Security, Privacy, and User Expectations: Case Studies in Web Tracking, Access Control, and User Interfaces
Franziska Roesner
University of Washington
Talk
Franziska (Franzi) Roesner is an assistant professor in Computer Science and Engineering at the University of Washington. She received her PhD from the University of Washington and her BS from the University of Texas at Austin. Her research focuses on security and privacy in various existing and emerging technological contexts, including the web, smartphones, and most recently, emerging augmented reality platforms.
As our world becomes more computerized and interconnected, computer security and privacy will continue to increase in importance. In this talk, I will focus specifically on examples of security and privacy challenges that I have addressed in my work by designing and building new systems that better match user expectations. First, I will describe an extensive study of how advertisers, social media sites, and others invisibly track users as they browse the Web, and a new defense resulting from this study. I will then describe an approach to permission granting in modern operating systems (such as smartphones) that is more secure and better matches user expectations than existing approaches. In this approach, called user-driven access control, the operating system is able to extract a user's permission granting intent from the way he or she naturally interacts with any application. Achieving user-driven access control uncovers security in the user interface as a distinct research direction, which I will describe in the third part of the talk.