[Intelligence Seminar] April 6: Norman Sadeh, GHC 4303, 3:30, "User-Controllable Security and Privacy: Lessons from the Design and Deployment of a Family of Location Sharing Applications"

Noah A Smith nasmith at cs.cmu.edu
Tue Mar 30 11:00:49 EDT 2010

Joint Intelligence and ISR Seminar

Tuesday, April 6, 2010
GHC 4303

Title:  User-Controllable Security and Privacy: Lessons from the
Design and Deployment of a Family of Location Sharing Applications
Norman Sadeh, Carnegie Mellon University


Increasingly users are expected to configure a variety of
security and privacy policies on their own, whether s the firewall on
their home computer, their privacy preferences on Facebook, or access
control policies at work. In practice, research shows that users often
have great difficulty specifying such policies. This in turn can
result in significant vulnerabilities.  This presentation will provide
an overview of novel user-controllable security and privacy
technologies developed to empower users to more effectively and
efficiently specify security and privacy policies. In particular, I
will outline a new search-based methodology to design expressive
privacy and security policies as well as user-oriented machine
learning techniques that show promise in helping users refine their

Results from this research shed some light on why despite all the
hoopla, most location sharing applications available in the
marketplace today have failed to gain much traction.

I will attempt to conclude with a few thoughts on the role of AI in
the context of usable security and privacy research, an emerging area
that is intrinsically inter-disciplinary in nature.


Norman Sadeh is a Professor in the School of Computer Science at
Carnegie Mellon University. His broad research interests include Web
Security, Privacy and Commerce. He is co-Director of the School of
Computer Science's PhD Program in Computation, Organizations and
Society and directs the s Mobile Commerce Lab and e-Supply Chain
Management Lab. Norman has been on the faculty at Carnegie Mellon
since 1991. In the late nineties, he also served as Chief Scientist of
the European s $800M e-Work and e-Commerce program, which at the time
included all European-level cyber security and online privacy
research. He has authored over 160 scientific publications and
co-founded two companies. Norman is also well known for his work in
scheduling, constraint satisfaction and supply chain management, which
resulted in the successful deployment and/or commercialization of
several scheduling and supply chain management tools by companies such
as IBM, Numetrix (eventually acquired by JD Edwards, PeopleSoft and
Oracle), CACI, Ilog (now part of IBM) and others.

More information about the intelligence-seminar-announce mailing list