Ashwini Rao

"Our civil rights are not a legacy of our parents, but a loan from our children. Let us pay it forward."

Ashwini Rao is a fourth year Ph.D. student in Software Engineering in the School of Computer Science at Carnegie Mellon University. Ashwini is so enamored with academia and industry that she keeps switching between the two. In the process she has acquired significant experience in computer systems and security, completed two masters degrees (MS Computer Security, Carnegie Mellon University; MS Computer Science and Engineering, Indian Institute of Technology Bombay), finished a bachelors degree (BS Computer Science and Engineering, University of Mysore), and held four full time jobs (Qualcomm Incorporated, San Diego, CA; Appian Corporation, Reston, VA among others).

About me

An engineer and a problem solver

Research Interests

Privacy, law, security, usability

Contact

Recent Events

15 Mar 2016: I have moved on to more exciting opportunities and am no longer at CMU

14 Jan 2016: Gave a talk at the Federal Trade Commission's PrivacyCon event attended by 600 researchers, academics, industry representatives, consumer advocates and government regulators [video]

30 Nov 2015: Presented my thesis proposal Online Privacy Expectations: Types, Mismatches and Implications for Privacy Notices

8 Sep 2015: Amicus Brief filed in the Supreme Court of the United States cited our research on inaccuracies in online behavioral profiles

13-14 Aug 2015: Participated in VMware Fearless Student Leader Summit -- amazing experience!

21 July 2015: Paper on security vulnerabilities in cyber-physical systems accepted

9 June 2015: Paper on privacy and behavioral advertising accepted

Journal Publications

Breaux T.D., Hibshi H. and Rao A. Eddy, A Formal Language for Specifying and Analyzing Data Flow Specifications for Conflicting Privacy Requirements. Requirements Engineering, September 2014, Volume 19, Issue 3. [ PAPER ]

Conference Publications

Rao A., Schaub F., Sadeh N., Acquisti A. and Kang R. Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online.
12th Symposium on Usable Privacy and Security (SOUPS'16), Denver, USA, Jun. 2016. Acceptance Rate 28%.

Rao A., Schaub F. and Sadeh N. What do they know about me? Contents and Concerns of Online Behavioral Profiles.
6th ASE Conference on Privacy, Security, Risk and Trust (PASSAT'14), Cambridge, USA, Dec. 2014. Acceptance Rate 14%. [ PAPER ]

Rao A., Hibshi H., Breaux T.D., Lehker J-M. and Niu J. Less is More? Investigating the Role of Examples in Security Studies using Analogical Transfer.
1st Symposium and Bootcamp on the Science of Security (HoTSoS'14), Raleigh, USA, Apr. 2014. [ PAPER ]

Breaux T.D. and Rao A. Formal Analysis of Privacy Requirements Specifications for Multi-Tier Applications.
21st IEEE Requirements Engineering Conference (RE'13), Rio de Janeiro, Brazil, Jul. 2013. Acceptance Rate 18%. [ PAPER ]
Nominated for Best Paper

Rao A., Jha B. and Kini G. Effect of Grammar on Security of Long Passwords.
3rd ACM Conference on Data and Application Security and Privacy (CODASPY'13), San Antonio, USA, Feb. 2013. Acceptance Rate 22%. [ PAPER ]

Workshop Publications

Ruchkin I., Rao A., Dionisio D. N., Chaki S. and Garlan D.Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analysis Contracts Approach. 1st ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC), Denver, USA, Oct. 2015. [ PAPER ]

Leon P., Rao A., Schaub F., Marsh A., Cranor L.F. and Sadeh N. Privacy and Behavioral Advertising: Towards Meeting Users' Preferences.
2nd Privacy Personas and Segmentation (PPS) Workshop, Ottawa, Canada, Jul. 2015. [ PAPER ]

Breaux T.D., Hibshi H., Rao A. and Lehker J-M. Towards a Framework for Pattern Experimentation: Understanding empirical validity in requirements engineering patterns. 2nd IEEE Workshop on Requirements Engineering Patterns (RePa'12), Chicago, USA, Sep. 2012. [ PAPER ] [ PPT ]

Non-peer Reviewed Publications

Rao A., Schaub F., Sadeh N., Acquisti A. and Kang R. Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online.
Federal Trade Commission PrivacyCon Conference, January, 2016. [ Paper ]

Leon P., Rao A., Schaub F., Marsh A., Cranor L.F. and Sadeh N. Why People are (Un)willing to Share Information with Online Advertisers.
Technical Report, Carnegie Mellon University, May, 2015. [ TECH. REPORT ]

Karthikeyan S., Feng S., Rao A. and Sadeh N. Smartphone Fingerprint Authentication versus PINs: A Usability Study.
CyLab Technical Report, Carnegie Mellon University, July, 2014. [ TECH. REPORT ]

Breaux T.D. and Rao A. Managing Risk in Mobile Applications With Formal Security Policies.
10th Annual Acquisition Research Symposium, Naval Post Graduate School, April, 2013. [ PAPER ]

Rao A. Compression in Memory Constrained DBMSs.
Masters Thesis, Indian Institute of Technology Bombay, Mumbai, India, Jun. 2005. [ THESIS ]

Other Writings

Ruchkin I. and Rao A. DUI: A Fast Probabilistic Paper Evaluation Tool.
SIGBOVIK, Pittsburgh, 2013. [ PAPER ]

Media and Other Mentions

2016 "Researchers to FTC: We’ve got problems, potential solutions" [Slate] [IAPP Privacy Advisor]

2015 Amicus Brief in the Supreme Court of the United States cited our research on inaccuracies in online behavioral profiles [Spokeo, Inc. Vs Robins Brief]

2014 Presidential Council of Advisors on Science and Technology (PCAST) cited our research on privacy policy conflicts [Big Data and Privacy Report]

2014 "Who shares your data?" [Link Magazine]

2013 "Bad grammar make good password, research say" [NewScientist] [Scientific American] [SlashDot] [Ars Technica] [DailyMail] [CMU Homepage] [ACM TechNews]

2013 Radio interviews related to password research [NPR] [Federal News Radio]

2013 Pittsburgh Newsmaker [The Tribune Review]

Meta-Curricular Activities

As part of Data Privacy Day 2014, organized a CMU campus survey of perceptions of behavioral advertising. Results were announced during the keynote speech by Nicole Wong, Deputy US Chief Technology Officer. [Result Details]

Curriculum Vitae

CV (updated Feb. 2016)