Home Projects Talks Blog

Alaa Daffalla

PhD Student, Computer Science

Cornell University

alaadaffalla@cs.cornell.edu

Alaa Daffalla

My name is Alaa Daffalla, and I'm a fourth-year PhD in Computer Science student at Cornell University advised by Thomas Ristenpart and Nicola Dell. I'm based in NYC at the Cornell Tech campus. I study the safety risks and harms resulting from emerging technologies. My work has investigated the abusability of account security management tools and passwordless authentication. More recently, I have been exploring emerging threats from generative AI, including its role in facilitating the creation of SNCII and deepfakes. My work also explores designing new interventions for abuse prevention and mitigation.

To achieve this, I take a mixed-methods approach that combines measurement studies, user research, red teaming, and safety auditing.

Publications

A Safety Audit of Generative AI Mobile Apps
Alaa Daffalla, Sarah Chao, Eric Zeng
In submission
"Maybe there's only one passkey?": Challenges Investigating and Remediating Adversarial Passkeys
Alaa Daffalla, Grace Myers, Thomas Ristenpart, Nicola Dell
USENIX Security Symposium 2026
Inconsistent, Incomplete, and Insecure: A Survey of Account Security Interfaces
Arka Bhattacharya, Alaa Daffalla, Kevin Lee, Rosanna Bellini, Nicola Dell, Thomas Ristenpart
USENIX Security Symposium 2026
[ pdf ][ artifact ]
Passkeys in Interpersonal Threat Models: Abusability Analysis of Early Deployments
Alaa Daffalla, Arka Bhattacharya, Jacob Wilder, Rahul Chatterjee, Nicola Dell, Rosanna Bellini, Thomas Ristenpart
USENIX Security Symposium 2025
Google VRP Honorable Mention
[ pdf ][ artifact ][ Cornell Chronicle | ScienceNews ]
Encrypted Access Logging for Online Accounts: Device Attributions without Device Tracking
Carolina O Perez*, Alaa Daffalla*, Thomas Ristenpart
*co-first authors
USENIX Security Symposium 2025
[ pdf ][ code ][ Cornell Chronicle ]
SoK: Safer Digital-Safety Research Involving At-Risk Users
Rosanna Bellini, Emily Tseng, Noel Warford, Alaa Daffalla, Tara Matthews, Sunny Consolvo, Jill Woelfer, Patrick Gage Kelley, Michelle Mazurek, Dana Cuomo, Nicola Dell, and Thomas Ristenpart
IEEE Symposium on Security & Privacy (Oakland) 2024
[ pdf ][ online ]
Account Security Interfaces: Important, Unintuitive, and Untrustworthy
Alaa Daffalla, Marina Bohuk, Nicola Dell, Rosanna Bellini, and Thomas Ristenpart
USENIX Security Symposium 2023
Distinguished Paper Award
[ pdf ][ online ][ video ][ award ]
Defensive Technology Use by Political Activists During the Sudanese Revolution
Alaa Daffalla, Lucy Simko, Tadayoshi Kohno and Alexandru G. Bardas
IEEE Security & Privacy Magazine March-April 2022
[ online ]
Defensive Technology Use by Political Activists During the Sudanese Revolution
Alaa Daffalla*, Lucy Simko*, Tadayoshi Kohno and Alexandru G. Bardas
*co-first authors
IEEE Symposium on Security & Privacy (Oakland) 2021
NSA Best Scientific Cybersecurity Paper Competition Honorable Mention
[ pdf ][ online ][ video ][ award ]

Projects

LLMs are increasingly being used for research. Here, I show how I have integrated LLMs into my research workflow across different projects; for example, leveraging LLMs for qualitative analysis, LLM-assisted design, and coding.

Talks

Passkeys in Interpersonal Threat Models: Abusability Analysis of Early Deployments
  • USENIX Security Symposium 2025
  • Microsoft Research pre-USENIX Conference
Account Security Interfaces: Important, Unintuitive, and Untrustworthy
  • USENIX Security Symposium 2023
  • NJIT CS/IS 698 Guest Lecture
  • JPMC Safety Seminar
Defensive Technology Use by Political Activists During the Sudanese Revolution
  • IEEE S&P (Oakland)
  • Royal Holloway University of London Security Seminar
  • University of Wisconsin Madison CS839 Guest Lecture

Blog

Coming soon.