mupuf.org // we are octopimupuf.org

Steve Dodier-Lazaro

Research

I’m currently a PhD student at University College London. I work across the boundaries of several disciplines, and belong to the UCL Centre for Research on Evolution, Search and Testing, the Human-Centered Systems and the Information Security groups. My PhD research is supervised by Jens Krinke and Angela Sasse, and funded by a UCL Computer Science Department Excellence studentship.

My research primarily focuses on bridging the gap between research methods in Human-Computer Interaction and Computer Security on the one hand, and real-world interaction and software design on the other end. I draw on theories and methods inspired by Ethnomethodology, particularly Suchman’s Situated Action, and Dourish’s writings on context and appropriation. I’m also interested in the application of Actor-Network Theory, controversy mapping and Phronetic social science to problems of deploying (security) technologies at scale.

Current work

My PhD thesis focuses on the appropriateness and appropriation of confinement technologies. Specifically, I’m interested in confining desktop applications on the typical computer of the typical information worker or productive computer user. Digital creators of all sorts have security needs just like the average netizen but often have far more complex expectations from their applications, which can rarely be met when sandboxes and access control mechanisms are introduced. For instance, applications commonly manipulate user files in automated ways, either to implement the retrieval of resources related to a user’s task at hand (office macros, movie subtitles and metadata, etc.) or to build bulk processing features (useful e.g. in photo editors, programming apps, etc.). Finding a middleground between such complex needs and file access over-entitlement is not trivial, and yet needed for such users.

Besides, advanced models like activity-based confinement or content-based confinement, just as much as policy-based confinement systems, rely on the specification of legitimate contexts of use to enforce access to user resources and device capabilities. It is often said that context is an important source of information for understanding users’ activities and needs, yet context as a physical environment for computation relates to users’ behaviour and goals only to a limited extent. My opinion is that security mechanisms should be entirely agnostic to the environment in which they are deployed, especially when sensing one’s environment is yet another channel for attackers to tamper a system. My approach, based on Dourish’s contextuality relationship, is to attempt to capture the relationships between the computing resources of users, exposing contextual relationships to end users and letting users manipulate them in ways meaningful to them. I am currently evaluating the feasibility of adversarial unsupervised recurrent activity learning, in order to progress towards this goal.

I’m currently investigating the driving forces of confinement research, and sheding light on the open problems often left aside that may be the key to deploying confinement for productive users. I’m doing so by comparing confinement research to theories of human action and by collecting evidence in-the-wild of what is actually going on on desktop systems. This evidence will allow me to provide a basis for evaluating classic and alternative models of process confinement and a list of requirements that confinement technologies must hold on to. My research is performed exclusively in the wild, and I place a strong emphasis on not priming users’ motivations, investigating meaningful and realistic interactions and not influencing how they express their security needs and expectations. My data collection system, once complete, will provide the evidence needed to progress towards all of the above questions, and more.

I also develop and maintain a series of tools for in-the-wild data collection along with many awesome UCL students and our head of group Angela Sasse. We’re currently building tools to capture passwords on Google Chrome, to capture multitasking and application behaviour metrics on Linux and generic websites for supporting the ethical and logistic requirements of field studies.

The password collection tool is the starting point of two side projects, led by UCL students which I supervise: a project to build tools for password reuse calculation, and risk metrics based on the quantity and type of password reuse; and a cross-cultural study of password habits across languages, types of keyboard layouts and cultural sites. If you’re a UCL undergraduate student or MSc (HCI-E or IS) student and interested in doing a project, or if you’re a researcher outside the US and UK and would like to collaborate with us, do contact me!

Why focusing on people?

My tools and methods allow me to go in the wild, and to take a truly person-centric stance on information security. Rather than sterile discussions on the technical details of security, we aim to understand what it’s like for lay citizens to juggle with the security requirements of the services they use, and to design products that solve their problems rather than ours. In my PhD research, I’m not interested in how easy it is for researchers to hook on system calls and enforce an arbitrary policy, but in why their default policy allows users to be productive and how easily users can tame abusing applications (for instance, I’m abashed that Android prevents me from revoking permissions to misbehavers).

Similarly, our password collection plugin focuses on password reuse. This problem of credential reuse is well-known, but is truly not a concern of either application developers or security researchers who provide alternatives to password. IT actors focus on what it costs them to deploy and how much they are to blame in case of security breaches, rather than how much their requirements will add to the strain their users face. Yet, users have to deal with tens of authentication methods and security rituals, and need coping mechanisms. Many researchers who develop alternatives to passwords ignore this reality and never study how the accumulation of security interactions would impact users and what coping mechanisms would emerge. By qualifying and quantifying reuse, we can help users be strategic about how they cope to reduce risk without increasing effort. This is only possible with a focus on people rather than technology, and by going in the wild.

In warning research for instance, a great deal of focus is put on forcing users to pay attention (by all stretches of the mind, including forcing users to retype the content of warning boxes), even though field evidence shows users won’t waste more than two seconds on warnings in daily use. A person-centric approach would look at quantifying the warnings users are exposed to and prioritising them or designing them away from every-day interactions. I’m happy to prodive consultancy on this topic or collaborate on warning design studies.

This ‘focus on people’ mentality, along with a couple of other study design principles we rely on in my group, will be the object of a publication in the future. Until then, feel free to write to me if you’re interested in discussing research methods on your topic!

Teaching

I’m the teaching assistant of a variety of courses in UCL’s MSc in Information Security, including Language-Based Security and Information Security I. I’ve also helped out with running courses on Robotics Programming and Privacy-Enhancing Technologies.

In Language-Based Security, I run labs for introductory courses on dynamic and static analysis as well as formal reasoning about information flows in programs. I am generally interested in hearing about research involving information flow control, control-flow integrity, access control, and program analysis. The lecture and labs take the students through a variety of analysis and testing methods (data flow analysis, dependency analysis, fuzz testing, binary instrumentation, information flow analysis and non-interference, information flow quantification, decentralised label models and secure multi-execution).

In the labs, we learn the ropes of each approach by doing, and by openly and interactively discussing their advantages and limits. We connect methods to one another by seeing how they complement each other’s weaknesses. I particularly insist on how the methods only reflect the analysis problems at hand, and can be freely deconstructed, reconstructed and combined together to tackle larger issues.

FOSS

I’ve been contributing to free and open-source software since 2009, starting as a developer for the Xubuntu Linux distribution, as well as several pieces of software (Exaile and Xfce, mostly bug fixing). Unfortunately, I can’t seem to find the time to do it any more, so I merely contribute some patches to the bugs in my own pieces of software. I still occasionally pop-up on FOSS projects IRCs to discuss usability and to report bugs. These days, I help the Xfce Design Special Interest Group, mentor newcomers to Xfce and help promote and speak for the project. I’m one of the people behind the Xfce Twitter feed

I’m also loosely involved in security discussions around the Wayland display protocol. We’re working with Martin Peres from X.org/Intel on setting up Libwsm, an infrastructure for applications and compositors to negotiate permissions. We gave a talk about Libwsm at the X.Org Developer Conference 2014 (slides here). I place focus on allowing each individual actor (app developers, compositor developers, distributors, sysadmins and then end users) to decide by themselves what policies should apply, rather than having a single actor force a policy onto users. In particular, my Libwsm backend loads policy from a single file per application, in order to ensure full visibility on applied policies to whomever edits them. I also distinguish between actively written policy (hard permissions) and generally desirable rules (soft permissions) which can be modified in situation with mechanisms such as Trusted UIs. I partially ported GTK+’s File Chooser dialog to act as a Trusted UI, re-integrating features commonly needed by desktop app developers such as [automatic file type changing (code in a separate branch)] (https://github.com/Sidnioulz/SandboxGtk/). Part of my PhD research’s data collection is dedicated to evaluating the feasibility of more complex Trusted UIs than the traditional file chooser dialogue deployed in Windows 8 and OS X.

I provide one-off security and usability consultancy for FOSS projects on demand, but I don’t have time for sustained support. Feel free to get in touch in any case. I can provide consultancy for businesses if you can fund internships / projects for UCL students aligned with my research interests, or if you can remunerate me as you would an industry consultant.

Software Development

I have contributed to the following projects in the past:

  • Xfce, a Linux desktop environment, as a member of the Xfce Design SIG, but also by providing security expertise, bug triaging, public relations, programmer mentoring, and occasionally by patching Xfce software
  • Xubuntu, an Xfce based GNU/Linux distribution, contributing to various ways, by reviewing applications for use in Xubuntu, writing software meant to improve user experience, translating apps and documentation, and mostly by pissing the Xubuntu developers off all day long with my opinions.
  • Exaile, a python music player, as an external developer proposing feature- and bugfix- patches as a consequence for it’s use in Xubuntu – I’m very likely to keep working on Exaile when I find time for it

I also wrote (and am meant to maintain) the following software:

  • RezTorrent, a CLI bittorrent client with very little dependencies, as it’s lead developer. RZ was meant to evolve as the most interesting choice for seeding servers, but is currently not maintained since neither I nor the other developer can’t find the time to do the code re-factoring it requires.
  • Xfce4 Volume Daemon, as it’s developer and maintainer. XVD is used to control the volume keys and show synchronous volume notifications in Xubuntu. Nothing extraordinary here, though…
  • Context-Editor, an application for editing, visualizing and checking basic properties on the security properties used by Contextd - the application firewall written by Martin Peres, for the research team Security and Distributed Systems of the Laboratoire d’Informatique Fondamentale d’Orléans (LIFO). Both pieces of software are part of the PIGA-SYSTRANS software suite.
  • SODA CD, a prototype of VR physics simulation that runs collision detection in a fully distributed way. This prototype was written with Free software (Bullet Physics, Ogre 3D and Qt). My work led to a publication on the feasibility of collision detection on distributed systems. My former supervisor Valérie Gouranton is looking for students with an interest in distributed systems and constraint solving to continue this project and implement fully distributed collision handling.

I have co-founded the Shimmer Project with Pasi Lallinaho. It relates to design and artwork for desktop environments and applications. As I have for now retired from FOSS development, Pasi is now managing Shimmer on his own with help from Simon Steinbeiß. Shimmer mostly produces artwork for GTK+ systems, but has know-how on UI design as well.

Short Bio / Education

Before joining UCL, I worked at Inria Rennes as a research engineer where I built the first steps towards fully-distributed VR physics simulations. I obtained a MRes in computer science in Rennes, with a specialisation in distributed systems. I also worked on natural language processing for a short time whilst visiting FBK in Trento, Italy. There, I worked on the disambiguation and classification of named entities.

Prior to that, I trained as a computer security engineer at ENSIB (now INSA-CVL). I have a Diplôme d’ingénieur (equivalent to a MSc in engineering) in computer security. While at ENSIB, I completed a few projects aimed at simplifying system admistration and policy authoring for PIGA OS, a Linux desktop OS running a strengthened version of SELinux capable of enforcing policies on sequences of system calls. One of my projects aimed at proving that static MAC systems like SELinux are unable to provide the protection needed on desktop systems because they cannot reason about the context in which a system call occurs.

In more ancient times, I obtained my Bachelor’s degree of Computer Science from the University of Montpellier II with what’d be First Honours in the UK. I wrote RezTorrent, a low-memory CLI BitTorrent client alongside Boris Albar as part of my undergrad work. I was born and raised in Breizh, France, and grew up in a Franco-Spanish family. I speak French, English and Spanish fluently (albeit my Spanish vocabulary is terribly rusty).