Is OpenID too Open? Technical, Business, and Human Issues That Get in the Way...
The web is essential for business and personal activities well beyond information retrieval, such online banking, financial transactions, and payment authorization, but reliable user authentication...
View ArticlePassword Managers, Single Sign-On, Federated ID: Have users signed up?
Users have not signed up for OpenId. This presentation describes results of interviews with some 50 participants of several user studies on Web SSO.
View ArticleImproving Malicious URL Re-Evaluation Scheduling Through an Empirical Study...
The retrieval and analysis of malicious content is an essential task for security researchers. At the same time, the distrib- utors of malicious files deploy countermeasures to evade the scrutiny of...
View ArticleThe Socialbot Network: When Bots Socialize for Fame and Money
Online Social Networks (OSNs) have become an integral part of today's Web. Politicians, celebrities, revolutionists, and others use OSNs as a podium to deliver their message to millions of active web...
View ArticleWhat Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID
OpenID is an open and promising Web single sign-on (SSO) solution. This work investigates the challenges and concerns web users face when using OpenID for authentication, and identifies what changes in...
View ArticleOn the Challenges in Usable Security Lab Studies: Lessons Learned from...
We replicated and extended a 2008 study conducted at CMU that investigated the e effectiveness of SSL warnings. We adjusted the experimental design to mitigate some of the limitations of that prior...
View ArticleHeuristics for Evaluating IT Security Management Tools
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. However, standard usability heuristics are hard to apply as IT...
View ArticleA Brick Wall, a Locked Door, and a Bandit: A Physical Security Metaphor For...
We used an iterative process to design firewall warnings in which the functionality of a personal firewall is visualized based on a physical security metaphor. We performed a study to determine the...
View ArticleAnalysis of ANSI RBAC Support in EJB
This paper analyzes access control mechanisms of the Enterprise Java Beans (EJB) architecture and defines a configuration of the EJB protection system in a more precise and less ambiguous language than...
View ArticleThe Socialbot Network: When Bots Socialize for Fame and Money
Online Social Networks (OSNs) have become an integral part of today's Web. Politicians, celebrities, revolutionists, and others use OSNs as a podium to deliver their message to millions of active web...
View Article[POSTER] The Socialbot Network: When Bots Socialize for Fame and Money
Online Social Networks (OSNs) have become an integral part of today's Web. Politicians, celebrities, revolutionists, and others use OSNs as a podium to deliver their message to millions of active web...
View ArticleAutomated Social Engineering Attacks in OSNs
In this presentation, we outline the latest automated social engineering attacks in Online Social Networks (OSNs) such as Facebook. We review the techniques used by the adversaries and discuss the...
View ArticleStrategies for Monitoring Fake AV Distribution Networks
We perform a study of Fake AV networks advertised via search engine optimization. We use a high interaction fetcher to repeatedly evaluate the networks by querying landing pages that redirect to Fake...
View ArticleOptimizing Re-Evaluation of Malware Distribution Networks
The retrieval and analysis of malicious content is an essential task for security researchers. Security labs use automated HTTP clients known as client honeypots to visit hundreds of thousands of...
View ArticleTowards Supporting Users in Assessing the Risk in Privilege Elevation
To better protect users from security incidents, the principle of least privilege (PLP) requires that users and programs be granted the most restrictive set of privileges possible to perform the...
View ArticleInfluencing User Password Choice Through Peer Pressure
Passwords are the main means of authenticating users in most systems today. How- ever, they have been identified as a weak link to the overall security of many sys- tems and much research has been done...
View ArticleUnderstanding Users’ Requirements for Data Protection in Smartphones
Securing smartphones’ data is a new and growing concern, especially when this data represents valuable or sensitive information. Even though there are many data protection solutions for smartphones,...
View ArticleThe Socialbot Network: When Bots Socialize for Fame and Money
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private...
View ArticleThe Socialbot Network: Are Social Botnets Possible?
In this invited piece at the ACM Interactions Magazine, we briefly describe our research into the use, impact, and implications of socialbots on Facebook.
View ArticleSystematically breaking and fixing OpenID security: Formal analysis,...
OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. While the security of the protocol is clearly...
View Article