As our world becomes more computerized and interconnected, computer security and privacy will continue to increase in importance. Addressing security and privacy challenges requires reaching across a broad range of technologies, multiple layers of abstraction, and many aspects of computer science. In this talk, I will focus specifically on two examples of security and privacy challenges that I have addressed in my work by designing and building new systems that better match user expectations. First, I will describe an extensive study of how advertisers, social media sites, and others invisibly track users as they browse the Web, and a new defense resulting from this study. I will then describe an approach to permission granting in modern operating systems (such as smartphones) that is more secure and better matches user expectations than existing approaches. In this approach, called user-driven access control, the operating system is able to extract a user's permission granting intent from the way he or she naturally interacts with any application. Achieving user-driven access control uncovers security in the user interface as a distinct research direction, which I will describe in the third part of the talk. Finally, I will briefly mention additional directions, including addressing emerging security and privacy challenges and exploring opportunities in the context of wearable and augmented reality systems. By understanding and anticipating these challenges early enough, we can positively influence the designs of emerging technologies before they become widespread.
Sunday, April 06, 2014
Free and open to the public