"Our civil rights are not a legacy of our parents, but a loan from our children. Let us pay it forward."

Ashwini Rao is a fourth year Ph.D. student in Software Engineering in the School of Computer Science at Carnegie Mellon University. Ashwini currently works on the Usable Privacy Policy Project sponsored by the NSF, and her advisor is Prof. Norman Sadeh. Ashwini is so enamored with academia and industry that she keeps switching between the two. In the process she has acquired significant experience in computer systems and security, completed two masters degrees (MS Computer Security, Carnegie Mellon University; MS Computer Science and Engineering, Indian Institute of Technology Bombay), finished a bachelors degree (BS Computer Science and Engineering, University of Mysore), and held four full time jobs (Qualcomm Incorporated, San Diego, CA; Appian Corporation, Reston, VA among others).

About me

An engineer and a problem solver


Research Interests

Privacy, law, security, usability





Recent Events

13-14 Aug 2015: Participated in VMware Fearless Student Leader Summit -- amazing experience!

21 July 2015: Paper on security vulnerabilities in cyber-physical systems accepted

9 June 2015: Paper on privacy and behavioral advertising accepted

1 May 2014: The Presidential Council of Advisors on Science and Technology (PCAST) cited our research in their report on Big Data and Privacy

Journal Publications

Breaux T.D., Hibshi H. and Rao A. Eddy, A Formal Language for Specifying and Analyzing Data Flow Specifications for Conflicting Privacy Requirements. Requirements Engineering, September 2014, Volume 19, Issue 3. [ PAPER ]

Conference Publications

Rao A., Schaub F. and Sadeh N. What do they know about me? Contents and Concerns of Online Behavioral Profiles.
6th ASE Conference on Privacy, Security, Risk and Trust (PASSAT'14), Cambridge, USA, Dec. 2014. Acceptance Rate 14%. PAPER ]
Rao A., Hibshi H., Breaux T.D., Lehker J-M. and Niu J. Less is More? Investigating the Role of Examples in Security Studies using Analogical Transfer.
1st Symposium and Bootcamp on the Science of Security (HoTSoS'14), Raleigh, USA, Apr. 2014. [ PAPER ]
Breaux T.D. and Rao A. Formal Analysis of Privacy Requirements Specifications for Multi-Tier Applications.
21st IEEE Requirements Engineering Conference (RE'13), Rio de Janeiro, Brazil, Jul. 2013. Acceptance Rate 18%.PAPER ]
Nominated for Best Paper
Rao A., Jha B. and Kini G. Effect of Grammar on Security of Long Passwords.
3rd ACM Conference on Data and Application Security and Privacy (CODASPY'13), San Antonio, USA, Feb. 2013. Acceptance Rate 22%.PAPER ]

Workshop Publications

Ruchkin I., Rao A., Dionisio D. N., Chaki S. and Garlan D.Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analysis Contracts Approach. 1st ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC), Denver, USA, Oct. 2015. [ PAPER Forthcoming ]
Leon P., Rao A., Schaub F., Marsh A., Cranor L.F. and Sadeh N. Privacy and Behavioral Advertising: Towards Meeting Users' Preferences.
2nd Privacy Personas and Segmentation (PPS) Workshop, Ottawa, Canada, Jul. 2015. [ PAPER ]
Breaux T.D., Hibshi H., Rao A. and Lehker J-M. Towards a Framework for Pattern Experimentation: Understanding empirical validity in requirements engineering patterns. 2nd IEEE Workshop on Requirements Engineering Patterns (RePa'12), Chicago, USA, Sep. 2012. [ PAPER ] [ PPT ]

Non-peer Reviewed Publications

Leon P., Rao A., Schaub F., Marsh A., Cranor L.F. and Sadeh N. Why People are (Un)willing to Share Information with Online Advertisers.
Technical Report, Carnegie Mellon University, May, 2015. [ TECH. REPORT ]
Karthikeyan S., Feng S., Rao A. and Sadeh N. Smartphone Fingerprint Authentication versus PINs: A Usability Study.
CyLab Technical Report, Carnegie Mellon University, July, 2014. [ TECH. REPORT ]
Breaux T.D. and Rao A. Managing Risk in Mobile Applications With Formal Security Policies.
10th Annual Acquisition Research Symposium, Naval Post Graduate School, April, 2013. [ PAPER ]
Rao A. Compression in Memory Constrained DBMSs.
Masters Thesis, Indian Institute of Technology Bombay, Mumbai, India, Jun. 2005. [ THESIS ]

Other Writings

Ruchkin I. and Rao A. DUI: A Fast Probabilistic Paper Evaluation Tool.
SIGBOVIK, Pittsburgh, 2013. [ PAPER ]

Media Mentions

"Who shares your data?" [Link Magazine]
"Bad grammar make good password, research say" [NewScientist]  [Scientific American]  [SlashDot]  [Ars Technica]  [DailyMail]  [CMU Homepage]  [ACM TechNews] 
Radio interviews related to password research [NPR] [Federal News Radio]
Pittsburgh Newsmaker [The Tribune Review]

Meta-Curricular Activities

As part of Data Privacy Day 2014, organized a CMU campus survey of perceptions of behavioral advertising. Results were announced during the keynote speech by Nicole Wong, Deputy US Chief Technology Officer. [Result Details]

Curriculum Vitae

CV (updated Aug. 2015)


Office: 4123 Wean Hall, Carnegie Mellon University