Quantcast
Channel: Publications of the Laboratory for Education and Research in Secure Systems Engineering (LERSSE)
Browsing latest articles
Browse All 95 View Live

On the Challenges in Usable Security Lab Studies: Lessons Learned from...

We replicated and extended a 2008 study conducted at CMU that investigated the e effectiveness of SSL warnings. We adjusted the experimental design to mitigate some of the limitations of that prior...

View Article



Heuristics for Evaluating IT Security Management Tools

The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. However, standard usability heuristics are hard to apply as IT...

View Article

A Brick Wall, a Locked Door, and a Bandit: A Physical Security Metaphor For...

We used an iterative process to design firewall warnings in which the functionality of a personal firewall is visualized based on a physical security metaphor. We performed a study to determine the...

View Article

Analysis of ANSI RBAC Support in EJB

This paper analyzes access control mechanisms of the Enterprise Java Beans (EJB) architecture and defines a configuration of the EJB protection system in a more precise and less ambiguous language than...

View Article

The Socialbot Network: When Bots Socialize for Fame and Money

Online Social Networks (OSNs) have become an integral part of today's Web. Politicians, celebrities, revolutionists, and others use OSNs as a podium to deliver their message to millions of active web...

View Article


[POSTER] The Socialbot Network: When Bots Socialize for Fame and Money

Online Social Networks (OSNs) have become an integral part of today's Web. Politicians, celebrities, revolutionists, and others use OSNs as a podium to deliver their message to millions of active web...

View Article

Automated Social Engineering Attacks in OSNs

In this presentation, we outline the latest automated social engineering attacks in Online Social Networks (OSNs) such as Facebook. We review the techniques used by the adversaries and discuss the...

View Article

Strategies for Monitoring Fake AV Distribution Networks

We perform a study of Fake AV networks advertised via search engine optimization. We use a high interaction fetcher to repeatedly evaluate the networks by querying landing pages that redirect to Fake...

View Article


Optimizing Re-Evaluation of Malware Distribution Networks

The retrieval and analysis of malicious content is an essential task for security researchers. Security labs use automated HTTP clients known as client honeypots to visit hundreds of thousands of...

View Article


Towards Supporting Users in Assessing the Risk in Privilege Elevation

To better protect users from security incidents, the principle of least privilege (PLP) requires that users and programs be granted the most restrictive set of privileges possible to perform the...

View Article

Influencing User Password Choice Through Peer Pressure

Passwords are the main means of authenticating users in most systems today. How- ever, they have been identified as a weak link to the overall security of many sys- tems and much research has been done...

View Article

Understanding Users’ Requirements for Data Protection in Smartphones

Securing smartphones’ data is a new and growing concern, especially when this data represents valuable or sensitive information. Even though there are many data protection solutions for smartphones,...

View Article

The Socialbot Network: When Bots Socialize for Fame and Money

Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private...

View Article


The Socialbot Network: Are Social Botnets Possible?

In this invited piece at the ACM Interactions Magazine, we briefly describe our research into the use, impact, and implications of socialbots on Facebook.

View Article

Systematically breaking and fixing OpenID security: Formal analysis,...

OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. While the security of the protocol is clearly...

View Article


Key Challenges in Defending Against Malicious Socialbots

The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. Advances in artificial intelligence make it feasible to design bots...

View Article

Key Challenges in Defending Against Malicious Socialbots

The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. Advances in artificial intelligence make it feasible to design bots...

View Article


Design and Analysis of a Social Botnet

Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private...

View Article

Augur: Aiding Malware Detection Using Large-Scale Machine Learning

We present Augur: a large-scale machine learning system that uses malware static and dynamic analyses to predict the maliciousness of new files. Unlike other machine learning-based malware detection...

View Article

The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth...

Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. This web-based single sign-on (SSO) scheme is enabled by OAuth 2.0, a web...

View Article

Speculative Authorization

We present Speculative Authorization (SPAN), a prediction technique that reduces authorization latency in enterprise systems. SPAN predicts requests that a system client might make in the near future,...

View Article


Does My Password Go up to Eleven? The Impact of Password Meters on Password...

Password meters tell users whether their passwords are "weak" or "strong." We performed a laboratory experiment to examine whether these meters influenced users' password selections when they were...

View Article


Graph-based Sybil Detection in Social and Information Systems

Sybil attacks in social and information systems have serious security implications. Out of many defence schemes, Graph-based Sybil Detection (GSD) had the greatest attention by both academia and...

View Article

Investigating Users' Perspectives of Web Single Sign-On: Conceptual Gaps and...

OpenID and OAuth are open and simple web single sign-on (SSO) protocols that have been adopted by major service providers, and millions of supporting websites. However, the average user's perception of...

View Article

Know Your Enemy: The Risk of Unauthorized Access in Smartphones by Insiders

Smartphones store large amounts of sensitive data, such as SMS messages, photos, or email. In this paper, we report the results of a study investigating users’ concerns about unauthorized data access...

View Article

Browsing latest articles
Browse All 95 View Live




Latest Images