Analysis of ANSI RBAC Support in COM+
We analyze access control mechanisms of the COM+ architecture and define a configuration of the COM+ protection system in more precise and less ambiguous language than the COM+ documentation. Using...
View ArticleDo Windows Users Follow the Principle of Least Privilege? Investigating User...
The principle of least privilege requires that users and their programs be granted the most restrictive set of privileges possible to perform required tasks in order to limit the damages caused by...
View Article"I did it because I trusted you": Challenges with the Study Environment...
We recently replicated and extended a 2009 study that investigated the effectiveness of SSL warnings. Our experimental design aimed to mitigate some of the limitations of that prior study, including...
View ArticlePoster: Validating and Extending a Study on the Effectiveness of SSL Warnings
We recently replicated and extended a 2009 study that investigated the effectiveness of SSL warnings. The original study was conducted at CMU by Sunshine et al. [2], and we will refer to it as the CMU...
View ArticlePoster: OpenIDemail Enabled Browser, Towards Fixing the Broken Web Single...
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties...
View ArticleExpectations, Perceptions, and Misconceptions of Personal Firewalls
In this research, our goal is to better understand users' knowledge, expectations, perceptions, and misconceptions of personal firewalls. We conducted interviews with 30 participants and analyzed the...
View ArticleThe Challenges of Understanding Users’ Security-related Knowledge, Behaviour,...
In order to improve current security solutions or devise novel ones, it is important to understand users' knowledge, behaviour, motivations and challenges in using a security solution. However,...
View ArticleChallenges in evaluating complex IT security management systems
Performing ecologically valid user studies for IT security management (ITSM) systems is challenging. The users of these systems are security professionals who are difficult to recruit for interviews,...
View ArticleA Billion Keys, but Few Locks: The Crisis of Web Single Sign-On
OpenID and InfoCard are two mainstream Web single sign-on (SSO) solutions intended for Internet-scale adoption. While they are technically sound, the business model of these solutions does not provide...
View ArticleOpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On...
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties...
View ArticleIt's Too Complicated, So I Turned It Off! Expectations, Perceptions, and...
Even though personal firewalls are an important aspect of security for the users of personal computers, little attention has been given to their usability. We conducted semi-structured interviews with...
View ArticleToward Understanding Distributed Cognition in IT Security Management: The...
Information technology security management (ITSM) entails significant challenges, including the distribution of tasks and stakeholders across the organization, the need for security practitioners to...
View ArticleOpenID Security Analysis and Evaluation
OpenID is a promising user-centric Web single sign-on protocol. According to the OpenID Foundation, there are currently more than one billion OpenID-enabled user accounts provided by major service...
View ArticleSpeculative Authorization
As enterprises aim towards achieving zero latency for their systems, latency introduced by authorization process can act as an obstacle towards achieving their goal. We present...
View ArticleOpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On
OpenID is an open and promising Web single sign-on solution; however, the interaction flows provided by OpenID are inconsistent and counter-intuitive, and vulnerable to phishing attacks. In this work,...
View ArticlePromoting A Physical Security Mental Model For Personal Firewall Warnings
We used an iterative process to design personal firewall warnings in which the functionality of a firewall is visualized based on a physical security mental model. We performed a study to determine the...
View ArticleHeuristics for Evaluating IT Security Management Tools
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. However, ITSM occurs within a complex and collaborative context that...
View ArticleIs OpenID too Open? Technical, Business, and Human Issues That Get in the Way...
The web is essential for business and personal activities well beyond information retrieval, such online banking, financial transactions, and payment authorization, but reliable user authentication...
View ArticlePassword Managers, Single Sign-On, Federated ID: Have users signed up?
Users have not signed up for OpenId. This presentation describes results of interviews with some 50 participants of several user studies on Web SSO.
View ArticleImproving Malicious URL Re-Evaluation Scheduling Through an Empirical Study...
The retrieval and analysis of malicious content is an essential task for security researchers. At the same time, the distrib- utors of malicious files deploy countermeasures to evade the scrutiny of...
View Article
