Vashek (Vaclav) Matyas

Centre for Research on Cryptography and Security
Faculty of Informatics
Masaryk University                      
Botanicka 68a                        
602 00 Brno - Czech Republic             E-mail: LastName at fi.muni.cz

Office hours: TBD for the Spring semester 2025.


Current activities:

Usable security with respect to both end-user and advanced users (e.g., developers or admins).
Fingerprint forgery training: Easy to learn, hard to perform brings some very interesting results on exposing computer science students to the art of fingerprint forgery and evaluating their results and perceptions. Our article Two-factor authentication time: How time-efficiency and time-satisfaction are associated with perceived security and satisfaction provides some very interesting results from the area of multifactor authentication methods usability. And our paper Investigating Installers of Security Software in 20 Countries: Individual-and Country-Level Differences brings some very interesting insights into. anti-malware software installation, motivation and other factors. We published some very interesting results about developers in our study Usability Insights from Establishing TLS Connections at IFIP SEC 2022 and about end-users in a viewpoint article Even if users do not read security directives, their behavior is not so catastrophic in the Communications of the ACM, and also in an article Usable and secure? User perception of four authentication methods for mobile banking in the Computers & Security (Elsevier) journal. Our work in the second domain was presented in the extended version - Will You Trust This TLS Certificate? Perceptions of People Working in IT of our ACSAC 2019 paper, and related matters also in our paper Why Johnny the Developer Can't Work with Public Key Certificates: An Experimental Study of OpenSSL Usability at RSA Cryptographers' Track 2018. Work in the first domain brought interesting findings like Experimental large-scale review of attractors for detection of potentially unwanted applications in Computers & Security or A large-scale comparative study of beta testers and standard users in the Communications of the ACM.

Examination of security certification ecosystems, where we analyze certification ecosystems of Common Criteria and FIPS 140 security evaluation schemes. Our paper Chain of trust: Unraveling references among Common Criteria certified products shows how we built the graph of references among the Common Criteria certified products, determining the different contexts of references with a supervised machine-learning algorithm. We show that just a dozen of certified components are relied on by at least 10% of the whole ecosystem -- making them a prime target for malicious actors. Our tool sec-certs used for the analyses (and available through the web interface as well as in open source code) was first presented in our article sec-certs: Examining the security certification practice for better vulnerability mitigation.

International Journal of Information Security (Springer), where I'm member of the Editorial Board.

The Research, Development and Innovation Council (of Czech Republic).

My lectures in security/crypto here at the Masaryk University: More information on these courses can be found through the university webpages on my courses, and our centre at FI.

Information for our students inquiring about supervision, support, etc. can be found at this page.

I gladly supervise PhD students Katarina Galanska, Jan Jancar, Adam Janovsky, Agata Kruzikova, Milan Patnaik, Vojtech Suchanek, and I had the pleasure to work with my PhD graduates Milan Broz, Vit Bukac, Filip Jurnecka, Dusan Klinec, Jan (Honza) Krhovjak, Marek Kumpost, Jiri Kur, Matus Nemec, Lukas Nemec, Martina Olliaro, Radim Ostadal, Vladimir Sedlacek, Vlasta Stavova, Martin Stehlik, Andriy Stetsko, Petr Svenda, Martin Ukrop.

Older stuff:


Just in case you met me during my 2017 sabbaticals with Red Hat Czech and CyLab, Carnegie Mellon University, or in 2011/12 as a Fulbright-Masaryk Visiting Scholar at the Center for Research on Computation and Society (CRCS), Harvard University, or in 2003/04 either as a Visiting Researcher with Microsoft Research Cambridge, or a Visiting Lecturer with University College Dublin, Department of Computer Science, then yes, it is me. :-) And again thanks to all these institutions, their employees, and other visitors at the time for their kind hospitality and/or inspiring discussions.
Vashek Matyas
E-mail: LastName at fi.muni.cz
Last update: December 18, 2024.