Home Publications Recent Talks Personal FAQ Bio
What's New?
Apr 30, 2012
I gave a talk at CMU Cylab's weekly seminar, entitled Crowdsourcing for Privacy and Security.

Apr 29, 2012
I'm the general chair for the workshop on Location-Based Social Networks 2012, which is co-located with Ubicomp 2012. Deadline for submissions is June 12, 2012.

Apr 29, 2012
Our Sketch It Make It (SIMI) site is now live. SIMI is a research prototype demonstrating a collection of sketch-based interaction techniques that let people design for laser cutters.

Apr 9, 2012
Our livehoods.org site is now public. Our vision is to re-imagine how cities work in the age of social media. Specifically, we've analyzed and clustered 18m foursquare checkins to understand how people use a city. We currently have maps for New York City and Pittsburgh. Livehoods has been featured in The Atlantic Cities, Wired Insider, MIT Technology Review, Fast Company Co.Design, New York Post, Wall Street Journal, and Haaretz.

Apr 3, 2012
MIT Tech Review has an article about our work on Using Crowdsourcing to Protect Privacy.

Apr 3, 2012
The CHIMPS group will have two papers at CHI 2012 this year
  • WebTicket: Account Management Using Printable Tokens
  • Understanding the Implications of Offering More Disclosure Choices for Location Sharing (short paper)

Apr 1, 2012
We received funding from DARPA for a project entitled Real-World Analytics: Combining Social Networks and Smartphones to Understand Social Graphs and Behaviors

Mar 29, 2012
I gave a talk at FISSEA 2012 entitled Leveraging Human Factors for Effective Security Training.

Feb 27, 2012
Two papers accepted to ICWSM 2012
  • A Supervised Approach to Predict Company Acquisition With Factual and Topic Features Using Profiles and News Articles on TechCrunch (accepted as a poster)
  • The Livehoods Project: Utilizing Social Media to Understand the Dynamics of a City (accepted as a full paper)

Feb 17, 2012
I have a new post on BLOG@CACM entitled Most Smartphone Apps are Spyware

Jan 19, 2012
My article The State of Phishing Attacks has been published in Communications of the ACM.

Jan 19, 2012
We received a Google grant entitled Improving Mobile App Privacy by Combining Automated Analysis and Crowdsourcing Techniques

Nov 1, 2011
Our journal article on CANTINA+: A Feature-Rich Machine Learning Framework for Detecting Phishing Web Sites has been published in ACM Transactions on Information and System Security (TISSEC).

Sep 19, 2011
Our book, The Design of Sites, has been translated into Korean. Interestingly, the book is much thicker than the English version by about 1.5cm despite having roughly the same number of pages. I hope they gave me a good translated Korean name too (unlike the Chinese version, which assigned me a new Chinese name).

Sep 3, 2011
I have a post on BLOG@CACM entitled Password Policies are Getting Out of Control. It's the most-read and most-commented blog post on CACM so far. It also made it onto reddit, with 250+ comments. So, it clearly struck a nerve.

Sep 3, 2011
Our group had two papers accepted to Ubicomp 2011.

Aug 30, 2011
Teaching Designing Human-Centered Systems, our intro to HCI course for non-majors. I'm trying several new ideas this year, including parallel prototypes, more competitive analysis, more war stories from industry, and more quotes from Steve Jobs.

Aug 5, 2011
And the year is done for our current MHCI master's students! What a fantastic group of students this year, please check out the capstone projects they did this year.

Aug 5, 2011
I survived the Lower Youghiogheny river rapids, Class III and IV rapids. I even managed not to get knocked out of the raft, at one point being the only person left (though to be fair, my friend did dive out of the raft to avoid knocking me out too :)

July 20, 2011
Our group had one paper accepted to SOUPS 2011, Smartening the Crowds: Computational Techniques for Improving Human Verification to Fight Phishing Scams. Yes, smartening is a real word.

Research Overview
 
My research group is called CHIMPS (Computer Human Interaction: Mobility Privacy Security). My current research interests are in:
  • ubiquitous computing, especially mobile social computing and context-aware computing
  • usable privacy and security for ubicomp and cloud computing environments

I also work a lot with the CUPS lab (CMU Usable Privacy and Security) and the Mobile Commerce Lab. I'm an associate editor for IEEE Pervasive (heading up the conference reports column). I'm a co-founder of Wombat Security Technologies, and am also an Alfred P. Sloan Research Fellow.

Our research group has been generously funded through a number of sources, including the National Science Foundation, DARPA, the Army Research Office, Microsoft, Nokia Research, Intel, Google, Portugal Telecom, Pitney Bowes, CMU Cylab, the Institute for the Study of Entrepreneurship, Innovation, and Technology, and the Alfred P. Sloan Foundation.


Current Research
 
Smartphones know almost everything about you, in terms of who you know, who you call, where you go, what you search, and what you do. Given this, how can we use this rich smartphone information in meaningful ways? At the same time, how can we protect this information and help people understand how their personal information is being used?

Augmented Social Graph
Smartphones and social networking services are both experiencing meteoric rates of adoption from people across most demographics. Combining smartphone data with social networking data creates an exciting new opportunity to observe and investigate social behavior at a level of detail and at a massive scale never before possible. Our goal is to build a better computational model of social relationships, capturing tie strength, groups, and roles. Such an augmented social graph will have a number of applications, in terms of streamlining communications and helping with privacy and security policies.

Context-Aware Scalable Authentication
Passwords were a good idea when we only had a few of them, but are having serious problems scaling up, especially as more ubicomp services and cloud computing services are deployed. Our goal with this project is to understand how to simplify authentication using a number of sensors and behavioral models, while also maintaining adequate levels of security.

Android App Scanner
With the widespread adoption of smartphones, mobile apps have gained mainstream popularity. These apps can make use of a number of the smartphone's capabilities--including network access, data storage, and sensors detecting motion, location, and sound level--and personal data, such as one's call logs and contacts list. These capabilities allow developers to create rich and compelling applications, but can also lead to new kinds of spyware, malware, and privacy intrusions, which we are just starting to see emerge. Our goal with this project is to develop a series of new techniques to understand what mobile apps are really doing, and better ways of communicating that to end-users.


The CHIMPS Research Team
Our research group is CHIMPS (Computer Human Interaction: Mobility Privacy Security). We have an amazingly talented group of PhD students and post-docs:
  • Jun Ki Min, working on data mining social relationships
  • Polo Chau, co-advised with Christos Faloutsos, working on infoviz and discovery for large-scale graphs
  • Jialiu Lin, co-advised with Norman Sadeh, working on privacy and security of mobile apps
  • Jason Wiese, co-advised with John Zimmerman, working on understanding social relationships using smartphone and social network data
  • Eiji Hayashi, working on streamlining authentication in ubicomp and cloud computing environments
  • Shah Amini, working on privacy and security for mobile apps
  • Guang Xiang, co-advised with Carolyn Rose
  • Sauvik Das, working on streamlining authentication in ubicomp and cloud computing environments

Some Stuff I Helped Create
Web Design Patterns Design Patterns for Ubiquitous Computing Rapid Prototyping and Evaluation Tools Instructor Guides Anti-Phishing Phil The Design of Sites
I co-authored a book on web site design, which uses the notion of web design patterns as a way for facilitating the construction of customer-centered web sites. Check out the web site for our book The Design of Sites.
Teaching
Courses taught at Carnegie Mellon University: Past courses taught at University of California at Berkeley:
  • Inventing The Future: User Interface Design, Prototyping, and Evaluation (2001 2002 2004)
  • Spring 2001 - Freshman Seminar: The Past, Present, and Future of Interactive Computing
Service