MC2 Researchers Present Eight Papers at USENIX/SOUPS

Researchers affiliated with the Maryland Cybersecurity Center (MC2) recently presented a total of eight papers at a pair of co-joined symposiums in Philadelphia that were focused on privacy and online security.

Three papers were presented at the 33rd USENIX Security Symposium held from August 14–16, and five others were presented at the Symposium on Usable Privacy and Security (SOUPS), which was held from August 11–13.

The USENIX event highlights the latest advances in computer system and network security and privacy, while SOUPS centers on research at the intersection of usability and security in information systems.

The MC2 papers addressed topics like privacy-related app reviews, user reactions to data access laws, password management for shared accounts, and diversity and safety in the cybersecurity community. These topics, and others presented, exemplify a commitment to human-centered security from Maryland faculty, postdocs and students, says Michelle Mazurek, an associate professor of computer science and the director of MC2.

“It’s rewarding to see our work stimulate valuable discussions and inspire new perspectives on privacy and security challenges,” says Mazurek, who co-authored seven of the eight papers presented.

Papers presented at the USENIX Security Symposium were:

“A Decade of Privacy-Relevant Android App Reviews: Large Scale Trends,” which presents an examination of 12 million privacy-related reviews from the Google Play Store over the past decade, revealing growing discussions about privacy concerns. The study highlights significant variations in privacy perspectives on a global scale. The MC2-affiliated co-authors are Omer Akgul (lead author, who received his doctorate from UMD and is now a postdoctoral researcher at Carnegie Mellon University) and Michelle Mazurek.

“Data Subjects’ Reactions to Exercising Their Right of Access,” which explores insights from 33 participants that reviewed their personal online data from companies like Amazon and Facebook. The study found that while participants were excited about discovering their data, they were often confused or alarmed by privacy implications. Michelle Mazurek is the MC2-affiliated co-author of this work.

“SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for Privilege Escalation,” which introduces a novel framework to find new memory corruption targets in Linux kernel vulnerabilities. It expands the search beyond specific structures, using novel fuzzing and differential analysis techniques, underscoring the need to proactively discover memory corruption targets. The MC2-affiliated co-authors are Erin Avllazagaj (lead author), Yonghwi Kwon and Tudor Dumitraș.

Papers presented at SOUPS were:

“A Survey of Cybersecurity Professionals’ Perceptions and Experiences of Safety and Belonging in the Community,” which examines the lack of diversity in the cybersecurity field. The study surveyed 342 cybersecurity professionals and revealed that women face more harassment and unsupportive work environments than men. All the groups interviewed reported low psychological safety, meaning they don't feel comfortable engaging or speaking up. Michelle Mazurek and MC2 alums Kelsey Fulton and Daniel Votipka—now assistant professors at Colorado School of Mines and Tufts University, respectively—are co-authors of this work.

“Write, Read, or Fix? Exploring Alternative Methods for Secure Development Studies,” which investigates alternatives to code-writing for security tasks to reduce participant stress. In a remote study, Python programmers completed two encryption tasks by writing, reading, or fixing code. Writing was most effective for uncovering security issues, while reading and fixing offered valuable insights and better participant experiences. MC2-affiliated co-authors are Kelsey Fulton (lead author), Joseph Lewis, Michelle Mazurek and Nathan Malkin, a former MC2 postdoctoral researcher and current assistant professor at the New Jersey Institute of Technology.

“Understanding How People Share Passwords,” which investigates password creation and management for shared accounts, a topic often overlooked in favor of single-user accounts. Through a survey of 300 U.S. users, the researchers found that creating passwords for shared accounts is typically done individually rather than collaboratively. It offers recommendations for developers to improve secure sharing practices. MC2-affiliated co-authors are Phoebe Moh (lead author), Andrew Yang, Nathan Malkin and Michelle Mazurek.

“How Entertainment Journalists Manage Online Hate and Harassment,” which looks at the digital safety challenges faced by entertainment journalists. Through interviews with nine journalists, it was found that harassment is a tough and unavoidable part of their work. The research highlights the need for increased support to lessen the personal burden of managing harassment. The MC2-affiliated co-authors are MC2 alum Noel Warford, (lead author, who received his doctorate from UMD and is now a visiting instructor of computer science at Oberlin College), Nicholas Farber and Michelle Mazurek.

“‘I can say I'm John Travolta … but I'm not John Travolta’: Investigating the Impact of Changes to Social Media Verification Policies on User Perceptions of Verified Accounts,” which examines how changes in social media verification policies. A survey showed most people noticed verification changes to platforms like Twitter/X and Meta/Facebook, but the policy shifts didn’t seem to change how users judge content credibility. The MC2-affiliated co-authors are Daniel Votipka and Michelle Mazurek.

—Story by Melissa Brachfeld, UMIACS communications group

Published August 21, 2024