Carnegie Mellon CyLab is a bold and visionary effort, which establishes public-private partnerships to develop new technologies for measurable, secure, available, trustworthy and sustainable computing and communications systems. CyLab is a world leader in both technological research and the education of professionals in information assurance, security technology, business and policy, as well as security awareness among cyber-citizens of all ages. Building on more than two decades of Carnegie Mellon leadership in Information Technology, CyLab is a university-wide initiative that involves over fifty faculty and one hundred graduate students from more than six different departments and schools. As a vital resource in the effort to address cyber vulnerabilities that threaten national and economic security, CyLab is closely affiliated with CERT® Coordination Center, a leading, internationally recognized center of internet security expertise.

Follow

Submissions from 2014

PDF

Temporal Mode-Checking for Runtime Monitoring of Privacy Policies (CMU-CyLab-14-005), Omar Chowdhury, Limin Jia, Deepak Garg, and Anupam Datta

PDF

BUZZ: Testing Context-Dependent Policies in Stateful Data Planes (CMU-CyLab-14-013), Seyed K. Fayaz, Yoshiaki Tobioka, Sagar Chaki, and Vyas Sekar

PDF

Security Behavior Observatory: Infrastructure for Long-term Monitoring of Client Machines (CMU-CyLab-14-009), Alain Forget, Saranga Komanduri, Alessandro Acquisti, Nicolas Christin, Lorrie Faith Cranor, and Rahul Telang

PDF

MVSec: Secure and Easy-to-Use Pairing of Mobile Devices with Vehicles (CMU-CyLab-14-006), Jun Han, Yue-Hsun Lin, Adrian Perrig, and Fan Bai

PDF

Routing Bottlenecks in the Internet – Causes, Exploits, and Countermeasures (CMU-CyLab-14-010), Min Suk Kang and Virgil D. Gligor

PDF

Smartphone Fingerprint Authentication versus PINs: A Usability Study (CMU-CyLab-14-012), Shri Karthikeyan, Sophia Feng, Ashwini Rao, and Norman Sadeh

PDF

MiniBox: A Two-Way Sandbox for x86 Native Code (CMU-CyLab-14-001), Yanlin Li, Adrian Perrig, Jonathan M. McCune, James Newsome, Brandon Baker, and Will Drewry

PDF

What do they know about me? Contents and Concerns of Online Behavioral Profiles (CMU-CyLab-14-011), Ashwini Rao, Florian Schaub, and Norman Sadeh

PDF

Connectivity in Secure Wireless Sensor Networks under Transmission Constraints (CMU-CyLab-14-003), Jun Zhao, Osman Yagan, and Virgil D. Gligor

PDF

Results on Vertex Degree and K-Connectivity in Uniform S-Intersection Graphs (CMU-CyLab-14-004), Jun Zhao, Osman Yagan, and Virgil D. Gligor

PDF

Topological Properties of Wireless Sensor Networks Under the Q-Composite Key Predistribution Scheme With Unreliable Links (CMU-CyLab-14-002), Jun Zhao, Osman Yagan, and Virgil D. Gligor

Submissions from 2013

PDF

Is Your Inseam a Biometric? Evaluating the Understandability of Mobile Privacy Notice Categories (CMU-CyLab-13-011), Rebecca Balebako, Richard Shay, and Lorrie Faith Cranor

PDF

Warning Design Guidelines (CMU-CyLab-13-002), Lujo Bauer, Cristian Bravo-Lillo, Lorrie Faith Cranor, and Elli Fragkaki

PDF

Audit Games (CMU-CyLab-13-004), Jeremiah Blocki, Nicolas Christin, Anupam Datta, Ariel D. Procaccia, and Arunesh Sinha

PDF

Mobile Pickpocketing: Exfiltration of Sensitive Data through NFC-enabled Mobile Devices (CMU-CyLab-13-015), Ryan Caney, Christopher Dorros, Stuart Kennedy, Gregory Owens, and Patrick Tague

PDF

"It’s Hidden in My Computer": Exploring Account Management Tools and Behaviors (CMU-CyLab-13-007), Eiji Hayashi and Jason Hong

PDF

Privacy as Part of the App Decision-Making Process (CMU-CyLab-13-003), Patrick Gage Kelley, Lorrie Faith Cranor, and Norman Sadeh

PDF

Measuring Password Guessability for an Entire University (CMU-CyLab-13-013), Michelle L. Mazurek, Saranga Komanduri, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Kelley, Richard Shay, and Blase Ur

PDF

Continuous Tamper-proof Logging using TPM2.0 (CMU-CyLab-13-008), Arunesh Sinha, Limin Jia, Paul England, and James Lorch

PDF

DABLS: Device Attestation with Bounded Leakage of Secrets (CMU-CyLab-13-010), Andrew Tran

PDF

Purpose Restrictions on Information Use (CMU-CyLab-13-005), Michael Carl Tschantz, Anupam Datta, and Jeannette Marie. Wing

PDF

A5: Automated Analysis of Adversarial Android Applications (CMU-CyLab-13-009) (Revised June 3, 2014), Tim Vidas, Jiaqi Tan, Jay Nahata, Chaur Lih Tan, Nicolas Christin, and Patrick Tague

Submissions from 2012

PDF

Run-Time Enforcement of Information-Flow Properties on Android (CMU-CyLab-12-015), Jassim Aljuraidan, Elli Fragkaki, Lujo Bauer, Limin Jia, Yutaka Miyake, Kazuhide Fukushima, and Shinsaku Kiyomoto

PDF

Towards Scalable Evaluation of Mobile Applications through Crowdsourcing and Automation (CMU-CyLab-12-006), Shahriyar Amini, Jialiu Lin, Jason Hong, Janne Lindqvist, and Joy Zhang

PDF

Auditing Rational Adversaries to Provably Manage Risks (CMU-CyLab-12-011), Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha

PDF

Audit Mechanisms for Provable Risk Management and Accountable Data Governance (CMU-CyLab-12-020), Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha

PDF

Design, Development and Automated Verification of an Integrity-Protected Hypervisor (CMU-CyLab-12-017), Sagar Chaki, Amit Vasudevan, Limin Jia, Jonathan M. McCune, and Anupam Datta

PDF

Traveling the Silk Road: A measurement analysis of a large anonymous online marketplace (CMU-CyLab-12-018), Nicolas Christin

PDF

Parametric Verification of Address Space Separation (CMU-CyLab-12-001), Jason Franklin, Sagar Chaki, Anupam Datta, Jonathan M. McCune, and Amit Vasudevan

PDF

Sanctuary Trail: Refuge from Internet DDoS Entrapment (CMU-CyLab-12-013), Hsu-Chun Hsiao, Tiffany Kim, Sangjae Yoo, Xin Zhang, Soo Bum Lee, Virgil D. Gligor, and Adrian Perrig

PDF

Transparent Key Integrity (TKI): A Proposal for a Public-Key Validation Infrastructure (CMU-CyLab-12-016), Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perrig, Collin Jackson, and Virgil D. Gligor

PDF

What Do Online Behavioral Advertising Disclosures Communicate to Users? (CMU-CyLab-12-008), Pedro Giovanni Leon, Justin Cranshaw, Lorrie Faith Cranor, Jim Graves, Manoj Hastak, and Guzi Xu

PDF

A Comparative Study of Location-sharing Privacy Preferences in the U.S. and China (CMU-CyLab-12-003), Jialiu Lin, Norman Sadeh, Michael Benisch, Jianwei Niu, Jason Hong, Banghui Lu, and Shaohui Guo

PDF

Enforcing More with Less: Formalizing Target-aware Run-time Monitors (CMU-CyLab-12-009), Yannis Mallios, Lujo Bauer, Dilsun Kaynar, and Jay Ligatti

PDF

Smart, Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising (CMU-CyLab-12-007), Blase Ur, Pedro Giovanni Leon, Lorrie Faith Cranor, Richard Shay, and Yang Wang

PDF

"It’s an app. It’s a hypervisor. It’s a hypapp.": Design and Implementation of an eXtensible and Modular Hypervisor Framework (CMU-CyLab-12-014), Amit Vasudevan, Jonathan M. McCune, and James Newsome

PDF

QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks (CMU-CyLab-12-022), Tim Vidas, Emmanuel Owusu, Shuai Wang, Cheng Zen, and Lorrie Faith Cranor

Link

Exploiting Privacy Policy Conflicts in Online Social Networks (CMU-CyLab-12-005), Akira Yamada, Tiffany Hyun-Jin Kim, and Adrian Perrig

Submissions from 2011

PDF

Regret Minimizing Audits: A Learning-theoretic Basis for Privacy Protection (CMU-CyLab-11-003), Jeremiah Blocki, Nicolas Christin, Anupam Datta, and Arunesh Sinha

PDF

SafeSlinger: An Easy-to-use and Secure Approach for Human Trust Establishment (CMU-CyLab-11-021), Michael W. Farb, Yue-Hsun Lin, Tiffany Kim, Jonathan M. McCune, and Adrian Perrig

PDF

Modeling and Enhancing Android’s Permission System (CMU-CyLab-11-020), Elli Fragkaki, Lujo Bauer, Limin Jia, and David Swasey

PDF

A Logical Method for Policy Enforcement over Evolving Audit Logs (CMU-CyLab-11-002), Deepak Garg, Limin Jia, and Anupam Datta

PDF

Towards a Theory of Trust in Networks of Humans and Computers (CMU-CyLab-11-016), Virgil D. Gligor and Jeannette M. Wing

PDF

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms (CMU-CyLab-11-008), Patrick Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez

PDF

RelationGrams: Tie-Strength Visualization for User-Controlled Online Identity Authentication (CMU-CyLab-11-014), Tiffany Hyun-Jin Kim, Akira Yamada, Jason Hong, Virgil D. Gligor, and Adrian Perrig

PDF

AdChoices? Compliance with Online Behavioral Advertising Notice and Choice Requirements (CMU-CyLab-11-005), Saranga Komanduri, Richard Shay, Greg Norcie, Blase Ur, and Lorrie Faith Cranor

PDF

FLoc: Dependable Link Access for Legitimate Traffic in Flooding Attacks (CMU-CyLab-11-019), Soo Bum Lee and Virgil D. Gligor

PDF

DefAT: Dependable Connection Setup for Network Capabilities (CMU-CyLab-11-018), Soo Bum Lee, Virgil D. Gligor, and Adrian Perrig

PDF

Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising (CMU-CyLab-11-017), Pedro Giovanni Leon, Blase Ur, Rebecca Balebako, Lorrie Cranor, Richard Shay, and Yang Wang

PDF

A Survey of the Use of Adobe Flash Local Shared Objects to Respawn HTTP Cookies (CMU-CyLab-11-001), Aleecia M. McDonald and Lorrie Faith Cranor

PDF

I Know Where You Live: Analyzing Privacy Protection in Public Databases (CMU-CyLab-11-015), Manya Sleeper, Divya Sharma, and Lorrie Faith Cranor

PDF

Don’t Bump, Shake on It: The Exploitation of a Popular Accelerometer-Based Smart Phone Exchange and Its Secure Replacement (CMU-CyLab-11-011), Ahren Studer, Timothy Passaro, and Lujo Bauer

PDF

Trustworthy Execution on Mobile Devices: What security properties can my mobile platform give me? (CMU-CyLab-11-023), Amit Vasudevan, Emmanuel Owusu, Zongwei Zhou, James Newsome, and Jonathan M. McCune

PDF

Who, when, where: Obfuscation preferences in location-sharing applications (CMU-CyLab-11-013), Jayant Venkatanathan, Jialiu Lin, Michael Benisch, Denzil Ferreira, Evangelos Karapanos, Vassilis Kostakos, Eran Toch, and Norman Sadeh

PDF

Sweetening Android Lemon Markets: Measuring and Curbing Malware in Application Marketplaces (CMU-CyLab-11-012), Tim Vidas and Nicolas Christin

PDF

ShortMAC: Efficient Data-Plane Fault Localization (CMU-CyLab-11-007), Xin Zhang, Zongwei Zhou, Hsu-Chun Hsiao, Tiffany Kim, Patrick Tague, and Adrian Perrig

Submissions from 2010

PDF

Caché: Caching Location-Enhanced Content to Improve User Privacy (CMU-CyLab-10-019), Shahriyar Amini, Janne Lindqvist, Jason Hong, Jialiu Lin, Eran Toch, and Norman Sadeh

PDF

Efficient Directionless Weakest Preconditions (CMU-CyLab-10-002), David Brumley and Ivan Jager

PDF

Dissecting One Click Frauds (CMU-CyLab-10-011), Nicolas Christin, Sally S. Yanagihara, and Keisuke Kamataki

PDF

Privacy Policy Specification and Audit in a Fixed-Point Logic - How to enforce HIPAA, GLBA and all that (CMU-CyLab-10-008), Henry DeYoung, Deepak Garg, Limin Jia, Dilsun Kaynar, and Anupam Datta

PDF

Logical Specification of the GLBA and HIPAA Privacy Laws (CMU-CyLab-10-007), Henry DeYoung, Deepak Garg, Dilsun Kaynar, and Anupam Datta

PDF

Scalable Parametric Verification of Secure Systems: How to Verify Reference Monitors without Worrying about Data Structure Size (CMU-CyLab-10-005), Jason Franklin, Sagar Chaki, Anupam Datta, and Arvind Sesahdri

PDF

Compositional System Security in the Presence of Interface-Confined Adversaries (CMU-CyLab-10-004), Deepak Garg, Jason Franklin, Dilsun Kaynar, and Anupam Datta

PDF

A Diary Study of Password Usage in Daily Life (CMU-CyLab-10-016), Eiji Hayashi and Jason Hong

PDF

SCION: Scalability, Control, and Isolation On Next-Generation Networks (CMU-CyLab-10-020), Hsu-Chun Hsiao, Xin Zhang, Geoff Hasker, Haowen Chan, Adrian Perrig, and David G. Andersen

PDF

Are Security Experts Useful? Bayesian Nash Equilibria for Network Security Games with Limited Information (CMU-CyLab-10-010), Benjamin Johnson, Jens Grossklags, Nicolas Christin, and John Chuang

PDF

When Are Users Comfortable Sharing Locations with Advertisers? (CMU-CyLab-10-017), Patrick Gage Kelley, Michael Benisch, Lorrie Faith Cranor, and Norman Sadeh

PDF

Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach (CMU-CyLab-09-014), Patrick Gage Kelley, Lucian Cesca, Joanna Bresee, and Lorrie Faith Cranor

PDF

Impact Analysis of BGP Sessions for Prioritization of Maintenance Operations (CMU-CyLab-10-018), Sihyung Lee, Kyriaki Levanti, and Hyong S. Kim

PDF

Token Attempt: The Misrepresentation of Website Privacy Policies through the Misuse of P3P Compact Policy Tokens (CMU-Cylab-10-014), Pedro Giovanni Leon, Lorrie Faith Cranor, Aleecia M. McDonald, and Robert McGuire

PDF

Ho-Po Key: Leveraging Physical Constraints on Human Motion to Authentically Exchange Information in a Group (CMU-CyLab-11-004), Ghita Mezzour, Ahren Studer, Michael W. Farb, Jason Lee, Jonathan M. McCune, Hsu-Chun Hsiao, and Adrian Perrig

Submissions from 2009

PDF

TwitterJacket: An Automated Activity and Health Monitoring Solution for the Elderly (CMU-CyLab-10-003), Shahriyar Amini and Priya Narasimhan

PDF

xDomain: Cross-border Proofs of Access (CMU-CyLab-09-005), Lujo Bauer, Limin Jia, Michael K. Reiter, and David Swasey

PDF

A Logic of Secure Systems and its Application to Trusted Computing (CMU-CyLab-09-001), Anupam Datta, Jason Franklin, Deepak Garg, and Dilsun Kaynar

PDF

When Information Improves Information Security (CMU-CyLab-09-004), Jens Grossklags, Benjamin Johnson, and Nicolas Christin

PDF

BitShred: Fast, Scalable Code Reuse Detection in Binary Code (CMU-CyLab-10-006), Jiyong Jang and David Brumley

PDF

School of Phish: A Real-Word Evaluation of Anti-Phishing Training (CMU-CyLab-09-002), Ponnurangam Kumaraguru, Justin Cranshaw, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, Mary Ann Blair, and Theodore Pham

PDF

Understanding People’s Place Naming Preferences in Location Sharing (CMU-CyLab-09-010), Jialiu Lin, Jason Hong, and Norman Sadeh

PDF

Access Control for Home Data Sharing: Attitudes, Needs and Practices (CMU-CyLab-09-013, CMU-PDL-09-110), Michelle L. Mazurek, J. P. Arsenault, Joanna Bresee, Nitin Gupta, Iulia Ion, Christina Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, Richard Shay, Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, Gregory R. Ganger, and Michael K. Reiter

PDF

Efficient TCB Reduction and Attestation (CMU-CyLab-09-003), Jonathan M. McCune, Ning Qu, Yanlin Li, Anupam Datta, Virgil D. Gligor, and Adrian Perrig

PDF

An Empirical Study of How People Perceive Online Behavioral Advertising (CMU-CyLab-09-015), Aleecia M. McDonald and Lorrie Faith Cranor

PDF

Don’t Talk to Zombies: Mitigating DDoS Attacks via Attestation (CMU-CyLab-09-009), Bryan Parno, Zongwei Zhou, and Adrian Perrig

PDF

Help Me Help You: Using Trustworthy Host-Based Information in the Network (CMU-CyLab-09-016), Bryan Parno, Zongwei Zhou, and Adrian Perrig

PDF

Effects of Access-Control Policy Conflict-Resolution Methods on Policy-Authoring Usability (CMU-CyLab-09-006), Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea

PDF

Lockdown: A Safe and Practical Environment for Security Applications (CMU-CyLab-09-011), Amit Vasudevan, Bryan Parno, Ning Qu, Virgil D. Gligor, and Adrian Perrig

Submissions from 2008

PDF

Detecting and Resolving Policy Misconfigurations in Access-Control Systems (CMU-CyLab-08-004), Lujo Bauer, Scott Garriss, and Michael K. Reiter

PDF

Would Diversity Really Increase the Robustness of the Routing Infrastructure Against Software Defects?, Juan Caballero, Theocharis Kampouris, Dawn Song, and Jia Wang

PDF

Towards Generating High Coverage Vulnerability-based Signatures with Protocol-level Constraint-guided Exploration (CMU-CyLab-08-009), Juan Caballero, Zhenkai Liang, Pongsin Poosankam, and Dawn Song

PDF

Automated Verification of Security Protocol Implementations (CMU-CyLab-08-002), Sagar Chaki and Anupam Datta

PDF

GAnGS: Gather, Authenticate ’n Group Securely (CMU-CyLab-08-007), Chia-Hsin Chen, Chung-Wei Chen, Cynthia Kuo, Yan-Hao Lai, Jonathan M. McCune, Ahren Studer, Adrian Perrig, Bo-Yin Yang, and Tzong-Chen Wu

PDF

Anomaly Detection Amidst Constant Anomalies: Training IDS On Constantly Attacked Data (CMU-CyLab-08-006), M. Patrick Collins and Michael K. Reiter

PDF

A Framework for Reasoning About the Human in the Loop, Lorrie F. Cranor

PDF

Attacking, Repairing, and Verifying SecVisor: A Retrospective on the Security of a Hypervisor (CMU-CyLab-08-008), Jason Franklin, Arvind Seshadri, Ning Qu, Sagar Chaki, and Anupam Datta

PDF

Towards a Theory of Secure Systems (CMU-CyLab-08-003), Deepak Garg, Jason Franklin, Dilsun Kaynar, and Anupam Datta

PDF

Influence: A Quantitative Approach for Data Integrity (CMU-CyLab-08-005), James Newsome and Dawn Song

PDF

Flexible, Extensible, and Efficient VANET Authentication (CMU-CyLab-08-010), Ahren Struder, Fan Bai, Bhargav Bellur, and Adrian Perrig

PDF

TACKing Together Efficient Authentication, Revocation, and Privacy in VANETs (CMU-CyLab-08-011), Ahren Studer, Elaine Shi, Fan Bai, and Adrian Perrig

Submissions from 2007

PDF

Countermeasures against Government-Scale Monetary Forgery, Alessandro Acquisti, Nicolas Christin, Bryan Parno, and Adrian Perrig

PDF

Comparing Access-Control Technologies: A Study of Keys and Smartphones, Lujo Bauer, Lorrie Faith Cranor, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea

PDF

Lessons Learned from the Deployment of a Smartphone-Based Access-Control System, Lujo Bauer, Lorrie F. Cranor, Michael K. Reiter, and Kami Vaniea