1.
|
Towards Improving the Usability and Security of Web Single Sign-On Systems
/ San-Tsai Sun
[LERSSE-THESIS-2013-001]
OpenID and OAuth are open and lightweight web single sign-on (SSO) protocols that have been adopted by high-profile identity providers (IdPs), such as Facebook, Google, Microsoft, and Yahoo, and millions of relying party (RP) websites. [...]
Published in San-Tsai Sun, "Towards Improving the Usability and Security of Web Single Sign-On Systems," PhD dissertation, Department of Electrical and Computer Engineering, THE UNIVERSITY OF BRITISH COLUMBIA, November, 2013, pp.216:
Fulltext: PDF PDF (PDFA);
|
2.
|
Investigating Users' Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
/ San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al
[LERSSE-RefJnlPaper-2013-001]
OpenID and OAuth are open and simple web single sign-on (SSO) protocols that have been adopted by major service providers, and millions of supporting websites. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. Investigating users' perspectives of web single sign-on: Conceptual gaps and acceptance model. Accepted for publication in ACM Transactions on Internet Technology (TOIT) on June 4th, 2013.:
Fulltext: PDF PDF (PDFA);
|
3.
|
Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures
/ San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2012-001]
OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures. Computers & Security, Accepted 7 February 2012.:
Transfer from CDS 0.99.7: PDF;
|
4.
|
What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID
/ San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al
[LERSSE-RefConfPaper-2011-004]
OpenID is an open and promising Web single sign-on (SSO) solution. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. What makes users refuse web single sign-on? an empirical investigation of OpenID. In Proceedings of Symposium on Usable Privacy and Security, July 2011.:
Transfer from CDS 0.99.7: PDF;
|
5.
|
OpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On
/ San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al
[LERSSE-RefConfPaper-2011-001]
OpenID is an open and promising Web single sign-on solution; however, the interaction flows provided by OpenID are inconsistent and counter-intuitive, and vulnerable to phishing attacks. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, Konstantin Beznosov. OpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On. In Proceedings of the 29th International Conference Extended abstracts on Human Factors in Computing Systems (CHI '11), Vancouver, Canada, 2011.:
Transfer from CDS 0.99.7: PDF;
|
6.
|
OpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On Triangle
/ San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2010-007]
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. OpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On Triangle. In Proceedings of the Sixth ACM Workshop on Digital Identity Management (DIM), October 8 2010.:
Transfer from CDS 0.99.7: PDF;
|
7.
|
A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On
/ San-Tsai Sun ; Yazan Boshmaf ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2010-006]
OpenID and InfoCard are two mainstream Web single sign-on (SSO) solutions intended for Internet-scale adoption. [...]
Published in San-Tsai Sun, Yazan Boshmaf, Kirstie Hawkey, and Konstantin Beznosov. A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On. In Proceedings of the New Security Paradigms Workshop (NSPW), September 20-22, 2010. :
Transfer from CDS 0.99.7: PDF;
|
8.
|
Poster: OpenIDemail Enabled Browser, Towards Fixing the Broken Web Single Sign-On Triangle
/ San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-POSTER-2010-006]
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Poster: Openidemail enabled browser, towards fixing the broken web single sign-on triangl. poster at the SOUPS 2009, July 13th 2010.:
Transfer from CDS 0.99.7: PDF;
|
9.
|
Do Windows Users Follow the Principle of Least Privilege? Investigating User Account Control Practices
/ Sara Motiee ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2010-002]
The principle of least privilege requires that users and their programs be granted the most restrictive set of privileges possible to perform required tasks in order to limit the damages caused by security incidents. [...]
Published in Motiee, S., Hawkey, K., and Beznosov, K. 2010. Do windows users follow the principle of least privilege?: investigating user account control practices. In Proceedings of the Sixth Symposium on Usable Privacy and Security (Redmond, Washington, July 14 - 16, 2010). SOUPS '10, vol. 485. ACM, New York, NY, 1-13.:
Transfer from CDS 0.99.7: PDF;
|
10.
|
Open problems in Web 2.0 user content sharing
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-PRESENTATION-2010-001]
Users need useful mechanisms for sharing their Web 2.0 content with each other in a controlled manner across boundaries of content-hosting and service providers (CSPs). [...]
Published in San-Tsai Sun and Konstantin Beznosov, "Open problems in Web 2.0 user content sharing," presented at the iNetSec Workshop, Zurich, Switzerland, April 23th 2009, 44 pages.:
Transfer from CDS 0.99.7: PDF;
|