Associate
Professor, Institute for Software
Research, and
Engineering and Public Policy
Online
privacy issues, privacy enhancing technology, usability
of privacy and security software, technology policy,
social impact of computers.
B.S. (Engineering
and Public Policy) 1992, Washington University in
St. Louis
M.S. (Technology and Human Affairs) 1993, Washington
University in St. Louis
M.S. (Computer Science) 1996, Washington University
in St. Louis
D.Sc. (Engineering and Policy) 1996, Washington University
in St. Louis
Carnegie
Mellon, 2003 -.
Lorrie Faith Cranor is an Associate Professor in the School of Computer Science and the department of Engineering and Public Policy at Carnegie Mellon University. She is director of the CMU Usable Privacy and Security Laboratory (CUPS). She has authored over 80 research papers on online privacy, phishing and semantic attacks, spam, electronic voting, anonymous publishing, usable access control, and other topics.
She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O'Reilly 2002). She has served on a number of boards, including the Electronic Frontier Foundation Board of Directors, and on the editorial boards of several journals. In 2003 she was named one of the top 100 innovators 35 or younger by Technology Review magazine. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University.
Representative
publications:
J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. Cranor. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. USENIX Security 2009.
A.M. McDonald, R.W. Reeder, P.G. Kelley, and L.F. Cranor. A comparative study of online privacy policies and formats. Privacy Enhancing Techonologies Symposium 2009.
P. Kumaraguru, J. Cranshaw, A. Acquisti, L. Cranor, J. Hong, M.A. Blair, and T. Pham. School of Phish: A Real-Word Evaluation of Anti-Phishing Training. SOUPS 2009.
L. Bauer, L. Cranor, R.W. Reeder, M.K. Reiter, and K. Vaniea. Real life challenges in access-control management. In CHI 2009: Conference on Human Factors in Computing Systems, pages 899-908, April 2009.
L. Cranor, P. Guduru, and M. Arjula. User Interfaces for Privacy Agents. ACM Transactions on Computer-Human Interaction, June 2006, pp 135-178.
L. Cranor. Web Privacy with P3P (2002). Sebastopol, CA: O'Reilly & Associates, Inc.
J. Gideon, S. Egelman, L. Cranor, and A. Acquisti. Power Strips, Prophylactics, and Privacy, Oh My! In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA.
J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Paper presented at the Workshop on the Economics of Information Security, June 7-8, 2007, Pittsburgh, PA.
L. Cranor, S. Egelman, S. Sheng, A. McDonald, and A. Chowdhury. P3P
Deployment on Websites. To be published in Electronic Commerce Research and Applications, 2008.
S. Egelman, L. Cranor, and J. Hong. You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. CHI 2008.
J. Downs, M. Holbrook, and L. Cranor. Behavioral Response to Phishing Risk. Proceedings of the 2nd Annual eCrime Researchers Summit, October 4-5, 2007, Pittsburgh, PA, p. 37-44.
P. Kumaraguru, Y. Rhee, S. Sheng, S. Hasan, A. Acquisti, L. Cranor and J. Hong. Getting Users to Pay Attention to Anti-Phishing Education:
Evaluation of Retention and Transfer. Proceedings of the 2nd Annual eCrime Researchers Summit, October 4-5, 2007, Pittsburgh, PA, p. 70-81.
S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti, L. Cranor, J.
Hong, and E. Nunge. Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish. In Proceedings of the 2007 Symposium On Usable Privacy and Security, Pittsburgh, PA, July 18-20, 2007.
P. Kumaraguru, Y. Rhee, A. Acquisti, L. Cranor, J. Hong, and E.
Nunge. Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System. In CHI 2007:
Conference on Human Factors in Computing Systems, San Jose, California, 28 April - May 3, 2007, 905-914.
J. Downs, M. Holbrook, and L. Cranor. Decision Strategies and Susceptibility to Phishing. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA.
Y. Zhang, J. Hong, and L. Cranor. CANTINA: A content-based approach to detecting phishing web sites. In Proceedings of the 16th International conference on World
Wide Web, Banff, Alberta, Canada, May 8-12, 2007.
Y. Zhang, S. Egelman, L. Cranor, and J. Hong Phinding Phish: Evaluating Anti-Phishing Tools. In Proceedings of the 14th Annual Network & Distributed System Security Symposium (NDSS 2007), San Diego, CA, 28th February - 2nd March, 2007.
R. W. Reeder, L. Bauer, L.F. Cranor, M.K. Reiter, K. Bacon, K. How, and H. Strong. Expandable Grids for Visualizing and Authoring Computer Security Policies. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI '08). 2008.
M. Prabaker, J. Rao, I. Fette, P. Kelley, L. Cranor, J. Hong, and N. Sadeh, Understanding and Capturing People's Privacy Policies in a People Finder Application, 2007 Ubicomp Workshop on Privacy, Austria, Sept. 2007.
L. Bauer, L.F. Cranor, R.W. Reeder, M.K. Reiter, and K. Vaniea. A User Study of Policy Creation in a Flexible Access-Control System. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI '08). 2008.
L. Bauer, L. F. Cranor, M. K. Reiter, and K. Vaniea. Lessons Learned from the Deployment of a Smartphone-Based Access- Control System. In Proceedings of the 2007 Symposium On Usable Privacy and Security, Pittsburgh, PA, July 18-20, 2007.
L. Cranor. A Framework for Reasoning About the Human in the Loop.
Usability, Psychology and Security 2008.
X. Sheng and L. Cranor. An Evaluation of the Effectiveness of US Financial Privacy Legislation Through the Analysis of Privacy Policies. I/S: A Journal of Law and Policy for the Information Society, Volume 2, Number 3, Fall 2006, pp. 943-979.
L. Cranor. 'I
Didn't Buy it for Myself': Privacy and Ecommerce Personalization. Proceedings of the 2nd ACM Workshop on Privacy in the Electronic Society, October 30, 2003, Washington, DC. B. Kowitz and L. Cranor. Peripheral Privacy Notifications for Wireless Networks. In Proceedings of the 2005
Workshop on Privacy in the Electronic Society, 7 November 2005, Alexandria, VA.
C. Kuo, S. Romanosky, and L. Cranor. Human Selection of Mnemonic Phrase-Based Passwords. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA.
|
