I’m a fan of the African (maybe?) proverb: “If you want to go fast, go alone. If you want to go far, go together.” In research, collaboration – bringing together different perspectives and shared resources – is the special sauce that can enable long-term success.
This year has yielded a number of high-quality manuscripts from my Security and Privacy Experiences (SPEX) group and from external collaborations. I have co-authored five new papers that have been accepted for publication.
Work from SPEX Students
- Sarah Tabassum, Nishka Mathew, and Cori Faklaris. “Privacy on the Move: Understanding Educational Migrants’ Social Media Practices through the Lens of Communication Privacy Management Theory.” In Proceedings of the ACM Journal on Computing and Sustainable Societies (COMPASS 2025) and associated conference, July 22-25, 2025, in Toronto, Canada. Association of Computing Machinery, New York, NY, USA. [Preprint]
This paper is the result of Sarah’s pre-dissertation work to identify socio-technical gaps for a key U.S. higher-ed population – educational migrants. Drawing on 40 interviews with international students from 14 countries, we introduce the concept of “triple presence” to describe migrants’ simultaneous engagement with their home country, host society, and diaspora communities. Using Communication Privacy Management (CPM) theory, the study reveals that privacy concerns shift across three migration stages—pre-migration, transition and arrival, and post-migration—highlighting increased vulnerability during transition and complex privacy negotiations post-migration. Migrants adopt strategies like platform segmentation, encrypted communication, and strategic disconnection to manage privacy turbulence caused by scams, surveillance, and cultural differences. Next step: Sarah is planning a participatory design study to probe how newer AI affordances may be useful for designing for culturally responsive privacy tools and platform-level interventions.
- Narges Zare, Cori Faklaris, Sarah Tabassum, and Heather Lipford. “Improving Mobile Security with Visual Trust Indicators for Smishing Detection.” In Proceedings of the IEEE 6th Annual World AI IoT Congress (AIIoT 2025), May 28-30, in Seattle, WA, USA. Institute of Electrical and Electronics Engineers, New York, NY, USA. [Preprint]
Since beginning her Phd in 2023, Narges has been studying how to counter the rise in mobile threats from smishing (SMS phishing). In this paper, we explore how visual trust indicators can empower mobile users to better detect these fraudulent messages. Through a user-centered design and evaluation process involving 30 participants, the study tested intuitive, color-coded icons—such as green checkmarks for legitimacy, yellow exclamation marks for caution, and red crosses for fraud—within realistic mobile messaging prototypes. Participants favored familiar, non-verbal icons for quick recognition, while tooltips offering clear, actionable guidance (like “report spam”) enhanced confidence, especially for ambiguous messages. The findings underscore the importance of accessible, customizable, and culturally sensitive design in mobile security interfaces. Next step: Narges is planning an online experiment to test hypotheses derived from this paper about which indicators are likely to perform the best.
Work with Collaborators
- Rajatsubhra Chakraborty, Xujun Che, Depeng Xu, Cori Faklaris, Xi Niu, and Shuhan Yuan. “BiasMap: Can Cross-Attention Uncover Hidden Social Biases?” In Proceedings of the CVPR 2025 Demographic Diversity in Computer Vision Workshop (CVPR 2025 DemoDiv), June 11, 2025, in Nashville, TN, USA. IEEE Computer Society and The Computer Vision Foundation, Ithaca, NY, USA, 10 pages. [Preprint]
It has been a delight to work with Raj and with Depeng (Raj’s main Phd advisor and a UNC Charlotte faculty colleague) on tackling mitigations for biased AI-generated imagery. This paper introduces a novel framework for detecting latent biases in text-to-image diffusion models like Stable Diffusion. Unlike traditional fairness audits that focus on output demographics, BiasMap uses cross-attention attribution maps to reveal how demographic attributes (e.g., gender, race) become spatially entangled with semantic concepts (e.g., professions) during image generation. The findings show that biases originate early in the model’s U-Net architecture and persist through the generation process, highlighting the limitations of current debiasing methods. We hope that this work will pave the way for more equitable generative AI systems.
- Noga Gercsak. “Enhancing Cybersecurity in DER-Based Smart Grids with Blockchain and Differential Privacy.” In Proceedings of the IEEE 6th Annual World AI IoT Congress (AIIoT 2025), May 28-30, in Seattle, WA, USA. Institute of Electrical and Electronics Engineers, New York, NY, USA. [Preprint]
Confession: I did not expect Noga – a student at David W. Butler High School in Matthews, NC – to get as far as she did in realizing this research vision! Noga followed up on a interest of mine to respond to the growing cybersecurity threats facing distributed energy resources (DERs) in smart grids. (DER examples: electric vehicle charging stations; smart thermostats and other home networked devices; arrays of solar panels connected to the larger electric grid.) Her paper proposes a novel framework that integrates blockchain technology and differential privacy to enhance system resilience, scalability, and data protection. The framework employs a lightweight blockchain for secure, tamper-proof communication and dynamic certificate management, while differential privacy adds noise to sensitive data to preserve anonymity without sacrificing utility. Through simulations involving certificate issuance, replay attacks, spoofing, and DDoS scenarios, the system demonstrated robust performance—achieving block creation times averaging 0.85 seconds and attack recovery in under 40 microseconds. The results show that this hybrid approach not only withstands cyberattacks but also maintains high efficiency and privacy, offering a promising path forward for securing DER-based smart grids in real-world deployments. (Earlier this year, Noga won the North Carolina engineering competition for the Junior Humanities and Science Symposium with her presentation of this work.)
- Jacob Hopkins, Carlos Rubio Medrano, and Cori Faklaris. “The Price Should Be Right: Exploring User Perspectives on Data Sharing Negotiations.” In Proceedings of the Fifteenth Usable Security and Privacy Symposium (USEC 2025), Feb. 24, 2025, in San Diego, CA, USA. Internet Society, Reston, VA, and Geneva, Switzerland. [Preprint]
Jacob’s Phd work focuses on how to rebalance the power dynamics in voluntary data-sharing events, such as when a bouncer asks for proof of your age at the bar door. He, me, and his faculty advisor at Texas A&M-Corpus Christi, Carlos Rubio Medrano, aim to empower individuals—data subjects—by enabling them to negotiate what personal data is shared and how it is used, rather than passively accepting opaque terms set by data requesters. Jacob envisions a multi-track user study, involving both data subjects and data requesters, to explore what data people are willing to share, under what conditions, and what controls both parties need to feel secure and informed. The study will inform the design of a future privacy negotiation framework that supports manual, automated, and semi-automated negotiations, with the goal of increasing transparency, minimizing privacy risks, and ensuring usability for a wide range of users. I love how his vision lays the groundwork for privacy-enhancing technologies that treat data exchange as a fair and informed negotiation—not a one-sided transaction.
