Heuristics for Evaluating IT Security Management Tools
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. In this paper, we explore how domain specific heuristics are created...
View ArticlePrivacy Aspects of Health Related Information Sharing in Online Social Networks
Online social networks (OSNs) have formed virtual social networks where people meet and share information. Among all shared information, health related information (HRI) has received considerable...
View ArticleSecurity and Privacy in Online Social Networks
Facebook has more monthly active users than almost any nation in the world. Whether one likes it or not, these users spend about 30 minutes daily browsing, posting, messaging, and otherwise socializing...
View ArticleTowards Improving the Usability and Security of Web Single Sign-On Systems
OpenID and OAuth are open and lightweight web single sign-on (SSO) protocols that have been adopted by high-profile identity providers (IdPs), such as Facebook, Google, Microsoft, and Yahoo, and...
View ArticleFinding Influential Neighbors to Maximize Information Diffusion in Twitter
The problem of spreading information is a topic of considerable recent interest, but the traditional influence maximization problem is inadequate for a typical viral marketer who cannot access the...
View ArticleThwarting fake accounts by predicting their victims
Traditional fake account detection systems employed by today's online social networks rely on either features extracted from user activities, or ranks computed from the underlying social graph. We...
View ArticleAccess Review Survey Report
To further understand the state of the practice in access review, and collect quantitative results on how companies perform access review, we conducted a survey of security practitioners. This report...
View ArticleTo Befriend Or Not? A Model of Friend Request Acceptance on Facebook
Accepting friend requests from strangers in Facebook-like online social networks is known to be a risky behavior. Still, empirical evidence suggests that Facebook users often accept such requests with...
View ArticleTo authorize or not authorize: helping users review access policies in...
This work addresses the problem of reviewing complex access policies in an organizational context using two studies. In the first study, we used semi-structured interviews to explore the access review...
View ArticleIntegro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs
Detecting fake accounts in online social networks (OSNs) protects OSN operators and their users from various malicious activities. Most detection mechanisms attempt to predict and classify user...
View ArticleUser-centered design of identity and access management systems
IT security management (ITSM) technologies are important components of IT security in organizations. But there has been little research on how ITSM technologies should incorporate human and social...
View ArticleTowards understanding how users decide about friendship requests in Online...
Accepting friend requests from strangers in Facebook-like online social networks is known to be a risky behavior. Still, empirical evidence suggests that Facebook users often accept such requests with...
View ArticleEngineering Access Control For Distributed Enterprise Systems
Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains...
View ArticleIntegro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs
Detecting fake accounts in online social networks (OSNs) protects OSN operators and their users from various malicious activities. Most detection mechanisms attempt to predict and classify user...
View ArticleSecurity Analysis of Malicious Socialbots on the Web
The open nature of the Web, online social networks (OSNs) in particular, makes it possible to design socialbots—automation software that controls fake accounts in a target OSN, and has the ability to...
View ArticleOn the Impact of Touch ID on iPhone Passcodes
Smartphones today store large amounts of data that can be confidential, private or sensitive. To protect such data, all mobile OSs have a phone lock mechanism, a mechanism that requires user...
View ArticleA Study on the Influential Neighbors to Maximize Information Diffusion in...
The problem of spreading information is a topic of considerable recent interest, but the traditional influence maximization problem is inadequate for a typical viral marketer who cannot access the...
View ArticleOn the Memorability of System-generated PINs: Can Chunking Help?
To ensure that users do not choose weak personal identification numbers (PINs), many banks give out system-generated random PINs. 4-digit is the most commonly used PIN length, but 6-digit...
View ArticleAndroid Permissions Remystified: A Field Study on Contextual Integrity
We instrumented the Android platform to collect data regarding how often and under what circumstances smartphone applications access protected resources regulated by permissions. We performed a...
View ArticleThwarting Fake OSN Accounts by Predicting their Victims
Traditional defense mechanisms for fighting against automated fake accounts in online social networks are victim-agnostic. Even though victims of fake accounts play an important role in the viability...
View ArticleTowards understanding how Touch ID impacts users’ authentication secrets...
Smartphones today store large amounts of data that can be confidential, private or sensitive. To protect such data, all mobile OSs have a phone lock mechanism, a mechanism that requires user...
View ArticleSurpass: System-initiated User-replaceable Passwords
System-generated random passwords have maximum pass- word security and are highly resistant to guessing attacks. However, few systems use such passwords because they are difficult to remember. In this...
View ArticleAndroid Rooting: Methods, Detection, and Evasion
Android rooting enables device owners to freely customize their own devices and run useful apps that require root privileges. While useful, rooting weakens the security of Android devices and opens the...
View ArticlePhishing threat avoidance behaviour: An empirical investigation
Abstract Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. Phishing education needs to be considered...
View ArticleSharing Health Information on Facebook: Practices, Preferences, and Risk...
Motivated by the benefits, people have used a variety of webbased services to share health information (HI) online. Among these services, Facebook, which enjoys the largest population of active...
View Article