Lujo Bauer is an associate professor in the Electrical and Computer Engineering Department and in the Institute for Software Research at Carnegie Mellon University. He received his B.S. in Computer Science from Yale University in 1997 and his Ph.D. in Computer Science from Princeton University in 2003.
Bauer's research interests span many areas of computer security and privacy, and include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for run-time enforcement of security policies on programs, and generally narrowing the gap between a formal model and a practical, usable system. His recent work focuses on developing tools and guidance to help users stay safer online, and in examining how advances in machine learning can lead to a more secure future.
Bauer served as the program chair for the flagship computer security conferences of the IEEE (S&P 2015) and the Internet Society (NDSS 2014) and is an associate editor of ACM Transactions on Information and System Security.
Helping Users Manage Online Data
On the Future of AI
2003 Ph.D., Computer Science, Princeton University
1999 MA, Computer Science, Princeton University
1997 BS, Computer Science, Yale University
- access control and authorization
- AI and ML for security
- Applications of security and privacy
- authentication and passwords
- cyberphysical systems (CPS)
- data security and privacy
- data/network science systems
- emerging applications security
- Formal methods
- formal methods for security
- Internet of Things (IoT)
- IoT security and privacy
- language-based security
- ML and AI
- mobile and app security and privacy
- network security
- secure systems
- security of AI and ML
- smart infrastructure
- social networks security and privacy
- software security
- systems security
- Usability and human behavior
- usable privacy and security
- usable security
- web security
Why people (don’t) use password managers effectively
A recent study by a team of CyLab researchers, including Pearman, provides some insight into how ineffectively people may be using password managers, potentially nullifying the benefits the managers are meant to provide.
Security and privacy need to be easy
In 2005, Carnegie Mellon hosted a first-of-its-kind conference that brought together researchers from dozens of universities and companies around the world with one mission: make privacy and security tools easier to use. That conference, the Symposium On Usable Privacy and Security (SOUPS), is holding its 15th annual meeting next month. SOUPS, as well as the entire usable privacy and security field, have deep roots at CMU.
Overcoming the privacy paradox
Why do some people say they value their privacy, but then willingly give up personal information when downloading an app? Understanding this so-called “privacy paradox” would help answer lots of questions about how privacy could be better dealt with.
First round of Secure and Private IoT Initiative funded projects announced
CyLab’s Secure and Private IoT Initiative (IoT@CyLab) has broken ground as the first round of funded proposals have been announced. Twelve selected projects will be funded for one year, and results will be presented at the IoT@CyLab annual summit next year.
CyLab’s Cranor and Bauer speak at RSA Conference
Two Engineering faculty members spoke at the RSA Conference in San Francisco earlier this month, CyLab Director Lorrie Cranor, and CyLab/ECE’s Lujo Bauer. They were among eight total Carnegie Mellon faculty and staff members who spoke at the conference, which is focused on security and welcomes 40,000 attendees each year.
Eight Carnegie Mellon faculty and staff spoke at this week's RSA Conference
Carnegie Mellon had a big showing at this week's RSA Conference in San Francisco with eight faculty and staff members from across the university spoke about topics ranging from security and human behavior to the security of robot-produced code.
The New York Times
CyLab researchers quoted in NYT
CyLab's Marios Savvides, Lujo Bauer, Jason Hong, Kathleen Carley, Martin Carlisle, and Carolina Zarate were featured in a New York Times piece about various ongoing research thrusts in CyLab to help combat cyberattacks. “More than 300 researchers and graduate students are working or studying at CyLab this year, making it among the largest cybersecurity training centers in the world,” the article says.
The Piper (CMU)
College of Engineering faculty awarded the IEEE Cybersecurity Award
At the IEEE Cybersecurity Development Conference, ECE/CyLab’s Lujo Bauer, EPP/CyLab’s Nicolas Christin, and EPP/CyLab’s Lorrie Cranor received the IEEE Cybersecurity Award for Practice for their research on how to make passwords easier for users but harder for hackers to guess.
What happens when you deploy 2-factor authentication at a university?
“It’s not actually that horrible,” one survey respondent said about using a security feature called 2-factor authentication (2FA) to access their Carnegie Mellon account.
CyLab finds 2FA had unexpected positive reception
CyLab researchers investigated CMU faculty and staff's reactions to two-factor authentication and found unexpectedly positive reception.
CMU-Africa and Facebook co-host cybersecurity hackathon in Rwanda
Last week, Facebook and Carnegie Mellon University Africa hosted a cybersecurity-themed hackathon in Kigali, Rwanda, with the goal of engaging and inspiring students to become more involved in cybersecurity. During the 24-hour hackathon, students were challenged with identifying a security problem in any industry currently affecting Rwanda and/or other African countries and developing a solution.