CMU Researchers Receive IEEE Cybersecurity Award
By Josh Quicksall
The IEEE Center for Secure Design (CSD), a part of the IEEE Cybersecurity Initiative, has awarded their annual Cybersecurity Award for Practice to a team of researchers that includes ISR’s Lujo Bauer, Nicolas Christin, Lorrie Cranor as well as current and former students Saranga Komanduri, Michelle Mazurek, William Melicher, Sean Segreti, Rich Shay, and Blase Ur.
The IEEE CSD aims to shift focus in security from a reactive model of “bug fixing” to one which emphasizes identifying common design flaws - with the hopes of improving security & privacy designs and implementations through reflection on the part of software architects.
Launched in 2017, the IEEE Cybersecurity Award for Practice recognizes individuals who have generated transformative cybersecurity capabilities and concepts and is awarded at the annual IEEE Cybersecurity Development Conference (SecDev).
The award committee points to the role the team played in “establishing new and empirically validated methodologies for evaluating both password usability and strength against attacks,” going on to note that research by the group is acknowledged to have influenced the revision of NIST password guidance.
Their work over the past 9 years, the committee explains, sheds light on the question of how we can make passwords easier for users to remember yet harder for attackers to guess. “The group achieved this by developing a robust methodology for studying password strength and usability, and then using that methodology to show how better password policies and helpful feedback to users (powered by deep learning) can make passwords both more convenient and more secure.”