PhD Student, Computer
University of Maryland, College Park
My research focuses on computer security, with an emphasis on the human factors affecting security professionals. I'm interested in understanding the processes and mental models of professionals who perform security related tasks such as vulnerability discovery, network defense, and malware analysis to provide research-based recommendations for education, policy, and automation changes to best leverage human intelligence against challenging computer security problems.
Finding security vulnerabilities in software is a critical task for any organization. Even though automated vulnerability discovery has made significant strides in recent years, human effort is still required. My goal is to develop a better understanding of how communities of practitioners discover (and report) software vulnerabilities. To understand the human factors of software vulnerability discovery, we are studying people with experience finding and reporting software vulnerabilities. This includes professional software testers, bug bounty program participants, Information Security professionals, and capture-the-flag competitors.
By understanding the methods, motivations, and learning processes of various practitioners, we aspire to illuminate best practices for eliminating bugs in code and develop better tools, training, and policies to support them.
This work has earned a USENIX Security Distinguised Paper award, a SOUPS Distinguished Poster award, and has been covered by the Tech Beacon.
Toward a Field Study on the Impact of Hacking Competitions on Secure Development. Daniel Votipka, Hongyi Hu, Bryan Eastes, and Michelle L. Mazurek. In WSIW 2018: Workshop on Security Information Workers. August 2018. Paper, Slides The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level (Distinguished Paper Award). Rock Stevens, Daniel Votipka, Elissa M. Redmiles, Colin Ahern, Patrick Sweeney, Michelle L. Mazurek. In USENIX Security 2018. The USENIX Security Symposium. Aug 2018. Paper. Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes (SOUPS '18 Distinguished Poster Award). Daniel Votipka, Rock Stevens, Elissa M. Redmiles, Jeremy Hu, and Michelle L. Mazurek. In IEEE S&P 2018: IEEE Symposium on Security and Privacy. May 2018. Paper, Slides, Talk
Mobile App Privacy
Smartphone apps have access to a significant amount of sensitive user data (e.g., location, SMS messages). Mobile operating systems regulate access by informing users and asking for thier consent whenever an app would like to collect sensitive data (typically the first time a resource is required). Users must decide whether the requested access is necessary to provide a useful feature or too invasive on their privacy based on limited contextual information.
In this line of research, we first study how users currently make these decisions and then use our findings to develop improved analyses and visualizations to provide the information necessary to make informed decisions.
User Comfort with Android Background Resource Accesses in Different Contexts. Daniel Votipka, Seth M. Rabin, Kristopher Micinski, Thomas Gilray, Michelle L. Mazurek, Jeffrey S. Foster. In SOUPS 2018: The Symposium on Usable Privacy and Security. Aug 2018. Paper, Slides User Interactions and Permission Use on Android. Kristopher Micinski, Daniel Votipka, Rock Stevens, Nikolaos Kofinas, Michelle L. Mazurek, and Jeffrey S. Foster. In CHI 2017: ACM Conference on Human Factors in Computing Systems. May 2017. PDF
Contact informationEmail: dvotipka@...edu 3421 A.V. Williams Building
College Park, MD 20742