Alma Whitten
School of Information Management & Systems
University of California at Berkeley
102 South Hall #4600
Berkeley, CA 94720-4600Phone: (510) 643-4615
Email: alma@sims.berkeley.edu
Web: http://www.sims.berkeley.edu/~alma
Citizenship: U.S.A.
EducationPh.D. expected May 2003, School of Computer Science, Carnegie Mellon University. Dissertation with advisor J. Douglas Tygar: Making Security Usable. Thesis committee: J. Douglas Tygar (chair), Robert Kraut, Steven Roth, Edward Felten (Princeton University).
M.S. Computer Science, May 1997, School of Computer Science, Carnegie Mellon University.
B.S. Computer Science and Engineering, May 1993, University of Connecticut. Anthropology concentration. Honors Scholar, magna cum laude. Honors thesis with advisor Robert McCartney: A Voice Recognition Toolkit for Macintosh Applications.
Ph.D. thesis researchMy thesis research, conducted from 1997 to 2003, has focused on creating a methodology for designing computer security software that is manageable by ordinary computer users. It includes the following:
- A case study demonstrating how a user interface that appears good by traditional standards, PGP 5.0 for the Apple Macintosh, fails to make public-key based electronic mail security manageable for experienced electronic mail users.
- An analysis of how computer security differs from other kinds of consumer software as a problem domain for usability engineering, and a set of design principles derived from that analysis.
- A user interface design technique called safe security staging that enables users to safely postpone learning how to use a particular security technology until they decide they are ready to do so.
- A user interface design technique called metaphor tailoring, which adapts the use of conceptual model specifications to include explicit risk enumerations and shows how to create visual representations of security functions and data objects that effectively convey the information needed to avoid those risks.
- Lime, a working user interface for public key based secure electronic mail, designed using the above principles and techniques, and implemented in Visual C++.
- Extensive user test results demonstrating that Lime is effective at making public key cryptography manageable for a wide range of electronic mail users, even when those users have little or no pre-existing knowledge of computer security.
Other research
Extensive, ongoing evaluation of design and implementation of secure electronic postage systems for the United States Postal Service, including cryptographic stamps, secure mail meters, Internet-based postage refill, and site security. 1995-present, with Doug Tygar at Carnegie Mellon University and at the University of California, Berkeley.Analysis of weaknesses in Java applet security model, as designed, 1995-1996, with Doug Tygar at Carnegie Mellon University.
Creation of a networked version of the Oz Project’s Edge of Intention, a character-based virtual environment. Modified existing code to allow each character’s “mind” to run on separate computers, communicating with the animated world and corresponding “bodies” over the network. 1994-1995, with Joseph Bates at Carnegie Mellon University.
Integration of voice recognition capabilities into the execution monitor for Cookie, a case-based reasoner. 1992-1993, with Robert McCartney at University of Connecticut.
TeachingTeaching assistant to Andy Witkin for introductory computer graphics course, Carnegie Mellon University, Fall 1995. Responsible for writing course software, helping students, grading homework and exams.
Teaching assistant to Roger Dannenberg for media technology course, Carnegie Mellon University, Spring 1995. Responsible for helping students, grading homework and exams.
Guest speaker on web security topics for media technology and World Wide Web courses , 1996-1998, and on human factors in computer security for security course, 1999, both Carnegie Mellon University.
Taught basic electrical engineering lab course, University of Connecticut, Spring 1991 and 1992. Responsible for presenting topics, overseeing lab activity, grading lab reports, designing, administering and grading quizzes, and assigning final grades. Supervised by Neal Alderman.
Provided individualized tutoring on a variety of topics including calculus and C programming, 1989-1990, at University of Connecticut.
Other experienceServed on Carnegie Mellon University School of Computer Science graduate admissions committee, 1996 and 1997.
Served as assistant curator (to curator Joseph Bates) of show of AI-based art at AAAI ’94 in Seattle, WA. Duties included design and creation of show catalog.
Designed and implemented (in Borland Paradox) extensive house management scheduling system for Hartt School of Music, University of Hartford, 1992-1993.
Coded and ran software to perform numeric analysis of corporate pollution data for the Connecticut Public Interest Research Group (ConnPIRG), 1989.
Extensive theatrical study and experience, primarily acting, but also including modeling, promotion, and set design, 1983-1987.
Refereed conference papersSafe staging for computer security. Alma Whitten and J.D. Tygar. In HCI and Security Systems Workshop, CHI 2003, Ft. Lauderdale, Florida, April 2003.
Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. Alma Whitten and J.D. Tygar. In Proceedings of the 9th USENIX Security Symposium, August 1999.
WWW Electronic Commerce and Java Trojan Horses. J.D. Tygar and Alma Whitten. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce, November 1996.
Making Mac Listen: A Voice Recognition Toolkit for Macintosh Applications. Alma Whitten and Robert McCartney. In Proceedings of the 8th Macintosh Technical Developers’ Conference, 1993.
Invited articlesWhy isn't the Internet secure yet? J.D. Tygar and Alma Whitten. In Aslib Proceedings, Vol 52, Number 3, March 2000. pp 93-97.
Other papersUsability of Security: A Case Study. Alma Whitten and J.D. Tygar. Carnegie Mellon University School of Computer Science Technical Report CMU-CS-98-155, December 1998.
Notes from the 2nd USENIX Workshop on Electronic Commerce. Michael Harkavy, Andrew Myers, J.D. Tygar, Alma Whitten and H. Chi Wong. In Proceedings of the 3rd USENIX Workshop on Electronic Commerce, August 1998.
Invited talksMaking PKI Usable: Some Issues, Techniques, and Results, at the 2nd Annual PKI Workshop, Gaithersburg, Maryland, April 2003.
Human Factors in Security and Privacy, at the Workshop on Freedom and Privacy by Design, Computers, Freedom and Privacy, April 2000, Toronto, Canada.
Why Johnny Can’t Encrypt, at E-Security ‘99, Dublin, Ireland, October 1999.
InterviewsOperator Trouble Puts Computer Security At Risk, Dallas Morning News, July 28, 1998 (with J. Douglas Tygar, others).
The Wizards of Oz, Mademoiselle magazine, September 1994 (with Phoebe Sengers).
Honors and awardsNational Science Foundation Graduate Fellowship, 1993-1996.
Honors Scholar, 1991-1993.
UConn President’s Award for Outstanding Female Student in Computer Science, 1993.
Society of American Military Engineers Scholarship, 1992.
Dean’s List all semesters, 1988-1993.
ReferencesAvailable upon request.