Conference and Workshop Papers
Adrienne Porter Felt, Robert W Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Embre Acer, Elisabeth Morant, and Sunny Consolvo. “Rethinking Connection Security Indicators,” at SOUPS 2016.
Josh Tan, Khanh Nguyen, Michael Theodorides, Heidi Negron-Arroyo, Christopher Thompson, Serge Egelman, and David Wagner. “The Effect of Developer-Specified Explanations for Permission Requests on Smartphone User Behavior,” at CHI 2014.
Jethro Beekman and Christopher Thompson. “Breaking Cell Phone Authentication: Vulnerabilities in AKA, IMS and Android,” at WOOT 2013.
Christopher Thompson, Maritza Johnson, Serge Egelman, David Wagner and Jennifer King. “When It’s Better to Ask Forgiveness than Get Permission: Usable Attribution Mechanisms for Smartphone Resources,” at SOUPS 2013.
Maxfield Schuchard, Christopher Thompson, Nicholas Hopper and Yongdae Kim. “Peer Pressure: Exerting Malicious Influence on Routers at a Distance,” at ICDCS 2013.
Maxfield Schuchard, John Geddes, Christopher Thompson and Nicholas Hopper. “Routing Around Decoys,” at CCS 2012. Best Student Paper Award.
Peer-Reviewed Conference Posters/Short Papers
Christopher Thompson, Serge Egelman, and David Wagner. “The Effects of Developer-Specified Explanations for Smartphone Permission Requests,” at USENIX Security 2013.
Max Schuchard, Christopher Thompson, Nicholas Hopper, Yongdae Kim. “Taking Routers Off Their Meds: Why Assumptions of BGP Stability Are Dangerous,” at NDSS 2012.
Jethro Beekman and Christopher Thompson, “Man-in-the-Middle Attack on T-Mobile Wi-Fi Calling,” EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2013-18, March 2013.
Max Schuchard, Christopher Thompson, Nicholas Hopper, Yongdae Kim. “Taking Routers Off Their Meds: Unstable Routers and the Buggy BGP Implementations That Cause Them,” 2011, University of Minnesota CS&E TR 11-030.
(No current submissions.)
Security and Privacy of Wearable Computing
Wearable devices introduce a new set of security and privacy concerns above and beyond what we saw for mobile. We’re working on identifying and addressing potential risks, and trying to better understand how people will use wearable devices.
Usable Security for Mobile Devices
Mobile systems such as Android smartphones give us a new field for designing usably secure systems. How do people expect their phones to work? How can we align security systems with these mental models? How can we align protection mechanisms with the actual needs of users? My work with Prof. Wagner focuses on redesigning the permission systems for Android, and looking at how we can design better authentication, audit, and installation systems for these new devices.
IP Telephony Security on Android
Are modern IP telephony implementations on Android secure? I’m working with Jethro Beekman to analyze such systems and whether the underlying OS features are secure.
Privacy-Preserving Random Sampling
How do we collect random samples from a population that is sensitive to even their frequency being leaked? For applications like Tor and other anonymity systems, performing generalizable population analysis of the user base while preserving user privacy is a challenging problem. My senior thesis work looked at cryptographic designs to gather random samples from users without leaking how many total samples the user created. Future work is looking at a distributed version of the design.
Virtualization Security (2010-2011)
“Curious Observers” (2010)
How to protect email from curious observers at the mail provider, using an “encrypt on receipt” mechanism. A poster and a rudimentary implementation as a mail filter. This work was done while I was a research intern at the Information Trust Institute at the University of Illinois Urbana-Champaign working with Prof. Nikita Borisov.