SergeEgelman
612 S. Dallas Avenue
Pittsburgh, PA 15217
USA
(434) 227-1337serge@guanotronic.comPhD studentComputation, Organizations, and SocietySchool of Computer Science, Carnegie Mellon UniversityExpected May2009BSComputer EngineeringMay2004School of Engineering and Applied Science, University of VirginiaP3P Deployment on WebsitesLorrie CranorSteve ShengAleecia McDonaldAbdur ChowdhuryTo be published in Electronic Commerce Research and
Applications2008You've Been Warned: An Empirical Study on the Effectiveness of
Web Browser Phishing WarningsLorrie CranorJason HongCHI '08: Proceedings of the SIGCHI conference on Human Factors in Computing Systems (Best Paper Nominee)2008
The Effect of
Online Privacy Information on Purchasing Behavior: An Experimental
Study
Janice TsaiLorrie CranorAlessandro AcquistiWorkshop on the Economics of Information Security (WEIS)June2007
Security User Studies:
Methodologies and Best Practices
Jen KingRobert C. MillerNick RagouzisErika ShehanCHI '07 Extended Abstracts on Human Factors in Computing
SystemsApril2007
Phinding Phish: An
Evaluation of Anti-Phishing Toolbars
Lorrie Faith CranorJason HongYue ZhangNDSS: Proceedings of the ISOC Symposium on Network and
Distributed System Security. Originally published as CyLab Technical
Report CMU-CYLAB-06-018February2007
Conference Report: SOUPS 2006
Janice TsaiIEEE Security & PrivacyNovember/December2006
An Analysis of P3P-Enabled Web Sites among Top-20 Search Results
Lorrie Faith CranorAbdur ChowdhuryProceedings of the Eighth International Conference on
Electronic CommerceAugust2006
Power
Strips, Prophylactics, and Privacy, Oh My!
Julia GideonLorrie CranorAlessandro AcquistiProceedings of the 2006 Symposium On Usable Privacy and
SecurityJuly2006
Studying The Impact
of Privacy Information on Online Purchase Decisions
Workshop on Privacy and HCI: Methodologies for Studying Privacy
Issues at CHI2006Janice TsaiLorrie CranorAlessandro AcquistiApril2006
The Real ID Act:
Fixing Identity Documents with Duct Tape
I/S: A Journal of Law and Policy for the Information
SocietyLorrie Faith CranorFall/Winter2005
Conference
Report: 14th USENIX Security Symposium
Kevin ButlerMing ChowJonathon DuerigBoniface HicksFrancis HsuStefan KelmMohan Rajagopalan;login:December2005
Report on
DIMACS Workshop and Working Group on Usable Privacy and Security
Software
Ponnurangam KumaraguruJanuary2005
Conference
Report: 13th USENIX Security Symposium
;login:Alvin AuYoungEric CroninMarc DoughertyRachel GreenstadtStefan KelmZhenkai LiangChad ManoNick SmithAshish RaniwalaTara WhalenWei XuDecember2004
Suing Spammers
for Fun and Profit
;login:April20042000Editorial on Linux.comIs The OSS
Model Failing?1999Peter
Norton's Complete Guide to LinuxMacmillan Computer PublishingInstallation1999Peter
Norton's Complete Guide to LinuxMacmillan Computer PublishingUser AdministrationSkillsResearch InterestsSoftware engineeringPrivacy technologiesSecurity technologiesUsabilityTechnical SkillsPerlC/C++JavaPHPBourne shell scriptingC#HTMLSystem AdministrationUNIX (primarily *BSD, Linux, OS X)WindowsApacheMySQLSendmailCUPSResearcherJune2004Carnegie Mellon UniversityCurrently a PhD student in the Computation, Organizations, and
Society program at CMU, I am advised by Prof. Lorrie Cranor. I work
primarily on privacy policy and usable privacy and security systems.
Current areas that I work in include creating more effective web browser
trust indicators, creating usable P3P tools, Internet
anonymity, and detection and prevention of phishing attacks. My
accepted dissertation proposal was entitled "Trust Me: Designing Trustworthy
Trust Indicators." My committee consists of Lorrie Cranor (chair), Jim
Herbsleb, Jason Hong, and Steve Bellovin (Columbia U.).Research InternJune2006September2006Xerox PARCDuring the summer of 2006 I worked in the Computer Science Lab
(CSL) at PARC. My main focus was on malware detection using
virtualization. The project involved creating a Windows kernel driver
that would intercept system calls (like a rootkit) on the guest
operating system, and then reporting back the state of the guest to the
host. Additional work focused on writing security mechanisms to protect
code running under a virtual machine.ResearcherMay2003December2003University of VirginiaI worked as a researcher in Professor Jorg Liebeherr's Multimedia
Networks Group, in the Department of Computer Science. Specifically I
was working on Hypercast, which is an application-layer multicast overlay
network. I was involved in designing and implementing an encryption and
authentication mechanism, content delivery optimizations, as well as an
XML-based configuration utility. All of this work was done in Java under
both Linux and Windows.Researcher2002University of VirginiaI worked as a researcher in Professor John Knight's Network
Survivability Research Group, in the Department of Computer Science.
This group mainly worked on creating fault resistant networks that could
detect and recover from attacks. My main role was developing a network
visualizer that took inputs from a variety of sensors (mainly intrusion
detection systems and packet loggers), and made it easy for a network
administrator to literally see all the data and thus be warned about
irregularities. Most of the work was done in Java using VTK to program
the OpenGL front-end.Developer20002001Tovaris: The Digital Identity CompanyI worked part time doing development in C++ for the Mithril Secure
Server (an encrypted email solution). I mostly wrote CGI code for
administering the servers from a front-end, although I did do some work
on the back-end. This involved getting very familiar with the OpenSSL
libraries. Most of the development was done under OpenBSD, using g++,
though I also did some work in perl.System Administrator20002002EarthSystems.orgI worked remotely as a part-time system administrator. My duties
included maintaining DNS, Apache, and Sendmail under FreeBSD. I also
troubleshooted the systems and answered technical questions.Technical Support / Developer / System Administrator19992000Broadband Network Services, Inc.I handled all of the technical support questions via telephone and
e-mail. I maintained and administrated all of our databases using MySQL.
This included setting up new database customers, adding and removing
databases, and maintaining MySQL. I used PHP, Perl, and bash to write
scripts to aid in system administration and to automate other common
tasks. I handled most of the website development that we were hired to
do; this included writing scripts, HTML, and database management. My
administrative responsibilities included maintaining our primary and
secondary DNS, sendmail, apache, and PHP. I also aided in creating and
removing accounts, setting up new virtual hosts, setting up and
maintaining network monitoring, and maintaining hardware; this included
building and configuring computers.Author1999Waterside Prodctions, Inc.I was hired by Waterside Productions (Peter Norton's literary
agent) to write two chapters for their book, Peter Norton's Complete
Guide to Linux. The chapters were entitled "Installation" and "User
Administration", the book was published in October of 1999 by Macmillan
Computer Publishing.Professional Memberships and ActivitiesInvited ExpertWeb Security Context (WSC) Working GroupWorld Wide Web Consortium (W3C)2007Poster Session Co-ChairAnti-Phishing Working Group eCrime Researchers Summit2007Program CommitteeCHI 2007 Workshop - Security User Studies: Methodologies and
Best Practices2007Program CommitteeComputers, Freedom, and Privacy (CFP) Conference2006Legislative Concerns Chair, Board of DirectorsNational Association of Graduate and Professional Students
2006Vice President for External AffairsCarnegie Mellon University Graduate Student
Assembly2006Discussion Sessions ChairSymposium on Usable Privacy and Security (SOUPS)2005Invited ExpertThe Platform for Privacy Preferences (P3P) 1.1 Working GroupWorld Wide Web Consortium (W3C)20042006MemberAssociation for Computing Machinery2004MemberUSENIX2004MemberAmerican Civil Liberties Union2001AwardsTor Graphical User Interface Design
Competition2006
Phase 1 Overall WinnerUSENIX Student Stipend RecipientUSENIX2005I was awarded a student stipend to attend the 2005 USENIX
Security Conference in Baltimore, MD.USENIX Student Stipend RecipientUSENIX2004I was awarded a student stipend to attend the 2004 USENIX
Security Conference in San Diego, CA.USENIX Student Stipend RecipientUSENIX2003I was awarded a student stipend to attend the 2003 USENIX
Security Conference in Washington, DC.University of Virginia Dean's List of ScholarsI was included on the Spring 2003 and 2004 Dean's List of Scholars.
Publisher's Clearing House FinalistI may already be a winner.October2007