21.
|
Forecasting Suspicious Account Activity at Large-Scale Online Service Providers
/ Hassan Halawa ; Konstantin Beznosov ; Baris Coskun ; Meizhu Liu ; et al
[LERSSE-RefConfPaper-2018-003]
In the face of large-scale automated social engineering attacks to large online services, fast detection and remediation of compromised accounts are crucial to limit the spread of the attack and to mitigate the overall damage to users, companies, and the public at large. [...]
Published in In the proceedings of Twenty-Third International Conference on Financial Cryptography and Data Security (FC'19), St. Kitts, 2019:
Fulltext: Final-verson - PDF; FC19-1-CameraReady-a - PDF PDF (PDFA);
|
22.
|
Source Attribution of Cryptographic API Misuse in Android Applications
/ Ildar Muslukhov ; Yazan Boshmaf ; Konstantin Beznosov
[LERSSE-RefConfPaper-2018-002]
Recent research suggests that 88% of Android applications that use Java cryptographic APIs make at least one mistake, which results in an insecure implementation. [...]
Published in Ildar Muslukhov, Yazan Boshmaf, Konstantin Beznosov. Source Attribution of Cryptographic API Misuse in Android Applications. Proceedings of the 13th ACM ASIA Conference on Information, Computer and Communications Security (ACM ASIACCS '18), 2018.:
Fulltext: PDF PDF (PDFA);
|
23.
|
Contextualizing Privacy Decisions for Better Prediction (and Protection)
/ Primal Wijesekera ; Joel Reardon ; Irwin Reyes ; Lynn Tsai ; et al
[LERSSE-RefConfPaper-2018-001]
Modern mobile operating systems implement an ask-on-first-use policy to regulate applications’ access to private user data: the user is prompted to allow or deny access to a sensitive resource the first time an app attempts to use it. [...]
Published in Primal Wijesekera, Joel Reardon, Irwin Reyes, Lynn Tsai, Jung-Wei Chen, Nathan Good, David Wagner, Konstantin Beznosov, and Serge Egelman. Contextualizing Privacy Decisions for Better Prediction (and Protection). Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’18), 2018.:
Fulltext: PDF PDF (PDFA);
|
24.
|
The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences
/ Primal Wijesekera ; Arjun Baokar ; Lynn Tsai ; Joel Reardon ; et al
[LERSSE-RefConfPaper-2017-004]
Current smartphone operating systems regulate application permissions by prompting users on an ask-on-first-use basis. [...]
Published in P. Wijesekera, A. Baokar, L.Tsai, J. Reardon, S. Egelman, D. Wagner, K. Beznosov, “The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences,” in IEEE Symposium on Security and Privacy (IEEE S&P), San-Jose, CA, May 2017, 17 pages.:
Fulltext: PDF PDF (PDFA);
|
25.
|
Characterizing Social Insider Attacks on Facebook
/ Wali Ahmed Usmani ; Diogo Marques ; Ivan Beschastnikh ; Konstantin Beznosov ; et al
[LERSSE-RefConfPaper-2017-003]
Facebook accounts are secured against unauthorized access through passwords and device-level security. [...]
Published in W. A. Usmani, D. Marques, I. Beschastnikh, K. Beznosov, T. Guerreiro, L. Carrico, “Characterizing Social Insider Attacks on Facebook,” to appear in Proc. of the ACM Conference on Human Factors in Computing Systems (CHI), 2017, 11 pages.:
Fulltext: PDF PDF (PDFA);
|
26.
|
I’m too Busy to Reset my LinkedIn Password: On the Effectiveness of Password Reset Emails
/ Jun Ho Huh ; Hyoungshick Kim ; Swathi S.V.P. Rayala ; Rakesh B. Bobba ; et al
[LERSSE-RefConfPaper-2017-002]
A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. [...]
Published in J. H. Huh, H. Kim, S. S. V. Rayala, R. B. Bobba, K. Beznosov, “I’m too busy to reset my LinkedIn password: On the effectiveness of password reset emails,” to appear in Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), 2017, 5 pages.:
Fulltext: PDF PDF (PDFA);
|
27.
|
I Don’t Use Apple Pay Because It’s Less Secure ...: Perception of Security and Usability in Mobile Tap-and-Pay
/ Jun Ho Huh ; Saurabh Verma ; Swathi Sri V Rayala ; Rakesh B. Bobba ; et al
[LERSSE-RefConfPaper-2017-001]
This paper reports on why people use, not use, or have stopped using mobile tap-and-pay in stores. [...]
Published in J. H. Huh, S. Verma, S. S. V. Rayala, R. B. Bobba, K. Beznosov, H. Kim, “I Don’t Use Apple Pay Because It’s Less Secure ...: Perception of Security and Usability in Mobile Tap-and-Pay,” to appear in Proceedings of the Workshop on Usable Security (USEC), 2017, 12 pages.:
Fulltext: PDF PDF (PDFA);
|
28.
|
Harvesting the Low-hanging Fruits: Defending Against Automated Large-Scale Cyber-Intrusions by Focusing on the Vulnerable Populations
/ Hassan Halawa ; Konstantin Beznosov ; Yazan Boshmaf ; Baris Coskun ; et al
[LERSSE-RefConfPaper-2016-003]
The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic [...]
Published in In Proceedings of the New Security Paradigms Workshop (NSPW), September 26-29, 2016, Granby, CO, USA.:
Fulltext: PDF PDF (PDFA);
|
29.
|
Snooping on Mobile Phones: Prevalence and Trends
/ Diogo Marques ; Ildar Muslukhov ; Tiago Guerreiro ; Konstantin Beznosov ; et al
[LERSSE-RefConfPaper-2016-002]
Personal mobile devices keep private information which people other than the owner may try to access [...]
Published in Diogo Marques, Ildar Muslukhov, Tiago Guerreiro, Konstantin Beznosov and Luis Carrico. 2016. Snooping on Mobile Phones: Prevalence and Trends, SOUPS'16: Symposium On Usable Privacy and Security. Denver, Colorado, USA:
Fulltext: PDF PDF (PDFA);
|
30.
|
Sharing Health Information on Facebook: Practices, Preferences, and Risk Perceptions of North American Users
/ Sadegh Torabi ; Konstantin Beznosov
[LERSSE-RefConfPaper-2016-001]
Motivated by the benefits, people have used a variety of webbased services to share health information (HI) online. [...]
Published in Sadegh Torabi and Konstantin Beznosov. 2016. Sharing Health Information on Facebook: Practices, Preferences, and Risk Perceptions of North American Users, SOUPS'16: Symposium On Usable Privacy and Security. Denver, Colorado, USA:
Fulltext: PDF PDF (PDFA);
|