"Our civil rights are not a legacy of our parents, but a loan from our children. Let us pay it forward."

Ashwini Rao is a Ph.D. student in Software Engineering in the School of Computer Science at Carnegie Mellon University. Ashwini currently works on the Usable Privacy Policy Project sponsored by the NSF, and her advisor is Prof. Norman Sadeh. Ashwini is so enamored with academics and industry that she keeps switching between the two. In the process she has acquired significant experience in computer systems and security, completed two masters degrees (MS Computer Security, Carnegie Mellon University; MS Computer Science and Engineering, Indian Institute of Technology Bombay), finished a bachelors degree (BS Computer Science and Engineering, University of Mysore), and held four full time jobs (Qualcomm Incorporated, San Diego, CA; Appian Corporation, Reston, VA among others).

About me

An engineer and a problem solver


Research Interests

Privacy, law, security, usability





Recent Events

1 May 2014: The Presidential Council of Advisors on Science and Technology (PCAST) cited our research in their report on Big Data and Privacy

Journal Publications

Travis Breaux, Hanan Hibshi and Ashwini Rao. Eddy, A Formal Language for Specifying and Analyzing Data Flow Specifications for Conflicting Privacy Requirements. Requirements Engineering, September 2014, Volume 19, Issue 3. [ PAPER ]

Conference Publications

Ashwini Rao, Florian Schaub and Norman Sadeh. What do they know about me? Contents and Concerns of Online Behavioral Profiles.
6th ASE Conference on Privacy, Security, Risk and Trust (PASSAT'14), Cambridge, USA, December, 2014. [ PAPER ]
Ashwini Rao, Hanan Hibshi, Travis Breaux, Jean-Michel Lehker and Jianwei Niu. Less is More? Investigating the Role of Examples in Security Studies using Analogical Transfer. 1st Symposium and Bootcamp on the Science of Security (HoTSoS'14), Raleigh, USA, April 2014. [ PAPER ]
Travis Breaux and Ashwini Rao. Formal Analysis of Privacy Requirements Specifications for Multi-Tier Applications.
21st IEEE Requirements Engineering Conference (RE'13), Rio de Janeiro, Brazil, July 2013. [ PAPER ]
Nominated for Best Paper
Ashwini Rao, Birendra Jha and Gananand Kini. Effect of Grammar on Security of Long Passwords.
3rd ACM Conference on Data and Application Security and Privacy (CODASPY'13), San Antonio, USA, Feb. 2013 [ PAPER ] [ TECH. REPORT ]

Workshop Publications

Travis Breaux, Hanan Hibshi, Ashwini Rao and Jean-Michel Lehker. Towards a Framework for Pattern Experimentation: Understanding empirical validity in requirements engineering patterns. 2nd IEEE Workshop on Requirements Engineering Patterns (RePa'12), Chicago, USA, Sep. 2012. [ PAPER ] [ PPT ]

Non-peer Reviewed Publications

Pedro Leon, Ashwini Rao, Florian Schaub, Abigail Marsh, Lorrie Cranor and Norman Sadeh. Why People are (Un)willing to Share Information with Online Advertisers. Technical Report, Carnegie Mellon University, May, 2015. [ TECH. REPORT ]
Shri Karthikeyan, Sophia Feng, Ashwini Rao and Norman Sadeh. Smartphone Fingerprint Authentication versus PINs: A Usability Study.
CyLab Technical Report, Carnegie Mellon University, July, 2014. [ TECH. REPORT ]
Travis D. Breaux and Ashwini Rao. Managing Risk in Mobile Applications With Formal Security Policies.
10th Annual Acquisition Research Symposium, Naval Post Graduate School, April, 2013. [ Paper ]
Ashwini Rao. Compression in Memory Constrained DBMSs.
Masters Thesis, Indian Institute of Technology Bombay, Mumbai, India, Jun. 2005. [ THESIS ]

Other Writings

Ivan Ruchkin and Ashwini Rao. DUI: A Fast Probabilistic Paper Evaluation Tool.
SIGBOVIK, Pittsburgh, 2013. [ PAPER ]

Media mentions

"Who shares your data?" [Link Magazine]
"Bad grammar make good password, research say" [NewScientist]  [Scientific American]  [SlashDot]  [Ars Technica]  [DailyMail]  [CMU Homepage]  [ACM TechNews] 
Radio interviews related to password research [NPR] [Federal News Radio]
Pittsburgh Newsmaker [The Tribune Review]

Curriculum Vitae

CV (updated May, 2015)


Office: 4123 Wean Hall, Carnegie Mellon University