Faculty Recruiting Support CICS

Learning from the People: From Normative to Descriptive Solutions to Problems in Security, Privacy, & Machine Learning

23 Jan
Wednesday, 01/23/2019 4:00pm to 5:00pm
Computer Science Building, Room 150/151
Rising Stars

Abstract: Users often fall for phishing emails, reuse simple passwords, and fail to effectively utilize "provably" secure systems. These behaviors expose users to significant harm and frustrate industry practitioners and security researchers alike. As consequences of security breaches become ever more grave, it is important to study why humans behave seemingly irrationally. In this talk, I will illustrate how modeling the effects of structural inequities -- variance in skill, socioeconomic status, as well as culture and gender identity -- can both explain apparent irrationality in users' security behavior and offer tangible improvements in industry systems. Modeling and mitigating security inequities requires a combination of techniques from economic, data scientific, and social science methodologies to develop new tools for systematically understanding and mitigating insecure behavior.

Through novel experimental methodology, I empirically show strong evidence of bounded rationality in security behavior: Users make mathematically modelable tradeoffs between the protection offered by security behaviors and the costs of practicing those behaviors, which even in a highly usable system may outweigh the benefits, especially for less resourced users. These findings emphasize the need for industry systems that balance structural inequities and accommodate behavioral variance between users rather than one-size-fits-all security solutions. More broadly, my techniques for modeling and accounting for inequities have offered key insights in growing technical areas beyond security, including algorithmic fairness.

Bio: Elissa Redmiles is a PhD Candidate in Computer Science at the University of Maryland and has been a visiting researcher with the Max Planck Institute for Software Systems and the University of Zurich. Elissa's research interests are broadly in the areas of security and privacy. She uses computational, economic, and social science methods to understand users' security and privacy decision-making processes, specifically investigating inequalities that arise in these processes and mitigating those inequalities through the design of systems that facilitate safety equitably across users. Elissa is the recipient of a NSF Graduate Research Fellowship, a National Science Defense and Engineering Graduate Fellowship, and a Facebook Fellowship. Her work has been recognized with the John Karat Usable Privacy and Security Student Research Award, a Distinguished Paper Award at USENIX Security 2018, a Best Presentation Honorable Mention at EC2018, Most Engaging Talk at USENIX Security HotSec 2017, and a University of Maryland Outstanding Graduate Student Award. Additionally, Elissa's work has been featured in popular press publications such as Scientific American, Business Insider, Newsweek, and CNET.

A reception for attendees will be held at 3:30 p.m. in CS 150.