Small

Online reputation systems are ubiquitous for customers to evaluate businesses, products, people, and organizations based on reviews from the crowd. For example, Yelp and TripAdvisor rank restaurants and hotels based on user reviews, and RateMDs allows patients to review doctors and hospitals. These systems can however be leveraged by spammers to mislead and manipulate the inexperienced customers with fake but well-disguised reviews (spams). To comprehensively protect customers and honest businesses, advanced spam detection techniques have been deployed.

Mobile computing devices typically use encryption to protect sensitive information. However, traditional encryption systems used in mobile devices cannot defend against an active attacker who can force the mobile device owner to disclose the key used for decrypting the sensitive information. This is particularly of concern to dissident users who are targets of nation states.

Most real software systems consist of modules developed in multiple programming languages. Different languages differ in their security assumptions and guarantees. Consequently, even if single modules are secure in some language model and with respect to some security policy, there is usually no uniform security guarantee on a whole multilingual system. This project focuses on low-overhead techniques for providing security guarantees to software systems in which type-safe languages such as Java interoperate with native code.

This projects investigates the external and internal factors (e.g., demographic, personal, and psychological aspects) that impact senior citizens' online privacy behavior. The multi-perspective approach to address this question consists of surveys (standardized), intensive in-person interviews, focus groups, key stroke logging and log analysis and scenario based questionnaires to understand online privacy behavior and attitude.

Approximately six million Americans are targets of identity theft each year. Many of the attacks on identity privacy use psychological influence strategies ("psychological attacks?) to induce individuals to provide their private information. Although people are appropriately concerned about their privacy, they often unnecessarily disclose information that could be used to their disadvantage. Our studies have shown that people?s privacy exposure behaviors may be severely affected by psychological attacks.