Lujo Bauer
Professor, Electrical and Computer Engineering, Institute for Software Research
Lujo Bauer is a professor in the Electrical and Computer Engineering Department and in the Institute for Software Research at Carnegie Mellon University. He received his B.S. in Computer Science from Yale University in 1997 and his Ph.D. in Computer Science from Princeton University in 2003.
Bauer's research interests span many areas of computer security and privacy, and include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for run-time enforcement of security policies on programs, and generally narrowing the gap between a formal model and a practical, usable system. His recent work focuses on developing tools and guidance to help users stay safer online, and in examining how advances in machine learning can lead to a more secure future.
Bauer served as the program chair for the flagship computer security conferences of the IEEE (S&P 2015) and the Internet Society (NDSS 2014) and is an associate editor of ACM Transactions on Information and System Security.
Helping Users Manage Online Data
On the Future of AI
Education
2003 Ph.D., Computer Science, Princeton University
1999 MA, Computer Science, Princeton University
1997 BS, Computer Science, Yale University
Affiliations
Research Interests
- access control and authorization
- AI and ML for security
- Applications of security and privacy
- authentication and passwords
- autonomy
- cyberphysical systems (CPS)
- cybersecurity
- data security and privacy
- data/network science systems
- emerging applications security
- Formal methods
- formal methods for security
- Internet of Things (IoT)
- IoT security and privacy
- language-based security
- ML and AI
- mobile and app security and privacy
- network security
- privacy
- secure systems
- security of AI and ML
- smart infrastructure
- social networks security and privacy
- software security
- systems security
- Usability and human behavior
- usable privacy and security
- usable security
- web security
Media mentions
CyLab Security and Privacy Institute
Study explores tensions between IoT device owners and “incidental users”
A team of CyLab researchers conducted a study exploring the tensions that may arise between device owners and incidental users, who may or may not be comfortable as incidental users.
CyLab Security and Privacy Institute
CyLab researchers awarded MURI grant to study human-bot teams
Lujo Bauer, Matt Fredrikson, and Cleotilde Gonzalez are part of a team of researchers that was named a winner of a prestigious US Department of Defense (DoD) Multidisciplinary University Research Initiative (MURI) Award.
CyLab Security and Privacy Institute
Third round of Secure and Private IoT Initiative funded projects announced
Carnegie Mellon CyLab’s Secure and Private IoT Initiative (IoT@CyLab) has announced its third round of funding, which will support 12 Internet of Things (IoT)-related projects for one year.
Dark Reading
Bauer, Cranor, and Christin quoted on password security
CyLab’s Lujo Bauer, Nicolas Christin, and Lorrie Cranor were quoted on Dark Reading on their password research.
CyLab Security and Privacy Institute
Finally: a usable and secure password policy backed by science
After nearly a decade of studies, the passwords research group in Carnegie Mellon’s CyLab Security and Privacy Institute has developed a policy for creating passwords that maintains balance between security and usability—one backed by hard science.
CyLab Security and Privacy Institute
Three CyLab papers presented at the FTC’s PrivacyCon 2020
Three CyLab papers were presented at this year’s PrivacyCon, focusing on privacy and security nutrition labels, making privacy choices easier, and perceptions of advanced video analytics.
Forbes
Bauer on password safety
CyLab/ECE’s Lujo Bauer was quoted in a Forbes article about the importance of creating safe, unique passwords. “Reusing the same or a slightly changed password across accounts is a huge source of risk,” he said.
The Wall Street Journal
Bauer quoted on data privacy
CyLab/ECE’s Lujo Bauer was quoted in The Wall Street Journal on a new messaging app called Signal.
Fox News
Bauer quoted on password security
CyLab’s Lujo Bauer was quoted in Fox News on how users can keep their accounts safe using passwords.
CyLab Security and Privacy Institute
After a breach, users rarely change their passwords, and when they do, they’re often weaker
A recent study authored by CyLab researchers shows that only a minority of people change their passwords after a security breach, and those that do often change them to weaker ones.
CyLab Security and Privacy Institute
Passwords research group awarded the 2020 Allen Newell Award for Research Excellence
A group of CyLab faculty and graduate students were just awarded the Allen Newell Award for Research Excellence for their contributions from a decade of passwords research.
CyLab Security and Privacy Institute
Q&A with Lujo Bauer
Many Americans are entering their fifth of working remotely, which has resulted in new paradigms in their own and their employers’ cybersecurity and privacy. CyLab's Lujo Bauer has been monitoring the situation.