Lujo Bauer is an associate professor in the Electrical and Computer Engineering Department and in the Institute for Software Research at Carnegie Mellon University. He received his B.S. in Computer Science from Yale University in 1997 and his Ph.D. in Computer Science from Princeton University in 2003.

Bauer's research interests span many areas of computer security and privacy, and include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for run-time enforcement of security policies on programs, and generally narrowing the gap between a formal model and a practical, usable system. His recent work focuses on developing tools and guidance to help users stay safer online, and in examining how advances in machine learning can lead to a more secure future.

Bauer served as the program chair for the flagship computer security conferences of the IEEE (S&P 2015) and the Internet Society (NDSS 2014) and is an associate editor of ACM Transactions on Information and System Security.

2203 Collaborative Innovation Center
Google Scholar
Lujo Bauer
Lujo Bauer's website

Helping Users Manage Online Data

On the Future of AI


2003 Ph.D., Computer Science, Princeton University

1999 MA, Computer Science, Princeton University

1997 BS, Computer Science, Yale University


Media mentions

CMU Engineering

Why people (don’t) use password managers effectively

A recent study by a team of CyLab researchers, including Pearman, provides some insight into how ineffectively people may be using password managers, potentially nullifying the benefits the managers are meant to provide.

CMU Engineering

Security and privacy need to be easy

In 2005, Carnegie Mellon hosted a first-of-its-kind conference that brought together researchers from dozens of universities and companies around the world with one mission: make privacy and security tools easier to use. That conference, the Symposium On Usable Privacy and Security (SOUPS), is holding its 15th annual meeting next month. SOUPS, as well as the entire usable privacy and security field, have deep roots at CMU.

CMU Engineering

Overcoming the privacy paradox

Why do some people say they value their privacy, but then willingly give up personal information when downloading an app? Understanding this so-called “privacy paradox” would help answer lots of questions about how privacy could be better dealt with.

CMU Engineering

Blame the tech, not the users

A recent study led by researchers in Carnegie Mellon University’s CyLab found that when a personal device has fallen victim to some sort of cyberattack, users often misdiagnose what exactly is going on–but they’re not the ones to blame.

CMU Engineering

First round of Secure and Private IoT Initiative funded projects announced

CyLab’s Secure and Private IoT Initiative (IoT@CyLab) has broken ground as the first round of funded proposals have been announced. Twelve selected projects will be funded for one year, and results will be presented at the IoT@CyLab annual summit next year.


CyLab’s Cranor and Bauer speak at RSA Conference

Two Engineering faculty members spoke at the RSA Conference in San Francisco earlier this month, CyLab Director Lorrie Cranor, and CyLab/ECE’s Lujo Bauer. They were among eight total Carnegie Mellon faculty and staff members who spoke at the conference, which is focused on security and welcomes 40,000 attendees each year.

CMU Engineering

Eight Carnegie Mellon faculty and staff spoke at this week's RSA Conference

Carnegie Mellon had a big showing at this week's RSA Conference in San Francisco with eight faculty and staff members from across the university spoke about topics ranging from security and human behavior to the security of robot-produced code.

The New York Times

CyLab researchers quoted in NYT

CyLab's Marios Savvides, Lujo Bauer, Jason Hong, Kathleen Carley, Martin Carlisle, and Carolina Zarate were featured in a New York Times piece about various ongoing research thrusts in CyLab to help combat cyberattacks. “More than 300 researchers and graduate students are working or studying at CyLab this year, making it among the largest cybersecurity training centers in the world,” the article says.

The Piper (CMU)

College of Engineering faculty awarded the IEEE Cybersecurity Award

At the IEEE Cybersecurity Development Conference, ECE/CyLab’s Lujo Bauer, EPP/CyLab’s Nicolas Christin, and EPP/CyLab’s Lorrie Cranor received the IEEE Cybersecurity Award for Practice for their research on how to make passwords easier for users but harder for hackers to guess.

CMU Engineering

What happens when you deploy 2-factor authentication at a university?

“It’s not actually that horrible,” one survey respondent said about using a security feature called 2-factor authentication (2FA) to access their Carnegie Mellon account.


CyLab finds 2FA had unexpected positive reception

CyLab researchers investigated CMU faculty and staff's reactions to two-factor authentication and found unexpectedly positive reception.

CMU Engineering

CMU-Africa and Facebook co-host cybersecurity hackathon in Rwanda

Last week, Facebook and Carnegie Mellon University Africa hosted a cybersecurity-themed hackathon in Kigali, Rwanda, with the goal of engaging and inspiring students to become more involved in cybersecurity. During the 24-hour hackathon, students were challenged with identifying a security problem in any industry currently affecting Rwanda and/or other African countries and developing a solution.