About
My research is at the intersection of formal methods and usable security. More specifically, I am interested in finding ways to help users (even ones without technical backgrounds) write policies and understand the theoretical guarantees these formal systems can provide. I am currently doing research in the following areas:Usable security-typed languages. Security-typed languages offer guarantees that code is secure by construction. For example, languages that support information flow control offer reassurance that sensitive data is only shared with those who should be authorized to access it. Despite their advantages, security-typed languages face adoption challenges. We are researching the barriers developers face adopting these languages and designing improved languages that are better aligned with their needs.
Security and privacy of smart home devices. Smart devices are becoming increasingly popular, but can lead to security and privacy risks that are not well-understood by users, especially when these devices are located in multi-user environments. End-user automations that customize the behavior of devices, like those offered by IFTTT and Alexa routines, offer additional challenges. We are studying ways to help users better understand the security and privacy risks posed by their smart devices and automations, both to themselves and to others.
Publications
Location-Enhanced Information Flow for Home Automations.
McKenna McCall*, Ben Weinshel*, Kunlin Cai, Ying Li, Eric Zeng, Devika Manohar, Lujo Bauer, Limin Jia, and Yuan Tian. PoPETS 2026 (1). [PDF]
Tainted Secure Multi-Execution to Restrict Attacker Influence.
McKenna McCall, Abhishek Bichhawat, and Limin Jia. CCS 2023. [PDF] [TR]
Towards Usable Security Analysis Tools for Trigger-Action Programming.
McKenna McCall, Eric Zeng, Faysal Hossain Shezan, Mitchell Yang, Lujo Bauer, Abhishek Bichhawat, Camille Cobb, Limin Jia, and Yuan Tian. SOUPS 2023. [PDF] [Data]
Information Flow Control for Dynamic Reactive Systems.
McKenna McCall. Carnegie Mellon University 2023 (PhD thesis). [PDF]
Compositional Information Flow Monitoring for Reactive Programs.
McKenna McCall, Abhishek Bichhawat, and Limin Jia. Euro S&P 2022. [PDF] [TR]
Gradual Security Types and Gradual Guarantees.
Abhishek Bichhawat, McKenna McCall, and Limin Jia. CSF 2021. [PDF] Earlier version [TR]
Knowledge-based Security of Dynamic Secrets for Reactive Programs.
McKenna McCall, Hengruo Zhang, and Limin Jia. CSF 2018. [PDF] [TR]
A Sequent Calculus for Counterfactual Reasoning.
McKenna McCall, LayKuan Loh, and Limin Jia. PLAS 2017 [PDF] [TR]
*These authors contributed to this work equally.
Unpublished Reports and Preprints
"You do understand that people don't trust technology?": Explaining Trusted Execution Environments to Non-Experts.
McKenna McCall*, Carolina Carreira*, Miguel Flores, and Lorrie Faith Cranor. [PDF]
RTBAS: Defending LLM Agents Against Prompt Injection and Privacy Leakage.
Peter Yong Zhong*, Siyuan Chen*, Ruiqi Wang, McKenna McCall, Ben L. Titzer, Heather Miller, and Phillip B. Gibbons. [PDF]
SafeTAP: An Efficient Incremental Analyzer for Trigger-Action Programs.
McKenna McCall, Faysal Hossain Shezan, Abhishek Bichhawat, Camille Cobb, Limin Jia, Yuan Tian, Cooper Grace, Mitchell Yang. [TR]
*These authors contributed to this work equally.
Students
The work that I do is only possible because of the talented students that I have the privilege of advising. I am currently working with the following students:S M Rashidul Hasan Nijhum (PhD student in Computer Science)
Alan Alqobaisi (PhD student in Computer Science)
Tiffanie Hutcheson (MS student in Computer Science)
Reese Edens (Undergraduate student in Computer Science)
Here are students I advised or mentored in the past:
Jocelyn Villegas (Graduated 2026, BS in Computer Science)
Prospective Students
I am always interested in making connections with motivated students (both undergraduate and graduate) who are interested in working in my lab. In my experience, a good mentoring relationship is one of the strongest predictors of graduate student success. I like for students to get to know my mentoring style before we start working together, so the best way to get involved in my lab is to take my Usable Formal Methods course and join my weekly lab meetings. Please read about my ongoing projects (at the top of this page) before emailing me to ask about positions.I believe that my main job as a research mentor is to teach research skills, including presenting and discussing research. If you work will me, you can expect to spend a lot of time learning research methods, but also practicing communication skills. I also prioritize finding opportunities for all of my graduate students to go to conferences to learn about research happening in other labs and so that I can help them build their professional networks. Please reach out to any of my current students if you want to know more about what it is like to work in my lab.