I’m currently a PhD student at University College London. I work across the boundaries of several disciplines, and belong to the UCL Centre for Research on Evolution, Search and Testing, the Human-Centered Systems and the Information Security groups. My PhD research is supervised by Jens Krinke and Angela Sasse, and funded by a UCL Computer Science Department Excellence studentship.
My research primarily focuses on bridging the gap between research methods in Human-Computer Interaction and Computer Security on the one hand, and real-world interaction and software design on the other end. I draw on theories and methods inspired by Ethnomethodology, particularly Suchman’s Situated Action, and Dourish’s writings on context and appropriation. I’m also interested in the application of Actor-Network Theory, controversy mapping and Phronetic social science to problems of deploying (security) technologies at scale.
My PhD thesis focuses on the appropriateness and appropriation of confinement technologies. Specifically, I’m interested in confining desktop applications on the typical computer of the typical information worker or productive computer user. Digital creators of all sorts have security needs just like the average netizen but often have far more complex expectations from their applications, which can rarely be met when sandboxes and access control mechanisms are introduced. For instance, applications commonly manipulate user files in automated ways, either to implement the retrieval of resources related to a user’s task at hand (office macros, movie subtitles and metadata, etc.) or to build bulk processing features (useful e.g. in photo editors, programming apps, etc.). Finding a middleground between such complex needs and file access over-entitlement is not trivial, and yet needed for such users.
Besides, advanced models like activity-based confinement or content-based confinement, just as much as policy-based confinement systems, rely on the specification of legitimate contexts of use to enforce access to user resources and device capabilities. It is often said that context is an important source of information for understanding users’ activities and needs, yet context as a physical environment for computation relates to users’ behaviour and goals only to a limited extent. My opinion is that security mechanisms should be entirely agnostic to the environment in which they are deployed, especially when sensing one’s environment is yet another channel for attackers to tamper a system. My approach, based on Dourish’s contextuality relationship, is to attempt to capture the relationships between the computing resources of users, exposing contextual relationships to end users and letting users manipulate them in ways meaningful to them. I am currently evaluating the feasibility of adversarial unsupervised recurrent activity learning, in order to progress towards this goal.
I’m currently investigating the driving forces of confinement research, and sheding light on the open problems often left aside that may be the key to deploying confinement for productive users. I’m doing so by comparing confinement research to theories of human action and by collecting evidence in-the-wild of what is actually going on on desktop systems. This evidence will allow me to provide a basis for evaluating classic and alternative models of process confinement and a list of requirements that confinement technologies must hold on to. My research is performed exclusively in the wild, and I place a strong emphasis on not priming users’ motivations, investigating meaningful and realistic interactions and not influencing how they express their security needs and expectations. My data collection system, once complete, will provide the evidence needed to progress towards all of the above questions, and more.
I also develop and maintain a series of tools for in-the-wild data collection along with many awesome UCL students and our head of group Angela Sasse. We’re currently building tools to capture passwords on Google Chrome, to capture multitasking and application behaviour metrics on Linux and generic websites for supporting the ethical and logistic requirements of field studies.
The password collection tool is the starting point of two side projects, led by UCL students which I supervise: a project to build tools for password reuse calculation, and risk metrics based on the quantity and type of password reuse; and a cross-cultural study of password habits across languages, types of keyboard layouts and cultural sites. If you’re a UCL undergraduate student or MSc (HCI-E or IS) student and interested in doing a project, or if you’re a researcher outside the US and UK and would like to collaborate with us, do contact me!
Why focusing on people?
My tools and methods allow me to go in the wild, and to take a truly person-centric stance on information security. Rather than sterile discussions on the technical details of security, we aim to understand what it’s like for lay citizens to juggle with the security requirements of the services they use, and to design products that solve their problems rather than ours. In my PhD research, I’m not interested in how easy it is for researchers to hook on system calls and enforce an arbitrary policy, but in why their default policy allows users to be productive and how easily users can tame abusing applications (for instance, I’m abashed that Android prevents me from revoking permissions to misbehavers).
Similarly, our password collection plugin focuses on password reuse. This problem of credential reuse is well-known, but is truly not a concern of either application developers or security researchers who provide alternatives to password. IT actors focus on what it costs them to deploy and how much they are to blame in case of security breaches, rather than how much their requirements will add to the strain their users face. Yet, users have to deal with tens of authentication methods and security rituals, and need coping mechanisms. Many researchers who develop alternatives to passwords ignore this reality and never study how the accumulation of security interactions would impact users and what coping mechanisms would emerge. By qualifying and quantifying reuse, we can help users be strategic about how they cope to reduce risk without increasing effort. This is only possible with a focus on people rather than technology, and by going in the wild.
In warning research for instance, a great deal of focus is put on forcing users to pay attention (by all stretches of the mind, including forcing users to retype the content of warning boxes), even though field evidence shows users won’t waste more than two seconds on warnings in daily use. A person-centric approach would look at quantifying the warnings users are exposed to and prioritising them or designing them away from every-day interactions. I’m happy to prodive consultancy on this topic or collaborate on warning design studies.
This ‘focus on people’ mentality, along with a couple of other study design principles we rely on in my group, will be the object of a publication in the future. Until then, feel free to write to me if you’re interested in discussing research methods on your topic!
Short Bio / Education
Before joining UCL, I worked at Inria Rennes as a research engineer where I built the first steps towards fully-distributed VR physics simulations. I obtained a MRes in computer science in Rennes, with a specialisation in distributed systems. I also worked on natural language processing for a short time whilst visiting FBK in Trento, Italy. There, I worked on the disambiguation and classification of named entities.
Prior to that, I trained as a computer security engineer at ENSIB (now INSA-CVL). I have a Diplôme d’ingénieur (equivalent to a MSc in engineering) in computer security. While at ENSIB, I completed a few projects aimed at simplifying system admistration and policy authoring for PIGA OS, a Linux desktop OS running a strengthened version of SELinux capable of enforcing policies on sequences of system calls. One of my projects aimed at proving that static MAC systems like SELinux are unable to provide the protection needed on desktop systems because they cannot reason about the context in which a system call occurs.
In more ancient times, I obtained my Bachelor’s degree of Computer Science from the University of Montpellier II with what’d be First Honours in the UK. I wrote RezTorrent, a low-memory CLI BitTorrent client alongside Boris Albar as part of my undergrad work. I was born and raised in Breizh, France, and grew up in a Franco-Spanish family. I speak French, English and Spanish fluently (albeit my Spanish vocabulary is terribly rusty).