Skip to main content

Technical Reports

reports image

2015

CMU-CyLab-15-004:  Monitors and Blame Assignment for Higher-Order Session Types
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Limin Jia, Hannah Gommerstadt, and Frank Pfenning
Publication Date:  November 6, 2015

CMU-CyLab-15-002:  Automated Verification of Safety Properties of Declarative Networking Programs
Author(s):  Chen Chen, Lay Kuan Loh, Limin Jia, Wenchao Zhou, Boon Thau Loo
Publication Date:  July 1, 2015

CMU-CyLab-15-001:  Influence in Classification via Cooperative Game Theory
Research Area(s):  Privacy Protection
Author(s):  Amit Datta, Anupam Datta, Ariel D. Procaccia and Yair Zick
Publication Date:  May 1, 2015

2014

CMU-CyLab-14-015:  Formal Analysis and Run-time Monitoring of Information Flows in Chromium: Technical Appendix
Author(s):  Lujo Bauer, Shaoying Cai, Limin Jia, Timothy Passaro, Michael Stroucken, and Yuan Tian
Publication Date:  February 1, 2015

CMU-CyLab-14-013:  BUZZ: Testing Context-Dependent Policies in Stateful Data Planes
Research Area(s):  Next Generation Secure and Available Networks
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Seyed K Fayaz, Yoshiaki Tobioka, Sagar Chaki, Vyas Sekar
Publication Date:  September 25, 2014

CMU-CyLab-14-012:  Smartphone Fingerprint Authentication versus PINs: A Usability Study
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Shri Karthikeyan, Sophia Feng, Ashwini Rao, Norman Sadeh
Publication Date:  July 31, 2014

CMU-CyLab-14-011:  What do they know about me? Contents and Concerns of Online Behavioral Profiles
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Ashwini Rao, Florian Schaub, Norman Sadeh
Publication Date:  July 30, 2014

CMU-CyLab-14-010:  Routing Bottlenecks in the Internet – Causes, Exploits, and Countermeasures
Research Area(s):  Next Generation Secure and Available Networks
Cross-Cutting Thrusts:  Next Generation Threat Prediction and Response
Author(s):  Min Suk Kang and Virgil D. Gligor
Publication Date:  May 15, 2014

CMU-CyLab-14-009:  Security Behavior Observatory: Infrastructure for Long-term Monitoring of Client Machines
Research Area(s):  Secure Home Computing
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Alain Forget, Saranga Komanduri, Alessandro Acquisti, Nicolas Christin, Lorrie Faith Cranor, Rahul Telang
Publication Date:  July 14, 2014

CMU-CyLab-14-006:  MVSec: Secure and Easy-to-Use Pairing of Mobile Devices with Vehicles
Research Area(s):  Mobility
Cross-Cutting Thrusts:  Usable Privacy and Security | Cryptography
Author(s):  Jun Han, Yue-Hsun Lin, Adrian Perrig, Fan Bai
Publication Date:  May 26, 2014

CMU-CyLab-14-005:  Temporal Mode-Checking for Runtime Monitoring of Privacy Policies
Author(s):  Omar Chowdhury, Limin Jia, Deepak Garg, and Anupam Datta
Publication Date:  May 28, 2014

CMU-CyLab-14-004:  Results on Vertex Degree and K-Connectivity in Uniform S-Intersection Graphs
Research Area(s):  Security of Cyber-Physical Systems | Next Generation Secure and Available Networks
Author(s):  Jun Zhao, Osman Yagan, and Virgil Gligor
Publication Date:  January 1, 2014

CMU-CyLab-14-003:  Connectivity in Secure Wireless Sensor Networks under Transmission Constraints
Research Area(s):  Next Generation Secure and Available Networks | Security of Cyber-Physical Systems
Author(s):  Jun Zhao, Osman Yagan, and Virgil Gligor
Publication Date:  March 3, 2014

CMU-CyLab-14-002:  Topological Properties of Wireless Sensor Networks Under the Q-Composite Key Predistribution Scheme With Unreliable Links
Research Area(s):  Next Generation Secure and Available Networks | Security of Cyber-Physical Systems
Author(s):  Jun Zhao, Osman Yagan and Virgil Gligor
Publication Date:  January 24, 2014

CMU-CyLab-14-001:  MiniBox: A Two-Way Sandbox for x86 Native Code
Research Area(s):  Trustworthy Computing Platforms and Devices
Author(s):  Yanlin Li, Adrian Perrig, Jonathan McCune, James Newsome, Brandon Baker, Will Drewry
Publication Date:  February 21, 2014

2013

CMU-CyLab-13-015:  Mobile Pickpocketing: Exfiltration of Sensitive Data through NFC-enabled Mobile Devices
Research Area(s):  Mobility
Cross-Cutting Thrusts:  Threat Analysis and Modeling
Author(s):  Ryan Caney, Christopher Dorros, Stuart Kennedy, Gregory Owens, and Patrick Tague
Publication Date:  December 5, 2013

CMU-CyLab-13-013:  Measuring Password Guessability for an Entire University
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Michelle L. Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, and Blase Ur
Publication Date:  October 22, 2013

CMU-CyLab-13-011:  Is Your Inseam a Biometric? Evaluating the Understandability of Mobile Privacy Notice Categories
Research Area(s):  Privacy Protection | Mobility
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Rebecca Balebako, Richard Shay, and Lorrie Faith Cranor
Publication Date:  July 17, 2013

CMU-CyLab-13-010:  DABLS: Device Attestation with Bounded Leakage of Secrets
Research Area(s):  Trustworthy Computing Platforms and Devices
Author(s):  Andrew Tran
Publication Date:  July 12, 2013

CMU-CyLab-13-009:  A5: Automated Analysis of Adversarial Android Applications (Revised June 3, 2014)
Research Area(s):  Mobility
Cross-Cutting Thrusts:  Threat Analysis and Modeling
Author(s):  Timothy Vidas, Jiaqi Tan, Jay Nahata, Chaur Lih Tan, Nicolas Christin, and Patrick Tague
Publication Date:  February 21, 2013

CMU-CyLab-13-008:  Continuous Tamper-proof Logging using TPM2.0 (Revised June 16, 2014)
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Formal Methods | Cryptography
Author(s):  Paul England, Limin Jia, James Lorch, and Arunesh Sinha
Publication Date:  July 9, 2013

CMU-CyLab-13-007:  "It’s Hidden in My Computer": Exploring Account Management Tools and Behaviors
Research Area(s):  Secure Home Computing
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Eiji Hayashi and Jason I. Hong
Publication Date:  July 8, 2013

CMU-CyLab-13-005:  Purpose Restrictions on Information Use
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Michael Carl Tschantz, Anupam Datta, and Jeannette M. Wing
Publication Date:  June 3, 2013

CMU-CyLab-13-004:  Audit Games
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Business Risk Analysis and Economic Implications
Author(s):  Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, and Arunesh Sinha
Publication Date:  March 2, 2013

CMU-CyLab-13-003:  Privacy as Part of the App Decision-Making Process
Research Area(s):  Privacy Protection | Mobility
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Patrick Gage Kelley, Lorrie Faith Cranor, and Norman Sadeh
Publication Date:  February 6, 2013

CMU-CyLab-13-002:  Warning Design Guidelines
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Lujo Bauer, Cristian Bravo-Lillo, Lorrie Cranor, and Elli Fragkaki
Publication Date:  February 5, 2013

CMU-CyLab-13-001:  Logic of Programs with Interface-confined Code
Author(s):  Limin Jia, Shayak Sen, Deepak Garg, and Anupam Datta
Publication Date:  August 17, 2015

2012

CMU-CyLab-12-022:  QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks
Research Area(s):  Mobility
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Timothy Vidas, Emmanuel Owusu, Shuai Wang, Cheng Zeng, Lorrie Cranor
Publication Date:  November 5, 2012

CMU-CyLab-12-020:  Audit Mechanisms for Provable Risk Management and Accountable Data Governance
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Threat Analysis and Modeling
Author(s):  Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha
Publication Date:  September 4, 2012

CMU-CyLab-12-018:  Traveling the Silk Road: A measurement analysis of a large anonymous online marketplace (Revised November 28, 2012)
Cross-Cutting Thrusts:  Threat Analysis and Modeling
Author(s):  Nicolas Christin
Publication Date:  July 30, 2012

CMU-CyLab-12-017:  Design, Development and Automated Verification of an Integrity-Protected Hypervisor
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Formal Methods | Software Security
Author(s):  Sagar Chaki, Amit Vasudevan, Limin Jia, Jonathan McCune, and Anupam Datta
Publication Date:  July 16, 2012

CMU-CyLab-12-016:  Transparent Key Integrity (TKI): A Proposal for a Public-Key Validation Infrastructure (Revised November 26, 2012)
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Software Security | Formal Methods
Author(s):  Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perrig, Collin Jackson, and Virgil Gligor
Publication Date:  July 20, 2012

CMU-CyLab-12-015:  Run-Time Enforcement of Information-Flow Properties on Android (Revised December 7, 2012)
Research Area(s):  Mobility | Secure Home Computing
Cross-Cutting Thrusts:  Formal Methods | Software Security
Author(s):  Jassim Aljuraidan, Elli Fragkaki, Lujo Bauer, Limin Jia, Kazuhide Fukushima, Shinsaku Kiyomoto, and Yutaka Miyake
Publication Date:  July 23, 2012

CMU-CyLab-12-014:  "It’s an app. It’s a hypervisor. It’s a hypapp.": Design and Implementation of an eXtensible and Modular Hypervisor Framework
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Software Security | Formal Methods
Author(s):  Amit Vasudevan, Jonathan M. McCune, and James Newsome
Publication Date:  June 26, 2012

CMU-CyLab-12-013:  Sanctuary Trail: Refuge from Internet DDoS Entrapment
Research Area(s):  Next Generation Secure and Available Networks
Cross-Cutting Thrusts:  Next Generation Threat Prediction and Response
Author(s):  Hsu-Chun Hsiao, Tiffany Hyun-Jin Kim, Sangjae Yoo, Xin Zhang, Soo Bum Lee, Virgil Gligor, and Adrian Perrig
Publication Date:  June 7, 2012

CMU-CyLab-12-011:  Auditing Rational Adversaries to Provably Manage Risks
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Business Risk Analysis and Economic Implications | Formal Methods | Next Generation Threat Prediction and Response
Author(s):  Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha
Publication Date:  May 23, 2012

CMU-CyLab-12-009:  Enforcing More with Less: Formalizing Target-aware Run-time Monitors (Revised September 1, 2013)
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Yannis Mallios, Lujo Bauer, Dilsun Kaynar, and Jay Ligatti
Publication Date:  May 3, 2012

CMU-CyLab-12-008:  What Do Online Behavioral Advertising Disclosures Communicate to Users? (Revised April 13, 2012)
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Pedro Giovanni Leon, Justin Cranshaw, Lorrie Faith Cranor, Jim Graves, Manoj Hastak, Blase Ur and Guzi Xu
Publication Date:  April 2, 2012

CMU-CyLab-12-007:  Smart, Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising (revised July 13, 2012)
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Blase Ur, Pedro G. Leon, Lorrie Faith Cranor, Richard Shay and Yang Wang
Publication Date:  April 2, 2012

CMU-CyLab-12-006:  Towards Scalable Evaluation of Mobile Applications through Crowdsourcing and Automation
Author(s):  Shahriyar Amini, Jialiu Lin, Jason Hong, Janne Lindqvist, Joy Zhang
Publication Date:  February 29, 2012

CMU-CyLab-12-005:  Exploiting Privacy Policy Conflicts in Online Social Networks
Author(s):  Akira Yamada, Tiffany Hyun-Jin Kim, and Adrian Perrig
Publication Date:  February 23, 2012

CMU-CyLab-12-003:  A Comparative Study of Location-sharing Privacy Preferences in the U.S. and China
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Jialiu Lin, Michael Benisch, Norman Sadeh, Jianwei Niu, Jason Hong, Banghui Lu, Shaohui Guo
Publication Date:  January 18, 2012

CMU-CyLab-12-001:  Parametric Verification of Address Space Separation
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Formal Methods | Software Security
Author(s):  Jason Franklin, Sagar Chaki, Anupam Datta, Jonathan Mccune and Amit Vasudevan
Publication Date:  January 5, 2012

2011

CMU-CyLab-11-023:  Trustworthy Execution on Mobile Devices: What security properties can my mobile platform give me?
Research Area(s):  Trustworthy Computing Platforms and Devices | Mobility
Cross-Cutting Thrusts:  Threat Analysis and Modeling | Software Security
Author(s):  Amit Vasudevan, Emmanuel Owusu, Zongwei Zhou, James Newsome, and Jonathan McCune
Publication Date:  November 16, 2011

CMU-CyLab-11-021:  SafeSlinger: An Easy-to-use and Secure Approach for Human Trust Establishment (revised October 3, 2013)
Research Area(s):  Mobility | Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Michael Farb, Yue-Hsun Lin, Tiffany Hyun-Jin Kim, Jonathan McCune, Adrian Perrig
Publication Date:  December 22, 2011

CMU-CyLab-11-020:  Modeling and Enhancing Android’s Permission System (Revised April 25, 2012)
Research Area(s):  Mobility
Cross-Cutting Thrusts:  Software Security | Formal Methods
Author(s):  Elli Fragkaki, Lujo Bauer, Limin Jia
Publication Date:  November 30, 2011

CMU-CyLab-11-019:  FLoc: Dependable Link Access for Legitimate Traffic in Flooding Attacks
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Next Generation Threat Prediction and Response
Author(s):  Soo Bum Lee, Virgil D. Gligor
Publication Date:  November 23, 2011

CMU-CyLab-11-018:  DefAT: Dependable Connection Setup for Network Capabilities
Research Area(s):  Next Generation Secure and Available Networks
Cross-Cutting Thrusts:  Next Generation Threat Prediction and Response
Author(s):  Soo Bum Lee, Virgil D. Gligor, Adrian Perrig
Publication Date:  November 23, 2011

CMU-CyLab-11-017:  Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising (Revised May 10, 2012)
Author(s):  Pedro G. Leon, Blase Ur, Rebecca Balebako, Lorrie Faith Cranor, Richard Shay, and Yang Wang
Publication Date:  October 31, 2011

CMU-CyLab-11-016:  Towards a Theory of Trust in Networks of Humans and Computers
Research Area(s):  Next Generation Secure and Available Networks | Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Virgil Gligor and Jeannette M. Wing
Publication Date:  September 8, 2011

CMU-CyLab-11-015:  I Know Where You Live: Analyzing Privacy Protection in Public Databases
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Manya Sleeper, Divya Sharma, and Lorrie Faith Cranor
Publication Date:  October 3, 2011

CMU-CyLab-11-014:  RelationGrams: Tie-Strength Visualization for User-Controlled Online Identity Authentication
Research Area(s):  Security of Cyber-Physical Systems
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Tiffany Hyun-Jin Kim, Akira Yamada, Jason Hong, Virgil Gligor, and Adrian Perrig
Publication Date:  February 10, 2011

CMU-CyLab-11-013:  Who, when, where: Obfuscation preferences in location-sharing applications
Research Area(s):  Privacy Protection | Mobility
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Jayant Venkatanathan, Jialiu Lin, Michael Benisch, Denzil Ferreira, Evangelos Karapanos, Vassilis Kostakos, Norman Sadeh and Eran Toch
Publication Date:  June 30, 2011

CMU-CyLab-11-012:  Sweetening Android Lemon Markets: Measuring and Curbing Malware in Application Marketplaces (Revised June 8, 2012)
Research Area(s):  Mobility
Cross-Cutting Thrusts:  Threat Analysis and Modeling
Author(s):  Timothy Vidas and Nicolas Christin
Publication Date:  November 16, 2011

CMU-CyLab-11-011:  Don’t Bump, Shake on It: The Exploitation of a Popular Accelerometer-Based Smart Phone Exchange and Its Secure Replacement
Research Area(s):  Mobility | Secure Home Computing
Cross-Cutting Thrusts:  Threat Analysis and Modeling | Usable Privacy and Security | Software Security
Author(s):  Ahren Studer, Timothy Passaro, Lujo Bauer
Publication Date:  February 10, 2011

CMU-CyLab-11-008:  Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Rich Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Julio Lopez
Publication Date:  August 31, 2011

CMU-CyLab-11-007:  ShortMAC: Efficient Data-Plane Fault Localization
Research Area(s):  Next Generation Secure and Available Networks
Cross-Cutting Thrusts:  Cryptography
Author(s):  Xin Zhang, Zongwei Zhou, Hsu-Chun Hsiao, Tiffany Kim, Patrick Tague, and Adrian Perrig
Publication Date:  January 30, 2011

CMU-CyLab-11-005:  AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements (Revised October 7, 2011)
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Saranga Komanduri, Richard Shay, Greg Norcie, Blase Ur, Lorrie Faith Cranor
Publication Date:  March 30, 2011

CMU-CyLab-11-004:  Ho-Po Key: Leveraging Physical Constraints on Human Motion to Authentically Exchange Information in a Group
Research Area(s):  Mobility
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Ghita Mezzour, Ahren Studer, Michael Farb, Jason Lee, Jonathan McCune, Hsu-Chun Hsiao, Adrian Perrig
Publication Date:  December 8, 2010

CMU-CyLab-11-003:  Regret Minimizing Audits: A Learning-theoretic Basis for Privacy Protection
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Business Risk Analysis and Economic Implications
Author(s):  Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha
Publication Date:  February 23, 2011

CMU-CyLab-11-002:  A Logical Method for Policy Enforcement over Evolving Audit Logs (Revised February 24, 2011)
Research Area(s):  Privacy Protection | Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Deepak Garg, Limin Jia, Anupam Datta
Publication Date:  February 9, 2011

CMU-CyLab-11-001:  A Survey of the Use of Adobe Flash Local Shared Objects to Respawn HTTP Cookies
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Aleecia McDonald, Lorrie Cranor
Publication Date:  January 31, 2011

2010

CMU-CyLab-10-022:  BitShred: Fast, Scalable Malware Triage
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Software Security
Author(s):  Jiyong Jang, David Brumley, and Shobha Venkataraman
Publication Date:  November 5, 2010

CMU-CyLab-10-020:  SCION: Scalability, Control, and Isolation On Next-Generation Networks (Revised March 11, 2011)
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Xin Zhang, Hsu-Chun Hsiao, Geoffrey Hasker, Haowen Chan, Adrian Perrig and David G. Andersen
Publication Date:  December 28, 2010

CMU-CyLab-10-019:  Caché: Caching Location-Enhanced Content to Improve User Privacy
Research Area(s):  Privacy Protection | Mobility
Author(s):  Shahriyar Amini, Janne Lindqvist, Jason Hong, Jialiu Lin, Eran Toch, Norman Sadeh
Publication Date:  December 10, 2010

CMU-CyLab-10-018:  Impact Analysis of BGP Sessions for Prioritization of Maintenance Operations
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Sihyung Lee, Kyriaki Levanti, Hyong S. Kim
Publication Date:  October 8, 2010

CMU-CyLab-10-017:  When Are Users Comfortable Sharing Locations with Advertisers?
Research Area(s):  Privacy Protection | Mobility
Author(s):  Patrick Gage Kelley, Michael Benisch, Lorrie Faith Cranor, Norman Sadeh
Publication Date:  October 18, 2010

CMU-CyLab-10-016:  A Diary Study of Password Usage in Daily Life
Research Area(s):  Privacy Protection | Mobility
Author(s):  Eiji Hayashi, Jason Hong
Publication Date:  October 6, 2010

CMU-CyLab-10-014:  Token Attempt: The Misrepresentation of Website Privacy Policies through the Misuse of P3P Compact Policy Tokens
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Pedro Giovanni Leon, Lorrie Faith Cranor, Aleecia M. McDonald, Robert McGuire
Publication Date:  September 10, 2010

CMU-CyLab-10-011:  Dissecting One Click Frauds
Cross-Cutting Thrusts:  Business Risk Analysis and Economic Implications
Author(s):  Nicolas Christin, Sally Yanagihara, and Keisuke Kamataki
Publication Date:  April 23, 2010

CMU-CyLab-10-010:  Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information
Cross-Cutting Thrusts:  Business Risk Analysis and Economic Implications
Author(s):  Benjamin Johnson, Jens Grossklags, Nicolas Christin, and John Chuang
Publication Date:  April 23, 2010

CMU-CyLab-10-008:  Privacy Policy Specification and Audit in a Fixed-Point Logic - How to enforce HIPAA, GLBA and all that
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Henry DeYoung, Deepak Garg, Limin Jia, Dilsun Kaynar, Anupam Datta
Publication Date:  May 11, 2010

CMU-CyLab-10-007:  Logical Specification of the GLBA and HIPAA Privacy Laws
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Henry DeYoung, Deepak Garg, Dilsun Kaynar, Anupam Datta
Publication Date:  April 29, 2010

CMU-CyLab-10-006:  BitShred: Fast, Scalable Code Reuse Detection in Binary Code
Cross-Cutting Thrusts:  Software Security
Author(s):  Jiyong Jang, David Brumley
Publication Date:  November 16, 2009

CMU-CyLab-10-005:  Scalable Parametric Verification of Secure Systems: How to Verify Reference Monitors without Worrying about Data Structure Size
Research Area(s):  Trustworthy Computing Platforms and Devices
Author(s):  Jason Franklin, Sagar Chaki, Anupam Datta, Arvind Sesahdri
Publication Date:  March 5, 2010

CMU-CyLab-10-004:  Compositional System Security in the Presence of Interface-Confined Adversaries
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Formal Methods | Software Security
Author(s):  Deepak Garg, Jason Franklin, Dilsun Kaynar, Anupam Datta
Publication Date:  February 19, 2010

CMU-CyLab-10-003:  TwitterJacket: An automated activity and health monitoring solution for the elderly
Research Area(s):  Mobility
Author(s):  Shahriyar Amini, Priya Narasimhan
Publication Date:  October 18, 2009

CMU-CyLab-10-002:  Efficient Directionless Weakest Preconditions (Revised July 14, 2010)
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Ivan Jager, David Brumley
Publication Date:  February 2, 2010

2009

CMU-CyLab-09-016:  Help Me Help You: Using Trustworthy Host-Based Information in the Network
Research Area(s):  Trustworthy Computing Platforms and Devices | Next Generation Secure and Available Networks
Author(s):  Bryan Parno, Zongwei Zhou, Adrian Perrig
Publication Date:  November 18, 2009

CMU-CyLab-09-015:  An Empirical Study of How People Perceive Online Behavioral Advertising
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Aleecia M. McDonald and Lorrie Faith Cranor
Publication Date:  November 10, 2009

CMU-CyLab-09-014:  Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Patrick Gage Kelley, Lucian Cesca, Joanna Bresee, Lorrie Faith Cranor
Publication Date:  November 10, 2009

CMU-CyLab-09-013:  Access Control for Home Data Sharing: Attitudes, Needs and Practices
Research Area(s):  Secure Home Computing
Author(s):  Michelle L. Mazurek, J.P. Arsenault, Joanna Bresee, Nitin Gupta, Iulia Ion, Christina Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, Richard Shay, Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, Gregory R. Ganger, Michael K. Reiter
Publication Date:  October 21, 2009

CMU-CyLab-09-011:  Lockdown: A Safe and Practical Environment for Security Applications
Research Area(s):  Secure Home Computing | Trustworthy Computing Platforms and Devices
Author(s):  Amit Vasudevan, Bryan Parno, Ning Qu, Virgil Gligor, Adrian Perrig
Publication Date:  July 14, 2009

CMU-CyLab-09-010:  Understanding People’s Place Naming Preferences in Location Sharing
Research Area(s):  Mobility
Author(s):  Jialiu Lin, Jason Hong, Norman Sadeh
Publication Date:  June 29, 2009

CMU-CyLab-09-009:  Don’t Talk to Zombies: Mitigating DDoS Attacks via Attestation
Research Area(s):  Trustworthy Computing Platforms and Devices
Author(s):  Bryan Parno, Zongwei Zhou, Adrian Perrig
Publication Date:  June 23, 2009

CMU-CyLab-09-008:  Differential Privacy for Probabilistic Systems
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Michael Carl Tschantz, Anupam Datta, Dilsun Kaynar
Publication Date:  May 14, 2009

CMU-CyLab-09-007:  XTREC: Secure Real–time Instruction-level Control Flow Recording on Commodity Platforms
Author(s):  Amit Vasudevan, Ning Qu, Adrian Perrig, Virgil Gligor
Publication Date:  March 17, 2009

CMU-CyLab-09-006:  Effects of Access-Control Policy Conflict-Resolution Methods on Policy-Authoring Usability
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, Kami Vaniea
Publication Date:  March 17, 2009

CMU-CyLab-09-005:  xDomain: Cross-border Proofs of Access
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Lujo Bauer, Limin Jia, Michael K. Reiter, and David Swasey
Publication Date:  March 17, 2009

CMU-CyLab-09-004:  When Information Improves Information Security
Cross-Cutting Thrusts:  Business Risk Analysis and Economic Implications
Author(s):  Jens Grossklags, Benjamin Johnson, Nicolas Christin
Publication Date:  March 17, 2009

CMU-CyLab-09-003:  TrustVisor: Efficient TCB Reduction and Attestation (revised March 10, 2010)
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Cryptography
Author(s):  Jonathan M. McCune, Ning Qu, Yanlin Li, Anupam Datta, Virgil D. Gligor, Adrian Perrig
Publication Date:  March 9, 2009

CMU-CyLab-09-002:  School of Phish: A Real-Word Evaluation of Anti-Phishing Training
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Ponnurangam Kumaraguru, Justin Cranshaw, Alessandro Acquisti, Lorrie Cranor, Jason Hong, Mary Ann Blair, Theodore Pham
Publication Date:  March 9, 2009

CMU-CyLab-09-001:  A Logic of Secure Systems and its Application to Trusted Computing
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Anupam Datta, Jason Franklin, Deepak Garg, Dilsun Kaynar
Publication Date:  June 1, 2009

2008

CMU-CyLab-08-014:  Low Latency and Congestion Broadcast Authentication in Fixed Topology Networks
Author(s):  Haowen Chan, Adrian Perrig
Publication Date:  December 22, 2008

CMU-CyLab-08-013:  Network Router Configuration Management
Author(s):  Sihyung Lee, Tina Wong, Hyong S. Kim
Publication Date:  October 14, 2008

CMU-CyLab-08-012:  ASPIER: An Automated Framework for Verifying Security Protocol Implementations
Author(s):  Sagar Chaki, Anupam Datta
Publication Date:  October 14, 2008

CMU-CyLab-08-011:  TACKing Together Efficient Authentication, Revocation, and Privacy in VANETs
Author(s):  Ahren Studer, Fan Bai, Bhargav Bellur, Adrian Perrig
Publication Date:  July 8, 2008

CMU-CyLab-08-010:  Flexible, Extensible, and Efficient VANET Authentication Research Area
Author(s):  Ahren Studer, Fan Bai, Bhargav Bellur, Adrian Perrig
Publication Date:  July 8, 2008

CMU-CyLab-08-009:  Towards Generating High Coverage Vulnerability-based Signatures with Protocol-level Constraint-guided Exploration
Author(s):  Juan Caballero, Zhenkai Liang, Pongsin Poosankam, Dawn Song
Publication Date:  June 24, 2008

CMU-CyLab-08-008:  Attacking, Repairing, and Verifying SecVisor: A Retrospective on the Security of a Hypervisor Research Area
Author(s):  Jason Franklin, Arvind Seshadri, Ning Qu, Sagar Chaki, Anupam Datta
Publication Date:  April 18, 2008

CMU-CyLab-08-007:  GAnGS: Gather, Authenticate ’n Group Securely
Research Area(s):  Mobility
Author(s):  Chia-Hsin Chen, Chung-Wei Chen, Cynthia Kuo, Yan-Hao Lai, Jonathan M. McCune, Ahren Studer, Adrian Perrig, Bo-Yin Yang, Tzong-Chen Wu
Publication Date:  April 18, 2008

CMU-CyLab-08-006:  Anomaly Detection Amidst Constant Anomalies:Training IDS On Constantly Attacked Data
Author(s):  M. Patrick Collins and Michael K. Reiter
Publication Date:  April 9, 2008

CMU-CyLab-08-005:  A Quantitative Approach for Data Integrity
Author(s):  James Newsome and Dawn Song
Publication Date:  April 9, 2008

CMU-CyLab-08-004:  Detecting and Resolving Policy Misconfigurations in Access-Control Systems
Research Area(s):  Trustworthy Computing Platforms and Devices
Author(s):  Lujo Bauer, Scott Garriss, Michael K. Reiter 
Publication Date:  February 4, 2008

CMU-CyLab-08-003:  Towards a Theory of Secure Systems
Research Area(s):  Trustworthy Computing Platforms and Devices
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Deepak Garg, Jason Franklin, Dilsun Kaynar, Anupam Datta
Publication Date:  February 4, 2008

CMU-CyLab-08-002:  Automated Verification of Security Protocol Implementations
Research Area(s):  Next Generation Secure and Available Networks
Cross-Cutting Thrusts:  Software Security
Author(s):  Sagar Chaki and Anupam Datta
Publication Date:  January 30, 2008

CMU-CyLab-08-001:  A Framework for Reasoning About the Human in the Loop
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Lorrie Cranor
Publication Date:  January 24, 2008

2007

CMU-CyLab-07-019:  Bounding Packet Dropping and Injection Attacks in Sensor Networks
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Xin Zhang, Haowen Chan, Abhishek Jain and Adrian Perrig
Publication Date:  November 9, 2007

CMU-CyLab-07-018:  An Execution Infrastructure for TCB Minimization
Research Area(s):  Trustworthy Computing Platforms and Devices
Author(s):  Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, Hiroshi Isozaki
Publication Date:  December 18, 2007

CMU-CyLab-07-017:  Traffic Aggregation for Malware Detection
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Michael K. Reiter & Ting-Fang Yen
Publication Date:  December 16, 2007

CMU-CyLab-07-016:  Countermeasures Against Government-Scale Monetary Forgery
Research Area(s):  Privacy Protection
Author(s):  Alessandro Acquisti, Nicolas Christin, Bryan Parno and Adrian Perrig
Publication Date:  December 3, 2007

CMU-CyLab-07-015:  Hookfinder: Identifying and Understanding Malware Hooking Behaviors
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Heng Yin, Zhenkai Liang & Dawn Song
Publication Date:  October 17, 2007

CMU-CyLab-07-014:  Rosetta: Extracting Protocol Semantics using Binary Analysis with Applications to Protocol Replay and NATRewriting
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Juan Caballero and Dawn Song
Publication Date:  October 9, 2007

CMU-CyLab-07-013:  SNAPP: Stateless Network-Authenticated Path Pinning
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Bryan Parno, Adrian Perrig, David Andersen
Publication Date:  September 19, 2007

CMU-CyLab-07-012:  Availability-Oriented Path Selection in Multi-Path Routing
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Xin Zhang, Adrian Perrig, and Hui Zhang
Publication Date:  August 25, 2007

CMU-CyLab-07-011:  Mental Trapdoors for User Authentication on Small Mobile Devices
Research Area(s):  Mobility
Author(s):  Eiji Hayashi, Nicolas Christin, Rachna Dhamija, Adrian Perrig
Publication Date:  August 12, 2007

CMU-CyLab-07-010:  PRISM: Enabling Personal Verification of Code Integrity, Untampered Execution, and Trusted I/O Legacy Systems or Human-on Verifiable Code Execution
Research Area(s):  Trustworthy Computing Platforms and Devices
Author(s):  Jason Franklin, Mark Luk, Arvind Seshadri, Adrian Perrig
Publication Date:  February 3, 2007

CMU-CyLab-07-009:  NetPiler: Reducing Network Configuration Complexity through Policy Classification
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Sihyung Lee, Tina Wong, Hyong S. Kim
Publication Date:  June 29, 2007

CMU-CyLab-07-008:  MetaMorphMagi: From Offline to Online Software Upgrades in Large-Scale IT Infrastructures
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Tudor Dumitras, Jiaqi Tan, Priya Narasimhan
Publication Date:  June 20, 2007

CMU-CyLab-07-007:  Castor: Secure Code Updates using Symmetric Cryptosystems
Research Area(s):  Next Generation Secure and Available Networks
Cross-Cutting Thrusts:  Cryptography
Author(s):  Donnie H. Kim, Rajeev Gandhi, Priya Narasimhan
Publication Date:  May 31, 2007

CMU-CyLab-07-006:  Tradeoffs in Configuring Secure Data Dissemination in Sensor Networks: An Empirical Outlook
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Patrick E. Lanigan, Priya Narasimhan, Rajeev Gandhi
Publication Date:  May 25, 2007

CMU-CyLab-07-005:  Comparing Access-Control Technologies: A Study of Keys and Smartphones
Research Area(s):  Mobility | Trustworthy Computing Platforms and Devices
Author(s):  Lujo Bauer, Lorrie Cranor, Robert W. Reeder, Michael K. Reiter, Kami Vaniea
Publication Date:  February 28, 2007

CMU-CyLab-07-004:  Distributed Evasive Scan Techniques and Countermeasures
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Min Gyung Kang, Juan Caballero, Dawn Song
Publication Date:  February 9, 2007

CMU-CyLab-07-003:  Teaching Johnny Not to Fall for Phish
Research Area(s):  Privacy Protection | Next Generation Secure and Available Networks
Author(s):  Ponnurangam Kumaraguru, Steve Sheng, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong
Publication Date:  February 8, 2007

CMU-CyLab-07-002:  Would Diversity Really Increase the Robustness of the Routing Infrastructure against Software Defects?
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Juan Caballero, Theocharis Kampouris, Dawn Song, Jia Wang
Publication Date:  February 6, 2007

CMU-CyLab-07-001:  Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking
Research Area(s):  Trustworthy Computing Platforms and Devices
Author(s):  Jason Franklin, Mark Luk, Jonathan M. McCune, Arvind Seshadri, Adrian Perrig, Leendert van Doorn
Publication Date:  January 4, 2007

2006

CMU-CyLab-06-019:  Beyond Output Voting: Detecting Compromised Replicas using Behavioral Distance
Cross-Cutting Thrusts:  Next Generation Threat Prediction and Response
Author(s):  Debin Gao, Michael K. Reiter, Dawn Song
Publication Date:  December 2, 2006

CMU-CyLab-06-018:  Phinding Phish: An Evaluation of Anti-Phishing Toolbars
Research Area(s):  Trustworthy Computing Platforms and Devices
Author(s):  Lorrie Cranor, Serge Egelman, Jason Hong, and Yue Zhang
Publication Date:  November 13, 2006

CMU-CyLab-06-017:  Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System
Research Area(s):  Secure Home Computing | Trustworthy Computing Platforms and Devices
Author(s):  Ponnurangam Kumaraguru, Yong Woo Rhee, Alessandro Acquisti, Lorrie Cranor, Jason Hong, Elizabeth Nunge
Publication Date:  November 9, 2006

CMU-CyLab-06-016:  Lessons Learned from the Deployment of a Smartphone-Based Access-Control System
Research Area(s):  Mobility | Trustworthy Computing Platforms and Devices
Author(s):  Lujo Bauer, Lorrie Cranor, Michael K. Reiter, Kami Vaniea
Publication Date:  October 18, 2006

CMU-CyLab-06-015:  Efficient Proving for Practical Distributed Access-Control Systems (update)
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Lujo Bauer, Scott Garriss, Michael K. Reiter
Publication Date:  August 3, 2007

CMU-CyLab-06-015:  Efficient proving for distributed access-control systems
Cross-Cutting Thrusts:  Formal Methods
Author(s):  Lujo Bauer, Scott Garriss, Michael K. Reiter
Publication Date:  September 29, 2006

CMU-CyLab-06-014:  Forensic Analysis for Epidemic Attacks in Federated Networks
Research Area(s):  Next Generation Secure and Available Networks
Cross-Cutting Thrusts:  Next Generation Threat Prediction and Response
Author(s):  Yinglian Xie, Vyas Sekar, Michael K. Reiter, Hui Zhang
Publication Date:  August 31, 2006

CMU-CyLab-06-013:  End-to-End Consistency of Multi-Tier Operations Across Mixed Replicated and Unreplicated Components
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Priya Narasimhan and Aaron M. Paulos
Publication Date:  July 20, 2006

CMU-CyLab-06-012:  Estimation of Available Bandwidth of a Remote Link or Path Segments
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Seung Yeob Nam, Sihyung Lee, Hyong S. Kim
Publication Date:  July 2, 2006

CMU-CyLab-06-011:  Scanner Detection Based on Connection Attempt Success Ratio with Guaranteed False Positive and False Negative Probabilities
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Seung Yeob Nam and Hyong S. Kim
Publication Date:  June 20, 2006

CMU-CyLab-06-010:  Secure Split Assignment Trajectory Sampling: A Malicious Router Detection System
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Franck Le, Sihyung Lee, Tina Wong, Hyong S. Kim, Darrell Newcomb
Publication Date:  June 12, 2006

CMU-CyLab-06-009:  Secure Split Assignment Trajectory Sampling: A Malicious Router Detection System
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Sihyung Lee, Tina Wong, Hyong S. Kim
Publication Date:  June 9, 2006

CMU-CyLab-06-008:  Minerals: Using Data Mining to Detect Router Misconfigurations
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Franck Le, Sihyung Lee, Tina Wong, Hyong S. Kim, Darrell Newcomb
Publication Date:  May 23, 2006

CMU-CyLab-06-006:  Trinetra: Assistive Technologies for the Blind
Research Area(s):  Mobility
Author(s):  Patrick E. Lanigan, Aaron M. Paulos, Andrew W. Williams, Priya Narasimhan
Publication Date:  May 1, 2006

CMU-CyLab-06-005:  FastPass: Providing First-Packet Delivery
Research Area(s):  Trustworthy Computing Platforms and Devices
Author(s):  Dan Wendlandt, David G. Andersen, Adrian Perrig
Publication Date:  March 29, 2006

CMU-CyLab-06-004:  Fast Detection of Local Scanners Using Adaptive Methods
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Ahren Studer and Chenxi Wang
Publication Date:  March 28, 2006

CMU-CyLab-06-003:  Dynamic Change Management for Minimal Impact on Dependability and Performance in Autonomic Service-Oriented Architectures
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Tudor Dumitras, Daniela Rosu, Asit Dan, Priya Narasimhan
Publication Date:  March 17, 2006

CMU-CyLab-06-002:  Consumable Credentials in Logic-Based Access Control
Research Area(s):  Next Generation Secure and Available Networks
Author(s):  Lujo Bauer, Kevin D. Bowers, Frank Pfenning, and Michael K. Reiter
Publication Date:  February 10, 2006

CMU-CyLab-06-001:  A Privacy Algorithm for 3D Human Body Scans
Research Area(s):  Privacy Protection
Author(s):  Joseph Laws and Yang Cai
Publication Date:  February 1, 2006

2005

CMU-CyLab-05-007:  Bump in the Ether: Mobile Phones as Proxies for Sensitive Input
Research Area(s):  Mobility
Author(s):  Jonathan M. McCune, Adrian Perrig, Michael K. Reiter
Publication Date:  December 8, 2005

CMU-CyLab-05-005:  Empowering Ordinary Consumers to Securely Configure Their Mobile Devices and Wireless Networks
Research Area(s):  Mobility | Secure Home Computing
Author(s):  Cynthia Kuo, Vincent Goh, Adrian Tang, Adrian Perrig, Jesse Walker
Publication Date:  December 7, 2005

CMU-CyLab-05-004:  Interleaving Semantic Web Reasoning and Service Discovery to Enforce Context-Sensitive Security and Privacy Policies
Research Area(s):  Privacy Protection
Cross-Cutting Thrusts:  Usable Privacy and Security
Author(s):  Jinghai Rao and Norman Sadeh
Publication Date:  December 5, 2005

CMU-CyLab-05-003:  Phoolproof Phishing Prevention
Research Area(s):  Privacy Protection
Author(s):  Bryan Parno, Cynthia Kuo, Adrian Perrig
Publication Date:  December 3, 2005

CMU-CyLab-05-001:  Modeling Adoptability of Secure BGP Protocols
Cross-Cutting Thrusts:  Software Security
Author(s):  Haowen Chan, Debabrata Dash, Adrian Perrig, Hui Zhang
Publication Date:  November 30, 2005