Why Aren't Computers Secure?
The popularity of fake antivirus software and the efficacy of phishing are testament to the fact that human confusion is one of the primary drivers of online risk. One of the persistent challenges in security is that it is difficult for people to know whether they are working with a secure system or facing a threat.
For most people, security and privacy are not distinct risks — what matters is that their information is compromised, not the mechanism of exfiltration. Only the person trying to post anonymously fully understands the implications of a loss of confidentiality: laughter, annoyance, embarrassment, loss of employment, and in some cases even imprisonment.
In our research, we empower people to identify, mitigate, and avoid online risk. This requires first understanding risk through machine learning, statistical methods, network instrumentation, and evaluation of specific protocols and devices. When risk can be identified, we mitigate by design where possible. Sometimes risks must be accepted for networks to function — just as they must be for cars to function — and in those cases we design systems that embed risk communication so that people knowingly choose to accept or avoid a given risk. Please see publications on human-centered computing for the results of our work.
Research
-
Current Students and Alumni!
Doctoral students, post-doctoral scholars, masters students, and undergrads with research experiences. -
Human-Centered Security
USEC Usable Security Symposium — making security comprehensible and actionable for real people. -
Recent Publications
Research on-oging on SBOM. We are seeking collaborations, human decision-making in the face of on-line risk. . -
Archived research page
Better places to look for organized research are Google Scholar Research Gate, SSRN, or DBLP
Public Service
Free Credit Reports: The only legitimate place to order your free annual credit report is AnnualCreditReport.com. Other services will either charge you, or retain and resell the data you authorize them to view.
Security Awareness Videos: Free video risk communication resources explaining online security concepts for general audiences.
Office Hours
Location
205 Woodward
University of North Carolina at Charlotte
Schedule
Mondays, 3:00 – 6:00 pm
During the academic year only.
Or by appointment.