Stuart Schechter
My primary areas of research are security, human computer interaction, and ethics.
I believe strongly in open science. I am a member of the Ethical Research Project, helped create the ResearchWithoutWalls open-access pledge, and I attach my name to all peer reviews (eschewing the sense of impunity that comes with the ability to criticize others' work anonymously). I serve on the program committees of the Symposium on Usable Privacy and Security (SOUPS) and USENIX Security.
Publications
- Cristian Bravo-Lillo, Serge Egelman, Cormac Herley, Stuart Schechter, and Janice Tsai, You Needn't Build That: Reusable Ethics-Compliance Infrastructure for Human Subjects Research, in Cyber-security Research Ethics Dialog & Strategy Workshop (CREDS 2013), Microsoft Research, 23 May 2013
- Stuart Schechter, Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them, no. MSR-TR-2013-5, 15 January 2013
- Cristian Bravo-Lillo, Lorrie Cranor, Julie Downs, Saranga Komanduri, Stuart Schechter, and Manya Sleeper, Operating system framed in case of mistaken identity: Measuring the success of web-based spoofing attacks on OS password-entry dialogs, in Proceedings of the 19th ACM Conference on Computer and Communications Security, ACM, 18 October 2012
- Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart Schechter, and Collin Jackson, Clickjacking: Attacks and Defenses, in Proceedings of the 21st USENIX Security Symposium, USENIX, August 2012
- Eiji Hayashi, Oriana Riva, Karin Strauss, AJ Brush, and Stuart Schechter, Goldilocks and the Two Mobile Devices: Going Beyond All-Or-Nothing Access to a Device’s Applications, in Symposium On Usable Privacy and Security, ACM, 12 July 2012
- Peter Hornyack, Seungyeop Han, Jaeyeon Jung, Stuart Schechter, and David Wetherall, “These Aren’t the Droids You’re Looking For”: Retrofitting Android to Protect Data from Imperious Applications, in Proceedings of the 18th ACM Conference on Computer and Communications Security (ACM CCS), ACM, 17 October 2011
- David Wetherall, David Choffnes, Seungyeop Han, Peter Hornyack, Jaeyeon Jung, Stuart Schechter, and Xiao Wang, Privacy Revelations for Web and Mobile Apps, in Proceedings of Hot Topics in Operating Systems (HotOS), USENIX, 10 May 2011
- Robert Reeder and Stuart Schechter, When the Password Doesn't Work: Secondary Authentication for Websites, in IEEE Security and Privacy, vol. 9, no. 2, pp. 43--49, IEEE, March 2011
- Stuart Schechter, Security that is Meant to be Skin Deep: Using Ultraviolet Micropigmentation to Store Emergency-Access Keys for Implantable Medical Devices, in USENIX HealthSec 2010, Microsoft, 10 August 2010
- Stuart Schechter, Cormac Herley, and Michael Mitzenmacher, Popularity is Everything: A new approach to protecting passwords from statistical-guessing attacks, in The 5th USENIX Workshop on Hot Topics in Security (HotSec '10), USENIX, 10 August 2010
- David Molnar and Stuart Schechter, Self Hosting vs. Cloud Hosting: Accounting for the security impact of hosting in the cloud, in Proceedings of the Ninth Workshop on the Economics of Information Security (WEIS 2010), Microsoft Research, 8 June 2010
- Stuart Schechter, Gabriel Loh, Karin Strauss, and Doug Burger, Use ECP, not ECC, for Hard Failures in Resistive Memories, in ISCA 2010 (International Symposium on Computer Architecture), Association for Computing Machinery, Inc., June 2010
- Jon Howell and Stuart Schechter, What You See is What They Get: Protecting users from unwanted use of microphones, cameras, and other sensors, in Web 2.0 Security and Privacy, IEEE, 20 May 2010
- Jennifer Tam, Robert W. Reeder, and Stuart Schechter, I'm Allowing What? Disclosing the authority applications demand of users as a condition of installation, no. MSR-TR-2010-54, 18 May 2010
- Stuart Schechter, Security that is Meant to be Skin Deep: Using Ultraviolet Micropigmentation to Store Emergency-Access Keys for Implantable Medical Devices, no. MSR-TR-2010-33, 8 April 2010
- Maritza Johnson, Steven M. Bellovin, Robert W. Reeder, and Stuart Schechter, Laissez-faire file sharing: Access control designed for individuals at the endpoints, in New Security Paradigms Workshop, 10 September 2009
- Stuart Schechter and Robert W. Reeder, 1 + 1 = You: Measuring the comprehensibility of metaphors for configuring backup authentication, in The 2009 Symposium on Usable Privacy and Security (SOUPS), Association for Computing Machinery, Inc., 15 July 2009
- Stuart Schechter, A. J. Bernheim Brush, and Serge Egelman, It's no secret: Measuring the security and reliability of authentication via 'secret' questions, in Proceedings of the 2009 IEEE Symposium on Security and Privacy, IEEE Computer Society, Berkeley, CA, USA, 17 May 2009
- Stuart Schechter, Serge Egelman, and Robert W. Reeder, It's Not What You Know, But Who You Know: A social approach to last-resort authentication, in CHI '09: Proceeding of the twenty-seventh annual SIGCHI conference on Human factors in computing systems, ACM, New York, NY, USA, 9 April 2009
- Amy K. Karlson, A.J. Bernheim Brush, and Stuart Schechter, Can I Borrow Your Phone? Understanding Concerns When Sharing Mobile Phones, in Proceedings of CHI 2009, Association for Computing Machinery, Inc., April 2009
- Stuart E. Schechter, Rachna Dhamija, Andy Ozment, and Ian Fischer, The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies, in Proceedings of the 2007 IEEE Symposium on Security and Privacy, IEEE Computer Society, Washington, DC, USA, May 2007
- Andy Ozment and Stuart Schechter, Milk or Wine: Does Software Security Improve with Age?, in Proceedings of the 15th USENIX Security Symposium, USENIX, Vancouver, BC, Canada, July 2006
- Andy Ozment and Stuart E. Schechter, Bootstrapping the Adoption of Internet Security Protocols, in The Fifth Annual Workshop on the Economics of Information Security, Cambridge, UK, June 2006
- Andy Ozment, Stuart E. Schechter, and Rachna Dhamija, Web Sites Should Not Need to Rely on Users to Secure Communications, in W3C Workshop on Transparency and Usability of Web Authentication, New York, NY, USA, March 2006
- Stuart E. Schechter, Jaeyeon Jung, Will Stockwell, and Cynthia McLain, Inoculating SSH Against Address Harvesting, in Proceedings of The 13th Annual Network and Distributed System Security Symposium (NDSS'06), San Diego, CA, February 2006
Email:
<first>.<last>@microsoft.com
Interns:
You? (2013)
Cristian Bravo-Lillo (2012, CMU)
Saranga Komanduri (2012, CMU)
Alain Forget (2010, Carleton)
Kami Vaniea (2010, CMU)
Jennifer Tam (2009, CMU)
Serge Egelman (2008, now @ Berkeley)
Maritza Johnson (2008, Columbia U.)
Supervised while at MIT LL:
Andy Ozment (2006 now @ US Gov.)
Will Stockwell (2006, now @ DropBox)
Personal info:
My wife and occasional co-author
