Associate Professor, SCS/ISR, EPP
Nicolas Christin is an Associate Professor in the School of Computer Science and in Engineering and Public Policy department at Carnegie Mellon University. He is affiliated with the Institute for Software Research, and is a core faculty member of Carnegie Mellon CyLab, the university-wide security institute. He also has courtesy appointments in the Electrical and Computer Engineering department and in the Information Networking Institute (INI).
Nicolas was a faculty in residence for three years (2005-2008) in CMU's research and education center in Japan (then known as CyLab Japan) located in Kōbe, which remains one of his favorite cities. After coming back to the U.S., Nicolas served as Associate Director of the INI from 2008 through 2013, and as a research faculty in ECE from 2013 through 2016.
Diplôme d'Ingénieur (1999), École Centrale de Lille
Master's (2000) and Ph.D. (2003) in Computer Science, University of Virginia.
In the final year (2002-2003) of his Ph.D., he was working at Nortel Networks.
Postdoctoral fellow (2003-2005), School of Information at UC Berkeley
His research interest is in computer and information systems security with a focus on security analytics, online crime, and human factors in security.
Most of his work is at the boundary of systems, networking and policy research.
More specifically, the different inter-related research threads in which he is currently involved are:
[in brackets, some of the venues where he is published on the subject]
- Online crime modeling: Current security attacks are more often than not financially motivated. We postulate that, by getting a more precise picture of the economic interactions between the different actors involved, we can better understand how to disrupt or thwart these attacks. This line of work is very applied, and combines economic modeling, network measurements, and public policy research. [USENIX Sec'15, CCS'14, USENIX Sec'14, ESORICS'14, EC'13, WWW'13, CCS'11, USENIX Sec'11, CCS'10, ...]
- Usable and secure authentication and passwords: Making systems more secure has generally been at odds with what humans are good at; for instance, longer passwords are near-impossible to memorize, complex security policies are ignored and therefore useless, and so forth. This has resulted in large security meltdowns. Rather than treating human factors as a constraint in secure system design, we try to exploit what people are skilled at to make systems more secure. For instance, humans can very quickly recognize patterns, make inferences from incomplete information, and respond positively to proper messaging. Our work in that space finds applications in authentication applications, smart password meters, mobile payment systems, automated teller machines, to name a few. [CHI'17, USENIX Sec'16, CHI'16, USENIX Sec'15, PETS'15, CHI'15, CHI'14, CCS'13, USENIX Sec'12, SOUPS'12, Oakland'12, CHI'11, FC'11, SOUPS'08, CHI'08, ...]
Software highlights include our open-source Carnegie Mellon password meter, and our neural network-based password cracker.
- Security economics: We keep hearing about security attacks and breaches, despite the fact that most security problems have relatively low-cost solutions (e.g., patching, stronger access control, audits). I am interested in 1) understanding why, from an economic standpoint, people and corporations are seemingly either not investing enough in security, or investing in the wrong things, and 2) finding out if there are economic remedies or incentive compatible algorithms, that we, as a society, can use to improve this sad state of affairs. Behavioral economics, game theory as well as system design play a significant role in this cross-disciplinary work. [AAAI'15, IJCAI'13, CSF'11, ESORICS'10, FC'10, EC'08, WWW'08, ...]