Research is most impactful when it is predicated on a deep and thorough understanding of the problem space. This understanding has both technical and sociotechnical aspects.
On the technical side, it is important to understand methods used by adversaries, how well those methods work, and how broadly deployed they are. Similarly, it is critical to understand how effective defenses are for defenders, both in terms of stopping attacks and in how easily those defences are deployed by developers and security operators. It is also necessary to measure the security delta (i.e., improvement) achieved when potential mitigations are deployed. In this vein of research, we use methods from the security and Internet measurement communities—for example, threat modeling, security proofs, and Internet scans.
On the sociotechnical side, it is necessary to understand user perceptions of problems. Without this knowledge, it is far too easy to design systems that while technically interesting, will not be adopted by users as they do not solve the problems that are most important to users or solve problems in a way that is incompatible with user workflows. Similarly, it is is important to understand how well users understand given technical concepts to ensure that system interfaces are adopted to user mental models, increasing the probability of correct usage. For sociotechnical understanding, we use methods from the human-computer interaction (HCI) community—for example, usability studies, interviews, and grounded theory data analysis.