Dan S. Wallach’s research while affiliated with Rice University and other places

Understanding why developers continue to misuse security tools is critical to designing safer software, yet the underlying reasons developers fail to write secure code are not well understood. In order to better understand how to teach these skills, we conducted two comparatively large-scale usability studies with undergraduate CS students to assess factors that affect success rates in securing web applications against cross-site request forgery (CSRF) attacks. First, we examined the impact of providing students with example code and/or a testing tool. Next, we examined the impact of working in pairs. We found that access to relevant secure code samples gave significant benefit to security outcomes. However, access to the tool alone had no significant effect on security outcomes, and surprisingly, the same held true for the tool and example code combined. These results confirm the importance of quality example code and demonstrate the potential danger of using security tools in the classroom that have not been validated for usability. No individual differences predicted one’s ability to complete the task. We also found that working in pairs had a significant positive effect on security outcomes. These results provide useful directions for teaching computer security programming skills to undergraduate students.

In 2020, Inyo County, California partnered with nonprofit VotingWorks to pilot the use of the Verifiable Audits Using Limited Transparency technique (called VAULT) to conduct an efficient, privacy-preserving, publicly verifiable risk-limiting audit of seven contests in the November general election. We describe VAULT, the pilot, and the software implementation that made this pilot possible.

Despite significant research and engineering efforts, many of today's important computer systems suffer from bugs. To increase the reliability of software systems, recent work has applied formal verification to certify the correctness of such systems, with recent successes including certified file systems and certified cryptographic protocols, albeit using quite different proof tactics and toolchains. Unifying these concepts, we present the first certified file system that uses cryptographic primitives to protect itself against tampering. Our certified file system defends against adversaries that might wish to tamper with the raw disk. Such an "untrusted storage" threat model captures the behavior of storage devices that might silently return erroneous bits as well as adversaries who might have limited access to a disk, perhaps while in transit. In this paper, we present IFSCQ, a certified cryptographic file system with strong integrity guarantees. IFSCQ combines and extends work on cryptographic file systems and formally certified file systems to prove that our design is correct. It is the first certified file system that is secure against strong adversaries that can maliciously corrupt on-disk data and metadata, including attempting to roll back the disk to earlier versions of valid data. IFSCQ achieves this by constructing a Merkle hash tree of the whole disk, and by proving that tampered disk blocks will always be detected if they ever occur. We demonstrate that IFSCQ runs with reasonable overhead while detecting several kinds of attacks.

Objective To describe user-centered voting systems that would support the safe conduct of voting in a pandemic environment. Background The COVID-19 pandemic has complicated our democratic processes. Voters and poll workers feel threatened by the potential dangers of voting in business-as-usual polling stations. Indeed, significant problems were encountered in the recent 2020 primary elections in Wisconsin, where the National Guard had to be mobilized because so few poll workers reported to work, and more than 90% of polling places had to remain closed. Method We describe a number of possible user-centered solutions that would help protect voters and poll workers in times of pandemic, and also report the results of a survey that asked voters and poll workers about what kinds of systems might make them willing to vote. Results Political as well as safety considerations will need to be considered as these safer voting solutions are designed since, surprisingly, the kinds of solutions preferred depend on the political affiliation of the voters. Conclusion Human factors professionals have a large role to play in realizing the safe, successful implementation of these user-centered systems. Good human factors analysis can help minimize the risk to voters and poll workers. Moreover, human factors methods can help safeguard democracy by creating safe and well-engineered environments that are conducive to voting in the age of pandemics. Application Creating safe and effective voting solutions that protect voters and poll workers during pandemic outbreaks is crucial to the preservation of democracy.

Tor, the most widely used and well-studied traffic anonymization network in the world, suffers from limitations in its network diversity and performance. We propose to mitigate both problems simultaneously through the introduction of a premium bandwidth market between clients and relays. To this end, we present moneTor: incentivizing nodes to join and support Tor by giving them anonymous payments from Tor users. Our approach uses efficient cryptographic nanopayments delivered alongside regular Tor traffic. Our approach also gives a degree of centralized control, allowing Tor’s managers to shape the economy created by these payments. In this paper, we present a novel payment algorithm as well as a data-driven simulation and evaluation of its costs and benefits. The results show that moneTor is both feasible and flexible, offering upwards of 100% improvements in differentiated bandwidth for paying users with near-optimal throughput and latency overheads.

We investigate adblocking filters and the extent to which websites and advertisers react when their content is impacted by these filters. We collected data daily from the Alexa Top-5000 web sites for 120 days, and from specific sites that newly appeared in filter lists for 140 days. By evaluating how long a filter rule triggers on a website, we can gauge how long it remains effective. We matched websites with both a regular adblocking filter list (EasyList) and with a specialized filter list that targets anti-adblocking logic (Nano Defender). From our data, we observe that the effectiveness of the EasyList adblocking filter decays a modest 0.13\% per day, and after around 80 days seems to stabilize. We found no evidence for any significant decay in effectiveness of the more specialized, but less widely used, anti-adblocking removal filters.

A recent debate among election experts has considered whether electronic ballot marking devices (BMDs) have adequate security against the risks of malware. A malicious BMD might produce a printed ballot that disagrees with a voter's actual intent, with the hope that voters would be unlikely to detect this subterfuge. This essay considers how an election administrator can create reasonable auditing procedures to gain confidence that their fleet of BMDs is operating correctly, allowing voters to benefit from the usability and accessibility features of BMDs while the overall election still benefits from the same security and reliability properties we expect from hand-marked paper ballots.

HTTPS and TLS are the backbone of Internet security, however setting up web servers to run these protocols is a notoriously difficult process. In this paper, we perform two live subjects usability studies on the deployment of HTTPS in a real-world setting. Study 1 is a within subjects comparison between traditional HTTPS configuration (purchasing a certificate and installing it on a server) and Let's Encrypt, which automates much of the process. Study 2 is a between subjects study looking at the same two systems, examining why users encounter usability issues. Overall we confirm past results that HTTPS is difficult to deploy, and we find some evidence that suggests Let's Encrypt is an easier, more efficient method for deploying HTTPS.