We are the George Washington University/Usable Security and Privacy Lab (GWUSEC). The lab works on problems related to computer security and privacy, with a human centered approach. We are interested in learning why and how users interact, understand, and use/misuse security and privacy tools, and then we design and build better solutions. We are also interested in more general problems related to cybersecurity and privacy. If you want to find out more, please join one of our public activities.
- Apr 2021 Peter Mayer, Yixin Zou, Florian Schaub, and Adam J. Aviv have a new paper accepted at USENIX Sec''21
- Feb 2021 Ian Martiny, Gabriel Kaptchuk, Adam J. Aviv, Daniel S. Roche, and Eric Wustrow have a new paper accepted at NDSS'21
- Nov 2020 GWUSEC lab open house scheduled for Nov. 11, 2020 from 11:00am-12:30pm (EST). All are welcome. Register here.
- Nov 2020 Hirak Ray, Flynn Wolf, Ravi Kuber and Adam J. Aviv have a new paper accepted at PoPETS'21 on privacy perceptions in older adults
- Nov 2020 Rahel A. Fainchtein, Adam J. Aviv, Micah Sherr, Stephen Ribaudo, and Armaan Khullar have a new paper accepted at PoPETS'21 on Smart DNS
- Oct 2020 Hirak Ray, Flynn Wolf, Ravi Kuber and Adam J. Aviv have a new paper accepted at USENIX Sec'21 on password manager usage among older adult
- Aug 2020 Timothy J. Forman and Adam J. Aviv have a new paper accepted at ACSAC'20 on Double Patterns
- Aug 2020 Hassan Khan, Jason Ceci, Jonah Stegman, Adam J. Aviv, Rozita Dara, Ravi Kuber have a new paper accepted at ACSAC'20 on PIN usage
- June 2020 Raina Samuel, Philipp Markert, Adam J. Aviv, and Iulian Neamtiu have a new paper accepted at SOUPS'20 on the security and usability of Knock Codes. Read the arxiv (preprint).
- June 2020 Yasmine Acar will be joining the CS department as an Assistant Professor and Co-lab director of GWUSEC lab starting January 2021. Welcome aboard!
- May 2020 Philipp Markert is presenting our research at IEEE S&P (Oakland) on May 18th.
- May 2020 We've got a Twitter account @gwusec. Follow us for updates!
- May 2020 David Balash, Nelson Jaimes, and Collins Munyendo. Welcome aboard!
- May 2020 The lab website goes live!
Adam J. Aviv
Assist. Prof./Co-Lab Director
(starting Jul, 2021)
Postdoc in abstentia
Xiaoyuan (Owen) Wu
External Lab Collaborations
- PUSH Group: Privacy & Usable Security Human-centered Computing at University of Maryland, Baltimore County (UMD)
- Ravi Kuber
- Hirak Rey
- Flynn Wolf
- Security, Privacy, People lab (SP2) at University of Maryland, College Park (UMD)
- Michelle Mazurek
- Noel Wartford
- Security Privacy Interaction Lab at the University of Michigan (UM)
- Florian Schaub
- Yixin Zou
- Georgetown SecLab
- Micah Sherr
- Rahel Fainchtein
- Tim Forman (USNA/BSE) Now a ENS USN
The lab has a number of public and private activities. Everyone is welcome at the public events, without invitation. Attending a public event is a great way to meet people in the lab, and potentially getting involved in research.
- Security and Privacy Reading Group
The Security and Privacy Reading Group is a weekly public event where we discuss a recent research article related to security and privacy. A discussion lead will prepare a short presentation that will kick off the discussion. The reading group is also "brown bag lunch" and has a social component.
Tuesdays 1130-1230. Currently meeting virtually (email Prof. Aviv to be added to the mailing list).
- Lab Scrum Meetings
We have regular, scrum-like lab meetings where status updates on all projects are quickly presented. Non collaborators are allowed to attend, by invitation.
Friday 430-500. Currently meeting virtually.
- Social Hour/Lab Open House
Once a month, we have a social hour and lab open house where students, faculty, and prospective collaborators can socialize.
Second Friday of every month from 430-530, during the academic year.
Time/Place TBD as we assess social distancing requirements.
Join the lab!
So, you're interested in computer security and privacy research and you're interested in joining the lab? Great! We are always looking for new collaborators. What actions you should take depends on your background.
- Prospective PhD Students
We are always looking for new PhD students, and if you are applying to grad school and interested in usable security and privacy, please consider GW! Please email Adam Aviv with any inquiries, but be mindful, we may not follow up with everyone. Obvious form emails sent enmass will not receive a response, so please be sure to write a personal email that notes some background about yourself and what kinds of projects you're interested in researching. Do not attach a CV or resume: just let us know who you are and why you want to join the lab.
- GW Undergraduate/Masters Students
If you are a current GW student, either an undergraduate or masters students, the easiest way to get involved in the lab is to attend one of our public events. Participating in reading group or social hour is the fastest way to learn what is happening in the lab, as well as earn an invite to the lab meeting.
You may also email Adam Aviv if you are interested in research project, but you will likely be directed to attend a public event. If you cannot attend a public event, we can arrange other times to meet.
At GWUSEC, we strive to conduct the highest quality academic research that is inclusive, diverse, and impactful. In those pursuits, we are guided by the following principles:
- creativity — we reward creativity in our research, and do not confine or belittle others’ ideas;
- integrity — we value honesty and accuracy in our communications and reports;
- ethics — we consider the ethics of our research methods and treat our subjects with respect, always striving to minimize risk and maximize benefits;
- scientific rigor — we seek academic and scientific rigor in our research efforts to explore subject matters in-depth;
- inclusion — we recognize that that many groups have historically been marginalized in our field, and we strive to find ways to collaborate and partner with individuals across all backgrounds, races, and genders and uplift researchers and professionals who have been unjustly marginalized;
- humility — we are willing to admit when we are wrong, take action to correct mistakes in ourselves, and treat mistakes as learning opportunities;
- compassion — we show compassion to each other by supporting lab members in cases when their physical or mental health, personal life or family situation warrants special consideration;
- justice — we believe in racial justice and oppose discrimination based on age, gender, race, ethnicity, religion, (dis)ability, economic background and nationality, and condemn oppression in any form.
- impact — we are determined to conduct research that is impactful both within the scientific community and broadly for all humanity.
- Peter Mayer, Yixin Zou, Florian Schaub, and Adam J. Aviv. "Now I'm a bit angry:" Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them. 30th USENIX Security Symposium (USENIX Security 21). USENIX Association. Aug 2021. (pdf)
- Ian Martiny, Gabriel Kaptchuk, Adam J. Aviv, Daniel S. Roche, and Eric Wustrow. Improving Signal’s Sealed Sender. In the proceedings of the 2021 Network and Distributed Systems Symposium. NDSS'21. Feb 2021. (pdf)
- Hirak Ray, Flynn Wolf, Ravi Kuber, Adam J. Aviv. `Warn Them'' or ``Just Block Them''?: Comparing Privacy Concerns of Older and Working Age Adults. In the proceedings of the Privacy Enhancing Technology Symposium (PoPets'21). Jul. 2021.
- Rahel A. Fainchtein, Adam A. Aviv, Micah Sherr, Stephen Ribaudo, and Armaan Khullar. Holes in the Geofence: Privacy Vulnerabilities in “Smart” DNS Services. In the proceedings of the Privacy Enhancing Technology Symposium (PoPets'21). Jul. 2021.
- Hirak Ray, Flynn Wolf, Ravi Kuber, Adam J. Aviv. Why Older Adults (Don't) Use Password Managers. In the proceedings of the 2021 USENIX Security Symposium (Sec'21). Aug. 2021. (arxiv pre-print)
- Timothy J. Forman and Adam J. Aviv. Double Patterns: A Usable Solution to Increase the Security of Android Unlock Patterns. In the proceedings of the 2020 Annual Computer Security Applications Conference (ACSAC'20). Dec. 2020. (arxiv pre-print)
- Hassan Khan, Jason Ceci, Jonah Stegman, Adam J. Aviv, Rozita Dara, Ravi Kuber. Widely Reused and Shared, Infrequently Updated, and Sometimes Inherited: A Holistic View of PIN Authentication in Digital Lives and Beyond. In the proceedings of the 2020 Annual Computer Security Applications Conference (ACSAC'20). Dec. 2020. (arxiv pre-print)
- Raina Samuel, Philipp Markert, Adam J. Aviv, and Iulian Neamtiu. Knock, Knock. Who's There? On the Security of LG's Knock Codes. 2020 Symposium on Usable Security and Privacy (SOUPS'20). Pgs. 1-24. USENIX. 2020. (arxiv pre-print)
- Philipp Markert, Daniel V. Bailey, Maximillian Golla, Markus Dürmuth, and Adam J. Aviv. This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs. 2020 IEEE Symposium on Security and Privacy (SP'20). Pgs. 1525-1542. IEEE Computer Society. 2020
- Timothy J. Forman, Daniel S. Roche, and Adam J. Aviv. Twice as Nice? A Preliminary Evaluation of Double Android Unlock Patterns. Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems. (CHI EA ’20). Pgs. 1–7. Association for Computing Machinery. 2020