Abstract

Abstract: The human-centered security community has endeavored to improve end-user security tools' usability and effectiveness for the past 20 years. But security-critical decisions are made by more than just end users. It is necessary that we also simplify the security-critical tasks of security professionals such as secure development, vulnerability discovery, network defense, and malware analysis. In this talk, I will discuss recent research applying human-centered security methods and results to the study of security professionals. This talk will focus primarily on two case studies demonstrating this approach. First, I will discuss my research investigating what vulnerabilities developers commonly introduce, why these occur, and possible approaches to support improved outcomes. I will also present the results of my work studying the processes and mental models of white-hat hackers and malware analysts; developing an interaction model and guidelines to support more usable tool development.

Bio: Daniel Votipka is a Computer Science PhD Candidate at the University of Maryland, College Park. His research focuses on security-related decision making, focusing primarily on security professionals, including: understanding why developers introduce vulnerabilities; studying reverse engineering and vulnerability discovery processes; and how security professionals develop expertise. Daniel has received a USENIX Security Distinguished Paper award and was two-time finalist for the Facebook Graduate Fellowship and Symantec Research Labs Graduate Fellowship. He received his MS in Information Security, Technology, and Management from Carnegie Mellon University and his BS in Computer Science from the Illinois Institute of Technology.

https://tufts.zoom.us/j/662662738? pwd=aTZuY2dpY1dINnVmYVVJS282TEx1dz09

Password is: search