Carnegie Mellon University Usable Privacy and Security Laboratory

Last updated

The Carnegie Mellon University Usable Privacy and Security Laboratory (CUPS) was established in the Spring of 2004 to bring together Carnegie Mellon University researchers working on a diverse set of projects related to understanding and improving the usability of privacy and security software and systems. The privacy and security research community has become increasingly aware that usability problems severely impact the effectiveness of mechanisms designed to provide security and privacy in software systems. Indeed, one of the four grand research challenges in information security and assurance identified by the Computing Research Association in 2003 is: "Give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future." This is the challenge that CUPS strives to address. CUPS is affiliated with Carnegie Mellon CyLab and has members from the Engineering and Public Policy Department, the School of Computer Science, the Electrical and Computer Engineering Department, the Heinz College, and the Department of Social and Decision Sciences. It is directed by Lorrie Cranor.

Projects

40°26′40″N79°56′35″W / 40.444423°N 79.942984°W / 40.444423; -79.942984

Related Research Articles

<span class="mw-page-title-main">Software Engineering Institute</span> Federally funded research center in Pittsburgh, Pennsylvania, United States

Software Engineering Institute (SEI) is a federally funded research and development center in Pittsburgh, Pennsylvania, United States. Founded in 1984, the institute is now sponsored by the United States Department of Defense and the Office of the Under Secretary of Defense for Research and Engineering, and administrated by Carnegie Mellon University. The activities of the institute cover cybersecurity, software assurance, software engineering and acquisition, and component capabilities critical to the United States Department of Defense.

<span class="mw-page-title-main">Carnegie Mellon University</span> Private research university in Pittsburgh, Pennsylvania, U.S.

Carnegie Mellon University (CMU) is a private research university in Pittsburgh, Pennsylvania, United States. The institution was established in 1900 by Andrew Carnegie as the Carnegie Technical Schools. In 1912, it became the Carnegie Institute of Technology and began granting four-year degrees. In 1967, it became Carnegie Mellon University through its merger with the Mellon Institute of Industrial Research, founded in 1913 by Andrew Mellon and Richard B. Mellon and formerly a part of the University of Pittsburgh.

Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data privacy or data protection.

<span class="mw-page-title-main">Carnegie Mellon College of Engineering</span>

The Carnegie Mellon University College of Engineering is the academic unit that manages engineering research and education at Carnegie Mellon University. The College can trace its origins from Andrew Carnegie's founding of the Carnegie Technical Schools. Today, The College of Engineering has seven departments of study.

<span class="mw-page-title-main">Carnegie Mellon School of Computer Science</span> School for computer science in the United States

The School of Computer Science (SCS) at Carnegie Mellon University in Pittsburgh, Pennsylvania, US is a school for computer science established in 1988. It has been consistently ranked among the best computer science programs over the decades. As of 2024 U.S. News & World Report ranks the graduate program as tied for No. 1 with Massachusetts Institute of Technology, Stanford University and University of California, Berkeley.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of cybercrime.

A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.

The Platform for Privacy Preferences Project (P3P) is an obsolete protocol allowing websites to declare their intended use of information they collect about web browser users. Designed to give users more control of their personal information when browsing, P3P was developed by the World Wide Web Consortium (W3C) and officially recommended on April 16, 2002. Development ceased shortly thereafter and there have been very few implementations of P3P. Internet Explorer and Microsoft Edge were the only major browsers to support P3P. Microsoft has ended support from Windows 10 onwards. Internet Explorer and Edge on Windows 10 no longer support P3P as of 2016. W3C officially obsoleted P3P on 2018-08-30. The president of TRUSTe has stated that P3P has not been implemented widely due to the difficulty and lack of value.

<span class="mw-page-title-main">Carnegie Mellon Silicon Valley</span> Branch campus in California

Carnegie Mellon Silicon Valley is a degree-granting branch campus of Carnegie Mellon University located in Mountain View, California. It was established in 2002 at the NASA Ames Research Center in Moffett Field.

The Department of Social and Decision Sciences (SDS) is an interdisciplinary academic department within the Dietrich College of Humanities and Social Sciences at Carnegie Mellon University. The Department of Social and Decision Sciences is headquartered in Porter Hall in Pittsburgh, Pennsylvania and is led by Department Head Gretchen Chapman. SDS is known for research and education programs in decision-making in public policy, economics, management, and the behavioral social sciences.

<span class="mw-page-title-main">CERT Coordination Center</span>

The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center. The CERT/CC researches software bugs that impact software and internet security, publishes research and information on its findings, and works with businesses and the government to improve the security of software and the internet as a whole.

The economics of information security addresses the economic aspects of privacy and computer security. Economics of information security includes models of the strictly rational “homo economicus” as well as behavioral economics. Economics of securities addresses individual and organizational decisions and behaviors with respect to security and privacy as market decisions.

Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer, and can perform man-in-the-browser attacks.

MySecureCyberspace began in 2003 as an initiative by Carnegie Mellon CyLab and the Information Networking Institute to educate the public about computer security, network security and Internet safety. Inspired by the National Strategy to Secure Cyberspace, the initiative empowers users to secure their part of cyberspace.

Lorrie Faith Cranor is an American academic who is the FORE Systems Professor of Computer Science and Engineering and Public Policy at Carnegie Mellon University, Director and Bosch Distinguished Professor in Security and Privacy Technologies of Carnegie Mellon Cylab, and director of the Carnegie Mellon Usable Privacy and Security Laboratory. She has served as Chief Technologist of the Federal Trade Commission, and she was formerly a member of the Electronic Frontier Foundation Board of Directors. Previously she was a researcher at AT&T Labs-Research and taught in the Stern School of Business at New York University. She has authored over 110 research papers on online privacy, phishing and semantic attacks, spam, electronic voting, anonymous publishing, usable access control, and other topics.

<span class="mw-page-title-main">CERIAS</span>

The Center for Education and Research in Information Assurance and Security (CERIAS) of Purdue University, United States, is a center for research and education in areas of information security for computing and communication infrastructures.

The UK Large-Scale Complex IT Systems (LSCITS) Initiative is a research and graduate education programme focusing on the problems of developing large-scale, complex IT systems. The initiative is funded by the EPSRC, with more than ten million pounds of funding awarded between 2006 and 2013.

Privacy engineering is an emerging field of engineering which aims to provide methodologies, tools, and techniques to ensure systems provide acceptable levels of privacy. Its focus lies in organizing and assessing methods to identify and tackle privacy concerns within the engineering of information systems.

The Carnegie Mellon CyLab Security and Privacy Institute is a computer security research center at Carnegie Mellon University. Founded in 2003 as a university-wide research center, it involves more than 50 faculty and 100 graduate students from different departments and schools within the university. It is "one of the largest university-based cyber security research and education centers in the U.S."

Ragunathan "Raj" Rajkumar is the George Westinghouse Professor of Electrical and Computer Engineering at Carnegie Mellon University in Pittsburgh, Pennsylvania. He is also affiliated with the Robotics Institute and the Heinz School of Information Systems and Public Policy at Carnegie Mellon University. He also serves as the Director of the Metro21 Smart Cities Institute and as the Director of the Mobility21 USDOT National University Transportation Center at Carnegie Mellon University. He also leads the General Motors-CMU Connected and Autonomous Driving Collaborative Research Laboratory (CAD-CRL), and the Real-Time and Multimedia Systems Lab (RTML) there.