On the Challenges in Usable Security Lab Studies: Lessons Learned from...
We replicated and extended a 2008 study conducted at CMU that investigated the e effectiveness of SSL warnings. We adjusted the experimental design to mitigate some of the limitations of that prior...
View ArticleHeuristics for Evaluating IT Security Management Tools
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. However, standard usability heuristics are hard to apply as IT...
View ArticleA Brick Wall, a Locked Door, and a Bandit: A Physical Security Metaphor For...
We used an iterative process to design firewall warnings in which the functionality of a personal firewall is visualized based on a physical security metaphor. We performed a study to determine the...
View ArticleAnalysis of ANSI RBAC Support in EJB
This paper analyzes access control mechanisms of the Enterprise Java Beans (EJB) architecture and defines a configuration of the EJB protection system in a more precise and less ambiguous language than...
View ArticleThe Socialbot Network: When Bots Socialize for Fame and Money
Online Social Networks (OSNs) have become an integral part of today's Web. Politicians, celebrities, revolutionists, and others use OSNs as a podium to deliver their message to millions of active web...
View Article[POSTER] The Socialbot Network: When Bots Socialize for Fame and Money
Online Social Networks (OSNs) have become an integral part of today's Web. Politicians, celebrities, revolutionists, and others use OSNs as a podium to deliver their message to millions of active web...
View ArticleAutomated Social Engineering Attacks in OSNs
In this presentation, we outline the latest automated social engineering attacks in Online Social Networks (OSNs) such as Facebook. We review the techniques used by the adversaries and discuss the...
View ArticleStrategies for Monitoring Fake AV Distribution Networks
We perform a study of Fake AV networks advertised via search engine optimization. We use a high interaction fetcher to repeatedly evaluate the networks by querying landing pages that redirect to Fake...
View ArticleOptimizing Re-Evaluation of Malware Distribution Networks
The retrieval and analysis of malicious content is an essential task for security researchers. Security labs use automated HTTP clients known as client honeypots to visit hundreds of thousands of...
View ArticleTowards Supporting Users in Assessing the Risk in Privilege Elevation
To better protect users from security incidents, the principle of least privilege (PLP) requires that users and programs be granted the most restrictive set of privileges possible to perform the...
View ArticleInfluencing User Password Choice Through Peer Pressure
Passwords are the main means of authenticating users in most systems today. How- ever, they have been identified as a weak link to the overall security of many sys- tems and much research has been done...
View ArticleUnderstanding Users’ Requirements for Data Protection in Smartphones
Securing smartphones’ data is a new and growing concern, especially when this data represents valuable or sensitive information. Even though there are many data protection solutions for smartphones,...
View ArticleThe Socialbot Network: When Bots Socialize for Fame and Money
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private...
View ArticleThe Socialbot Network: Are Social Botnets Possible?
In this invited piece at the ACM Interactions Magazine, we briefly describe our research into the use, impact, and implications of socialbots on Facebook.
View ArticleSystematically breaking and fixing OpenID security: Formal analysis,...
OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. While the security of the protocol is clearly...
View ArticleKey Challenges in Defending Against Malicious Socialbots
The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. Advances in artificial intelligence make it feasible to design bots...
View ArticleKey Challenges in Defending Against Malicious Socialbots
The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. Advances in artificial intelligence make it feasible to design bots...
View ArticleDesign and Analysis of a Social Botnet
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private...
View ArticleAugur: Aiding Malware Detection Using Large-Scale Machine Learning
We present Augur: a large-scale machine learning system that uses malware static and dynamic analyses to predict the maliciousness of new files. Unlike other machine learning-based malware detection...
View ArticleThe Devil is in the (Implementation) Details: An Empirical Analysis of OAuth...
Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. This web-based single sign-on (SSO) scheme is enabled by OAuth 2.0, a web...
View ArticleSpeculative Authorization
We present Speculative Authorization (SPAN), a prediction technique that reduces authorization latency in enterprise systems. SPAN predicts requests that a system client might make in the near future,...
View ArticleDoes My Password Go up to Eleven? The Impact of Password Meters on Password...
Password meters tell users whether their passwords are "weak" or "strong." We performed a laboratory experiment to examine whether these meters influenced users' password selections when they were...
View ArticleGraph-based Sybil Detection in Social and Information Systems
Sybil attacks in social and information systems have serious security implications. Out of many defence schemes, Graph-based Sybil Detection (GSD) had the greatest attention by both academia and...
View ArticleInvestigating Users' Perspectives of Web Single Sign-On: Conceptual Gaps and...
OpenID and OAuth are open and simple web single sign-on (SSO) protocols that have been adopted by major service providers, and millions of supporting websites. However, the average user's perception of...
View ArticleKnow Your Enemy: The Risk of Unauthorized Access in Smartphones by Insiders
Smartphones store large amounts of sensitive data, such as SMS messages, photos, or email. In this paper, we report the results of a study investigating users’ concerns about unauthorized data access...
View Article
More Pages to Explore .....