Michelle L. Mazurek          

 

CIC 2220B                                                                             

4720 Forbes Avenue                                                               

Pittsburgh, PA 15213                                                              

 

mmazurek@andrew.cmu.edu                                                 

 

 

 

I’m a fourth-year PhD student in Electrical and Computer Engineering at Carnegie Mellon University. My research area is computer security, with emphasis on making systems that are both secure and usable.

 

I am advised by Greg Ganger and Lujo Bauer, and I also work frequently with Lorrie Cranor and Mike Reiter . I belong to the Parallel Data Lab as well as the CyLab Usable Privacy and Security lab. This year I am supported by a Facebook Fellowship.

 

My CV is here (PDF).

 

RESEARCH

Usable access control for personal data

We investigate how users think about and manage access control for their personal digital data. We explore architecture, mechanisms, and interfaces for helping users create and manage access-control policies in a secure, usable way.

 

Passwords: Security and usability

We investigate how password-composition policies affect the security of user-chosen passwords, as well as the usability of authentication. We also examine other issues related to usability/security tradeoffs in passwords, including the usability of one-time PIN systems designed to resist observation attacks.

 

Data placement and consistency for personal storage

Using an always-on abstraction enabled by new hardware, we design a file system that simplifies data placement and consistency protocols for users spontaneously accessing their data across several devices.

 

 

CONFERENCE PUBLICATIONS

How does your password measure up? The effect of strength meters on password creation
Blaser Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. In the 2012 USENIX Security Symposium, August 2012. PDF.

 

Correct horse battery staple: Exploring the usability of system-assigned passphrases
Richard Shay, Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Blase Ur, Tim Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. In SOUPS 2012: Symposium on Usable Privacy and Security, July 2012. PDF.

 

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms
Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Rich Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez. In the 2012 IEEE Symposium on Security and Privacy, May 2012. PDF.

 

Tag, You Can See It! Using tags for access control in photo sharing.
Peter F. Klemperer, Yuan Liang, Michelle L. Mazurek, Manya Sleeper, Blase Ur, Lujo Bauer, Lorrie Faith Cranor, Nitin Gupta, and Michael K. Reiter. In CHI 2012: Conference on Human Factors in Computing Systems, May 2011. PDF.

 

ZZFS: A hybrid device and cloud file system for spontaneous users.
Michelle L. Mazurek, Eno Thereska, Dinan Gundawardena, Richard Harper, and James Scott. In FAST 2012: USENIX Conference on File and Storage Technologies, February 2012. PDF.

 

Exploring reactive access control.
Michelle L. Mazurek, Peter F. Klemperer, Richard Shay, Hassan Takabi, Lujo Bauer, and Lorrie Faith Cranor. In CHI 2011: Conference on Human Factors in Computing Systems, May 2011. PDF.

 

Of passwords and people: Measuring the effect of password-composition policies.
Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Serge Egelman. In CHI 2011: Conference on Human Factors in Computing Systems, May 2011. CHI 2011 Honorable Mention. PDF.

 

Encountering stronger password requirements: User attitudes and behaviors.

Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Giovanni Leon, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. In SOUPS 2010: The Sixth Symposium on Usable Privacy and Security, July 2010. PDF.

 

Access control for home data sharing: Attitudes, needs and practices.

Michelle L. Mazurek, J.P. Arsenault, Joanna Bresee, Nitin Gupta, Iulia Ion, Christina Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, Richard Shay, Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, Gregory R. Ganger, and Michael K. Reiter. In CHI 2010: Conference on Human Factors in Computing Systems, April 2010. PDF.

 

 

REFEREED POSTERS

Measuring the effect of password-composition policies on security and usability.

Michelle L. Mazurek, Patrick Gage Kelley, Saranga Komanduri, Richard Shay, Lujo Bauer, Lorrie Faith Cranor, Nicolas Christin, Serge Egelman, Julio Lopez. Selected as a finalist in the NSF IGERT poster competition, May 2011. Poster, audio (flash).

 

Exploring reactive access control.

Richard Shay, Michelle L. Mazurek, Peter F. Klemperer, and Hassan Takabi. In CHI EA 2010: Extended Abstracts of the Conference on Human Factors in Computing Systems, April 2010.

 

 

TECH REPORTS

Guess again (and again and again): measuring password strength by simulating password-cracking algorithms.

Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Rich Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez. Technical Report CMU-CYLAB-11-008, CyLab, Carnegie Mellon University, August 2011. PDF.