As our world becomes more computerized and interconnected, computer security and privacy will continue to increase in importance. Addressing security and privacy challenges requires reaching across a broad range of technologies, multiple layers of abstraction, and many aspects of computer science. In this talk, I will focus specifically on two examples of security and privacy challenges that I have addressed in my work by designing and building new systems that better match user expectations. First, I will describe an extensive study of how advertisers, social media sites, and others invisibly track users as they browse the Web, and a new defense resulting from this study. I will then describe an approach to permission granting in modern operating systems (such as smartphones) that is more secure and better matches user expectations than existing approaches. In this approach, called user-driven access control, the operating system is able to extract a user's permission granting intent from the way he or she naturally interacts with any application.
Achieving user-driven access control uncovers security in the user interface as a distinct research direction, which I will describe in the third part of the talk. Finally, I will briefly mention additional directions, including addressing emerging security and privacy challenges and exploring opportunities in the context of wearable and augmented reality systems. By understanding and anticipating these challenges early enough, we can positively influence the designs of emerging technologies before they become widespread.
Franziska Roesner is a PhD candidate in Computer Science and Engineering at the University of Washington. Her research interests are broadly in computer security and privacy. Specifically, her PhD work has focused on security and privacy in the domains of third-party web tracking, permission granting in modern operating systems (such as smartphones), embedded user interfaces, and most recently, emerging augmented reality platforms. Her work on user-driven access control received the IEEE Symposium on Security and Privacy Best Practical Paper Award in 2012. She was also awarded a National Science Foundation Graduate Research Fellowship and a Microsoft Research PhD Fellowship, and she has done internships at Amazon, Microsoft Research, and Google. She received her BS in Computer Science at the University of Texas at Austin.
Faculty Host: Norman Sadeh
laf20 [atsymbol] cs ~replace-with-a-dot~ cmu ~replace-with-a-dot~ edu