@TuftsCS is hiring multiple tenure track positions. We're particularly interested in #HCI. Our department has several people in HCI-related fields and we're looking to build on that expertise. Come join us. @TuftsUniversity is a great place to work! https://t.co/CzBkSG6FWZ

She’s going to hate me for doing this, but I just want to say how proud I am of my wife @RBnCoffee, the new President-Elect of #APAPP!

Thanks @GoogleResearch for the generous gift in supporting our research on “ Designing Accessible Tools for Blind and Low-Vision People in Navigating Deepfake Media.”Excited to continue this work with my colleague and friend @JaronMink. https://t.co/tAAVyrNFUa

Please consider sending your awesome computer security & privacy papers to @USENIXSecurity '25! The cycle 2 deadline is Jan 22 AoE. Remember that writing about research ethics and open science (sharing datasets, code, scripts, etc.) is required! https://t.co/DwgnayZ5JP @tgianko

I'll be presenting our paper "A Qualitative Analysis of Practical De-Identification Guides" at a 3:30pm CCS session today. I collaborated with Aditya Kishore, @adamaviv, and @mmazurek_ on this work. Come say hi if you're here! Here's the paper:

I’m planning to hire 2 PhD students in Fall25 at @KhouryCollege! How do we make privacy easier for people? How do we address people’s real privacy needs objectively and subjectively? How does AI play a role in introducing and mitigating risks? Talk to me at #UIST2024 #HCOMP2024

I'll be recruiting PhD students this cycle! If you're interested in working at the intersection of cryptography, differential privacy, and ML, please reach out. I'll also be at @acm_ccs next week—find me if you'd like to chat! RTs appreciated 🙏

had so much fun yesterday hosting the first session of the policy red teaming working group @BKCHarvard !! truly a blast <3 mondays @12pm, if anyone is interested in joining remotely, reach out!

Excited to see our work in print📚 Read our work on telehealth privacy & security: https://t.co/3DBDyLnXd3 Grateful to collab wt @faiza_tazi @JosiahDykstra @PrashanthRajiv Kapil Madathil, Jiovanne Hughart, James T. McElliot @drvotipka 🙏 @TheOfficialACM @RitchieSchool @UofDenver

Any chance anyone got a picture of @ZenW00kie presenting? I had to head home early, so I didn't catch it. I guess I'll just have to wait for USENIX to post the videos.

I am incredibly grateful to have had the opportunity to present our paper, “Comparing Malware Evasion Theory with Practice: Results from Interviews with Expert Analysts” at #SOUPS2024. If you are interested in reading the paper: https://t.co/d2jkQ3nhGU

If you are around, @PriyankaBadva will be presenting our paper today after lunch. Track 1 1:30 pm–2:45 pm "Unveiling the Hunter-Gatherers: Exploring Threat Hunting Practices and Challenges in Cyber Defense" #usenix2024 @USENIXSecurity @CyberSecCDT @BristolCyberSec

@ShannonLantzy @sethcarmody1 @HealthCyberWG @MedCrypt @ada95ftw @_peterney Adding some more tags @TuftsUniversity, @TuftsCS (Can you tell I'm not good at Twitter? 😅)

This extreme labor of love, which required 2-years of recruiting could not have been done without our partners in the medical device and threat modeling communities, @ShannonLantzy, @sethcarmody1, @HealthCyberWG, @MedCrypt, @ada95ftw, and @_peterney.

From these results, we create a two-phase threat modeling process model, for future researchers investigating threat modeling in other domains and empirically assessing the efficacy of novel threat modeling supports. To learn more, check out the paper:

They navigated the system in an ad-hoc fashion, sometimes working left-to-right, reviewing similar assets, or focusing on a single use case (a strategy with limited previous discussion). Also, they often used multiple approaches during a single threat modeling session.

We observed the questions they asked could be grouped according to threat modeling's 4 questions, and further divided into the common subquestions in this picture. Also, the question order is flexible, sometimes starting with threats, but other with mitigations or safety concern.

We observed which parts of the system they focused on, how they elicited threats and mitigations in specific system components, and if they relied on a specific approach to traverse the system and ensure they covered every part of the potential attack surface.

We take a first step to answer this question through interviews with 12 medical device security experts, asking them to develop threat models for mock systems. This community offers a unique opportunity to study threat modeling as the FDA introduced threat modeling requirements.

Last, but not least, @ZenW00kie will be presenting first thing tomorrow at #usesec2024 about our work investigating medical device manufacturers' threat modeling processes. We all have probably heard about some process for threat modeling, but how do people actually do it?