based access-control system.   [BibTeX]
 Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea.
 In SOUPS '07: Proceedings of the 3rd Symposium on Usable Privacy and Security, pages 64–75, July 2007.   DOI: 10.1145/1280680.1280689

Consumable credentials in logic-based access-control systems.   [BibTeX]
 Kevin D. Bowers, Lujo Bauer, Deepak Garg, Frank Pfenning, and Michael K. Reiter.
 In Proceedings of the 2007 Network & Distributed System Security Symposium, pages 143–157, February 2007.   © Internet Society

Comparing access-control technologies: a study of keys and smartphones.   [BibTeX]
 Lujo Bauer, Lorrie Cranor, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea.
 Technical Report CMU-CYLAB-07-005, CyLab, Carnegie Mellon University, February 2007.

User-controllable security and privacy for pervasive computing.   [BibTeX]
 Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, and Norman Sadeh.
 In Eighth IEEE Workshop on Mobile Computing Systems and Applications (HotMobile), pages 14–19, February 2007.   DOI: 10.1109/WMCSA.2007.4389552

Efficient proving for distributed access-control systems.   [BibTeX]
 Lujo Bauer, Scott Garriss, and Michael K. Reiter.
 Technical Report CMU-CYLAB-06-015R, CyLab, Carnegie Mellon University, September 2006.

A linear logic of authorization and knowledge.   [BibTeX]
 Deepak Garg, Lujo Bauer, Kevin D. Bowers, Frank Pfenning, and Michael K. Reiter.
 In Computer Security—ESORICS 2006: 11th European Symposium on Research in Computer Security, volume 4189 of Lecture Notes in Computer Science, pages 297–312, September 2006. Official, slightly abbreviated version.   © Springer-Verlag   DOI: 10.1007/11863908_19

Device-enabled authorization in the Grey system.   [BibTeX]
 Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, and Peter Rutenbar.
 In Information Security: 8th International Conference, ISC 2005, volume 3650 of Lecture Notes in Computer Science, pages 431–445, September 2005. An extended version of this paper appears as a tech report.   © Springer-Verlag   DOI: 10.1007/11556992_31

Enforcing non-safety security policies with program monitors.   [BibTeX]
 Jay Ligatti, Lujo Bauer, and David Walker.
 In Computer Security—ESORICS 2005: 10th European Symposium on Research in Computer Security, volume 3679 of Lecture Notes in Computer Science, pages 355–373, September 2005.   © Springer-Verlag   DOI: 10.1007/11555827_21

Composing security policies with Polymer.   [BibTeX]
 Lujo Bauer, Jay Ligatti, and David Walker.
 In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 305–314, June 2005.   © ACM   DOI: 10.1145/1065010.1065047

Distributed proving in access-control systems.   [BibTeX]
 Lujo Bauer, Scott Garriss, and Michael K. Reiter.
 In Proceedings of the 2005 IEEE Symposium on Security & Privacy, pages 81–95, May 2005.   © IEEE   DOI: 10.1109/SP.2005.9

Enforcing non-safety security policies with program monitors.   [BibTeX]
 Jay Ligatti, Lujo Bauer, and David Walker.
 Technical Report TR-720-05, Princeton University, January 2005.

Edit automata: Enforcement mechanisms for run-time security policies.   [BibTeX]
 Jay Ligatti, Lujo Bauer, and David Walker.
 International Journal of Information Security, 4(1–2):2–16, February 2005. (Published online 26 Oct 2004.)   © Springer-Verlag   DOI: 10.1007/s10207-004-0046-8

A language and system for composing security policies.   [BibTeX]
 Lujo Bauer, Jay Ligatti, and David Walker.
 Technical Report TR-699-04, Princeton University, January 2004.

Access control for the Web via proof-carrying authorization.   [BibTeX]
 Lujo Bauer.
 Ph.D. Thesis, Princeton University, November 2003.

Types and effects for non-interfering program monitors.   [BibTeX]
 Lujo Bauer, Jarred Ligatti, and David Walker.
 In Software Security—Theories and Systems. Mext-NSF-JSPS International Symposium, ISSS 2002, Tokyo, Japan, November 8-10, 2002, Revised Papers, volume 2609 of Lecture Notes in Computer Science, pages 154–171, 2003.   © Springer-Verlag

Mechanisms for secure modular programming in Java.   [BibTeX]
 Lujo Bauer, Andrew W. Appel, and Edward W. Felten.
 Software—Practice and Experience, 33(5):461–480, 2003.   DOI: 10.1002/spe.516

A general and flexible access-control system for the Web.   [BibTeX]
 Lujo Bauer, Michael A. Schneider, and Edward W. Felten.
 In Proceedings of the 11th USENIX Security Symposium, pages 93–108, August 2002.

A calculus for composing security policies.   [BibTeX]
 Lujo Bauer, Jarred Ligatti, and David Walker.
 Technical Report TR-655-02, Princeton University, August 2002.

More enforceable security policies.   [BibTeX]
 Lujo Bauer, Jarred Ligatti, and David Walker.
 In Foundations of Computer Security, July 2002.

More enforceable security policies.   [BibTeX]
 Lujo Bauer, Jarred Ligatti, and David Walker.
 Technical Report TR-649-02, Princeton University, June 2002.

A proof-carrying authorization system.   [BibTeX]
 Lujo Bauer, Michael A. Schneider, and Edward W. Felten.
 Technical Report TR-638-01, Princeton University, April 2001.

Mechanisms for secure modular programming in Java.   [BibTeX]
 Lujo Bauer, Andrew W. Appel, and Edward W. Felten.
 Technical Report TR-603-99, Princeton University, July 1999.  

Updated 2009.10.22.
Copyright © Lujo Bauer