Norman Sadeh
Professor, Software and Societal Systems Department
Co-Director, Privacy Engineering Program
Norman Sadeh is a professor in the School of Computer Science at Carnegie Mellon University (CMU). He is director of CMU’s Mobile Commerce Laboratory and its e-Supply Chain Management Laboratory, co-Founder of the School’s Ph.D. Program in Societal Computing and co-Director of the MSIT program in Privacy Engineering. He also co-founded and for 12 years co-directed the MBA track in Technology Leadership launched jointly by the Tepper School of Business and the School of Computer Science in 2005. Sadeh’s current research interests include cybersecurity, online privacy, mobile computing, the Internet of Things, artificial intelligence, user-oriented machine learning, human computer interaction, language technologies, and semantic web technologies.
Sadeh is also well known for his seminal work in AI planning and scheduling, agent-based supply chain management, workflow management, automated trading, including the design and launch of the international supply chain trading agent competition. Products based on his research have been deployed and commercialized by organizations such as IBM, Raytheon, Mitsubishi, Boeing, Numetrix (eventually acquired by JD Edwards/PeopleSoft/Oracle), ILOG (eventually acquired by IBM), and the US Army. His privacy research has been credited with influencing the design of products at companies such as Facebook and Google as well as activities at the US Federal Trade Commission and the California Office of the Attorney General. His work on automatically recognizing mobile user activities while minimizing battery life has influenced technologies found in most modern smartphones.
Sadeh is also a successful entrepreneur, having served as founding CEO and, until its acquisition, as chairman and chief scientist of Wombat Security Technologies, a company he co-founded to commercialize anti-phishing technologies he developed as part of research with several of his colleagues at CMU. Together with his collaborators, he grew Wombat Security Technologies into a leading provider of anti-phishing and cybersecurity awareness training technologies. The company was acquired for $225M by Proofpoint (NASDAQ: PFPT) in February 2018. By that time Wombat had well over 2,000 corporate customers, and had been named a clear leader in the Gartner Group’s Magic Quadrant in Security Awareness Computer-Based Training for four years in a row (since the inception of Gartner’s Quadrant in this sector). It had also been identified as one of the 500 fastest growing technology companies in North America for three consecutive years in Deloitte’s Technology Fast 500. In May 2018, Norman was honored with the 2018 Outstanding Entrepreneur of the Year award from the Pittsburgh Venture Capital Association.
In the late nineties, Sadeh was program manager with the European Commission’s ESPRIT research program, prior to serving for two years as chief scientist of the EU’s EUR 550M (US$650M) initiative in “New Methods of Work and eCommerce,” which included all pan-European research in cybersecurity and privacy. As such, he was responsible for shaping European research priorities in collaboration with industry and universities across Europe. These activities eventually resulted in the launch of over 200 R&D projects involving over 1,000 European organizations from industry and research. While at the Commission, he also contributed to a number of EU policy initiatives related to eCommerce, the Internet, cybersecurity, privacy, and entrepreneurship.
Sadeh received his Ph.D. in Computer Science at CMU with a major in Artificial Intelligence and a minor in Operations Research. He holds a MS degree in computer science from the University of Southern California and a BS/MS degree in electrical engineering and applied physics from the Free University of Brussels (Belgium) as “Ingénieur Civil Physicien.”
Sadeh has authored or co-authored around 300 scientific publications. He is also the author of m-Commerce: Technologies, Services and Business Models, a best-selling book published by Wiley in April 2002. He served as general chair of the 2003 International Conference on Electronic Commerce and as editor-in-chief of Electronic Commerce Research Applications (ECRA). He has served on the editorial board of several other journals and is currently on the board of I/S: A Journal of Law and Policy for the Information Society. Norman also sits on the advisory board of the Future of Privacy Forum.
Sadeh’s research, as well as his views on cybersecurity, privacy, mobile, and IoT technologies are often covered in the press (e.g. Wall Street Journal, Wired, New York Times, Chronicle of Higher Education, Pittsburgh Post Gazette, Kiplinger, Huffington Post, Fast Company, Tech Crunch).
Between 2008 and 2019, he was also a visiting professor at Hong Kong University, where he would spend two weeks each year.
Education
1991 Ph.D., Computer Science, Carnegie Mellon University
1986 M.Sc., Computer Science, Univ. of Southern California
1985 Ingénieur Civil Physicien (5-year BS/MS degree), The Free University of Brussels
Affiliations
Research Interests
- access control and authorization
- AI and ML for security
- Applications of security and privacy
- automotive and transportation security and privacy
- cyber physical systems security and privacy
- cybersecurity + privacy
- data security and privacy
- digital twins
- embedded systems security
- emerging applications security
- Formal methods
- formal methods for security
- Internet of Things (IoT)
- IoT security and privacy
- language-based security
- Measurement and analysis
- measurements of fraud, malware, spam
- ML and AI
- mobile and app security and privacy
- privacy
- privacy algorithms
- privacy engineering
- privacy enhancing technologies
- privacy policy and regulation
- risk analysis and management
- robotics
- security and privacy economics
- security education, awareness, and training
- security of AI and ML
- security policy and regulation
- social networks security and privacy
- software security
- threat analysis and modeling
- threat intelligence
- Usability and human behavior
- usable privacy and security
Media mentions
CyLab Security and Privacy Institute
CyLab hosts top cybersecurity researchers for the 2024 NSF SaTC PI Meeting
On Sept. 4-5, more than 500 of the world’s leading cyber-systems researchers convened in Pittsburgh for the 2024 National Science Foundation Secure and Trustworthy Cyberspace Principal Investigators’ Meeting (NSF SaTC PI), hosted by Carnegie Mellon University’s CyLab Security and Privacy Institute.
CyLab Security and Privacy Institute
CyLab faculty, students present research at the 33rd USENIX Security Symposium
Carnegie Mellon faculty and students presented on a wide range of topics at the 33rd USENIX Security Symposium. Held in Philadelphia on August 14-16, the event brought together experts from around the world, who highlighted the latest advances in the security and privacy of computer systems and networks.
CyLab Security and Privacy Institute
CyLab researchers present their work at 2024 SOUPS
Carnegie Mellon faculty and students shared their research at the 2024 Symposium on Usable Privacy and Security (SOUPS), which took place August 11-13 in Philadelphia.
CyLab Security and Privacy Institute
New tool helps mobile app developers create more accurate iOS privacy labels
Created by researchers at Carnegie Mellon University, Privacy Label Wiz is an easy-to-use, step-by-step resource to help developers create accurate mobile app privacy labels
Seattle Times
Sadeh quoted by the Seattle Times
SCS Professor Norman Sadeh explains why privacy should be top of mind for technology companies and shares his thoughts on the regulatory environment around artificial intelligence.
CyLab Security and Privacy Institute
CyLab icon connects users with online privacy choices
Have you noticed the new icon popping up on websites across the Internet? Thanks to researchers at Carnegie Mellon’s CyLab Security and Privacy Institute, the University of Michigan, and Fordham University, users can now easily make choices about how websites use their personal information, all in one convenient spot.
CyLab Security and Privacy Institute
CyLab names 2022 Presidential Fellows
Each year, CyLab recognizes high-achieving Ph.D. students pursuing security and/or privacy-related research with a CyLab Presidential Fellowship that covers one year of tuition.
CyLab Security and Privacy Institute
CyLab well represented at SOUPS 2022
There is no shortage of Carnegie Mellon (CMU) students and faculty participating in this year's Symposium on Usable Privacy and Security (SOUPS).
CyLab Security and Privacy Institute
Study reveals iOS privacy labels miss the mark
A new study from researchers at Carnegie Mellon’s Security and Privacy Institute shows users find Apple’s iOS privacy labels confusing, difficult to find.
CyLab Security and Privacy Institute
CyLab paper receives Privacy Papers for Policymakers Award
The paper captured people’s privacy expectations and preferences in the age of video analytics.
CyLab Security and Privacy Institute
Protect your security and privacy with these tips from CyLab faculty
In celebration of Cybersecurity Awareness Month, a collection of CyLab faculty have shared some tips they recommend following to stay safe online.
CyLab Security and Privacy Institute
Study further explores perceptions of video analytics
In general, people are somewhat aware of facial recognition technologies and tend to have mixed feelings about them, according to new research out of Carnegie Mellon University’s CyLab.