CUPS - CMU Usable Privacy and Security Laboratory - Carnegie Mellon University, 5000 Forbes Ave., Pittsburgh, PA 15213

CUPS Laboratory Home

Carnegie Mellon Usable Privacy and Security Doctoral Training Program

Our first class of IGERT trainees: Bryan Pendleton, Rich Shay, Kami Vaniea, Patrick Kelley, Idris Adjerid, and Michelle Mazurek

Our second class of IGERT trainees: Peter Klemperer, Tim Vidas, Rebecca Balebako, Emmanuel Owusu, Dave Gordon

The Carnegie Mellon Usable Privacy and Security (CUPS) Doctoral Training program offers PhD students at Carnegie Mellon University a fundamentally new, cross-disciplinary training experience that prepares them to produce the key research advances necessary to reconcile ostensible tensions between security, privacy and usability, moving away from an "either-or" view of these goals to a deeper understanding of underlying tradeoffs and eventually towards solutions where security, privacy and usability are configured to reinforce each other. The goal of this program is to serve as a catalyst to shape the field of usable privacy and security by developing and training a new generation of researchers in methodologies, principles, and approaches that can be applied across systems and applications, in contrast to one-off solutions. This program leverages CMU's strong research programs in security, privacy, human computer interaction (HCI), behavioral economics, computer systems, artificial intelligence, and decision making, as well as a long tradition and strong commitment to interdisciplinary research.

The CUPS doctoral training program will help prepare the next generation of usable privacy and security researchers through an interdisciplinary program that combines classroom learning as well as collaborative research training with teams of mentors from different disciplines, internships, and a seminar series. These complementary approaches provide a solid grounding in theory and build on that foundation with research applied to important real-world problems. Interdisciplinary mentoring helps students to develop a richer understanding of the complex and interwoven goals coming from these different perspectives. All of these components contribute to a unique training program that integrates social and technical sciences and trains students to address inherently interdisciplinary problems.

The CUPS doctoral training program is supported through an NSF IGERT grant. Thanks to this support, we are able to offer PhD fellowships to U.S. citizens and permanent residents to participate in the CUPS doctoral training program.

Read more about our program in the Winter 2009/2010 issue of Carnegie Mellon Engineering Magazine and in our newsletter, The Saucer.

Faculty and Staff

The CUPS doctoral training program is affiliated with Carnegie Mellon CyLab and includes faculty from across the university, including the Institute for Software Research (ISR), the Human Computer Interaction Institute (HCII), the Engineering & Public Policy Department (EPP), the Electrical and Computer Engineering Department (ECE), the Computer Science Department (CSD), The Heinz College School of Information Systems and Management (ISM), the Social and Decision Sciences Department (SDS), the Information Networking Institute (INI) and the Tepper School of Business (TSB).

Core Faculty

  • Alessandro Acquisti, CyLab/ISM, Economics of privacy and behavioral economics of privacy
  • Lujo Bauer, CyLab/ECE, Usable computer security
  • Nicolas Christin, CyLab/INI, Information networks economics, security and policy
  • Lorrie Cranor (Program director), CyLab/EPP/ISR/SCS, Usable privacy and security
  • Julie Downs, SDS, Psychology, Decision science
  • Jason Hong, CyLab/HCII/SCS, Human computer interaction and usability
  • Norman Sadeh, CyLab/ISR/SCS, Pervasive computing, enterprise systems, AI and user-controllable security and privacy
  • Marios Savvides, CyLab/ECE, Biometric identification technologies

Supporting Faculty

  • Travis Breaux, SCS/COS/SE, Requirements and software engineering, risk and legal compliance, accessibility, privacy and security
  • David Brumley, ECE/SCS, Software security, network security, applied cryptography
  • Kathleen Carley, ISR/SCS, Computational organizational theory
  • Laura Dabbish, SCS/HCII/ISM, Computer-supported collaborative work
  • Anupam Datta, CyLab/SCS/ECE, Computer and network security and privacy, cryptography
  • Baruch Fischhoff, SDS/EPP, Risk perception and communication, Decision science
  • Greg Ganger, CyLab/ECE/SCS, Computer systems and security, Distributed systems
  • Virgil Gligor, CyLab/ECE, Distributed systems and network security
  • Cleotilde Gonzalez, SDS, human decision making in dynamic and complex environments
  • Jim Herbsleb, ISR/SCS, Software engineering
  • Ramayya Krishnan, ISM, Economics of information privacy and information security, social networks, and usability of mobile information services
  • Robert Kraut, HCII/SCS, Social impact of information technologies
  • George Lowenstein, SDS, Behavioral economics and psychology
  • Roy Maxion, SCS, keystroke dynamics/forensics, fault/masquerader/insider/intrusion detection, attacker/defender testbed, measurement and experimental methodology, reliable software/user interfaces
  • Brad Myers, HCII/SCS, User interfaces, Natural programming
  • Adrian Perrig, CyLab/ECE/EPP/SCS, Network security
  • Michael Shamos, ISR/SCS, Internet law and policy, electronic voting, and privacy Michael D. Smith, ISM/TSB, Privacy and online commerce, intellectual property security systems and consumer behavior
  • Rahul Telang, ISM, Economics of security and privacy


Applying to the Program

The CUPS doctoral training program offers students in PhD programs across the university an opportunity to participate in interdisciplinary research and education. CUPS PhD students come from several CMU PhD programs including the programs in Computation, Organizations and Society, Engineering and Public Policy, Human Computer Interaction, Computer Science, Electrical and Computer Engineering, Social and Decision Sciences, and Public Policy and Management. Perspective students should apply directly to these programs (or other CMU doctoral program) and also send a letter of interest to the CUPS program administrator indicating which CMU doctoral program they have applied to and describing their interest in CUPS-related research.

Two-year CUPS doctoral training fellowships are available to students who are US Citizens through the NSF IGERT program. At the conclusion of the fellowship period, students are expected to be funded through their advisors' research grants and other fellowship programs. Students funded through the NSF IGERT program are considered CUPS Trainees.

In addition, we offer a CUPS Associates program for other CUPS PhD students who are funded through their advisors' research grants and other fellowship programs.

Both CUPS trainees and CUPS associates who successfully complete the CUPS doctoral training program will receive a CyLab Usable Privacy and Security Meritorious Achievement Certificate awarded by the Carnegie Mellon University Information Networking Institute.

The CUPS Phd programs require students to be in residence at Carnegie Mellon's Pittsburgh campus for at least two years (and most students remain in residence for the entire program).

Current CMU students interested in participating in the CUPS program should contact the CUPS program administrator, Tiffany Todd, and provide the requested application materials.

Pittsburgh-area students and faculty who would like to receive announcements about CUPS events are welcome to join the CUPS mailing list.

If you are not a local community member but would like to get announcements about CUPS papers and related news, you may subscribe to our CUPS-friends mailing list by visiting

Program Requirements

CUPS students take a "core" set of at least four courses consisting of (a) 5-836/8-734 Usable Privacy and Security and (b) three approved full-semester courses from the CUPS course list in a variety of different areas to provide a multi-disciplinary coursework foundation for their research. Two approved mini courses may be substituted for one full-semester course. All courses must be completed with a grade of B- or better. Courses must include: a privacy or security course from the CUPS course list, a course from the CUPS course list in any category other than privacy or security, and an additional course from any category on the CUPS course list.

CUPS students are expected to participate in the weekly CUPS research seminar for at least two years (currently scheduled on Wednesdays at noon) and present their work at the seminar at least once each year. These presentations may range from early work-in-progress talks designed to solicit feedback and spark discussion, to practice talks for conference or job talk presentations.

CUPS students are expected to be actively involved in usable privacy and security research efforts, for example as evidenced by contributing substantially to at least two peer-reviewed academic papers related to usable privacy and security.

CUPS students are expected to present a paper or poster related to usable privacy and security at the Symposium On Usable Privacy and Security or other relevant academic conference.

Each of the CUPS Trainees will be mentored by at least two CUPS faculty members from complementary fields.

Major Research Efforts

At a high level, our research attacks the design and analysis of secure systems from a novel angle by considering humans as an integral part of the system under consideration, rather than a secondary constraint. Humans, however, have strengths and weaknesses considerably different from those of the rest of the system. Mismatches between what users can actually be expected to do and what the rest of the system assumes they will do is one of the main causes of security failures. To realign the system with human abilities, we will strive to reduce the need for human inputs where possible, but to simultaneously work towards systems that are more resilient and less prone to human faults. We will implement these strategies as a combination of the following three high-level approaches: (1) find ways to build systems that "just work" without involving humans in security-critical functions; (2) find ways of making secure systems intuitive and easy to use; (3) find ways to effectively teach humans how to perform security-critical tasks. These approaches will results in systems that take advantage of a better understanding of human decision making, leading to an implicit demand for designers to adapt to human intuition rather than the other way around. Specifically, our program has been organized around four strategic areas that are in dire need of more usable privacy and security solutions. These areas, which have some partial overlap, are: protecting users from semantic attacks, user-controllable privacy and security, privacy decision making, usable authentication and biometrics.

For more information about our research, see the research descriptions at our affiliated labs:

Advisory Board and External Evaluators

The CUPS advisory board is composed of leaders in industry and academia who advise the CUPS faculty.

  • John Fernandez, Chair, Department of Computing Sciences, Texas A&M University-Corpus Christi
  • Jeffrey Friedberg, Microsoft Chief Trust Privacy Architect
  • John Karat, Research Staff Member, IBM Privacy Research Institute, IBM TJ Watson Research Center
  • Diana Smetters, Google

Courtney Brown from the Center for Evaluation and Education Policy at Indiana University is overseeing the external evaluation of this program.