Bio sketch
I am with Carnegie Mellon University, as the Associate Director of the Information Networking Institute (INI). I am in addition on the research faculty (officially, as a Senior Systems Scientist) of INI and CyLab, and have courtesy appointments in the Electrical and Computer Engineering and Engineering and Public Policy departments. I am Faculty Advisor for the Master's of Information Security, Technology, and Management (MSISTM), the Athens Master's of Information Networking (MSIN), and the Kobe Master's of Information Technology-Information Security (MSIT-IS). I am also a core faculty in our Carnegie Mellon Usable Privacy and Security Doctoral Training Program, supported through an NSF IGERT grant.
I received a Diplôme d'Ingénieur (1999) from École Centrale de Lille, a Master's (2000) and a Ph.D. (2003) in Computer Science from the University of Virginia. In the final year (2002-2003) of my Ph.D., I was working at Nortel. I then spent two wonderful years (2003-2005) as a postdoctoral fellow in the School of Information at UC Berkeley, before joining Carnegie Mellon in July 2005. I was a faculty in residence for three years (2005-2008) in our research and education center in Japan, CyLab Japan, located in Kōbe, which remains one of my favorite cities.
Research overview
My research interest is in computer and information systems networks. Most of my work is at the boundary of systems and policy research, with a definitive slant toward security aspects. While a good portion of my research activities could be qualified of applied research, I try as much as possible to rely on strong theoretical foundations in my work.
More specifically, the projects that currently capture my
(admittedly short) attention span are:
[in brackets, some of the venues where we published on the subject]
- Online crime modeling: Current security attacks are more often than not financially motivated. We postulate that, by getting a more precise picture of the economic interactions between the different actors involved in these attacks, we can better understand which disruptive strategies work best. This line of work is very applied, and combines economic modeling, network measurements, and public policy research. [CCS'11, USENIX Sec'11, CCS'10, ...]
- Security economics: We keep hearing about security attacks and breaches, despite the fact that most security problems have relatively low-cost solutions (e.g., patching, stronger access control, audits). I am interested in 1) understanding why, from an economic standpoint, people and corporations are seemingly either not investing enough in security, or investing in the wrong things, and 2) finding out if there are economic remedies or incentive compatible algorithms, that we, as a society, can use to improve this sad state of affairs. Behavioral economics, game theory as well as system design play a significant role in this cross-disciplinary work. [CSF'11, ESORICS'10, FC'10, EC'08, WWW'08, ...]
- Security and psychology: Making systems more secure has generally been at odds with what humans are good at; for instance, longer passwords are near-impossible to memorize, complex security policies are ignored and therefore useless, and so forth. This has resulted in large security meltdowns. Rather than treating human factors as a constraint in secure system design, we try to exploit what people are skilled at to make systems more secure. For instance, humans can very quickly recognize patterns, or make inferences from incomplete information. Our works in that space find applications in authentication applications, mobile payment systems, automated teller machines, to name a few. [Oakland'12, CHI'11, FC'11, SOUPS'08, CHI'08, ...]
- Smart phone security: While computer operators are responsible for maintaining their machines, smart phone users are by and large at the mercy of their carriers; in fact a majority of users do not even have sufficient administrative privileges to install updated versions of their mobile operating systems on their own. At the same time, mobile devices concentrate even more private information than computers (e.g., GPS coordinates, call logs). Relatively slow, market economics-driven patch cycles, combined with the large amount of private information held on smart phones and the growing computational power that these devices can offer, pose some unique security and privacy challenges. Our goal here is to better understand the nature of these challenges, and what we can do to address them. [DFRWS'11, WOOT'11, MobiSys'09, ...]
Other topics I have been involved in, and am still interested in, include building systems that better support service differentiation, or, to use 21st century terminology, that better cope with "network discrimination," and economics-informed network topology design.
My current research work is partially supported by the National Science Foundation (CCF-0424422, DGE-0903659, CNS-1116776), the Army Research Office (DAAD19-02-1-0389), and ICANN. Past support sources also include Toshiba Corp. and Booz Allen Hamilton.
Students supervised
I am lucky to advise some very bright students: three Ph.D. students, Nektarios Leontiadis (EPP), Timothy Vidas (ECE) and Ashwini Rao (ECE); and one Master's student, Daniel Votipka (INI).
I have had the pleasure of seeing a few students graduating under my supervision (listed in reverse chronological order): Carlos Lopes Pereira (M.Sc., INI, 2011), Theodoros Messinis (M.Sc., INI, 2011), Qin Chao (M.Sc., INI, 2010), Shinichi Mori (M.Sc., INI, 2010), Sérgio Serrano (M.Sc., INI and University of Lisbon, 2010), Yu-Lo Su (M.Sc., INI, 2010), Chengye Zheng (M.Sc., INI, 2010), Sally Yanagihara (M.Sc., INI, 2009), Madoka Hasegawa (M.Sc., INI, 2008), Komsit Prakobphol (M.Sc., INI, 2008), Wumaierjiang Simayi (M.Sc., INI, 2008), Hirokazu Sasamoto (M.Sc., INI, 2007), Eiji Hayashi (M.Sc., INI, 2006), Kazuhito Maruyama (M.Sc., INI, 2006), Hiroshi Miwa (M.Sc., INI, 2006), Takeshi Niiyama (M.Sc., INI, 2006), Soon Hin Khor (M.Sc., INI, 2006), and Mika Sashikata (M.Sc., INI, 2006).
Places of employment/positions after graduation include Software Engineering positions at Google, Facebook, Oracle, Ph.D. studies at University of Tokyo, Carnegie Mellon Computer Science, and various engineering positions at Panasonic, Sharp, KCS Sakura, NTT West, NTT DoCoMo, Portugal Telecom...
I have also co-supervised a post-doctoral scholar, Benjamin Johnson (Ph.D., UC Berkeley, Math), with John Chuang.
Selected publications
Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade. In Proceedings of the 20th USENIX Security Symposium (USENIX Security'11). San Francisco, CA. August 2011.
Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Cranor and Serge Egelman. Of Passwords and People: Measuring the Effect of Password-Composition Policies. In Proceedings of the 2011 ACM Conference on Human Factors in Computing Systems (CHI 2011), pages 2595-2604. Vancouver, BC, Canada. May 2011. Honorable Mention Award.
Nicolas Christin, Sally Yanagihara, and Keisuke Kamataki. Dissecting One Click Frauds. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), pages 15-26. Chicago, IL. October 2010.
Jens Grossklags, Nicolas Christin, and John Chuang. Secure or Insure? A Game-Theoretic Analysis of Information Security Games. In Proceedings of the 17th International World Wide Web Conference (WWW'08), pages 209-218. Beijing, China. April 2008.
Nicolas Christin, Andreas S. Weigend, and John Chuang. Content Availability, Pollution and Poisoning in Peer-to-Peer File Sharing Networks. In Proceedings of the Sixth ACM Conference on Electronic Commerce (EC'05), pages 68-77. Vancouver, BC, Canada. June 2005.
Nicolas Christin, Jörg Liebeherr, and Tarek F. Abdelzaher. Enhancing Class-Based Service Architectures with Adaptive Rate Allocation and Dropping Mechanisms. In IEEE/ACM Transactions on Networking 15(3), pages 669-682. June 2007.
Press
Our Undercover project was featured on the CMU front page (January 14, 2008), in The Tartan (January 21, 2008), Dark Reading (February 5, 2008), Network World (February 8, 2008), PC World (February 10, 2008), and was "slashdotted" (February 8, 2008).
More recently, our work on illicit online pharmacies also got a bit of coverage: CMU front page (August 11, 2011), Pittsburgh Post-Gazette, Pittsburgh Tribune, National Public Radio (August 12, 2011).
I have also been sporadically commenting on various security and policy issues in local (WTAE 4, WPXI 11, ...) and national (Marketplace, All Things Considered, National Public Radio, Wall Street Journal...) news media.
Courses taught
14-741/18-631: Introduction to Information Security
(F'05 (as 14-830), F'06, F'07, F'08,
F'09, F'10, F'11)
14-742: Security in Networked Systems
(S'06 (as 14-831),
S'07,
S'08,
S'10)
14-813: Special Topics: Elements of Security in Networked Systems (M'09, in Japan)
14-709: Information Networking Thesis (Master's summer practicum,
M'06, M'07, M'08, M'09, M'10)
I also taught a short course (MT-114: Introduction to Information Security) at EM Lyon Business School in June 2011.
Recent professional service
I am/have been a program committee member for a number of conferences and workshops, including Financial Cryptography 2012, USENIX FOCI'11, WECSR 2011, WEIS 2010, WEIS 2011, ACM EC'10, ACM SAC'09 (Information Security Research Track), ICEC'09, IEEE INFOCOM'07, IBC'06, ACM EC'06, and P2PECON'05, and I also routinely serve as a reviewer for a number of conferences and journals, including IEEE/ACM Transactions on Networking, IEEE Transactions on Parallel and Distributed Systems, IEEE Transactions on Mobile Computing...
I was the web and publicity chair for ACM SIGCOMM 2011.
In a former life, I was also responsible for getting the ns-2/nam network simulator to compile and work natively under MS Windows/Cygwin. I have, however, since then, transferred maintenance to the ns-2 development team. (Questions about ns-2 should be directed to the ns-2 users mailing list; I regretfully do not have time to answer these queries anymore.)
