Photo of Hanan Hibshi

Hanan Hibshi

Office: Wean Hall - WEH 4125
Phone: 412-268-4885
Email: hhibshi [at] cmu [dot] edu

About Me

I am a Ph.D student in the Computation, Organizations & Society program at the School of Computer Science at Carnegie Mellon University. In May 2011, I got my Masters degree in Information Security Technology & Management from the Information Networking Institute (INI) at Carnegie Mellon University. Prior to my life as a CMU student, I worked as a Teaching Assistant in King Abdul-Aziz University for one year. I had also worked in the banking industry for almost 4 years.

When I have free time, which is not often, I invest that in reading about other topics of interest: health, education, politics, etc. I am also a very social person and I like engaging in many social activities especially in those where I feel that I'm contributing to the society. I find a great joy and satisfaction when I help those seeking my help and advice because they think that I may share some common interests with them (background, goals, passions, interests, etc.).


My research Interests are Security and Privacy. With all the current and different threats facing technology users today, and with people's huge reliance on those technologies; it becomes important to find ways where we protect users privacy and security without making such tasks so complicated for the user.

Currently, I am working with Dr. Travis Breaux in the Requirements Engineering Laboratory at CMU . We work primarily on security requirements where we aim to make security requirements more usable by experts, developers, and systems engineers. More specifically, we are incorporating concepts from Situation Awareness - a theory from psychology- and framing that within a software engineering context, where we apply formal methods to represent the problem.

Privacy research is another aspect of my research that I find very interesting because of my cultural background. I grew up in Saudi Arabia and the Middle East where privacy is viewed very differently. Although I was exposed to the western society by living in the UK for 3 years, I still find many interesting cultural differences when it comes to understanding and interpreting privacy.

In addition to my research work with Dr. Breaux, I am also a student member of the Cylab Usable Privacy and Security (CUPS) laboratory at CMU directed by Dr. Lorrie Cranor. Dr. Cranor was the advisor for my Masters Thesis: Usability of Digital Forensics Tools and we still work together to conduct more research that helps improving the usability aspects of such security tools.


[7] Assessment of Risk Perception in Security Requirements Composition
H. Hibshi, T.D. Breaux, and S.B. Broomell. Accepted in the 23rd IEEE International Requirements Engineering Conference (RE'15) , To appear August 2015. [pdf ] [data ]
[6] Discovering Decision-Making Patterns for Security Novices and Experts
H. Hibshi, T.D. Breaux, M. Riaz, and L. Williams. In submission , September 2014. [Technical Report ]
[5] Towards a framework to measure security expertise in requirements analysis
H. Hibshi, T.D. Breaux, M. Riaz, and L. Williams. In 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE'14), August 2014. [ bibtex | DOI |  pdf ]
[4] Investigating the role of examples in security studies using analogical transfer
A. Rao, H. Hibshi, T.D. Breaux, J. Lehker, and J. Nui. 1st ACM Symposium and Bootcamp on the Science of Security (HOTSOS'14) , April 2014. [ bibtex | DOI |  pdf ]
[3] Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements
T.D. Breaux, H. Hibshi, A. Rao. Requirements Engineering, pages 1-27, 2013. [ bibtex | DOI |  pdf ]
[2] Towards a framework for pattern experimentation: Understanding empirical validity in requirements engineering patterns
T.D. Breaux, H. Hibshi, A. Rao, and J. Lehker. In IEEE Second International Workshop on Requirements Patterns (RePa) , pages 41-47, 2012. [ bibtex | DOI |  pdf ]
[1] Usability of forensics tools: A user study.
H. Hibshi, T. Vidas, and L.F. Cranor. In Sixth International Conference onIT Security Incident Management and IT Forensics (IMF) , pages 81-91, 2011. [ bibtex | DOI |  pdf ]


[P1] H. Hibshi, T.D. Breaux, M. Riaz, and L. Williams. Defining the Expert: Using Situation Awareness to Identify Security Experts In the Science of Security Lablet Meeting, July 2014. [ pdf ]