Lujo Bauer
[loo'yo]

Associate Professor, Electrical & Computer Engineering + Computer Science (Institute for Software Research)
Director, Cyber Autonomy Research Center
Affiliated with: CyLab, Societal Computing

Contact info
Short bio

Please consider submitting a paper or attending:

Wordle representation of paper titles.

Teaching

Fall 2017: Privacy Policy, Law, and Technology (8-533 / 8-733 / 19-608 / 95-818)
Spring 2017: Secure Software Systems (18-732)
Fall 2016: Privacy Policy, Law, and Technology (8-533 / 8-733 / 19-608 / 95-818)
Spring 2016: Usable Privacy and Security (05-436 / 05-836 / 08-534 / 08-734 / 19-534 / 19-734)
Spring 2016: Secure Software Systems (18-732)
Fall 2015: Introduction to Computer Security (18-730)
Fall 2015: Information Security & Privacy (15-421 / 08-731 / 08-761 / 45-885 / 45-985)

Previous...

Spring 2015: Secure Software Systems (18-732)
Fall 2014: Information Security and Privacy (08-731 / 15-421 / 08-761 / 45-885 / 45-985)
Spring 2014: Secure Software Systems (18-732)
Spring 2013: Secure Software Systems (18-732)
Fall 2011: Intro to Computer & Network Security & Applied Cryptography (18-487)
Fall 2010: Secure Software Systems (18-732)
Fall 2009: Introduction to Security and Policy (18-630 / 19-631 / 95-830)
Fall 2008: Secure Software Systems (18-732)
Fall 2007: Introduction to Computer Security (18-730)

Research

I do research on many aspects of computer security. I'm particularly interested in building usable access-control systems with sound theoretical underpinnings, and generally in narrowing the gap between a formal model and a usable system. Key terms: proof-carrying authorization, distributed access control, program monitors, security automata, languages for specifying security policies, usable security.

Some projects I'm currently involved in:

Information-flow control in modern app ecosystems: Modern app platforms (e.g., mobile OSes, web browsers, desktop OSes with app markets) control apps through sandboxing and permission systems, but this often fails to stop information leaks, privilege escalation, and other undesired behavior. This project aims to secure such platforms via information-flow control mechanisms; research ranges from developing new theory to implementing running prototypes on Android and Chromium.

Publications

Run-time monitoring and formal analysis of information flows in Chromium.   [BibTeX]
Lujo Bauer, Shaoying Cai, Limin Jia, Timothy Passaro, Michael Stroucken, and Yuan Tian.
In Proceedings of the 22nd Annual Network & Distributed System Security Symposium, February 2015. Internet Society. © Internet Society  DOI:10.14722/ndss.2015.23295

Analyzing the dangers posed by Chrome extensions.   [BibTeX]
Lujo Bauer, Shaoying Cai, Limin Jia, Timothy Passaro, and Yuan Tian.
In Proceedings of the IEEE Conference on Communications and Network Security, pages 184-192, October 2014. IEEE. © IEEE  DOI:10.1109/CNS.2014.6997485

Run-time enforcement of information-flow properties on Android (extended abstract).   [BibTeX, demo]
Limin Jia, Jassim Aljuraidan, Elli Fragkaki, Lujo Bauer, Michael Stroucken, Kazuhide Fukushima, Shinsaku Kiyomoto, and Yutaka Miyake.
In Computer Security—ESORICS 2013: 18th European Symposium on Research in Computer Security, pages 775–792, September 2013. Springer. (Full version appears as technical report CMU-CyLab-12-015.) © Springer-Verlag  DOI:10.1007/978-3-642-40203-6_43

Modeling and enhancing Android's permission system.   [BibTeX]
Elli Fragkaki, Lujo Bauer, Limin Jia, and David Swasey.
In Computer Security—ESORICS 2012: 17th European Symposium on Research in Computer Security, volume 7459 of Lecture Notes in Computer Science, pages 1–18, September 2012. (Full version appears as Technical report CMU-CyLab-11-020.) © Springer-Verlag  DOI:10.1007/978-3-642-33167-1_1

Secure digital home / access control for non-security-experts: This collection of projects explores architectures, mechanisms, and interfaces for helping users manage access control in the digital home of the future and on online social networks. Recent research includes investigating new ways of specifying access-control policies (e.g., reactively, and via metadata-based policy rules), and using machine learning to help users specify security policies and privacy preferences.

Publications

(Do not) Track me sometimes: Users' contextual preferences for web tracking.   [BibTeX, slides, talk video]
William Melicher, Mahmood Sharif, Joshua Tan, Lujo Bauer, Mihai Christodorescu, and Pedro Giovanni Leon.
Proceedings on Privacy Enhancing Technologies, April 2016. De Gruyter Open. © authors  DOI:10.1515/popets-2016-0009

Sharing personal content online: exploring channel choice and multi-channel behaviors.   [BibTeX, video teaser]
Manya Sleeper, William Melicher, Hana Habib, Lujo Bauer, Lorrie Faith Cranor, and Michelle L. Mazurek.
In CHI'16: 34th Annual ACM Conference on Human Factors in Computing Systems, May 2016. ACM. © authors  DOI:10.1145/2858036.2858170

Toward strong, usable access control for shared distributed data.   [BibTeX, talk video]
Michelle L. Mazurek, Yuan Liang, William Melicher, Manya Sleeper, Lujo Bauer, Gregory R. Ganger, Nitin Gupta, and Michael K. Reiter.
In Proceedings of the 12th USENIX Conference on File and Storage Technologies (FAST '14), February 2014. USENIX.

Challenges faced in working with users to design access-control systems for domestic environments.   [BibTeX]
Manya Sleeper, Michelle L. Mazurek, and Lujo Bauer.
In Designing with Users for Domestic Environments workshop at CSCW14 (the 17th ACM Conference on Computer Supported Cooperative Work and Social Computing), February 2014. Position paper.

The post anachronism: The temporal dimension of Facebook privacy.   [BibTeX]
Lujo Bauer, Lorrie Faith Cranor, Saranga Komanduri, Michelle L. Mazurek, Michael K. Reiter, Manya Sleeper, and Blase Ur.
In Proceedings of the 12th Annual Workshop on Privacy in the Electronic Society, November 2013. ACM. © authors  DOI:10.1145/2517840.2517859

What you want is not what you get: Predicting sharing policies for text-based content on Facebook.   [BibTeX]
Arunesh Sinha, Yan Li, and Lujo Bauer.
In Proceedings of the 6th ACM Workshop on Security and Artificial Intelligence, November 2013. ACM. © authors  DOI:10.1145/2517312.2517317

What matters to users? Factors that affect users' willingness to share information with online advertisers.   [BibTeX]
Pedro G. Leon, Blase Ur, Yang Wang, Manya Sleeper, Rebecca Balebako, Richard Shay, Lujo Bauer, Mihai Christodorescu, and Lorrie Faith Cranor.
In SOUPS '13: Proceedings of the 9th Symposium on Usable Privacy and Security, July 2013. ACM. © authors  DOI:10.1145/2501604.2501611

Out of sight, out of mind: Effects of displaying access-control information near the item it controls.   [BibTeX]
Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, and Michael K. Reiter.
In Proceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST), pages 128–136, July 2012. IEEE. © IEEE  DOI:10.1109/PST.2012.6297929

Tag, you can see it! Using tags for access control in photo sharing.   [BibTeX]
Peter F. Klemperer, Yuan Liang, Michelle L. Mazurek, Manya Sleeper, Blase Ur, Lujo Bauer, Lorrie Faith Cranor, Nitin Gupta, and Michael K. Reiter.
In CHI 2012: Conference on Human Factors in Computing Systems, pages 377–386, May 2012. ACM. © ACM  DOI:10.1145/2207676.2207728

Exploring reactive access control.   [BibTeX]
Michelle L. Mazurek, Peter F. Klemperer, Richard Shay, Hassan Takabi, Lujo Bauer, and Lorrie Faith Cranor.
In CHI '11: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pages 2085–2094, May 2011. ACM. © ACM  DOI:10.1145/1978942.1979245

Access control for home data sharing: Attitudes, needs and practices.   [BibTeX]
Michelle L. Mazurek, J.P. Arsenault, Joanna Breese, Nitin Gupta, Iulia Ion, Christina Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, Richard Shay, Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, Gregory R. Ganger, and Michael K. Reiter.
In CHI 2010: Conference on Human Factors in Computing Systems, pages 645–654, April 2010. ACM. © ACM  DOI:10.1145/1753326.1753421

Passwords: Although they are often insecure and inconvenient, passwords aren't quite about to disappear. This project's goal is to help users create passwords that are easy for them to remember, but hard for attackers to guess. We work towards this goal by trying to deeply understand the password-creation process and the security of the resulting passwords, including by investigating the effects of password-composition policies and password meters on the security and usability of passwords, and by studying metrics for quantifying password strength.

Publications

 Fast, lean, and accurate: Modeling password guessability using neural networks.   [BibTeX, video teaser, slides, talk video, code]
William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor.
In Proceedings of the 25th USENIX Security Symposium, August 2016. USENIX Security Best Paper.

 Do users' perceptions of password security match reality?   [BibTeX, video teaser, online game]
Blase Ur, Jonathan Bees, Sean Segreti, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor.
In CHI'16: 34th Annual ACM Conference on Human Factors in Computing Systems, May 2016. ACM. CHI 2016 Honorable Mention. © authors  DOI:10.1145/2858036.2858546

Measuring real-world accuracies and biases in modeling password guessability.   [BibTeX, talk video, video teaser]
Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, and Richard Shay.
In Proceedings of the 24th USENIX Security Symposium, August 2015. USENIX. © authors

The impact of length and mathematical operators on the usability and security of system-assigned one-time PINs.   [BibTeX]
Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor.
In 2013 Workshop on Usable Security (USEC), volume 7862 of Lecture Notes in Computer Science, pages 34–51, April 2013. Springer. © Springer-Verlag  DOI:10.1007/978-3-642-41320-9_3

How does your password measure up? The effect of strength meters on password creation.   [BibTeX, talk video]
Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor.
In Proceedings of the 21st USENIX Security Symposium, August 2012. USENIX Association. © authors

Correct horse battery staple: Exploring the usability of system-assigned passphrases.   [BibTeX]
Richard Shay, Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Blase Ur, Tim Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor.
In SOUPS '12: Proceedings of the 8th Symposium on Usable Privacy and Security, July 2012. ACM. © authors  DOI:10.1145/2335356.2335366

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms.   [BibTeX]
Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez.
In Proceedings of the 2012 IEEE Symposium on Security and Privacy, pages 523–537, May 2012. IEEE. © IEEE  DOI:10.1109/SP.2012.38

 Of passwords and people: Measuring the effect of password-composition policies.   [BibTeX]
Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Serge Egelman.
In CHI '11: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pages 2595–2604, May 2011. ACM. CHI 2011 Honorable Mention. © ACM  DOI:10.1145/1978942.1979321

Grey: An experiment to create a universal and highly secure access-control device via software extensions to off-the-shelf "smart phones". Grey builds from formal techniques for proving authorization that assure sound access decisions and that permit virtually unlimited flexibility in the policies that can be implemented.

Publications

Discovering access-control misconfigurations: New approaches and evaluation methodologies.   [BibTeX]
Lujo Bauer, Yuan Liang, Michael K. Reiter, and Chad Spensky.
In CODASPY'12: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, February 2012. © ACM  DOI:10.1145/2133601.2133613

Detecting and resolving policy misconfigurations in access-control systems.   [BibTeX]
Lujo Bauer, Scott Garriss, and Michael K. Reiter.
ACM Transactions on Information and System Security, 14(1), May 2011. ACM. © ACM  DOI:10.1145/1952982.1952984

Detecting and resolving policy misconfigurations in access-control systems.   [BibTeX]
Lujo Bauer, Scott Garriss, and Michael K. Reiter.
In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pages 185–194, June 2008. ACM. © ACM  DOI:10.1145/1377836.1377866

Efficient proving for practical distributed access-control systems.   [BibTeX]
Lujo Bauer, Scott Garriss, and Michael K. Reiter.
In Computer Security—ESORICS 2007: 12th European Symposium on Research in Computer Security, volume 4734 of Lecture Notes in Computer Science, pages 19–37, September 2007. Springer. (Full version appears as technical report CMU-CyLab-06-015R.) © Springer-Verlag  DOI:10.1007/978-3-540-74835-9_3

Lessons learned from the deployment of a smartphone-based access-control system.   [BibTeX]
Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea.
In SOUPS '07: Proceedings of the 3rd Symposium on Usable Privacy and Security, pages 64–75, July 2007. ACM. © authors  DOI:10.1145/1280680.1280689

Consumable credentials in logic-based access-control systems.   [BibTeX]
Kevin D. Bowers, Lujo Bauer, Deepak Garg, Frank Pfenning, and Michael K. Reiter.
In Proceedings of the 2007 Network & Distributed System Security Symposium, pages 143–157, February 2007. Internet Society. © Internet Society

User-controllable security and privacy for pervasive computing.   [BibTeX]
Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, and Norman Sadeh.
In Eighth IEEE Workshop on Mobile Computing Systems and Applications (HotMobile), pages 14–19, February 2007. IEEE. © IEEE  DOI:10.1109/WMCSA.2007.4389552

Efficient proving for distributed access-control systems.   [BibTeX]
Lujo Bauer, Scott Garriss, and Michael K. Reiter.
Technical Report CMU-CYLAB-06-015R, CyLab, Carnegie Mellon University, September 2006.

A linear logic of authorization and knowledge.   [BibTeX]
Deepak Garg, Lujo Bauer, Kevin D. Bowers, Frank Pfenning, and Michael K. Reiter.
In Computer Security—ESORICS 2006: 11th European Symposium on Research in Computer Security, volume 4189 of Lecture Notes in Computer Science, pages 297–312, September 2006. Springer. Official, slightly abbreviated version. © Springer-Verlag  DOI:10.1007/11863908_19

Device-enabled authorization in the Grey system.   [BibTeX]
Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, and Peter Rutenbar.
In Information Security: 8th International Conference, ISC 2005, volume 3650 of Lecture Notes in Computer Science, pages 431–445, September 2005. Springer. An extended version of this paper appears as a tech report. © Springer-Verlag  DOI:10.1007/11556992_31

Distributed proving in access-control systems.   [BibTeX]
Lujo Bauer, Scott Garriss, and Michael K. Reiter.
In Proceedings of the 2005 IEEE Symposium on Security & Privacy, pages 81–95, May 2005. IEEE. © IEEE  DOI:10.1109/SP.2005.9

Run-time monitors: This project studies various facets of the theory, design, and implementation of software program monitors and monitor-specification languages. Past results included developing a language and system for specifying and enforcing composable run-time security policies on Java programs. Current research focuses on enforcing policies in distributed systems and with distributed monitors.

Publications

Probabilistic cost enforcement of security policies.   [BibTeX]
Yannis Mallios, Lujo Bauer, Dilsun Kaynar, Fabio Martinelli, and Charles Morisset.
Journal of Computer Security, 23(6):759–787, 2015. IOS Press.  DOI:10.3233/JCS-150538

Probabilistic cost enforcement of security policies.   [BibTeX]
Yannis Mallios, Lujo Bauer, Dilsun Kaynar, Fabio Martinelli, and Charles Morisset.
In Security and Trust Management: 9th International Workshop, STM 2013, Proceedings, volume 8203 of Lecture Notes in Computer Science, pages 144–159, September 2013. Springer. © Springer-Verlag  DOI:10.1007/978-3-642-41098-7_10

Enforcing more with less: Formalizing target-aware run-time monitors.   [BibTeX]
Yannis Mallios, Lujo Bauer, Dilsun Kaynar, and Jay Ligatti.
In Security and Trust Management: 8th International Workshop, STM 2012, Pisa, Italy, September 13–14, 2012, Revised Selected Papers, volume 7783 of Lecture Notes in Computer Science, pages 17–32, 2013. © Springer-Verlag  DOI:10.1007/978-3-642-38004-4_2

Composing expressive runtime security policies.   [BibTeX]
Lujo Bauer, Jay Ligatti, and David Walker.
ACM Transactions on Software Engineering and Methodology, 18(3), May 2009. ACM. © ACM  DOI:10.1145/1525880.1525882

Run-time enforcement of nonsafety policies.   [BibTeX]
Jay Ligatti, Lujo Bauer, and David Walker.
ACM Transactions on Information and System Security, 12(3), January 2009. ACM. © ACM  DOI:10.1145/1455526.1455532

Students

I'm fortunate to advise and work with a number of talented students and staff, including:

Students and postdocs I have supervised or worked with closely in the past: Scott Garriss (CMU ECE, PhD 2008; now at Google), Rob Reeder (CMU CSD, PhD 2008; now at Google), Kami Vaniea (CMU CSD, PhD 2012; now at Edinburgh University), Michelle Mazurek (CMU ECE, PhD 2014; now at University of Maryland at College Park), Saranga Komanduri (CMU COS, PhD 2016), Xiaoxiao Tang (visiting PhD student from SMU, Singapore), Blase Ur (CMU SC, PhD 2016; now at University of Chicago), Yannis Mallios (CMU ECE, PhD 2017, now at Google Pittsburgh), Matthias Beckerle (CyLab postdoc, 2014–2015), Willard Rafnsson (CyLab postdoc), Sean Segreti (CMU ECE, MS 2016; now KoreLogic), Shaoying Cai (visiting PhD student from SMU, Singapore, 2014), Tony Felice (CMU ECE ugrad/masters), Elli Fragkaki (CMU ECE, MS 2013), Wataru Hasegawa (CMU INI masters), Philip Seyoung Huh (CMU ECE, MS 2014), Joel Lee (CMU Heinz masters, 2013), Sudeep Modi (CMU INI masters), Sean Segreti (CMU ECE masters, 2015), Brad Miller (CMU ECE, BS 2009), Timothy Passaro (CMU ECE, BS/MS 2014). Ariel Rao (CMU undergraduate),

Recent publications (full list)

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

new!  Better passwords through science (and neural networks).   [BibTeX]
W. Melicher, B. Ur, S. Segreti, L. Bauer, N. Christin, and L. F. Cranor. USENIX ;login: 2017. To appear.

new!  Let's go in for a closer look: Observing passwords in their natural habitat.   [BibTeX]
S. Pearman, J. Thomas, P. Emami Naeini, H. Habib, L. Bauer, N. Christin, L. F. Cranor, S. Egelman, and A. Forget. CCS 2017.  DOI:10.1145/3133956.3133973

Self-driving cars and data collection: privacy perceptions of networked autonomous vehicles.   [BibTeX, slides, audio]
C. Bloom, J. Tan, J. Ramjon, and L. Bauer. SOUPS 2017.

Privacy expectations and preferences in an IoT world.   [BibTeX, slides, audio]
P. Emami-Naeini, S. Bhagavatula, H. Habib, M. Degeling, L. Bauer, L. Cranor, and N. Sadeh. SOUPS 2017.

Diversify to survive: making passwords stronger with adaptive policies.   [BibTeX, slides, audio]
S. Segreti, W. Melicher, S. Komanduri, D. Melicher, R. Shay, L. Bauer, N. Christin, L. Cranor, and M. L. Mazurek. SOUPS 2017.

Towards privacy-aware smart buildings: capturing, communicating, and enforcing privacy policies and preferences.   [BibTeX]
P. Pappachan, M. Degeling, R. Yus, A. Das, S. Bhagavatula, W. Melicher, P. Emami Naeini, S. Zhang, L. Bauer, A. Kobsa, S. Mehrotra, N. Sadeh, and N. Venkatasubramanian. IoTCA 2017. In conjunction with ICDCS2017.

Can unicorns help users compare crypto key fingerprints?   [BibTeX, video teaser]
J. Tan, L. Bauer, J. Bonneau, L. Cranor, J. Thomas, and B. Ur. CHI'17.  DOI:10.1145/3025453.3025733

 Design and evaluation of a data-driven password meter.   [BibTeX, video teaser]
B. Ur, F. Alfieri, M. Aung, L. Bauer, N. Christin, J. Colnago, L. Cranor, H. Dixon, P. Emami Naeini, H. Habib, N. Johnson, and W. Melicher. CHI'17. CHI Best Paper.  DOI:10.1145/3025453.3026050

Timing-sensitive noninterference through composition.   [BibTeX]
W. Rafnsson, L. Jia, and L. Bauer. POST 2017.

Some recipes can do more than spoil your appetite: Analyzing the security and privacy risks of IFTTT recipes.   [BibTeX]
M. Surbatovich, J. Aljuraidan, L. Bauer, A. Das, and L. Jia. WWW'17.

Password creation in the presence of blacklists.   [BibTeX]
H. Habib, J. Colnago, W. Melicher, B. Ur, S. Segreti, L. Bauer, N. Christin, and L. Cranor. USEC 2017.

Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition.   [BibTeX, talk video]
M. Sharif, S. Bhagavatula, L. Bauer, and M. K. Reiter. CCS '16.  DOI:10.1145/2976749.2978392

 Fast, lean, and accurate: Modeling password guessability using neural networks.   [BibTeX, video teaser, slides, talk video, code]
W. Melicher, B. Ur, S. M. Segreti, S. Komanduri, L. Bauer, N. Christin, and L. F. Cranor. USENIX Security '16. USENIX Security Best Paper.  

Updated 2017.09.15.
Copyright © Lujo Bauer