David G. Balash

Hello, and welcome to my web page. I am an assitant professor of computer science at University of Richmond. My scholarly activities contribute to the area of usable security and privacy, which focuses on human factors in security, a discipline at the intersection of human computer interaction and computer security. Research problems in usable security ask questions not just about how to measure and design secure systems but also about how humans, as users and designers of these systems, play a fundamental role in their security. I am also pursuing new research that will investigate the emergent risks around bias, security and privacy that arise from artificial intelligence and machine learning systems.

News

Aug 23	Presented our work on S&P impacts of Exam Proctoring at USENIX Security '23 in Anaheim, CA.
May 23	Presented our work on Privacy label consumer impact at CACTUS/P in College Park, MD.
Dec 22	Presented our work on Ad inferneces at CACTUS/P Pittsburgh, PA.
Aug 22	Presented our work on API Privacy at USENIX Security '22 in Boston, MA.
Jul 22	New paper on S&P impacts of Exam Proctoring accepted at USENIX Security '23.
Jun 22	Awarded Design of Trustworthy AI and Future Work Systems NSF PhD Fellowship.
May 22	Presented our work on Privacy Labels at CACTUS/P in Washington, DC.
Dec 21	Presented our work on API Privacy at CACTUS/P in College Park, Maryland.
Sep 21	New paper on API Privacy accepted at USENIX Security '22.
Aug 21	Co-presented our work Privacy Dashboards at USENIX Security '21.
Aug 21	Presented our work on Exam Privacy at SOUPS '21.
May 21	New paper on Exam Privacy accepted at SOUPS '21.
Apr 21	New paper on Privacy Dashboards accepted at USENIX Security '21.

Current Research

Privacy Dashboards
Privacy dashboards and transparency tools help users review and manage the data collected about them online. We seek to understand how privacy dashboards and transparency tools affect concerns about and benefits from data collection.

App-Based Privacy Nutrition Labels
The ubiquitous surveillance and data collection regime embedded within modern web and mobile ecosystems has led to several interventions meant to empower users to make choices to restrict and manage their privacy. Privacy nutrition labels offer an approach that is modeled after food nutrition labeling. Like a food label, a privacy nutrition label describes the data collection and usage practices of a service. The standardization of privacy labels offers a unique opportunity for a comprehensive study of the self-reported data collection and use policies of an entire app ecosystem.

API Privacy
Online services like Google provide a variety of application programming interfaces. These online APIs enable authenticated third-party services and applications to access a user's account data for tasks such as single sign-on, calendar integration, and sending email on behalf of the user, among others. Despite their prevalence, API access could pose significant privacy and security risks, where a third-party could have unexpected privileges to a user's account.

Security and Privacy Implications of Remote Proctoring
The problem of how to perform student assessment in an online environment has become increasingly relevant, leading many institutions and educators to turn to online proctoring services to administer remote exams. These services employ various student monitoring methods to curb cheating, including restricted browser modes, video/screen monitoring, local network traffic analysis, and eye tracking. We explore the security and privacy perceptions of the student test-takers being proctored.

Publications

David G. Balash, Rahel A. Fainchtein, Elena Korkes, Miles Grant, Micah Sherr, and Adam J. Aviv.
Educators' Perspectives of Using (or Not Using) Online Exam Proctoring.
32nd USENIX Security Symposium (USENIX Security 23). Aug 2023.

David G. Balash, Xiaoyuan Wu, Miles Grant, Irwin Reyes, and Adam J. Aviv.
Security and Privacy Perceptions of Third-Party Application Access for Google Accounts.
31st USENIX Security Symposium (USENIX Security 22). Aug 2022.

David G. Balash, Dongkun Kim, Darika Shaibekova, Rahel A. Fainchtein, Micah Sherr, and Adam J. Aviv.
Examining the Examiners: Students' Privacy and Security Perceptions of Online Proctoring Services.
17th Symposium on Usable Security and Privacy (SOUPS '21). Aug 2021.

Florian Farke, David G. Balash, Maximilian Golla, Markus Dürmuth, and Adam J. Aviv.
Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google's My Activity.
30th USENIX Security Symposium (USENIX Security '21). USENIX Association. Aug 2021.