Results overview: Found 272 records in 0.02 seconds.
Refereed Journal Papers, 22 records found
Refereed Conference Papers, 102 records found
Books, 3 records found
Theses, 1 records found
Unrefereed Conference Papers, 6 records found
Technical Reports, 30 records found
Talks/Presentations, 85 records found
Posters, 20 records found
etc, 3 records found
Refereed Journal Papers 22 records found  
1. Android users in the wild: Their authentication and usage behavior / Ahmed Mahfouz ; Ildar Muslukhov ; Konstantin Beznosov [LERSSE-RefJnlPaper-2017-002]
In this paper, we performed a longitudinal field study with 41 participants, who installed our monitoring framework on their Android smartphones and ran it for at least 20 days. [...]
Published in A. Mahfouz, I. Muslukhov, K. Beznosov, “Android users in the wild: Their authentication and usage behavior,” Pervasive and Mobile Computing, v. 32, 2016, 50-61.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
2. Decoupling data-at-rest encryption and smartphone locking with wearable devices / Ildar Muslukhov ; San-Tsai Sun ; Primal Wijesekera ; Yazan Boshmaf ; et al [LERSSE-RefJnlPaper-2017-001]
Smartphones store sensitive and confidential data, e.g., business related documents or emails. [...]
Published in I. Muslukhov, S.-T. Sun, P. Wijesekera, Y. Boshmaf, K. Beznosov, “Decoupling data-at-rest encryption and smartphone locking with wearable devices,” Pervasive and Mobile Computing, v. 32, 2016, 26-34.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
3. Phishing threat avoidance behaviour: An empirical investigation / Nalin Asanka Gamagedara Arachchilage ; Steve Love ; Konstantin Beznosov [LERSSE-RefJnlPaper-2016-001]
Abstract Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. [...]
Published in Nalin Asanka Gamagedara Arachchilage, Steve Love, Konstantin Beznosov, Phishing threat avoidance behaviour: An empirical investigation, Computers in Human Behavior, Volume 60, July 2016, Pages 185-197, ISSN 0747-5632:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
4. Heuristics for Evaluating IT Security Management Tools / Pooya Jaferian ; Kirstie Hawkey ; Andreas Sotirakopoulos ; Maria Velez-Rojas ; et al [LERSSE-RefJnlPaper-2013-002]
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. [...]
Published in Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, Maria Velez-Rojas, Konstantin Beznosov, Heuristics for Evaluating IT Security Management Tools, Accepted in Human–Computer Interaction, doi:10.1080/07370024.2013.819198.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
5. Investigating Users' Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model / San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al [LERSSE-RefJnlPaper-2013-001]
OpenID and OAuth are open and simple web single sign-on (SSO) protocols that have been adopted by major service providers, and millions of supporting websites. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. Investigating users' perspectives of web single sign-on: Conceptual gaps and acceptance model. Accepted for publication in ACM Transactions on Internet Technology (TOIT) on June 4th, 2013.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
6. Speculative Authorization / Pranab Kini ; Konstantin Beznosov [LERSSE-RefJnlPaper-2012-003]
We present Speculative Authorization (SPAN), a prediction technique that reduces authorization latency in enterprise systems. [...]
Published in Pranab Kini, Konstantin Beznosov, "Speculative Authorization," IEEE Transactions on Parallel and Distributed Systems, 10 Aug. 2012.:
Transfer from CDS 0.99.7: Download fulltextPDF;
7. Design and Analysis of a Social Botnet / Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-RefJnlPaper-2012-002]
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. Design and Analysis of a Social Botnet. Elsevier Journal of Computer Network - Special Issue on Botnets, 2012.:
Transfer from CDS 0.99.7: Download fulltextPDF;
8. Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures / San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefJnlPaper-2012-001]
OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures. Computers & Security, Accepted 7 February 2012.:
Transfer from CDS 0.99.7: Download fulltextPDF;
9. Analysis of ANSI RBAC Support in EJB / Wesam Darwish ; Konstantin Beznosov [LERSSE-RefJnlPaper-2011-001]
This paper analyzes access control mechanisms of the Enterprise Java Beans (EJB) architecture and defines a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB 3.0 standard. [...]
Published in Wesam Darwish and Konstantin Beznosov. Analysis of ANSI RBAC support in EJB. International Journal of Secure Software Engineering, 2(2):25-52, April-June 2011.:
Transfer from CDS 0.99.7: Download fulltextPDF;
10. Toward Understanding Distributed Cognition in IT Security Management: The Role of Cues and Norms / David Botta ; Kasia Muldner ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefJnlPaper-2010-002]
Information technology security management (ITSM) entails significant challenges, including the distribution of tasks and stakeholders across the organization, the need for security practitioners to cooperate with others, and technological complexity. [...]
Published in 1. D. Botta, K. Muldner, K. Hawkey, and K. Beznosov, “Toward Understanding Distributed Cognition in IT Security Management: The Role of Cues and Norms,” accepted for publication to the International Journal of Cognition, Technology and Work on 16 / Aug / 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
11. Analysis of ANSI RBAC Support in COM+ / Wesam Darwish ; Konstantin Beznosov [LERSSE-RefJnlPaper-2010-001]
We analyze access control mechanisms of the COM+ architecture and define a configuration of the COM+ protection system in more precise and less ambiguous language than the COM+ documentation. [...]
Published in Darwish, W. and Beznosov, K. Analysis of ANSI RBAC Support in COM+. Comput. Stand. Interfaces 32, 4 (Jan. 2010), 197-214. :
Transfer from CDS 0.99.7: Download fulltextPDF;
12. Authorization Recycling in Hierarchical RBAC Systems / Qiang Wei ; Jason Crampton ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-RefJnlPaper-2009-014]
As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. [...]
Published in Q. Wei, J. Crampton, K. Beznosov, M. Ripeanu, “Authorization Recycling in Hierarchical RBAC Systems,” to appear in ACM Transactions on Information and System Security (TISSEC), 32 pages, preprint.:
Transfer from CDS 0.99.7: Download fulltextPDF;
13. Preparation, detection, and analysis: the diagnostic work of IT security incident response / Rodrigo Werlinger ; Kasia Muldner ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefJnlPaper-2009-013]
Purpose — The purpose of this study is to examine security incident response practices of IT security practitioners as a diagnostic work process, including the preparation phase, detection, and analysis of anomalies. [...]
Published in Rodrigo Werlinger, Kasia Muldner, Kirstie Hawkey, and Konstantin Beznosov. Preparation, detection, and analysis: the diagnostic work of IT security incident response. Journal of Information Management & Computer Security, 18(1):26-42, January 2010. :
Transfer from CDS 0.99.7: Download fulltextPDF;
14. Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks / San-Tsai Sun ; Konstantin Beznosov [LERSSE-RefJnlPaper-2009-012]
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs) without the involvement of application developers. [...]
Published in Sun-Tsai Sun and Konstantin Beznosov. Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks. In International Journal of Secure Software Engineering, pages 20-40, 1(1), January 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
15. Identification of sources of failures and their propagation in critical infrastructures from 12 years of public failure reports / Hafiz Abdur Rahman ; Konstantin Beznosov ; José R. Martí [LERSSE-RefJnlPaper-2009-010]
Understanding the origin of infrastructure failures and their propagation patterns in critical infrastructures can provide important information for secure and reliable infrastructure design. [...]
Published in Hafiz Abdur Rahman, Konstantin Beznosov and José R. Martí, "Identification of sources of failures and their propagation in critical infrastructures from 12 years of public failure reports ", International Journal of Critical Infrastructures 2009 - Vol. 5, No.3 pp. 220 - 244:
Transfer from CDS 0.99.7: Download fulltextPDF;
16. An integrated view of human, organizational, and technological challenges of IT security management / Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefJnlPaper-2009-009]
Abstract Purpose – The purpose of this study is to determine the main challenges that IT security practitioners face in their organizations, including the interplay among human, organizational, and technological factors [...]
Published in Rodrigo Werlinger, Kirstie Hawkey and Konstantin Beznosov, "An integrated view of human, organizational, and technological challenges of IT security management", Information Management & Computer Security, vol. 17, n. 1, 2009, pp.4-19.:
Transfer from CDS 0.99.7: Download fulltextPDF;
17. Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders within Organizations / Rodrigo Werlinger ; Kirstie Hawkey ; David Botta ; Konstantin Beznosov [LERSSE-RefJnlPaper-2009-007]
This study investigates the context of interactions of IT security practitioners, based on a qualitative analysis of 30 interviews and participatory observation. [...]
Published in Rodrigo Werlinger, Kirstie Hawkey, David Botta, Konstantin Beznosov, "Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders within Organizations", International Journal of Human-Computer Studies, 67(7):584–606, March 2009. :
Transfer from CDS 0.99.7: Download fulltextPDF;
18. On the Imbalance of the Security Problem Space and its Expected Consequences / Konstantin Beznosov ; Olga Beznosova [LERSSE-RefJnlPaper-2008-006]
Purpose – This paper aims to report on the results of an analysis of the computer security problem space, to suggest the areas with highest potential for making progress in the attacker-defender game, and to propose questions for future research. [...]
Published in Konstantin Beznosov and Olga Beznosova, "On the Imbalance of the Security Problem Space and its Expected Consequences," Journal of Information Management & Computer Security, Emerald, vol. 15 n.5, September 2007, pp.420-431.:
Transfer from CDS 0.99.7: Download fulltextPDF;
19. Cooperative Secondary Authorization Recycling / Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-RefJnlPaper-2008-005]
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are facing challenges of fragility and poor scalability. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," IEEE Transactions on Parallel and Distributed Systems, vol. 20 n.2, February 2009, pp.275-288.:
Transfer from CDS 0.99.7: Download fulltextPDF;
20. Searching for the Right Fit: Balancing IT Security Management Model Trade-Offs / Kirstie Hawkey ; Kasia Muldner ; Konstantin Beznosov [LERSSE-RefJnlPaper-2008-004]
IT security professionals’ effectiveness in an organization is influenced not only by how usable their security management tools are but also by how well the organization’s security management model (SMM) fits. [...]
Published in Kirstie Hawkey, Kasia Muldner and Konstantin Beznosov, "Searching for the Right Fit Balancing IT Security Management Model Trade-Offs", Special Issue on Useful Computer Security, IEEE Internet Computing Magazine, 12(3), 2008, p. 22-30.:
Transfer from CDS 0.99.7: Download fulltextPDF;
21. Multiple-Channel Security Architecture and Its Implementation over SSL / Yong Song ; Konstantin Beznosov ; Victor C.M. Leung [LERSSE-RefJnlPaper-2006-003]
This paper presents multiple-channel SSL (MC-SSL), an architecture and protocol for protecting client-server communications. [...]
Published in Song, Y., Beznosov, K., and Leung, V. C. Multiple-channel security architecture and its implementation over SSL. EURASIP J. EURASIP Journal on Wireless Communications and Networking. 2006, 2 (Apr. 2006), 78-78.:
Transfer from CDS 0.99.7: Download fulltextPDF;
22. Supporting end-to-end Security Across Proxies with Multiple-Channel SSL / Yi Deng ; Jiacun Wang ; Jeffrey J. P. Tsai ; Konstantin Beznosov [LERSSE-RefJnlPaper-2005-002]
Security system architecture governs the composition of components in security systems and interactions between them [...]
Published in Yong Song, Victor C. M. Leung, Konstantin Beznosov, Supporting end-to-end Security Across Proxies with Multiple-Channel SSL, Security and Protection in Information Processing Systems, Vol 147, 2004, 323-337 :
Transfer from CDS 0.99.7: Download fulltextPDF;

Refereed Conference Papers 102 records found  
1. Users’ Expectations, Experiences, and Concerns With COVID Alert, an Exposure-Notification App / Yue Huang ; Borke Obada-Obieh ; Satya Lokam ; Konstantin Beznosov [LERSSE-RefConfPaper-2022-005]
We conducted semi-structured interviews with 20 users of Canada’s exposure-notification app, COVID Alert. [...]
Published in Yue Huang, Borke Obada-Obieh, Satya Lokam, and Konstantin Beznosov. 2022. Users’ Expectations, Experiences, and Concerns With COVID Alert, an Exposure-Notification App. Proceeding of ACM Human-Computer Interact. 6, CSCW2, https://doi.org/10.1145/3555770:
Fulltext: Download fulltextPDF;
2. Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User Access-Control Solutions on Smartphones / Masoud Mehrabi Koushki ; Yue Huang ; Julia Rubin ; Konstantin Beznosov [LERSSE-RefConfPaper-2022-004]
The incumbent all-or-nothing model of access control on smartphones has been known to dissatisfy users, due to high overhead (both cognitive and physical) and lack of device-sharing support. [...]
Published in Masoud Mehrabi Koushki, Yue Huang, Julia Rubin, and Konstantin Beznosov. Neither Access nor Control: A Longitudinal Investigation of The Efficacy of User Access Control Solutions on Smartphones. In Proceedings of the 31st USENIX Security Symposium, 2022.:
Fulltext: Download fulltextPDF;
3. Users' Perceptions of Chrome's Compromised Credential Notification / Yue Huang ; Borke Obada-Obieh ; Konstantin Beznosov [LERSSE-RefConfPaper-2022-003]
This paper reports the challenges that users experienced and their concerns regarding the Chrome compromised credentials notification. [...]
Published in Yue Huang, Borke Obada-Obieh, and Konstantin Beznosov, Users' Perceptions of Chrome’s Compromised Credential Notification, In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022):
Fulltext: Download fulltextPDF;
4. SoK: The Dual Nature of Technology in Sexual Abuse / Borke Obada-Obieh, ; Yue Huang, ; Lucrezia Spagnolo, ; Konstantin Beznosov [LERSSE-RefConfPaper-2022-002]
This paper systematizes and contextualizes the ex- isting body of knowledge on technology’s dual nature regarding sexual abuse: facilitator of it and assistant to its prevention, reporting, and restriction. [...]
Published in Borke Obada-Obieh,Yue Huang, Lucrezia Spagnolo, & Konstantin Beznosov. (2022, May). SoK: The Dual Nature of Technology in Sexual Assault. In Proceedings of the Forty-Third Symposium of the Institute of Electrical and Electronics Engineers, Security and Privacy (IEEE S&P 2022):
Fulltext: Download fulltextPDF;
5. COVID-19 Information-Tracking Solutions: A Qualitative Investigation of the Factors Influencing People’s Adoption Intention / Yue Huang ; Borke Obada-Obieh ; Elissa M. Redmiles ; Satya Lokam ; et al [LERSSE-RefConfPaper-2022-001]
Numerous information-tracking solutions have been implemented worldwide to fight the COVID-19 pandemic. [...]
Published in Yue Huang, Borke Obada-Obieh, Elissa M. Redmiles, Satya Lokam, and Konstantin Beznosov. 2022. COVID 19 Information-Tracking Solutions: A Qualitative Investigation of the Factors Influencing People’s Adoption Intention. In Proceedings of the 2022 ACM SIGIR Conference on Human Information Interaction and Retrieval (CHIIR ’22), March 14–18, 2022, Regensburg, Germany. ACM, New York, NY, USA, 23 pages. https://doi.org/10.1145/3498366.3505756:
Fulltext: Download fulltextPDF;
6. Challenges and Threats of Mass Telecommuting: A Qualitative Study of Workers / Borke Obada-Obieh ; Yue Huang ; Konstantin Beznosov [LERSSE-RefConfPaper-2021-008]
This paper reports the security and privacy challenges and threats that people experience while working from home. [...]
Published in Obada-Obieh, B., Huang, Y., & Beznosov, K. (2021, August). Challenges and Threats of Mass Telecommuting: A Qualitative Study of Workers. In Seventeenth Symposium on Usable Privacy and Security ({SOUPS} 2021) (pp. 675-694).:
Fulltext: Download fulltextPDF;
7. What Makes Security-Related Code Examples Different / Azadeh Mokhberi ; Tiffany Quon ; Konstantin Beznosov [LERSSE-RefConfPaper-2021-007]
Developers relying on code examples (CEs) in software engineering can impact code security. [...]
Published in Azadeh Mokhberi, Tiffany Quon, Konstantin Beznosov. What Makes Security-Related Code Examples Different. In The 7th Workshop on Security Information Workers at SOUPS workshops, 2021.:
Fulltext: Download fulltextPDF;
8. SoK: Human, Organizational, and Technological Dimensions of Developers’ Challenges in Engineering Secure Software / Azadeh Mokhberi ; Konstantin Beznosov [LERSSE-RefConfPaper-2021-006]
Despite all attempts to improve software security, vulnerabilities are still propagated within software. [...]
Published in Azadeh Mokhberi, Konstantin Beznosov. SoK: Human, Organizational, and Technological Dimensions of Developers’ Challenges in Engineering Secure Software. Proceedings of the ACM European Symposium on Usable Security (ACM EuroUSEC'21), 2021:
Fulltext: Download fulltextPDF;
9. Non-Adoption Of Crypto-Assets: Exploring The Role Of Trust, Self-Efficacy, And Risk / Artemij Voskobojnikov ; Svetlana Abramova ; Konstantin Beznosov ; Rainer Böhme [LERSSE-RefConfPaper-2021-005]
Over the last years, crypto-assets have gained significant interest from private investors, academia, and industry. [...]
Published in Voskobojnikov, Artemij; Abramova, Svetlana; Beznosov, Konstantin (Kosta); and Böhme, Rainer, “Non-Adoption of Crypto-Assets: Exploring the Role of Trust, Self-Efficacy, and Risk” (2021). In Proceedings of the 29th European Conference on Information Systems (ECIS), An Online AIS Conference, June 14-16, 2021.:
Fulltext: Download fulltextPDF;
10. Security Notifications in Static Analysis Tools: Developers’ Attitudes, Comprehension, and Ability to Act on Them / Mohammad Tahaei ; Kami Vaniea ; Konstantin Beznosov ; Maria K. Wolters [LERSSE-RefConfPaper-2021-004]
Static analysis tools (SATs) have the potential to assist developers in finding and fixing vulnerabilities in the early stages of software development, requiring them to be able to understand and act on tools’ notifications. [...]
Published in Mohammad Tahaei, Kami Vaniea, Konstantin Beznosov, Maria K. Wolters. Security Notifications in Static Analysis Tools: Developers’ Attitudes, Comprehension, and Ability to Act on Them. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'21), 2021:
Fulltext: Download fulltextPDF;
11. On Smartphone Users’ Difficulty with Understanding Implicit Authentication / Masoud Mehrabi Koushki ; Borke Obada-Obieh ; Jun Ho Huh ; Konstantin Beznosov [LERSSE-RefConfPaper-2021-003]
Implicit authentication (IA) has recently become a popular approach for providing physical security on smartphones. [...]
Published in Masoud Mehrabi Koushki, Borke Obada-Obieh, Jun Ho Huh, Konstantin Beznosov. On Smartphone Users’ Difficulty with Understanding Implicit Authentication. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'21), 2021.:
Fulltext: Download fulltextPDF;
12. The U in Crypto Stands for Usable: An Empirical Study of User Experience with Mobile Cryptocurrency Wallets / Artemij Voskobojnikov ; Oliver Wiese ; Masoud Mehrabi Koushki ; Volker Roth ; et al [LERSSE-RefConfPaper-2021-002]
In a corpus of 45,821 app reviews of the top five mobile cryptocurrency wallets, we identified and qualitatively analyzed 6,859 reviews pertaining to the user experience (UX) with those wallets. [...]
Published in Artemij Voskobojnikov, Oliver Wiese, Masoud Mehrabi Koushki, Volker Roth, Konstantin Beznosov. The U in Crypto Stands for Usable: An Empirical Study of User Experience with Mobile Cryptocurrency Wallets. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'21), 2021.:
Fulltext: Download fulltextPDF;
13. Bits Under the Mattress: Understanding Different Risk Perceptions and Security Behaviors of Crypto-Asset Users / Svetlana Abramova ; Artemij Voskobojnikov ; Konstantin Beznosov ; Rainer Böhme [LERSSE-RefConfPaper-2021-001]
Crypto-assets are unique in tying financial wealth to the secrecy of private keys. [...]
Published in Svetlana Abramova, Artemij Voskobojnikov, Konstantin Beznosov, Rainer Böhme. Bits Under the Mattress: Understanding Different Risk Perceptions and Security Behaviors of Crypto-Asset Users. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'21), 2021.:
Fulltext: Download fulltextPDF;
14. Is Implicit Authentication on Smartphones Really Popular? On Android Users’ Perception of “Smart Lock for Android” / Masoud Mehrabi Koushki ; Borke Obada-Obieh ; Jun Ho Huh ; Konstantin Beznosov [LERSSE-RefConfPaper-2020-005]
Implicit authentication (IA) on smartphones has gained a lot of attention from the research community over the past decade. [...]
Published in Masoud Mehrabi Koushki, Borke Obada-Obieh, Jun Ho Huh, Konstantin Beznosov. Is Implicit Authentication on Smartphones Really Popular? On Android Users’ Perception of “Smart Lock for Android”. In the Proceedings of Twenty-Second International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI 2020), Virtual Conference, 2020.:
Fulltext: Download fulltextPDF;
15. Towards Understanding Privacy and Trust in Online Reporting of Sexual Assault / Borke Obada-Obieh ; Lucrezia Spagnolo ; Konstantin Beznosov [LERSSE-RefConfPaper-2020-004]
According to the United States Department of Justice, every 73 seconds, an American is sexually assaulted. [...]
Published in Borke Obada-Obieh, Lucrezia Spagnolo, and Konstantin Beznosov. "Towards Understanding Privacy and Trust in Online Reporting of Sexual Assault." In Proceedings of the Sixteenth Symposium on Usable Privacy and Security (SOUPS), 2020.:
Fulltext: Download fulltextPDF;
16. Surviving the Cryptojungle: Perception and Management of Risk Among North American Cryptocurrency (Non)Users / Artemij Voskobojnikov ; Borke Obada-Obieh ; Yue Huang ; Konstantin Beznosov [LERSSE-RefConfPaper-2020-003]
With the massive growth of cryptocurrency markets in recent years has come an influx of new users and investors, pushing the overall number of owners into the millions. [...]
Published in Artemij Voskobojnikov, Borke Obada-Obieh, Yue Huang, Konstantin Beznosov. Surviving the Cryptojungle: Perception and Management of Risk Among North American Cryptocurrency (Non)Users. In the Proceedings of Twenty-Fourth International Conference on Financial Cryptography and Data Security (FC'20), Kota Kinabalu, 2020:
Fulltext: Download fulltextPDF;
17. The Burden of Ending Online Account Sharing / Borke Obada-Obieh ; Yue Huang ; Konstantin Beznosov [LERSSE-RefConfPaper-2020-002]
Many people share online accounts, even in situations where high privacy and security are expected. [...]
Published in Borke Obada-Obieh, Yue Huang, Konstantin Beznosov. The Burden of Ending Online Account Sharing. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'20), 2020.:
Fulltext: Download fulltextPDF;
18. Amazon vs. My Brother: How Users of Shared Smart Speakers Perceive and Cope with Privacy Risks / Yue Huang ; Borke Obada-Obieh ; Konstantin Beznosov [LERSSE-RefConfPaper-2020-001]
With the rapid adoption of smart speakers in people’s homes, there is a corresponding increase in users’ privacy and security concerns. [...]
Published in Yue Huang, Borke Obada-Obieh, Konstantin Beznosov. Amazon vs. My Brother: How Users of Shared Smart Speakers Perceive and Cope with Privacy Risks. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'20), 2020, pages 402:1-13.:
Fulltext: Download fulltextPDF;
19. Vulnerability & Blame: Making Sense of Unauthorized Access to Smartphones / Diogo Marques ; Tiago Guerreiro ; Luís Carriço ; Ivan Beschastnikh ; et al [LERSSE-RefConfPaper-2019-002]
Unauthorized physical access to personal devices by people known to the owner of the device is a common concern, and a common occurrence. [...]
Published in In Proceedings of CHI 2019, Glasgow, UK:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
20. Towards Understanding the Link Between Age and Smartphone Authentication / Lina Qiu ; Alexander De Luca ; Ildar Muslukhov ; Konstantin Beznosov [LERSSE-RefConfPaper-2019-001]
While previous work on smartphone (un)locking has revealed real world usage patterns, several aspects still need to be explored. [...]
Published in In Proceedings of CHI 2019, Glasgow, UK:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
21. Forecasting Suspicious Account Activity at Large-Scale Online Service Providers / Hassan Halawa ; Konstantin Beznosov ; Baris Coskun ; Meizhu Liu ; et al [LERSSE-RefConfPaper-2018-003]
In the face of large-scale automated social engineering attacks to large online services, fast detection and remediation of compromised accounts are crucial to limit the spread of the attack and to mitigate the overall damage to users, companies, and the public at large. [...]
Published in In the proceedings of Twenty-Third International Conference on Financial Cryptography and Data Security (FC'19), St. Kitts, 2019:
Fulltext: Final-verson - Download fulltextPDF; FC19-1-CameraReady-a - Download fulltextPDF Download fulltextPDF (PDFA);
22. Source Attribution of Cryptographic API Misuse in Android Applications / Ildar Muslukhov ; Yazan Boshmaf ; Konstantin Beznosov [LERSSE-RefConfPaper-2018-002]
Recent research suggests that 88% of Android applications that use Java cryptographic APIs make at least one mistake, which results in an insecure implementation. [...]
Published in Ildar Muslukhov, Yazan Boshmaf, Konstantin Beznosov. Source Attribution of Cryptographic API Misuse in Android Applications. Proceedings of the 13th ACM ASIA Conference on Information, Computer and Communications Security (ACM ASIACCS '18), 2018.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
23. Contextualizing Privacy Decisions for Better Prediction (and Protection) / Primal Wijesekera ; Joel Reardon ; Irwin Reyes ; Lynn Tsai ; et al [LERSSE-RefConfPaper-2018-001]
Modern mobile operating systems implement an ask-on-first-use policy to regulate applications’ access to private user data: the user is prompted to allow or deny access to a sensitive resource the first time an app attempts to use it. [...]
Published in Primal Wijesekera, Joel Reardon, Irwin Reyes, Lynn Tsai, Jung-Wei Chen, Nathan Good, David Wagner, Konstantin Beznosov, and Serge Egelman. Contextualizing Privacy Decisions for Better Prediction (and Protection). Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’18), 2018.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
24. The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences / Primal Wijesekera ; Arjun Baokar ; Lynn Tsai ; Joel Reardon ; et al [LERSSE-RefConfPaper-2017-004]
Current smartphone operating systems regulate application permissions by prompting users on an ask-on-first-use basis. [...]
Published in P. Wijesekera, A. Baokar, L.Tsai, J. Reardon, S. Egelman, D. Wagner, K. Beznosov, “The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences,” in IEEE Symposium on Security and Privacy (IEEE S&P), San-Jose, CA, May 2017, 17 pages.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
25. Characterizing Social Insider Attacks on Facebook / Wali Ahmed Usmani ; Diogo Marques ; Ivan Beschastnikh ; Konstantin Beznosov ; et al [LERSSE-RefConfPaper-2017-003]
Facebook accounts are secured against unauthorized access through passwords and device-level security. [...]
Published in W. A. Usmani, D. Marques, I. Beschastnikh, K. Beznosov, T. Guerreiro, L. Carrico, “Characterizing Social Insider Attacks on Facebook,” to appear in Proc. of the ACM Conference on Human Factors in Computing Systems (CHI), 2017, 11 pages.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
26. I’m too Busy to Reset my LinkedIn Password: On the Effectiveness of Password Reset Emails / Jun Ho Huh ; Hyoungshick Kim ; Swathi S.V.P. Rayala ; Rakesh B. Bobba ; et al [LERSSE-RefConfPaper-2017-002]
A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. [...]
Published in J. H. Huh, H. Kim, S. S. V. Rayala, R. B. Bobba, K. Beznosov, “I’m too busy to reset my LinkedIn password: On the effectiveness of password reset emails,” to appear in Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), 2017, 5 pages.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
27. I Don’t Use Apple Pay Because It’s Less Secure ...: Perception of Security and Usability in Mobile Tap-and-Pay / Jun Ho Huh ; Saurabh Verma ; Swathi Sri V Rayala ; Rakesh B. Bobba ; et al [LERSSE-RefConfPaper-2017-001]
This paper reports on why people use, not use, or have stopped using mobile tap-and-pay in stores. [...]
Published in J. H. Huh, S. Verma, S. S. V. Rayala, R. B. Bobba, K. Beznosov, H. Kim, “I Don’t Use Apple Pay Because It’s Less Secure ...: Perception of Security and Usability in Mobile Tap-and-Pay,” to appear in Proceedings of the Workshop on Usable Security (USEC), 2017, 12 pages.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
28. Harvesting the Low-hanging Fruits: Defending Against Automated Large-Scale Cyber-Intrusions by Focusing on the Vulnerable Populations / Hassan Halawa ; Konstantin Beznosov ; Yazan Boshmaf ; Baris Coskun ; et al [LERSSE-RefConfPaper-2016-003]
The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic [...]
Published in In Proceedings of the New Security Paradigms Workshop (NSPW), September 26-29, 2016, Granby, CO, USA.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
29. Snooping on Mobile Phones: Prevalence and Trends / Diogo Marques ; Ildar Muslukhov ; Tiago Guerreiro ; Konstantin Beznosov ; et al [LERSSE-RefConfPaper-2016-002]
Personal mobile devices keep private information which people other than the owner may try to access [...]
Published in Diogo Marques, Ildar Muslukhov, Tiago Guerreiro, Konstantin Beznosov and Luis Carrico. 2016. Snooping on Mobile Phones: Prevalence and Trends, SOUPS'16: Symposium On Usable Privacy and Security. Denver, Colorado, USA:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
30. Sharing Health Information on Facebook: Practices, Preferences, and Risk Perceptions of North American Users / Sadegh Torabi ; Konstantin Beznosov [LERSSE-RefConfPaper-2016-001]
Motivated by the benefits, people have used a variety of webbased services to share health information (HI) online. [...]
Published in Sadegh Torabi and Konstantin Beznosov. 2016. Sharing Health Information on Facebook: Practices, Preferences, and Risk Perceptions of North American Users, SOUPS'16: Symposium On Usable Privacy and Security. Denver, Colorado, USA:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
31. Android Rooting: Methods, Detection, and Evasion / San-Tsai Sun ; Andrea Cuadros ; Konstantin Beznosov [LERSSE-RefConfPaper-2015-007]
Android rooting enables device owners to freely customize their own devices and run useful apps that require root privileges. [...]
Published in San-Tsai Sun, Andrea Cuadros and Konstantin Beznosov. Android Rooting: Methods, Detection, and Evasion. Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, October 2015.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
32. Surpass: System-initiated User-replaceable Passwords / Jun Ho Huh ; Seongyeol Oh ; Hyoungshick Kim ; Konstantin Beznosov [LERSSE-RefConfPaper-2015-006]
System-generated random passwords have maximum pass- word security and are highly resistant to guessing attacks. [...]
Published in Jun Ho Huh, Seongyeol Oh, Hyoungshick Kim and Konstantin Beznosov. Surpass: System-initiated User-replaceable Passwords. In Proceedings of ACM Conference on Computer and Communications Security (CCS'15), October 2015.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
33. Thwarting Fake OSN Accounts by Predicting their Victims / Yazan Boshmaf ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-RefConfPaper-2015-005]
Traditional defense mechanisms for fighting against automated fake accounts in online social networks are victim-agnostic. [...]
Published in Yazan Boshmaf, Matei Ripeanu, Konstantin Beznosov. Thwarting Fake OSN Accounts by Predicting their Victims. In Proceedings of the 2015 Workshop on Artificial Intelligent and Security Workshop (AISec'15), Denver, Colorado, USA, Oct, 2015:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
34. Android Permissions Remystified: A Field Study on Contextual Integrity / Primal Wijesekera ; Arjun Baokar ; Ashkan Hosseini ; Serge Egelman ; et al [LERSSE-RefConfPaper-2015-004]
We instrumented the Android platform to collect data regarding how often and under what circumstances smartphone applications access protected resources regulated by permissions. [...]
Published in Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David Wagner and Konstantin Beznosov. 2015. Android Permissions Remystified: A Field Study on Contextual Integrity. USENIX Security 2015, Washington DC, USA.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
35. On the Memorability of System-generated PINs: Can Chunking Help? / Jun Ho Huh ; Hyoungschick Kim ; Rakesh B. Bobba ; Masooda N. Bashir ; et al [LERSSE-RefConfPaper-2015-003]
To ensure that users do not choose weak personal identification numbers (PINs), many banks give out system-generated random PINs. [...]
Published in Jun Ho Huh, Hyoungschick Kim, Rakesh B. Bobba, Masooda N. Bashir and Konstantin Beznosov. 2015. On the Memorability of System-generated PINs: Can Chunking Help? SOUPS'15: Symposium On Usable Privacy and Security. Ottawa, Ontario, Canada:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
36. A Study on the Influential Neighbors to Maximize Information Diffusion in Online Social Networks / Hyoungshick Kim ; Konstantin Beznosov ; Eiko Yoneki [LERSSE-RefConfPaper-2015-002]
The problem of spreading information is a topic of considerable recent interest, but the traditional influence maximization problem is inadequate for a typical viral marketer who cannot access the entire network topology. [...]
Published in Kim, K. Beznosov, and E. Yoneki, “A Study on the Influential Neighbors to Maximize Information Diffusion in Online Social Networks” in Computational Social Networks, February 2015, v2n3.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
37. On the Impact of Touch ID on iPhone Passcodes / Ivan Cherapau ; Ildar Muslukhov ; Nalin Asanka ; Konstantin Beznosov [LERSSE-RefConfPaper-2015-001]
Smartphones today store large amounts of data that can be confidential, private or sensitive. [...]
Published in LERSSE-RefConfPaper-2015-001:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
38. Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs / Yazan Boshmaf ; Dionysios Logothetis ; Georgos Siganos ; Jorge Leria ; et al [LERSSE-RefConfPaper-2014-004]
Detecting fake accounts in online social networks (OSNs) protects OSN operators and their users from various malicious activities. [...]
Published in Boshmaf et al. "Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs" In proceedings the 2015 Network and Distributed System Security Symposium (NDSS'15), San Diego, USA.:
Fulltext: NDSS_260_Final - Download fulltextPDF Download fulltextPDF (PDFA); boshmaf_ndss_2015 - Download fulltextPDF Download fulltextPDF (PDFA);
39. To authorize or not authorize: helping users review access policies in organizations / Pooya Jaferian ; Hootan Rashtian ; Konstantin Beznosov [LERSSE-RefConfPaper-2014-003]
This work addresses the problem of reviewing complex access policies in an organizational context using two studies [...]
Published in Pooya Jaferian, Hootan Rashtian, and Konstantin Beznosov. 2014. To authorize or not authorize: helping users review access policies in organizations. SOUPS'14: Symposium On Usable Privacy and Security. Menlo Park, CA.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
40. To Befriend Or Not? A Model of Friend Request Acceptance on Facebook / Hootan Rashtian ; Yazan Boshmaf ; Pooya Jaferian ; Konstantin Beznosov [LERSSE-RefConfPaper-2014-002]
Accepting friend requests from strangers in Facebook-like online social networks is known to be a risky behavior. [...]
Published in Rashtian, H., Boshmaf, Y., Jaferian, P., Beznosov, K. (2014, July). To Befriend Or Not? A Model of Friend Request Acceptance on Facebook. In Proceedings of the 10th symposium on Usable Privacy and Security. ACM.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
41. Finding Influential Neighbors to Maximize Information Diffusion in Twitter / Hyoungshick Kim ; Konstantin Beznosov ; Eiko Yoneki [LERSSE-RefConfPaper-2014-001]
The problem of spreading information is a topic of considerable recent interest, but the traditional influence maximization problem is inadequate for a typical viral marketer who cannot access the entire network topology. [...]
Published in Finding Influential Neighbors to Maximize Information Diffusion in Twitter, Hyoungshick Kim, Konstantin Beznosov, and Eiko Yoneki, WWW’14 Companion, April 7–11, 2014, Seoul, Korea.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
42. Privacy Aspects of Health Related Information Sharing in Online Social Networks / Sadegh Torabi ; Konstantin Beznosov [LERSSE-RefConfPaper-2013-003]
Online social networks (OSNs) have formed virtual social networks where people meet and share information. [...]
Published in Sadegh Torabi and Konstantin Beznosov. “Privacy Aspects of Health Related Information Sharing in Online Social Networks,” USENIX Workshop on Health Information Technologies (HealthTech '13), August 2013, Washington, USA.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
43. Know Your Enemy: The Risk of Unauthorized Access in Smartphones by Insiders / Ildar Muslukhov ; Yazan Boshmaf ; Cynthia Kuo ; Jonathan Lester ; et al [LERSSE-RefConfPaper-2013-002]
Smartphones store large amounts of sensitive data, such as SMS messages, photos, or email. [...]
Published in Ildar Muslukhov, Yazan Boshmaf, Cynthia Kuo, Jonathan Lester and Konstantin Beznosov, Know Your Enemy: The Risk of Unauthorized Access in Smartphones by Insiders. In Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services companion:
Fulltext: paper.rev2 - Download fulltextPDF; paper - Download fulltextPDF Download fulltextPDF (PDFA); ASONAM_2013 - Download fulltextPDF Download fulltextPDF (PDFA);
44. Graph-based Sybil Detection in Social and Information Systems / Yazan Boshmaf ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-RefConfPaper-2013-001]
Sybil attacks in social and information systems have serious security implications. [...]
Published in Yazan Boshmaf, Konstantin Beznosov, Matei Ripeanu. Graph-based Sybil Detection in Social and Information Systems. In the Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM'13), Niagara Falls, Canada, August 25-28, 2013.:
Fulltext: Download fulltextPDF;
45. Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection / Serge Egelman ; Andreas Sotirakopoulos ; Ildar Muslukhov ; Konstantin Beznosov ; et al [LERSSE-RefConfPaper-2013-001]
Password meters tell users whether their passwords are "weak" or "strong." We performed a laboratory experiment to examine whether these meters influenced users' password selections when they were forced to change their real passwords, and when they were not told that their passwords were the subject of a study. [...]
Published in Serge Egelman, Andreas Sotirakopoulos, Ildar Muslukhov, Konstantin Beznosov, and Cormac Herley. Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection. In Proceedings of Computer-Human Interaction conference, April 2013.:
Transfer from CDS 0.99.7: Download fulltextPDF;
46. The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems / San-Tsai Sun ; Konstantin Beznosov [LERSSE-RefConfPaper-2012-003]
Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. [...]
Published in San-Tsai Sun and Konstantin Beznosov. The devil is in the (implementation) details: An empirical analysis of OAuth SSO systems. In Proceedings of ACM Conference on Computer and Communications Security (CCS'12), October 2012.:
Transfer from CDS 0.99.7: Download fulltextPDF;
47. Key Challenges in Defending Against Malicious Socialbots / Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-RefConfPaper-2012-002]
The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. Key challenges in defending against malicious socialbots. In Proceedings of the 5th USENIX workshop on Large-scale exploits and emergent threats, LEET'12, Berkeley, CA, USA. USENIX Association.:
Transfer from CDS 0.99.7: Download fulltextPDF;
48. Understanding Users’ Requirements for Data Protection in Smartphones / Ildar Muslukhov ; Yazan Boshmaf ; Cynthia Kuo ; Jonathan Lester ; et al [LERSSE-RefConfPaper-2012-001]
Securing smartphones’ data is a new and growing concern, especially when this data represents valuable or sensitive information. [...]
Published in Ildar Muslukhov, Yazan Boshmaf, Cynthia Kuo, Jonathan Lester, and Konstantin Beznosov. Understanding users' requirements for data protection in smartphones. In Workshop on Secure Data Management on Smartphones and Mobiles, 2012.:
Transfer from CDS 0.99.7: Download fulltextPDF;
49. The Socialbot Network: When Bots Socialize for Fame and Money / Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu [258] [LERSSE-RefConfPaper-2011-008]
Online Social Networks (OSNs) have become an integral part of today's Web. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu. The socialbot network: when bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11), December 2011. For the technical report, please refer to http://lersse-dl.ece.ubc.ca/record/272:
Transfer from CDS 0.99.7: Download fulltextPDF;
50. A Brick Wall, a Locked Door, and a Bandit: A Physical Security Metaphor For Firewall Warnings / Fahimeh Raja ; Kirstie Hawkey ; Steven Hsu ; Kai-Le Clement Wang ; et al [LERSSE-RefConfPaper-2011-007]
We used an iterative process to design firewall warnings in which the functionality of a personal firewall is visualized based on a physical security metaphor. [...]
Published in Fahimeh Raja, Kirstie Hawkey, Steven Hsu, Kai-Le Clement Wang, and Konstantin Beznosov. A Brick Wall, a Locked Door, and a Bandit: A Physical Security Metaphor For Firewall Warnings. In SOUPS '11: Proceedings of the 7th symposium on Usable privacy and security, 20 pages.:
Transfer from CDS 0.99.7: Download fulltextPDF;
51. Heuristics for Evaluating IT Security Management Tools / Pooya Jaferian ; Kirstie Hawkey ; Andreas Sotirakopoulos ; Maria Velez-Rojas ; et al [LERSSE-RefConfPaper-2011-006]
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. [...]
Published in Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, Maria Velez-Rojas, Konstantin Beznosov, Heuristics for Evaluating IT Security Management Tools, in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), Carnegie Mellon University, Pittsburgh, PA, USA, July 20-22, 2011. :
Transfer from CDS 0.99.7: Download fulltextPDF;
52. On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings / Andreas Sotirakopoulos ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2011-005]
We replicated and extended a 2008 study conducted at CMU that investigated the e effectiveness of SSL warnings. [...]
Published in Andreas Sotirakopoulos, Kirstie Hawkey, and Konstantin Beznosov. On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings. In Proceedings of Symposium on Usable Privacy and Security, July 2011:
Transfer from CDS 0.99.7: Download fulltextPDF;
53. What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID / San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al [LERSSE-RefConfPaper-2011-004]
OpenID is an open and promising Web single sign-on (SSO) solution. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. What makes users refuse web single sign-on? an empirical investigation of OpenID. In Proceedings of Symposium on Usable Privacy and Security, July 2011.:
Transfer from CDS 0.99.7: Download fulltextPDF;
54. The Socialbot Network: When Bots Socialize for Fame and Money / Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu [258] [LERSSE-RefConfPaper-2011-008]
Online Social Networks (OSNs) have become an integral part of today's Web. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu. The socialbot network: when bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11), December 2011:
Transfer from CDS 0.99.7: Download fulltextPDF;
55. Improving Malicious URL Re-Evaluation Scheduling Through an Empirical Study of Malware Download Centers / Kyle Zeeuwen ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-RefConfPaper-2011-003]
The retrieval and analysis of malicious content is an essential task for security researchers. [...]
Published in K. Zeeuwen, M. Ripeanu, K. Beznosov, “Improving Malicious URL Re-Evaluation Scheduling Through an Empirical Study of Malware Download Centers”. WebQuality Workshop 2011, March 28, 2011.:
Transfer from CDS 0.99.7: Download fulltextPDF;
56. Heuristics for Evaluating IT Security Management Tools / Pooya Jaferian ; Kirstie Hawkey ; Andreas Sotirakopoulos ; Konstantin Beznosov [LERSSE-RefConfPaper-2011-002]
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive [...]
Published in Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, and Konstantin Beznosov, Heuristics for Evaluating IT Security Management Tools, In Proceedings of the 29th international conference extended abstracts on Human factors in computing systems (CHI '11), Vancouver, Canada, 2011. :
Transfer from CDS 0.99.7: Download fulltextPDF;
57. OpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On / San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al [LERSSE-RefConfPaper-2011-001]
OpenID is an open and promising Web single sign-on solution; however, the interaction flows provided by OpenID are inconsistent and counter-intuitive, and vulnerable to phishing attacks. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, Konstantin Beznosov. OpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On. In Proceedings of the 29th International Conference Extended abstracts on Human Factors in Computing Systems (CHI '11), Vancouver, Canada, 2011.:
Transfer from CDS 0.99.7: Download fulltextPDF;
58. It's Too Complicated, So I Turned It Off! Expectations, Perceptions, and Misconceptions of Personal Firewalls / Fahimeh Raja ; Kirstie Hawkey ; Pooya Jaferian ; Konstantin Beznosov ; et al [LERSSE-RefConfPaper-2010-008]
Even though personal firewalls are an important aspect of security for the users of personal computers, little attention has been given to their usability. [...]
Published in Fahimeh Raja, Kirstie Hawkey, Pooya Jaferian, Konstantin Beznosov, and Kellogg S. Booth. It's Too Complicated, So I Turned It Off! Expectations, Perceptions, and Misconceptions of Personal Firewalls. In Proceedings of the Third ACM Workshop on Assurable & Usable Security Configuration (SafeConfig), October 4, 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
59. OpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On Triangle / San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2010-007]
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. OpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On Triangle. In Proceedings of the Sixth ACM Workshop on Digital Identity Management (DIM), October 8 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
60. A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On / San-Tsai Sun ; Yazan Boshmaf ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2010-006]
OpenID and InfoCard are two mainstream Web single sign-on (SSO) solutions intended for Internet-scale adoption. [...]
Published in San-Tsai Sun, Yazan Boshmaf, Kirstie Hawkey, and Konstantin Beznosov. A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On. In Proceedings of the New Security Paradigms Workshop (NSPW), September 20-22, 2010. :
Transfer from CDS 0.99.7: Download fulltextPDF;
61. Challenges in evaluating complex IT security management systems / Pooya Jaferian ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2010-005]
Performing ecologically valid user studies for IT security management (ITSM) systems is challenging. [...]
Published in P. Jaferian, K. Hawkey, and K. Beznosov. Challenges in evaluating complex IT security management systems. In SOUPS Usable Security Experiment Reports (USER) Workshop, 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
62. The Challenges of Understanding Users’ Security-related Knowledge, Behaviour, and Motivations / Sara Motiee ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2010-004]
In order to improve current security solutions or devise novel ones, it is important to understand users' knowledge, behaviour, motivations and challenges in using a security solution. [...]
Published in S. Motiee, K. Hawkey, and K. Beznosov. The Challenges of Understanding Users’ Security-related Knowledge, Behaviour, and Motivations. In SOUPS Usable Security Experiment Reports (USER) Workshop, 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
63. "I did it because I trusted you": Challenges with the Study Environment Biasing Participant Behaviours / Andreas Sotirakopoulos ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2010-003]
We recently replicated and extended a 2009 study that investigated the effectiveness of SSL warnings. [...]
Published in A. Sotirakopoulos, K. Hawkey, and K. Beznosov. "I did it because I trusted you": Challenges with the study environment biasing participant behaviours. In SOUPS Usable Security Experiment Reports (USER) Workshop, 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
64. Do Windows Users Follow the Principle of Least Privilege? Investigating User Account Control Practices / Sara Motiee ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2010-002]
The principle of least privilege requires that users and their programs be granted the most restrictive set of privileges possible to perform required tasks in order to limit the damages caused by security incidents. [...]
Published in Motiee, S., Hawkey, K., and Beznosov, K. 2010. Do windows users follow the principle of least privilege?: investigating user account control practices. In Proceedings of the Sixth Symposium on Usable Privacy and Security (Redmond, Washington, July 14 - 16, 2010). SOUPS '10, vol. 485. ACM, New York, NY, 1-13.:
Transfer from CDS 0.99.7: Download fulltextPDF;
65. A Case Study of Enterprise Identity Management System Adoption in an Insurance Organization / Pooya Jaferian ; David Botta ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-039]
This case study describes the adoption of an enterprise identity management(IdM) system in an insurance organization [...]
Published in Jaferian, P., Botta, D., Hawkey, K., and Beznosov, K. 2009. A Case Study of Enterprise Identity Management System Adoption in an Insurance Organization. In Proceedings of the 3rd ACM Symposium on Computer Human interaction For Management of information Technology (Baltimore, Maryland, November 7 - 8, 2009). CHiMiT '09. ACM, New York, NY.:
Transfer from CDS 0.99.7: Download fulltextPDF;
66. Secure Web 2.0 Content Sharing Beyond Walled Gardens / San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-038]
Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Secure Web 2.0 content sharing beyond walled gardens. In Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC), pages 409-418, December 2009:
Transfer from CDS 0.99.7: Download fulltextPDF;
67. Towards Understanding Diagnostic Work During the Detection and Investigation of Security Incidents / Rodrigo Werlinger ; Kasia Muldner ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-037]
This study investigates how security practitioners perform diagnostic work during the identification of security incidents. [...]
Published in Werlinger, R., Muldner, K., Hawkey, K., and Beznosov, K. (2009). Towards Understanding Diagnostic Work during the Detection and Investigation of Security Incidents. Proc. of Int. Symposium on Human Aspects of Information Security & Assurance (HAISA 2009), Athens, Greece, June 25-26, 2009, 119-132.:
Transfer from CDS 0.99.7: Download fulltextPDF;
68. Towards Enabling Web 2.0 Content Sharing Beyond Walled Gardens / San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-036]
Web 2.0 users have many choices of content-hosting or application-service providers (CSPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Towards enabling Web 2.0 content sharing beyond walled gardens. In Proceedings of the Workshop on Security and Privacy in Online Social Networking, pages 979-984, August 29th 2009.:
Transfer from CDS 0.99.7: Download fulltextPDF;
69. Open Problems in Web 2.0 User Content Sharing / San-Tsai Sun ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-035]
Users need useful mechanisms for sharing their Web 2.0 content with each other in a controlled manner across boundaries of content-hosting and service providers (CSPs). [...]
Published in San-Tsai Sun and Konstantin Beznosov. Open problems in Web 2.0 user content sharing. In Proceedings of the iNetSec Workshop, pages 37-51, Zurich, Switzerland, April 23th 2009.:
Transfer from CDS 0.99.7: Download fulltextPDF;
70. Revealing Hidden Context: Improving Mental Models of Personal Firewall Users / Fahimeh Raja ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-034]
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details [...]
Published in Fahimeh Raja, Kirstie Hawkey, and Konstantin Beznosov. Revealing hidden context: Improving mental models of personal firewall users. In SOUPS '09: Proceedings of the 5th symposium on Usable privacy and security, New York, NY, USA, 2009. ACM, pp 1-12. :
Transfer from CDS 0.99.7: Download fulltextPDF;
71. Application-Based TCP Hijacking / Oliver Zheng ; Jason Poon ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-033]
We present application-based TCP hijacking (ABTH), a new attack on TCP applications that exploits flaws due to the interplay between TCP and application protocols to inject data into an application session without either server or client applications noticing the spoofing attack. [...]
Published in Oliver Zheng, Jason Poon, Konstantin Beznosov, "Application-Based TCP Hijacking," in Proceedings of the 2009 European Workshop on System Security, Nuremberg, Germany, ACM, 31 March 2009, pp. 9-15.:
Transfer from CDS 0.99.7: Download fulltextPDF;
72. Mobile Applications for Public Sector: Balancing Usability and Security / Yurij Natchetoi ; Konstantin Beznosov ; Viktor Kaufman [LERSSE-RefConfPaper-2009-032]
Development of mobile software applications for use in specific domains such as Public Security must conform to stringent security requirements [...]
Published in Yurij Natchetoi, Konstantin Beznosov, Viktor Kaufman, “Mobile Applications for Public Sector: Balancing Usability and Security” in the Collaboration and the Knowledge Economy: Issues, Applications, Case Studies, Paul Cunningham and Miriam Cunningham (Eds), IOS Press, 2008 Amsterdam, ISBN 978–1–58603–924-0, Stockholm, Sweden, 22 - 24 October 2008, article #117, 6 pages.:
Transfer from CDS 0.99.7: Download fulltextPDF;
73. Authorization Using the Publish-Subscribe Model / Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-RefConfPaper-2008-031]
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov. Authorization using the publishsubscribe model. In Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA), pages 53-62, Sydney, Australia, December 10-12 2008. IEEE Computer Society.:
Transfer from CDS 0.99.7: Download fulltextPDF;
74. Guidelines for Designing IT Security Management Tools / Pooya Jaferian ; David Botta ; Fahimeh Raja ; Kirstie Hawkey ; et al [LERSSE-RefConfPaper-2008-030]
An important factor that impacts the effectiveness of security systems within an organization is the usability of security management tools. [...]
Published in Pooya Jaferian, David Botta, Fahimeh Raja, Kirstie Hawkey, Konstantin Beznosov, "Guidelines for Designing IT Security Management Tools," In CHIMIT '08: Proceedings of the 2008 symposium on Computer Human Interaction for the Management of Information Technology, San Diego, CA, USA, 7:1-7:10, ACM.:
Transfer from CDS 0.99.7: Download fulltextPDF;
75. The Challenges of Using an Intrusion Detection System: Is It Worth the Effort? / Rodrigo Werlinger ; Kirstie Hawkey ; Kasia Muldner ; Pooya Jaferian ; et al [LERSSE-RefConfPaper-2008-029]
An intrusion detection system (IDS) can be a key component of security incident response within organizations. [...]
Published in R. Werlinger, K. Hawkey, K. Muldner, P. Jaferian, and K. Beznosov. The challenges of using an intrusion detection system: Is it worth the effort? In Proc. of ACM Symposium on Usable Privacy and Security (SOUPS) , pp 107 - 116 , 2008:
Transfer from CDS 0.99.7: Download fulltextPDF;
76. Human, Organizational and Technological Challenges of Implementing IT Security in Organizations / Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2008-028]
Our qualitative research provides a comprehensive list of challenges to the practice of IT security within organizations, including the interplay between human, organizational, and technical factors. [...]
Published in R. Werlinger, K. Hawkey, and K. Beznosov. Human, Organizational and Technological Challenges of Implementing IT Security in Organizations. In Proc of. HAISA '08: Human Aspects of Information Security and Assurance, 10 pages), July 2008, pp 35-48.:
Transfer from CDS 0.99.7: Download fulltextPDF;
77. Identifying Differences Between Security and Other IT Professionals: a Qualitative Analysis. / Andre Gagne ; Kasia Muldner ; Konstantin Beznosov [LERSSE-RefConfPaper-2008-027]
We report factors differentiating security and other IT responsibilities. [...]
Published in Andre Gagne, Kasia Muldner, and Konstantin Beznosov. Identifying Differences between Security and other IT Professionals: a Qualitative Analysis. In proceedings of Human Aspects of Information Security and Assurance (HAISA), Plymouth, England, July 2008, pp 69-80.:
Transfer from CDS 0.99.7: Download fulltextPDF;
78. Authorization Recycling in RBAC Systems / Qiang Wei ; Jason Crampton ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-RefConfPaper-2008-026]
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. [...]
Published in Qiang Wei, Jason Crampton, Konstantin Beznosov, and Matei Ripeanu. Authorization recycling in RBAC systems. In SACMAT '08: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, Estes Park, Colorado, USA, June 11-13 2008, pp. 63-72. :
Transfer from CDS 0.99.7: Download fulltextPDF;
79. Security Practitioners in Context: Their Activities and Interactions / Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2008-025]
This study develops the context of interactions of IT security practitioners [...]
Published in Rodrigo Werlinger, Kirstie Hawkey, and Konstantin Beznosov. Security practitioners in context: their activities and interactions. In CHI ’08 extended abstracts on Human factors in computing systems, pages 3789–3794, Florence, Italy, 2008. :
Transfer from CDS 0.99.7: Download fulltextPDF;
80. Towards Understanding IT Security Professionals and Their Tools / David Botta ; Rodrigo Werlinger ; André Gagné ; Konstantin Beznosov ; et al [LERSSE-RefConfPaper-2007-023]
We report preliminary results of our ongoing field study of IT professionals who are involved in security management. [...]
Published in David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Lee Iverson, Sidney Fels, Brian Fisher, "Towards Understanding IT Security Professionals and Their Tools" in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), Carnegie Mellon University, Pittsburgh, PA, USA, July 18-20, 2007, pp.100-111.:
Transfer from CDS 0.99.7: Download fulltextPDF;
81. Cooperative Secondary Authorization Recycling / Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-RefConfPaper-2007-022]
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are facing challenges in terms of fragility and poor scalability. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," in Proceedings of the 16th Symposium on High Performance Distributed Computing (HPDC'07), June 25–29, 2007, Monterey, California, USA. pp.65-74:
Transfer from CDS 0.99.7: Download fulltextPDF;
82. On the Imbalance of the Security Problem Space and its Expected Consequences / Konstantin Beznosov ; Olga Beznosova [LERSSE-RefConfPaper-2007-021]
This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon [...]
Published in Konstantin Beznosov, Olga Beznosova "On the Imbalance of the Security Problem Space and its Expected Consequences," To appear in Symposium on Human Aspects of Information Security & Assurance (HAISA), Plymouth, UK, 10 July, 2007, pp.10. :
Transfer from CDS 0.99.7: Download fulltextPDF;
83. Studying IT Security Professionals: Research Design and Lessons Learned / David Botta ; Rodrigo Werlinger ; André Gagné ; Konstantin Beznosov ; et al [LERSSE-RefConfPaper-2007-020]
The HOT Admin Field Study used qualitative methods to study information technology security administrators. [...]
Published in David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Lee Iverson, Sidney Fels, and Brian Fisher, "Studying IT Security Professionals: Research Design and Lessons Learned" position paper at the CHI Workshop on Security User studies: Methodologies and Best Practices, San Francisco, CA, 28 April 2007, 4 pages.:
Transfer from CDS 0.99.7: Download fulltextPDF;
84. A Security Analysis of the Precise Time Protocol (Short Paper) / Jeanette Tsang ; Konstantin Beznosov [LERSSE-RefConfPaper-2006-019]
This paper reports on a security analysis of the IEEE 1588 standard, a.k.a [...]
Published in Jeanette Tsang, Konstantin Beznosov "A Security Analysis of the Precise Time Protocol (Short Paper)," In Proceedings of Eighth International Conference on Information and Communications Security (ICICS), Raleigh, North Carolina, USA, Springer-Verlag Berlin Heidelberg, LNCS 4307, 4-7 December, 2006, pp.50-59. :
Transfer from CDS 0.99.7: Download fulltextPDF;
85. The Secondary and Approximate Authorization Model and its Application to Bell-LaPadula Policies / Jason Crampton ; Wing Leung ; Konstantin Beznosov [LERSSE-RefConfPaper-2006-017]
We introduce the concept, model, and policy-specific algorithms for inferring new access control decisions from previous ones. [...]
Published in Jason Crampton, Wing Leung, Konstantin Beznosov "The Secondary and Approximate Authorization Model and its Application to Bell-LaPadula Policies," In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), Lake Tahoe, California, USA, ACM, 7-9 June, 2006, pp.111-120.:
Transfer from CDS 0.99.7: Download fulltextPDF;
86. Extending XP Practices to Support Security Requirements Engineering / Gustav Boström ; Jaana Wäyrynen ; Marine Bodén, ; Konstantin Beznosov ; et al [LERSSE-RefConfPaper-2006-016]
This paper proposes a way of extending eXtreme Programming (XP) practices, in particular the original planning game and the coding guidelines, to aid the developers and the customer to engineer security requirements while maintaining the iterative and rapid feedback-driven nature of XP. [...]
Published in Gustav Boström, Jaana Wäyrynen, Marine Bodén, Konstantin Beznosov, Philippe Kruchten, "Extending XP Practices to Support Security Requirements Engineering," Proceedings of Workshop on Software Engineering for Secure Systems (SESS), Shanghai, China, ACM, 20–21 May, 2006, pp.11-17.:
Transfer from CDS 0.99.7: Download fulltextPDF;
87. Towards Agile Security Assurance / Konstantin Beznosov ; Philippe Kruchten [LERSSE-RefConfPaper-2005-015]
Agile development methods are promising to become the next generation replacing water-fall development. [...]
Published in Proceedings of the workshop on New security paradigms, Nova Scotia, Canada: (2004) pp. 47-54
Transfer from CDS 0.99.7: Download fulltextPDF;
88. Supporting Relationships in Access Control Using Role Based Access Control / John Barkley ; Konstantin Beznosov ; Jinny Uppal ; John Barkley ; et al [LERSSE-RefConfPaper-2005-014]
The Role Based Access Control (RBAC) model and mechanism have proven to be useful and effective. [...]
Published in Proceedings of the Fourth ACM Workshop on Role-Based Access Control, Fairfax, Virginia, USA: (October, 1999) pp. 55-65
Transfer from CDS 0.99.7: Download fulltextPDF;
89. SPAPI: A Security and Protection Architecture for Physical Infrastructures and Its Deployment Strategy Using Sensor Networks / Hafiz Rahman ; Konstantin Beznosov [LERSSE-RefConfPaper-2005-013]
In recent years, concerns about the safety and security of critical infrastructures have increased enormously. [...]
Published in Proceedings of 10th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA 2005), Catania, Italy: (19-22 September, 2005) pp. 885-892
Transfer from CDS 0.99.7: Download fulltextPDF;
90. Performance Considerations for a CORBA-based Application Authorization Service / Konstantin Beznosov ; Luis Espinal ; Yi Deng [LERSSE-RefConfPaper-2005-012]
Resource Access Decision (RAD) Service allows separation of authorization from application functionality in distributed application systems by providing a logically centralized authorization control mechanism. [...]
Published in Proceedings of IASTED International Conference Software Engineering and Applications, Las Vegas, Nevada: (November, 2000)
Transfer from CDS 0.99.7: Download fulltextPDF;
91. Object Security Attributes: Enabling Application-specific Access Control in Middleware / Konstantin Beznosov [LERSSE-RefConfPaper-2005-011]
This paper makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. [...]
Published in Proceedings of 4th International Symposium on Distributed Objects and Applications (DOA), Irvine, California: (October 28 - November 1, 2002) pp. 693-710
Transfer from CDS 0.99.7: Download fulltextPDF;
92. Implementing Multiple Channels over SSL / Yong Song ; Victor C.M. Leung ; Konstantin Beznosov [LERSSE-RefConfPaper-2005-010]
Multiple-Channel SSL (MC-SSL) is our model and protocol for the security of client-server communication. [...]
Published in Yong Song, Victor C.M. Leung, and Konstantin Beznosov. Implementing multiple channels over SSL. In Proceedings of the 1st International Conference on E-business and Telecom-munication Networks, pages 246–253, Setubal, Portugal, 25-28 August 2004.:
Transfer from CDS 0.99.7: Download fulltextPDF;
93. Here’s Your Lego™ Security Kit: How to Give Developers All Protection Mechanisms They Will Ever Need / Konstantin Beznosov [LERSSE-RefConfPaper-2005-009]
By presenting a protection architecture for ASP.NET Web services, this paper demonstrates the feasibility of creating middleware mechanisms in the form of composable, flexible, and extensible building blocks. [...]
Published in Konstantin Beznosov, “Here’s Your Lego! Security Kit: How to Give Developers All Protection Mechanisms They Will Ever Need,” in Proceedings of Software Engineering and Middleware (SEM) Workshop, pp. 3-18, Linz, Austria, 20-21 September 2004.:
Transfer from CDS 0.99.7: Download fulltextPDF;
94. eXtreme Security Engineering: On Employing XP Practices to Achieve “Good Enough Security” without Defining It / Konstantin Beznosov [LERSSE-RefConfPaper-2005-008]
This paper examines practices of eXtreme Programming (XP) on the subject of their application to the development of security solutions. [...]
Published in Konstantin Beznosov. Extreme security engineering: On employing xp practices to achieve "good enough security" without defining it. In First ACM Workshop on Business Driven Security Engineering (BizSec), Faiffax, VA, USA, 2003. :
Transfer from CDS 0.99.7: Download fulltextPDF;
95. Supporting End-to-end security Across Proxies with Multiple-channel SSL / Yong Song ; Victor C.M. Leung ; Konstantin Beznosov [LERSSE-RefConfPaper-2005-005]
Secure Socket Layer (SSL) has functional limitations that prevent end-to-end security in the presence of untrusted intermediary application proxies used by clients to communicate with servers [...]
Published in Yong Song, Victor C.M. Leung, and Konstantin Beznosov. Supporting end-to-end security across proxies with multiple-channel SSL. In Proceedings of the 19th IFIP International Information Security Conference, pages 246–253, Toulouse, France, 23-26 August 2004.:
Transfer from CDS 0.99.7: Download fulltextPDF;
96. Architecting a Computerized Patient Record with Distributed Objects / Kent Wreder ; Konstantin Beznosov ; A. Bramblett ; Eric Butler ; et al [LERSSE-RefConfPaper-2005-004]
Published in Kent Wreder, Konstantin Beznosov, A. Bramblett, Eric Butler, A. D-Empaire, E. Hernandez, Eric Navarro, A. Romano, M. Tortolini-Taylor, E. Urzais, R. Ventura, "Architecting a Computerized Patient Record with Distributed Objects," in Proceedings of Healthcare Information and Management Systems Society Conference, Orange County Convention Center, Orlando, FL, USA, HIMSS, February, 1998, pp.149-158.:
Transfer from CDS 0.99.7: Download fulltextPDF;
97. Applying Aspect-Orientation in Designing Security Systems: A Case Study / Shu Gao ; Yi Deng ; Huiqun Yu ; Xudong He ; et al [LERSSE-RefConfPaper-2005-003]
As a security policy model evolves, the design of security systems using that model could become increasingly complicated [...]
Published in Shu Gao, Yi Deng, Huiqun Yu, Xudong He, Konstantin Beznosov, Kendra Cooper, "Applying Aspect-Orientation in Designing Security Systems: A Case Study," in Proceedings of The Sixteenth International Conference on Software Engineering and Knowledge Engineering (SEKE 04), Banff, Alberta, Canada, June 20-24, 2004, pp.360-365.:
Transfer from CDS 0.99.7: Download fulltextPDF;
98. A Resource Access Decision Service for CORBA-based Distributed Systems / Konstantin Beznosov ; Yi Deng ; Bob Blakley ; Carol Burt ; et al [LERSSE-RefJnlPaper-2005-001]
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those polices and factors are [...]
Published in Konstantin Beznosov, Yi Deng, Bob Blakley, Carol Burt, John Barkley, "A Resource Access Decision Service for CORBA-based Distributed Systems," in Proceedings of the Annual Computer Security Applications Conference (ACSAC), Phoenix, Arizona, U.S.A., 6-10 December, 1999, pp.310-319.:
Transfer from CDS 0.99.7: Download fulltextPDF;
99. A Framework for Implementing Role-based Access Control Using CORBA Security Service / Konstantin Beznosov ; Yi Deng [LERSSE-RefConfPaper-2005-002]
The paper shows how role-based access control (RBAC) models could be implemented using CORBA Security service [...]
Published in Konstantin Beznosov, Yi Deng, "A Framework for Implementing Role-based Access Control Using CORBA Security Service," in Proceedings of the Fourth ACM Workshop on Role-Based Access Control, Fairfax, Virginia, USA, ACM, October, 1999, pp.19-30.:
Transfer from CDS 0.99.7: Download fulltextPDF;
100. Experience Report: Design and Implementation of a Component-Based Protection Architecture for ASP.NET Web Services / Konstantin Beznosov [TEST-RefConfPaper-2005-001]
This report reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services [...]
Published in Konstantin Beznosov, "Experience Report: Design and Implementation of a Component-Based Protection Architecture for ASP.NET Web Services," in Proceedings of the Eighth International SIGSOFT Symposium on Component-based Software Engineering (CBSE), St. Louis, Missouri, USA, SIGSOFT, 15-21 May, 2005, pp.337-352.:
Transfer from CDS 0.99.7: Download fulltextPDF;
101. On the Benefits of Decomposing Policy Engines into Components / Konstantin Beznosov [TEST-ARTICLE-2005-004]
In order for middleware systems to be adaptive, their properties and services need to support a wide variety of application-specific policies. [...]
Published in Konstantin Beznosov. Flooding and recycling authorizations. In Proceedings of the New Security Paradigms Workshop (NSPW’05), pages 67–72, Lake Arrowhead, CA, USA, 20-23 September 2005. ACM Press. :
Transfer from CDS 0.99.7: Download fulltextPDF;
102. Flooding and Recycling Authorizations / Konstantin Beznosov [TEST-ARTICLE-2005-003]
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers through remote procedure calls. [...]
Published in Konstantin Beznosov, "Flooding and Recycling Authorizations", in Proceedings of New Security Paradigms Workshop (NSPW), Lake Arrowhead, CA, USA, ACM, 20-23 September, 2005, pp.67-72.:
Transfer from CDS 0.99.7: Download fulltextPDF;

Books 3 records found  
1. Mastering Web Services Security / Bret Hartman ; Donald J. Flinn ; Konstantin Beznosov ; Shirley Kawamoto [LERSSE-BOOK-2005-003]
We present material on how to use the architectures and technologies and how to understand the specifications that are available to build a secure Web Services system. [...]
Published in Bret Hartman, Donald J. Flinn, Konstantin Beznosov, Shirley Kawamoto, "Mastering Web Services Security," New York, New York, USA, John Wiley Sons, Inc., ISBN 0-471-26716-3, January, 2003, pp.464. :
Transfer from CDS 0.99.7: Download fulltextPDF;
2. Enterprise Security with EJB™ and CORBA® / Bret Hartman ; Donald J. Flinn ; Konstantin Beznosov [LERSSE-BOOK-2005-002]
This book shows you how to apply enterprise security integration (ESI) to secure your enterprise from end-to-end, using theory, examples, and practical advice. [...]
Published in Bret Hartman, Donald J. Flinn, Konstantin Beznosov, "Enterprise Security with EJB? and CORBA?," New York, New York, USA, John Wiley and Sons, Inc., ISBN 0-471-40131-5, April, 2001, pp.400. :
Transfer from CDS 0.99.7: Download fulltextPDF;
3. Engineering Application-level Access Control in Distributed Systems / Konstantin Beznosov ; Yi Deng [LERSSE-BOOK-2005-001]
This chapter discusses issues of engineering access control solutions in distributed applications for enterprise computing environments. [...]
Published in Konstantin Beznosov, Yi Deng, "Engineering Application-level Access Control in Distributed Systems," in Handbook of Software Engineering And Knowledge Engineering, World Scientific Publishing, vol. 1, ISBN 981-02-4973-X, January, 2002, pp.20. :
Transfer from CDS 0.99.7: Download fulltextPDF;

Theses 1 records found  
1. Engineering Access Control For Distributed Enterprise Systems / Konstantin Beznosov [LERSSE-THESIS-2015-001]
Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. [...]
Published in Florida International University, 2000:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);

Unrefereed Conference Papers 6 records found  
1. Strategies for Monitoring Fake AV Distribution Networks / Onur Komili ; Kyle Zeeuwen ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-UnrefConfPaper-2011-001]
We perform a study of Fake AV networks advertised via search engine optimization. [...]
Published in Onur Komili, Kyle Zeeuwen, Matei Ripeanu, and Konstantin Beznosov. Strategies for Monitoring Fake AV Distribution Networks. In Proceedings of the 21st Virus Bulletin Conference, October 5-7, 2011.:
Transfer from CDS 0.99.7: Download fulltextPDF;
2. Usability Meets Access Control: Challenges and Research Opportunities / Konstantin Beznosov ; Philip Inglesant ; Jorge Lobo ; Rob Reeder ; et al [LERSSE-UnrefConfPaper-2009-005]
This panel discusses specific challenges in the usability of access control technologies and new opportunities for research [...]
Published in Konstantin Beznosov, Philip Inglesant, Jorge Lobo, Rob Reeder, and Mary Ellen Zurko, "Usability Meets Access Control: Challenges and Research Opportunities," in Proceedings of the ACM Symposium on Access Control Models and Aechnologies (SACMAT), Stresa, Italy, ACM, 3-5 June, 2009 :
Transfer from CDS 0.99.7: Download fulltextPDF;
3. Identification of Sources of Failures and Their Propagation in Critical Infrastructures from 12 Years of Public Failure Reports / Hafiz A. Rahman ; Konstantin Beznosov ; Jose R. Martí [LERSSE-UnrefConfPaper-2006-004]
Survival in our society relies on continued services from interdependent critical infrastructures. [...]
Published in Hafiz A. Rahman, Konstantin Beznosov, Jose R. Martí "Identification of Sources of Failures and Their Propagation in Critical Infrastructures from 12 Years of Public Failure Reports," Proceedings of the Third International Conference on Critical Infrastructures, Alexandria, VA, USA, The International Institute for Critical Infrastructures, 24-27 September, 2006, pp.11.:
Transfer from CDS 0.99.7: Download fulltextPDF;
4. Requirements for Access Control: US Healthcare Domain / Konstantin Beznosov [LERSSE-UnrefConfPaper-2005-003]
Roles are important factors in authorization rules. [...]
Published in Konstantin Beznosov, "Requirements for Access Control: US Healthcare Domain," in Proceedings of the Third ACM Workshop on Role-Based Access Control, Fairfax, Virginia, USA, ACM, pp.43: (October, 1998)
Transfer from CDS 0.99.7: Download fulltextPDF;
5. Issues in the Security Architecture of the Computerized Patient Record Enterprise / Konstantin Beznosov [LERSSE-UnrefConfPaper-2005-002]
We discuss issues in CPR enterprise security architecture. [...]
Published in Konstantin Beznosov, "Issues in the Security Architecture of the Computerized Patient Record Enterprise," in Proceedings of the Second Workshop on Distributed Object Computing Security (DOCSec), Baltimore, Maryland, USA, pp.5: (May, 1998)
Transfer from CDS 0.99.7: Download fulltextPDF;
6. Future Direction of Access Control Models, Architectures, and Technologies / Konstantin Beznosov [LERSSE-UnrefConfPaper-2005-001]
The goal of this panel is to explore future directions in the research and practice of Access Control Models, Architectures, and Technologies (ACMAT). [...]
Published in Konstantin Beznosov, "Future Direction of Access Control Models, Architectures, and Technologies," in Proceedings of the Tenth ACM Symposium on Access Control Models and Aechnologies (SACMAT), Stockholm, Sweden, ACM, pp.48-48: (1-3 June, 2005)
Transfer from CDS 0.99.7: Download fulltextPDF;

Technical Reports 30 records found  
1. Forecasting Suspicious Account Activity at Large-Scale Online Service Providers / Hassan Halawa ; Matei Ripeanu ; Konstantin Beznosov ; Baris Coskun ; et al [LERSSE-REPORT-2018-001]
In the face of large-scale automated social engineering attacks to large online services, fast detection and remediation of compromised accounts are crucial to limit the spread of new attacks and to mitigate the overall damage to users, companies, and the public at large. [...]
Published in H. Halawa, M. Ripeanu, K. Beznosov, B. Coskun, and M. Liu "Forecasting Suspicious Account Activity at Large-Scale Online Service Providers", published in arXiv https://arxiv.org/abs/1801.08629v1:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
2. Access Review Survey Report / Pooya Jaferian ; Konstantin Beznosov [LERSSE-REPORT-2014-001]
To further understand the state of the practice in access review, and collect quantitative results on how companies perform access review, we conducted a survey of security practitioners [...]
Published in P. Jaferian and K. Beznosov. Access Review Survey Report. Technical Report LERSSE-TR-2014-001, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, May 2014.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
3. The Socialbot Network: When Bots Socialize for Fame and Money / Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-REPORT-2012-001]
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu. The socialbot network: when bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11), December 2011:
Transfer from CDS 0.99.7: Download fulltextPDF;
4. Speculative Authorization / Pranab Kini ; Konstantin Beznosov [LERSSE-REPORT-2010-002]
As enterprises aim towards achieving zero latency for their systems, latency introduced by authorization process can act as an obstacle towards achieving their goal. [...]
Published in Pranab Kini and Konstantin Beznosov, "Speculative Authorizaion," Tech. Rep. LERSSE-TR-2010-002, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, December 2010: :
Transfer from CDS 0.99.7: Download fulltextPDF;
5. An RT-based Policy Model for Converged Networks / San-Tsai Sun ; Konstantin Beznosov [LERSSE-REPORT-2010-001]
Technologies advanced in communication devices and wireless networks enable telecommunication network operators to provide rich personalized multimedia services. [...]
Published in San-Tsai Sun and Konstantin Beznosov, "An RT-based Policy Model for Converged Networks," Tech. Rep. LERSSE-TR-2010-001, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, January 2010:
Transfer from CDS 0.99.7: Download fulltextPDF;
6. Support for ANSI RBAC in EJB / Wesam Darwish ; Konstantin Beznosov [LERSSE-REPORT-2009-034]
We analyze access control mechanisms of the Enterprise Java Beans (EJB)architecture and define a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB 3.0 standard. [...]
Published in Wesam Darwish and Konstantin Beznosov. Support for ANSI RBAC in EJB. Technical Report LERSSE-TR-2009-34, accessible from http://lersse-dl.ece.ubc.ca, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, January 21 2009:
Transfer from CDS 0.99.7: Download fulltextPDF;
7. SQLPrevent: Effective Dynamic Protection Against SQL Injection Attacks / San-Tsai Sun ; Konstantin Beznosov [LERSSE-REPORT-2009-032]
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs). [...]
Published in San-Tsai Sun and Konstantin Beznosov, "SQLPrevent: Effective Dynamic Protection Against SQL Injection Attacks," Tech. Rep. LERSSE-TR-2009-32, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, March 2009:
Transfer from CDS 0.99.7: Download fulltextPDF;
8. Auxiliary Material for the Study of Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders Within Organizations / Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-REPORT-2009-028]
This technical report contains additional material for the study, which investigated the context of interactions of IT security practitioners..
Published in Rodrigo Werlinger, Kirstie Hawkey, and Konstantin Beznosov, "Auxiliary Material for the Study of Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders Within Organizations," Tech. Rep. LERSSE-TR-2009-01, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, Jan 2009:
Transfer from CDS 0.99.7: Download fulltextPDF;
9. A Two-factor Authentication Mechanism Using Mobile Phones / Nima Kaviani ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-REPORT-2008-027]
Mobile devices are becoming more pervasive and more advanced with respect to their processing power and memory size. [...]
Published in Nima Kaviani and Kirstie Hawkey and Konstantin Beznosov, "A Two-factor Authentication Mechanism Using Mobile Phones," Tech. Rep. LERSSE-TR-2008-03, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, August 2008:
Transfer from CDS 0.99.7: Download fulltextPDF;
10. Cooperative Secondary Authorization Recycling / Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-REPORT-2008-026]
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures---based predominantly on the request-response paradigm---are facing challenges of fragility and poor scalability. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," Tech. Rep. LERSSE-TR-2008-02, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, April 2008.:
Transfer from CDS 0.99.7: Download fulltextPDF;
11. SQLPrevent: Effective Dynamic Detection and Prevention of SQL Injection Attacks Without Access to the Application Source Code / San-Tsai Sun ; Konstantin Beznosov [LERSSE-REPORT-2008-025]
This paper presents an effective approach for detecting and preventing known as well as novel SQL injection attacks. [...]
Published in San-Tsai Sun and Konstantin Beznosov, "SQLPrevent: Effective dynamic detection and prevention of SQL injection attacks without access to the application source code," Tech. Rep. LERSSE-TR-2008-01, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, February 2008.:
Transfer from CDS 0.99.7: Download fulltextPDF;
12. Searching for the Right Fit: A Case Study of IT Security Management Model Tradeoffs / Kirstie Hawkey ; Kasia Muldner ; Konstantin Beznosov [LERSSE-REPORT-2007-024]
The usability of security systems within an organization is impacted not only by tool interfaces but also by the security management model (SMM) of the IT security team. [...]
Published in Kirstie Hawkey, Kasia Muldnery, and Konstantin Beznosov, "Searching for the Right Fit: A Case Study of IT Security Management Model Tradeoffs", Laboratory for Education and Research in Secure Systems Engineering, Vancouver, Canada, University of British Columbia, technical report LERSSE-TR-2007-03, 16 November, 2007, pp.23.:
Transfer from CDS 0.99.7: Download fulltextPDF;
13. Understanding IT Security Administration through a Field Study / David Botta ; Rodrigo Werlinger ; André Gagné ; Konstantin Beznosov ; et al [LERSSE-REPORT-2007-002] [LERSSE-REPORT-2007-020]
The security administration of large organizations is exceptionally challenging due to the increasingly large numbers of application instances, resources, and users; the growing complexity and dynamics of business processes; and the spiralling volume of change that results from the interaction of the first two factors. [...]
Published in David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Lee Iverson, Sidney Fels and Brian Fisher, "Understanding Information Technology Security Administration through a Field Study", Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, 2007:
Transfer from CDS 0.99.7: Download fulltextPDF;
14. Support for ANSI RBAC in CORBA / Konstantin Beznosov ; Wesam Darwish [LERSSE-REPORT-2007-019]
We describe access control mechanisms of the Common Ob ject Request Broker Architecture (CORBA) and define a configuration of the CORBA protection system in more precise and less ambiguous language than the CORBA Security specification (CORBASec). [...]
Published in Konstantin Beznosov, Wesam Darwish "Support for ANSI RBAC in CORBA," Laboratory for Education and Research in Secure Systems Engineering, Vancouver, Canada, University of British Columbia, technical report LERSSE-TR-2007-01, 26 July, 2007, pp.42.:
Transfer from CDS 0.99.7: Download fulltextPDF;
15. A Security Analysis of the Precise Time Protocol / Jeanette Tsang ; Konstantin Beznosov [LERSSE-REPORT-2006-018]
This paper reports on a security analysis of the IEEE 1588 standard, a.k.a. [...]
Published in Jeanette Tsang, Konstantin Beznosov, "A Security Analysis of the Precise Time Protocol" LERSSE Technical Report LERSSE-TR-2006-02, December 04, 2006.:
Transfer from CDS 0.99.7: Download fulltextPDF;
16. Evaluation of SAAM_BLP / Kyle Zeeuwen ; Konstantin Beznosov [LERSSE-REPORT-2006-017]
Request response access control systems that use Policy Decision Points have their reliability and latency bounded by network communication. [...]
Published in Kyle Zeeuwen, Konstantin Beznosov, "Evaluation of SAAM_BLP" LERSSE Technical Report LERSSE-TR-2006-01, July 21, 2006.:
Transfer from CDS 0.99.7: Download fulltextPDF;
17. Assessment of Interdependencies between Communication and Information Technology Infrastructure and other Critical Infrastructures from Public Failure Reports / Hafiz Abdur Rahman ; Konstantin Beznosov [LERSSE-REPORT-2006-015]
Failure in Communication and Information Technology Infrastructure (CITI) can disrupt the effective functionalities of many of the critical infrastructures. [...]
Published in Hafiz Abdur Rahman, Konstantin Beznosov, "Assessment of Interdependencies between Communication and Information Technology Infrastructure and other Critical infrastructures from Public Failure Reports," Laboratory for Education and Research in Secure Systems Engineering, Vancouver, B.C., Canada, University of British Columbia, technical report LERSSE-TR-2005-03, 24 February, 2005, pp.34.:
Transfer from CDS 0.99.7: Download fulltextPDF;
18. Taxonomy of CPR Enterprise Security Concerns at Baptist Health Systems of South Florida / Konstantin Beznosov [LERSSE-REPORT-2005-013]
This document categorizes security concerns of Computerized Patient Record enterprise according to federal and Florida state legal requirements, as well as to the internal security policies of Baptist Health Systems of South Florida..
Published in Konstantin Beznosov, "Taxonomy of CPR Enterprise Security Concerns at Baptist Health Systems of South Florida," Object Technology Group, Miami, FL, USA, Baptist Health Systems of South Florida.: (December, 1997)
Transfer from CDS 0.99.7: Download fulltextPDF;
19. Recycling Authorizations: Toward Secondary and Approximate Authorizations Model (SAAM) / Konstantin Beznosov [LERSSE-REPORT-2005-012]
In large and complex enterprises, obtaining authorizations could be communicationally and/or computationally expensive, and, due to infrastructure failures, some times even impossible. [...]
Published in Konstantin Beznosov, "Recycling Authorizations: Toward Secondary and Approximate Authorizations Model (SAAM)," LERSSE technical report, Department of Electrical and Computer Engineering, University of British Columbia, Vancouver, Canada, LERSSE-TR-2005-01, pp.15: (March, 2005)
Transfer from CDS 0.99.7: Download fulltextPDF;
20. Official Requirements and Recommendations from Various Organizations on Security for Baptist Health Systems of South Florida / Konstantin Beznosov [LERSSE-REPORT-2005-011]
This report describes recommendations and official requirements from various organizations that guide architecture of CPR security at BHSSF..
Published in Konstantin Beznosov, "Official Requirements and Recommendations from Various Organizations on Security for Baptist Health Systems of South Florida," Object Technology Group, Miami, FL, USA, Baptist Health Systems of South Florida (BHSSF): (October, 1997)
Transfer from CDS 0.99.7: Download fulltextPDF;
21. KOZEL: Kernel Organization Zappy Environment for Linux / Konstantin Beznosov ; Sergey Fedorishin [LERSSE-REPORT-2005-010]
This report describes application domain, design and usage of Kernel Organization Zappy Environment for Linux (KOZEL, pronounced “kozz’jol”) developed during a term project for Expert Systems cource CEN5120 tought by Dr. [...]
Published in KOZEL: Kernel Organization Zappy Environment for Linux," term project report for CEN 5120 course Expert Systems, School of Computer Science, Florida International University, Miami, FL, USA: (28 April, 1997)
Transfer from CDS 0.99.7: Download fulltextPDF;
22. Design and Implementation of Resource Access Decision Server / Luis Espinal ; Konstantin Beznosov ; Yi Deng [LERSSE-REPORT-2005-009]
Decoupling authorization decision logic enables implementation of complex and consistent access control policies across heterogeneous systems. [...]
Published in Luis Espinal, Konstantin Beznosov, Yi. Deng, "Design and Implementation of Resource Access Decision Server," Center for Advanced Distributed Systems Engineering (CADSE). Florida International University, technical report #2000-01, pp.18: (21 January, 2000)
Transfer from CDS 0.99.7: Download fulltextPDF;
23. CPR Security CORBA-based Security and Intranet Services / Konstantin Beznosov [LERSSE-REPORT-2005-008]
Intranet information services based on such technologies as WWW will continue to grow. [...]
Published in Konstantin Beznosov, "CPR Security CORBA-based Security and Intranet Services," Object Technology Group, Miami, FL, USA, Baptist Health Systems of South Florida (BHSSF): (September, 1997)
Transfer from CDS 0.99.7: Download fulltextPDF;
24. CORBAmed Security White Paper / Wayne Wilson ; Konstantin Beznosov [LERSSE-REPORT-2005-007]
The issue of security in healthcare has been discussed from a variety of perspectives at many CORBAmed meetings. [...]
Published in Wayne Wilson, Konstantin Beznosov, "CORBAmed Security White Paper," Object Management Group, corbamed/97-11-03: (7 November, 1997)
Transfer from CDS 0.99.7: Download fulltextPDF;
25. Client-Server Semantic Binary Database: Design and Development / Konstantin Beznosov [LERSSE-REPORT-2005-006]
This paper describes design and implementation of client-server architecture for Semantic Binary Database Management System developed at High Performance Database Research Center, Florida International University. [...]
Published in Konstantin Beznosov, "Client-Server Semantic Binary Database: Design and Development," term paper for graduate course COP 6545 \"Advanced Database Systems\", Miami, FL, School of Computer Science, Florida International University, pp.12: (9 December, 1996)
Transfer from CDS 0.99.7: Download fulltextPDF;
26. Architecture of Information Enterprises: Problems and Perspectives / Konstantin Beznosov [LERSSE-REPORT-2005-005]
Current problems, constrains, goals, and approaches in developing architecture of information enterprises are reviewed [...]
Published in Konstantin Beznosov, "Architecture of Information Enterprises: Problems and Perspectives," technical report #2000-06, School of Computer Science, Florida International University, Miami, FL, pp.16: (14 June, 2000)
Transfer from CDS 0.99.7: Download fulltextPDF;
27. Architecture of Information Enterprises: Problems and Perspectives / Konstantin Beznosov [LERSSE-REPORT-2005-004]
Current problems, constrains, goals, and approaches in developing architecture of information enterprises are reviewed [...]
Published in Konstantin Beznosov, "Architecture of Information Enterprises: Problems and Perspectives," term paper for graduate course in Advanced Software Engineering, Miami, FL, School of Computer Science, Florida International University, pp.25: (20 April, 1998)
Transfer from CDS 0.99.7: Download fulltextPDF;
28. Applicability of CORBA Security to the Healthcare Problem Domain / Konstantin Beznosov [LERSSE-REPORT-2005-003]
This paper suggests directions OMG Healthcare Domain Task Force (CORBAmed) could take in proposing OMG standards related to security in the healthcare vertical domain [...]
Published in Konstantin Beznosov, "Applicability of CORBA Security to the Healthcare Problem Domain," Object Management Group, corbamed/97-09-11, September, 1997.:
Transfer from CDS 0.99.7: Download fulltextPDF;
29. Analysis of Scalable Security – MC-SSL Savings / Johnson Lee ; Victor C.M. Leung ; Konstantin Beznosov [LERSSE-REPORT-2005-002]
This paper investigates how MC-SSL can alleviate the CPU requirements of secure web transactions by using multiple channels, each with its own, different, cipher suite, and switching the channel based on the data’s security requirements [...]
Published in Johnson Lee, Victor C.M. Leung, Konstantin Beznosov, "Analysis of Scalable Security . MC-SSL Savings," Laboratory for Education and Research in Secure Systems Engineering (LERSSE), Vancouver, BC, Canada, University of British Columbia, LERSSE-TR-2005-02, 1 October, 2005, pp.13.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
30. CITI Fault Report Classification and Encoding for Vulnerability and Risk Assessment of Interconnected Infrastructures / Hafiz Abdur Rahman ; Konstantin Beznosov [TEST-REPORT-2005-001]
Effective functionalities of many of the critical infrastructures depend on Communication and Information Technology Infrastructure (CITI). [...]
Published in Hafiz Abdur Rahman, Konstantin Beznosov, "CITI Fault Report Classification and Encoding for Vulnerability and Risk Assessment of Interconnected Infrastructures," Laboratory for Education and Research in Secure Systems Engineering, Vancouver, B.C., Canada, University of British Columbia, technical report LERSSE-TR-2005-03, 4 October, 2005, pp.40.:
Transfer from CDS 0.99.7: Download fulltextPDF;

Talks/Presentations 85 records found  
1. Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs / Yazan Boshmaf ; Dionysios Logothetis ; Georgos Siganos ; Jorge Leria ; et al [LERSSE-PRESENTATION-2015-001]
Detecting fake accounts in online social networks (OSNs) protects OSN operators and their users from various malicious activities. [...]
Published in Boshmaf et al. "Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs" In proceedings the 2015 Network and Distributed System Security Symposium (NDSS'15), San Diego, USA.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
2. Thwarting fake accounts by predicting their victims / Yazan Boshmaf ; Dionysios Logothetis ; Georgos Siganos ; Matei Ripeanu ; et al [LERSSE-PRESENTATION-2014-001]
Traditional fake account detection systems employed by today's online social networks rely on either features extracted from user activities, or ranks computed from the underlying social graph. [...]
Published in Boshmaf et al. Thwarting fake accounts by predicting their victims. Invited talk at AAAI 2014 Spring Symposia, Social Hacking and Cognitive Security on the Internet and New Media, Stanford, CA, March, 2014.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
3. Security and Privacy in Online Social Networks / Konstantin Beznosov [LERSSE-PRESENTATION-2013-001]
Facebook has more monthly active users than almost any nation in the world. [...]
Published in Konstantin Beznosov, "Security and Privacy in Online Social Networks," Presentation, 2013, 81p.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
4. Key Challenges in Defending Against Malicious Socialbots / Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-PRESENTATION-2012-001]
The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. [...]
Published in Usenix 5th Workshop on Large-scale Exploits and Emerging Threats (LEET'12), San Jose, CA, USA.:
Transfer from CDS 0.99.7: Download fulltextPDF;
5. Automated Social Engineering Attacks in OSNs / Yazan Boshmaf ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-PRESENTATION-2011-003]
In this presentation, we outline the latest automated social engineering attacks in Online Social Networks (OSNs) such as Facebook [...]
Published in Yazan Boshmaf, Konstantin Beznosov, and Matei Ripeanu. Automated social engineering attacks in OSNs. The Office of the Privacy Commissioner of Canada (Ottawa), May 2010:
Transfer from CDS 0.99.7: Download fulltextPPT;
6. Password Managers, Single Sign-On, Federated ID: Have users signed up? / Konstantin Beznosov [LERSSE-PRESENTATION-2011-002]
Users have not signed up for OpenId. [...]
Published in Konstantin Beznosov, "Password Managers, Single Sign-On, Federated ID: Have users signed up?," panel presentation given at "Workshop on The Future of User Authentication and Authorization on the Web: Challenges in Current Practice, New Threats, and Research Directions," 4 March 2011, 23 pages.:
Transfer from CDS 0.99.7: Download fulltextPDF;
7. Is OpenID too Open? Technical, Business, and Human Issues That Get in the Way of OpenID and Ways of Addressing Them / San-Tsai Sun ; Konstantin Beznosov [LERSSE-PRESENTATION-2011-001]
The web is essential for business and personal activities well beyond information retrieval, such online banking, financial transactions, and payment authorization, but reliable user authentication remains a challenge. [...]
Published in San-Tsai Sun and Konstantin Beznosov, "Is OpenID too Open? Technical, Business, and Human Issues That Get in the Way of OpenID and Ways of Addressing Them," presented at Eurecom, February 24, 2011. 57 pages.:
Transfer from CDS 0.99.7: Download fulltextPDF;
8. OpenID Security Analysis and Evaluation / San-Tsai Sun ; Konstantin Beznosov [LERSSE-PRESENTATION-2010-002]
OpenID is a promising user-centric Web single sign-on protocol. [...]
Published in San-Tsai Sun and Konstantin Beznosov, "OpenID Security Analysis and Evaluation," presented at the OWASP Chapter Meeting, Vancouver, Canada, October 21th 2010:
Transfer from CDS 0.99.7: Download fulltextPDF;
9. Open problems in Web 2.0 user content sharing / San-Tsai Sun ; Konstantin Beznosov [LERSSE-PRESENTATION-2010-001]
Users need useful mechanisms for sharing their Web 2.0 content with each other in a controlled manner across boundaries of content-hosting and service providers (CSPs). [...]
Published in San-Tsai Sun and Konstantin Beznosov, "Open problems in Web 2.0 user content sharing," presented at the iNetSec Workshop, Zurich, Switzerland, April 23th 2009, 44 pages.:
Transfer from CDS 0.99.7: Download fulltextPDF;
10. Security Research Advances in 2009 / Konstantin Beznosov [LERSSE-PRESENTATION-2009-083]
This presentation reviews latest scientific conference reports on the cutting edge research in computer security. [...]
Published in Konstantin Beznosov, "Security Research Advances in 2009," presented at Vancouver International Security Conference, November 30-December 1, 2009, 56 pages.:
Transfer from CDS 0.99.7: Download fulltextPDF;
11. Authorization Using the Publish-Subscribe Model / Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-PRESENTATION-2009-080]
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. [...]
Published in Qei Wei, Konstantin Beznosov, and Matei Ripeanu, “Authorization Using Publish/Subscribe Models,” In Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA'08), 10-12 December, 2008, Sydney, Australia. IEEE Computer Society, pp.53-62.:
Transfer from CDS 0.99.7: Download fulltextPDF;
12. Authorization Recycling in RBAC Systems / Qiang Wei ; Jason Crampton ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-PRESENTATION-2009-079]
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. [...]
Published in Qiang Wei, Jason Crampton, Konstantin Beznosov, and Matei Ripeanu, “Authorization Recycling in RBAC Systems,” in the Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT’08), Estes Park, Colorado, 11-13 June, 2008, pp.63-72.:
Transfer from CDS 0.99.7: Download fulltextPDF;
13. Revealing Hidden Context: Improving Users' Mental Models of Personal Firewalls / Fahimeh Raja ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-PRESENTATION-2009-078]
Windows Vista’s personal firewall provides its diverse users with a basic interface that hides many operational details. [...]
Published in Talk given at Symposium On Usable Privacy and Security (SOUPS), July 2009, at Google in Mountain View, California, US.:
Transfer from CDS 0.99.7: Download fulltextPDF;
14. Revealing Hidden Context: Improving Mental Models of Personal Firewall Users / Fahimeh Raja ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-PRESENTATION-2009-076]
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. [...]
Published in Talk given at NSERC ISSNet Workshop 2009, Carleton University, Ottawa, Canada.:
Transfer from CDS 0.99.7: Download fulltextPDF;
15. Towards Web 2.0 Content Sharing Beyond Walled Gardens / San-Tsai Sun ; Konstantin Beznosov [LERSSE-PRESENTATION-2009-075]
Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). [...]
Published in Talk given at NSERC ISSNet Workshop 2009, Carleton University, Ottawa, Canada:
Transfer from CDS 0.99.7: Download fulltextPPT;
16. Toward Improving Availability and Performance of Enterprise Authorization Services / Konstantin Beznosov [LERSSE-PRESENTATION-2009-001]
In currently deployed large enterprise systems, policy enforcement points (PDPs) are commonly implemented as logically centralized authorization servers [...]
Published in Talk given at the Faculty of Computer Science, Technical University of Dortmund.:
Transfer from CDS 0.99.7: Download fulltextPDF;
17. Management of IT Security in Organizations: What Makes It Hard? / Konstantin Beznosov [LERSSE-PRESENTATION-2008-073]
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after security breaches. [...]
Published in Konstantin Beznosov, “Management of IT Security in Organizations: What Makes It Hard?” talk given at the SAP Research, Campus-based Engineering Center, Karlsruhe, Germany, 08 July 2008.:
Transfer from CDS 0.99.7: Download fulltextPDF;
18. Why (Managing) IT Security is Hard and Some Ideas for Making It Easier / Konstantin Beznosov [LERSSE-PRESENTATION-2008-072]
The way security mechanisms for distributed applications are engineered today has a number of serious drawbacks. [...]
Published in Konstantin Beznosov, “Why (Managing) IT Security is Hard and Some Ideas for Making It Easier” talk given at the St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, 2 June 2008.:
Transfer from CDS 0.99.7: Download fulltextPDF;
19. The Secondary and Approximate Authorization Model and its Application to BLP and RBAC Policies / Konstantin Beznosov [LERSSE-PRESENTATION-2008-071]
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers through remote procedure calls. [...]
Published in Konstantin Beznosov, “The Secondary and Approximate Authorization Model and its Application to BLP and RBAC Policies” talk given at the Computer Science Department, IBM Research Laboratory, Rüeschlikon, Switzerland, 5 June 2008.:
Transfer from CDS 0.99.7: Download fulltextPDF;
20. Toward Understanding the Workplace of IT Security Practitioners / Konstantin Beznosov [LERSSE-PRESENTATION-2008-070]
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after security breaches. [...]
Published in Konstantin Beznosov, “Toward Understanding the Workplace of IT Security Practitioners” talk given at the Computer Science Department, College University London, 04 July 2008.:
Transfer from CDS 0.99.7: Download fulltextPDF;
21. Responding to security incidents: are security tools everything you need? / Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-PRESENTATION-2008-069]
Presentation given at FIRST'08 conference [...]
Published in Rodrigo Werlinger, Kirstie Hawkey, Konstantin Beznosov, "Responding to security incidents: are security tools everything you need?", presented at FIRST, Vancouver, Canada, June 23-27, 2008.:
Transfer from CDS 0.99.7: Download fulltextPDF;
22. A Broad Empirical Study of IT Security Practioners / Konstantin Beznosov [LERSSE-PRESENTATION-2008-068]
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after a security breach [...]
Published in Konstantin Beznosov, "A Broad Empirical Study of IT Security Practioners," talk given at the Coast to Coast Seminar Series, 2008-03-18.:
Transfer from CDS 0.99.7: Download fulltextPDF;
23. HOT Admin Research Project: Overview and Results to Date / Konstantin Beznosov [LERSSE-PRESENTATION-2008-067]
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after a security breach [...]
Published in Konstantin Beznosov, "HOT Admin Research Project: Overview and Results to Date," presented at the seminar series of GONDWANA (Towards Quantitative Security Metrics) research project, 41 pages, École Polytechnique de Montréal, February 21, 2008.:
Transfer from CDS 0.99.7: Download fulltextPDF;
24. On the Imbalance of the Security Problem Space and its Expected Consequences / Konstantin Beznosov ; Olga Beznosova [LERSSE-PRESENTATION-2007-064]
This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon [...]
Published in Konstantin Beznosov, Olga Beznosova "On the Imbalance of the Security Problem Space and its Expected Consequences," Presented at the Symposium on Human Aspects of Information Security & Assurance (HAISA), Plymouth, UK, 10 July, 2007, pp.29.:
Transfer from CDS 0.99.7: Download fulltextPDF;
25. Cooperative Secondary Authorization Recycling / Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-PRESENTATION-2007-063]
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are facing challenges in terms of fragility and poor scalability [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," presented at the 16th Symposium on High Performance Distributed Computing (HPDC'07), June 27, 2007, Monterey, California, USA. pp.24. :
Transfer from CDS 0.99.7: Download fulltextPDF;
26. Towards Understanding IT Security Professionals and Their Tools / David Botta ; Rodrigo Werlinger ; André Gagné ; Konstantin Beznosov ; et al [LERSSE-PRESENTATION-2007-062]
It is estimated that organizations worldwide will spend around $100 Billion USD on IT Security in 2007. [...]
Published in David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Sid Fels, Lee Iverson, Brian Fisher, "Towards Understanding IT Security Professionals and Their Tools," CIPS Vancouver Security SIG Meeting, Vancouver, 13 June, 2007, pp.20.:
Transfer from CDS 0.99.7: Download fulltextPDF;
27. A Security Analysis of the Precise Time Protocol / Jeanette Tsang ; Konstantin Beznosov [LERSSE-PRESENTATION-2006-061]
We present a security analysis of the IEEE 1588 standard, a.k.a [...]
Published in Jeanette Tsang, Konstantin Beznosov, "A Security Analysis of the Precise Time Protocol", presented at the Eighth International Conference on Information and Communications Security (ICICS), Raleigh, North Carolina, USA, 5 December, 2006.:
Transfer from CDS 0.99.7: Download fulltextPDF;
28. Employing Secondary and Approximate Authorizations to Improve Access Control Systems / Konstantin Beznosov [LERSSE-PRESENTATION-2006-060]
The request-response paradigm used for developing access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers through remote procedure calls. [...]
Published in Konstantin Beznosov "Employing Secondary and Approximate Authorizations to Improve Access Control Systems," Halifax, NS, Canada, Faculty of Computer Science, Dalhousie University, 12 October, 2006, pp.43.:
Transfer from CDS 0.99.7: Download fulltextPDF;
29. The Secondary and Approximate Authorization Model and its Application to BellLaPadula Policies / Konstantin Beznosov [LERSSE-PRESENTATION-2006-059]
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers through remote procedure calls. [...]
Published in Konstantin Beznosov "The Secondary and Approximate Authorization Model and its Application to BellLaPadula Policies," Marina del Rey, Clifornia, USA, Computer Networks Division, Information Sciences Institute, the University of Southern California, 6 February, 2006, pp.35.:
Transfer from CDS 0.99.7: Download fulltextPDF;
30. Issues in the Security Architecture of the Computerized Patient Record Enterprise / Konstantin Beznosov [LERSSE-PRESENTATION-2006-058]
We discuss issues in CPR enterprise security architecture. [...]
Published in Konstantin Beznosov "Issues in the Security Architecture of the Computerized Patient Record Enterprise," presented at the Second Workshop on Distributed Object Computing Security (DOCSec), Baltimore, Maryland, USA, 7 May, 1998, pp.11.:
Transfer from CDS 0.99.7: Download fulltextPDF;
31. Towards Agile Security Assurance / Konstantin Beznosov [LERSSE-PRESENTATION-2006-057]
Agile development methods are promising to become the next generation replacing waterfall development. [...]
Published in Konstantin Beznosov "Towards Agile Security Assurance," presentation given at the Calgary Agile Methods User Group (CAMUG), Calgary, Alberta, Canada, University of Calgary, 3 October, 2006.:
Transfer from CDS 0.99.7: Download fulltextPDF;
32. Usable Security: Quo Vadis? / Konstantin Beznosov [LERSSE-PRESENTATION-2006-056]
The presentation discusses the current state of HCISec and challanges for future research..
Published in Konstantin Beznosov "Usable Security: Quo Vadis?," presented at the USENIX Security panel on usability and security, Vancouver, BC, Canada, USENIX, 2 August, 2006, pp.9.:
Transfer from CDS 0.99.7: Download fulltextPDF;
33. HOT Admin: Human, Organization, and Technology Centred Improvement of the IT Security Administration / Konstantin Beznosov ; Sid Fels ; Lee Iverson ; Brian Fisher [LERSSE-PRESENTATION-2006-055]
While cryptography, access control, accountability, and other security technologies have received a great deal of attention, to our knowledge this is the first attempt to address systematically the interaction of security administrative models and technologies with usability within an organization [...]
Published in Konstantin Beznosov, Sid Fels, Lee Iverson, Brian Fisher, "HOT Admin: Human, Organization, and Technology Centred Improvement of the IT Security Administration," CIPS Vancouver Security SIG Meeting, Vancouver, 8 March, 2006, pp.35.:
Transfer from CDS 0.99.7: Download fulltextPDF;
34. Analysis of Interdependencies between CITI and other Critical Infrastructures using RISKS Forum data / Hafiz Abdur Rahman ; Konstantin Beznosov [LERSSE-PRESENTATION-2006-052]
* Objectives * Information Requirement for CITI Failure Analysis * Use of Public Domain Failure Reports * Existing Classification Methods * Our Method of Classification and Analysis * Results of our Analysis * Conclusions
Published in Hafiz Abdur Rahman and Konstantin Beznosov, "Analysis of Interdependencies between CITI and other Critical Infrastructures using RISKS Forum data," JIIRP Technical Meeting, University of British Columbia, ICICS, 27 January, 2006, pp.26. :
Transfer from CDS 0.99.7: Download fulltextPDF;
35. Resource Access Decision Service for CORBA-based Distributed Systems / Konstantin Beznosov ; Yi Deng ; Bob Blakley ; Carol Burt ; et al [LERSSE-PRESENTATION-2006-051]
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those polices and factors are [...]
Published in Barkley, "A Resource Access Decision Service for CORBA-based Distributed Systems," presented at the Annual Computer Security Applications Conference (ACSAC), Phoenix, Arizona, U.S.A., 10 December, 1999, pp.13. :
Transfer from CDS 0.99.7: Download fulltextPDF;
36. Secondary and Approximate Authorization Model (SAAM) and its Application to Bell-LaPadula Policies / Konstantin Beznosov [LERSSE-PRESENTATION-2006-050]
The talk defines the secondary and approximate authorization model (SAAM) [...]
Published in Authorization Model (SAAM) and its Application to Bell-LaPadula Policies," Los Angeles, Information Sciences Institute, 6 February, 2006, pp.35. :
Transfer from CDS 0.99.7: Download fulltextPDF;
37. Usability of Security Administration vs. Usability of End-user Security / Mary Ellen Zurko ; Steve Chan ; Greg Conti ; Konstantin Beznosov [LERSSE-PRESENTATION-2005-049]
Having recently received increasing attention, usable security is implicitly all about the end user who employs a computer system to accomplish security-unrelated business or personal goals [...]
Published in Mary Ellen Zurko, Steve Chan, Greg Conti, Konstantin Beznosov, "Usability of Security Administration vs. Usability of End-user Security," slides of the corresponding panel at the Symposium on Usable Privacy and Security (SOUPS), Pittsburgh, PA, USA, 8 July, 2005, pp.35.:
Transfer from CDS 0.99.7: Download fulltextPDF;
38. Update on Security Domain Membership RFP Proposal / Konstantin Beznosov ; Tadashi Kaji [LERSSE-PRESENTATION-2005-048]
Presentation explains structural design proposed by the SDMM proposal, as it was standing on December 2000..
Published in Konstantin Beznosov, Tadashi Kaji, "Update on Security Domain Membership RFP Proposal," presented to the OMG ORB/OS PTF, OMG docuement orbos/00-12-07, 12 December, 2000, pp.23. :
Transfer from CDS 0.99.7: Download fulltextPDF;
39. Upcoming OMG HealthCare Resource Access Control Facility / Konstantin Beznosov [LERSSE-PRESENTATION-2005-047]
Outline: • CORBA in 5 minutes • CORBA security model • Why HRAC • HRAC concepts • HRAC framework design • Work status
Published in Konstantin Beznosov, "Upcoming OMG HealthCare Resource Access Control Facility," presentation on Resource Access Decision facility given to SIG Secure at HL7 meeting, Orlando, FL, USA, SIG Secure, HL7, 26 January, 1999, pp.14.:
Transfer from CDS 0.99.7: Download fulltextPDF;
40. Towards Agile Security Assurance / Konstantin Beznosov ; Philippe Kruchten [LERSSE-PRESENTATION-2005-046]
Agile development methods are promising to become the next generation replacing water-fall development. [...]
Published in Konstantin Beznosov, Philippe Kruchten, "Towards Agile Security Assurance," presentation given at The New Security Paradigms Workshop (NSPW), White Point Beach Resort, Nova Scotia, Canada, 20 September, 2004. :
Transfer from CDS 0.99.7: Download fulltextPDF;
41. Towards Agile Security Assurance / Konstantin Beznosov [LERSSE-PRESENTATION-2005-045]
Agile development methods are promising to become the next generation replacing water-fall development. [...]
Published in Konstantin Beznosov, "Towards Agile Security Assurance," presentation given at the Department of Computer Science, Waterloo, Ontario, Canada, University of Waterloo, 18 October, 2004. :
Transfer from CDS 0.99.7: Download fulltextPDF;
42. Toward Usable Security Administration / Konstantin Beznosov [LERSSE-PRESENTATION-2005-044]
Administration of protection mechanisms for large networked information enterprises is challenging due to large numbers of application instances resources and users, complex and dynamic business processes, and high (and always growing) volume of change because of the first two (large scale and dynamics). [...]
Published in Konstantin Beznosov, "Toward Usable Security Administration," presented at the 4th Annual Advanced Networks Conference, Vancouver, Canada, 27 April, 2004.:
Transfer from CDS 0.99.7: Download fulltextPDF;
43. Toward Usable Security Administration / Konstantin Beznosov [LERSSE-PRESENTATION-2005-043]
Administration of protection mechanisms for large networked information enterprises is challenging due to large numbers of application instances resources and users, complex and dynamic business processes, and high (and always growing) volume of change because of the first two (large scale and dynamics). [...]
Published in Konstantin Beznosov, "Toward Usable Security Administration," presentation given at the 4th Annual Advanced Networks Conference, Vancouver, BC, Canada, 27 April, 2004.:
Transfer from CDS 0.99.7: Download fulltextPDF;
44. Software Engineering at ECE / Konstantin Beznosov [LERSSE-PRESENTATION-2005-042]
This talk gives a brief overview of the Software Engineering teaching and research at the Department of Electrical and Computer Engineering, the University of British Columbia..
Published in Konstantin Beznosov, "Software Engineering at ECE," brief update given at the UBC\'s ECE Advisory Council meeting, Vancouver, B.C., Canada, 2 November, 2003. :
Transfer from CDS 0.99.7: Download fulltextPDF;
45. Security Requirements in Healthcare / Konstantin Beznosov [LERSSE-PRESENTATION-2005-041]
Presentation on requirements in US healthcare organizations to security vendors, given to the joint SecSIG/CORBAmed session [...]
Published in Konstantin Beznosov, "Security Requirements in Healthcare," presentation given to the joint SecSIG/CORBAmed, OMG, OMG doc # corbamed/99-03-16, 23 March, 1999, pp.16. :
Transfer from CDS 0.99.7: Download fulltextPDF;
46. Security Engineering for Large Scale Distributed Applications / Konstantin Beznosov [LERSSE-PRESENTATION-2005-040]
The way security mechanisms for large-scale distributed applications are engineered today has a number of serious drawbacks. [...]
Published in Konstantin Beznosov, "Security Engineering for Large Scale Distributed Applications," Talk given at the Department of Computer Science, Vrije University, Amsterdam, 17 December, 2004. :
Transfer from CDS 0.99.7: Download fulltextPDF;
47. Security Engineering for Large Scale Distributed Applications / Konstantin Beznosov [LERSSE-PRESENTATION-2005-039]
The way security mechanisms for large-scale distributed applications are engineered today has a number of serious drawbacks. [...]
Published in Konstantin Beznosov, "Security Engineering for Large Scale Distributed Applications," Talk given at severall organizations. See the abstract for details., 2003. :
Transfer from CDS 0.99.7: Download fulltextPDF;
48. Resource Names for Resource Access Decision (Facility) / Konstantin Beznosov [LERSSE-PRESENTATION-2005-038]
Presentation given to the joint SecSIG/CORBAmed session on Resource Access Decision facility, as part of the presentation on the revised submission to the OMG Healthcare Resource Access Control RFP [...]
Published in Konstantin Beznosov, "Resource Names for Resource Access Decision (Facility)," presentation given to the joint SecSIG/CORBAmed, OMG, OMG doc # corbamed/99-03-11, 22 March, 1999, pp.18. :
Transfer from CDS 0.99.7: Download fulltextPDF;
49. Resource Access Decision Server: Design and Performance Considerations / Konstantin Beznosov ; Luis Espinal [LERSSE-PRESENTATION-2005-037]
Presentation on the design and the conducted performance measurements of RAD server prototype built at CADSE [...]
Published in Konstantin Beznosov, Luis Espinal, "Resource Access Decision Server: Design and Performance Considerations," presentation given at CADSE, Miami, FL, USA, CADSE, SCS, FIU, 22 October, 5 November, 1999, pp.25.:
Transfer from CDS 0.99.7: Download fulltextPDF;
50. Resource Access Decision Facility: Overview / Konstantin Beznosov [LERSSE-PRESENTATION-2005-036]
Outline: • Why you need Resource Access Decision Facility • Main aspects of RAD specification design • Main design decisions made by RAD submission team
Published in Konstantin Beznosov, "Resource Access Decision Facility: Overview," presentation given at DOCsec Workshop, Baltimore, Maryland, USA, OMG, 15 July, 1999, pp.21.:
Transfer from CDS 0.99.7: Download fulltextPDF;
51. Requirements for Access Control: US Healthcare Domain / Konstantin Beznosov [LERSSE-PRESENTATION-2005-035]
Roles are important factors in authorization rules. [...]
Published in Konstantin Beznosov, "Requirements for Access Control: US Healthcare Domain," panel presentation givent at the Third ACM Workshop on Role-Based Access Control, Fairfax, Virginia, USA, ACM, October, 1998.:
Transfer from CDS 0.99.7: Download fulltextPDF;
52. Preview: Mastering Web Services Security / Konstantin Beznosov [LERSSE-PRESENTATION-2005-034]
This presentation gives an overview of the upcoming book on Mastering Web Services Security that I co-authored with my colleagues at Quadrasis..
Published in Konstantin Beznosov, "Preview: Mastering Web Services Security," presentation given at Computer Science department, Zurich, Switzerland, IBM Research Laboratory, 16 September, 2002. :
Transfer from CDS 0.99.7: Download fulltextPDF;
53. Overview of Reference Model of Open Distributed Processing (RM-ODP) / Konstantin Beznosov [LERSSE-PRESENTATION-2005-033]
Outline: - Why Languages for Enterprises? - Introduction - RM-ODP goal - What it de nes - Viewpoints - Modeling in RM-ODP - Languages - Analysis of RM-ODP - Summary - Additional Information
Published in Konstantin Beznosov, "Overview of Reference Model of Open Distributed Processing (RM-ODP)," presentation given at CADSE, Miami, FL, USA, School of Computer Science, FIU, 17 July, 1998, pp.25. :
Transfer from CDS 0.99.7: Download fulltextPDF;
54. Overview of CORBA Security / Konstantin Beznosov [LERSSE-PRESENTATION-2005-032]
Outline: • Introduction into computer security • Security in OO systems • CORBA security model overview • Application access control in CORBA • Resource Access Decision Facility • Further Information
Published in Konstantin Beznosov, "Overview of CORBA Security," lecture given to he students of graduate class CEN6502, Topics in Concurrent and Distributed Systems, Miami, FL, USA, SCS, FIU, 8 March, 2000, pp.27.:
Transfer from CDS 0.99.7: Download fulltextPDF;
55. On the Benefits of Decomposing Policy Engines into Components / Konstantin Beznosov [LERSSE-PRESENTATION-2005-031]
In order for middleware systems to be adaptive, their properties and services need to support a wide variety of application-specific policies. [...]
Published in Konstantin Beznosov, "On the Benefits of Decomposing Policy Engines into Components," talk given at The 3rd Workshop on Reflective and Adaptive Middleware, Toronto, Canada, 19 October, 2004. :
Transfer from CDS 0.99.7: Download fulltextPDF;
56. Object Security Attributes: Enabling Application-specific Access Control in Middleware / Konstantin Beznosov [LERSSE-PRESENTATION-2005-030]
This presentation makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. [...]
Published in Konstantin Beznosov, "Object Security Attributes: Enabling Application-specific Access Control in Middleware," presented at the 4th International Symposium on Distributed Objects Applications (DOA), Irvine, California, 29 October, 2002. :
Transfer from CDS 0.99.7: Download fulltextPDF;
57. Middleware and Web Services Security Mechanisms / Konstantin Beznosov [LERSSE-PRESENTATION-2005-029]
Learning objectives: Gain a working knowledge of the security mechanisms of current Middleware and Web Services technologies. [...]
Published in Konstantin Beznosov, "Middleware and Web Services Security Mechanisms," lecture given at the secure application development course SecAppDev course, Brussels, Belgium, Katholieke Universiteit Leuven, 2 March, 2005, pp.65. :
Transfer from CDS 0.99.7: Download fulltextPDF;
58. Middleware and Web Services Security / Konstantin Beznosov [LERSSE-PRESENTATION-2005-028]
Challenges of designing secure distributed applications are due to distribution, scale and object orientation. [...]
Published in Konstantin Beznosov, "Middleware and Web Services Security," tutorial given at JavaPolis University, Antwerp, Belgium, Belgium Java Users Group, 14 December, 2004. :
Transfer from CDS 0.99.7: Download fulltextPDF;
59. JAMES: Junk Authorizations for Massive-scale Enterprise Services / Konstantin Beznosov [LERSSE-PRESENTATION-2005-027]
The request-response paradigm used for distributed access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers through remote procedure calls [...]
Published in Konstantin Beznosov, "JAMES: Junk Authorizations for Massive-scale Enterprise Services," given at the School of Computing and Information Sciences, Florida International University, Miami, Florida, USA, August 15, 2005, pp.29. :
Transfer from CDS 0.99.7: Download fulltextPDF;
60. Issues in the Security Architecture of the Computerized Patient Record Enterprise / Konstantin Beznosov [LERSSE-PRESENTATION-2005-026]
We discuss issues in CPR enterprise security architecture. [...]
Published in Konstantin Beznosov, "Issues in the Security Architecture of the Computerized Patient Record Enterprise," presentation given at Second Workshop on Distributed Object Computing Security (DOCSec), Baltimore, Maryland, USA, Object Management Group, 7 May, 1998. :
Transfer from CDS 0.99.7: Download fulltextPDF;
61. Issues in the Security Architecture of the Computerized Patient Record Enterprise / Beznosov, K [LERSSE-PRESENTATION-2005-025]
We discuss issues in CPR enterprise security architecture. [...]
Transfer from CDS 0.99.7: Download fulltextPDF;
62. Introduction to Cryptography, Part II / Konstantin Beznosov [LERSSE-PRESENTATION-2005-024]
Outline: - Probabilistic encryption -- Average Case Computational Di culty and the Worst Case Di culty - Identity-Based Public-Key Cryptography - Fair Coin Flipping Using Public-Key Cryptography - Fair Cryptosystems (Key Escrow) - Zero Knowledge Interactive Proof Systems
Published in Konstantin Beznosov, "Introduction to Cryptography, Part II," presentation given at class COT 6421, Theory of Computation II, Miami, FL, USA, School of Computer Science, Florida International University, 7 April, 1998. :
Transfer from CDS 0.99.7: Download fulltextPDF;
63. Introduction to Cryptography, Part I: Probabilistic Encryption / Konstantin Beznosov [LERSSE-PRESENTATION-2005-023]
Outline: - Why do we need probabilistic encryption? - The idea behind - Optimized algorithm - Drawbacks
Published in Konstantin Beznosov, "Introduction to Cryptography, Part I: Probabilistic Encryption," presentation given at the class COT 6421, Theory of Computation II, Miami, FL, USA, School of Computer Science, Florida International University, 2 April, 1998.:
Transfer from CDS 0.99.7: Download fulltextPDF;
64. Improving Practical Security Engineering: Overview of the Ongoing Research / Konstantin Beznosov [LERSSE-PRESENTATION-2005-022]
Security engineering is about creating viable solutions to real-world security problems-solutions that would address the requirements, be cost-effective, competitive, and yet be subject to the limitations of today security and software technologies [...]
Published in Konstantin Beznosov, "Improving Practical Security Engineering: Overview of the Ongoing Research," talk given at the Department of Computer Science, Heverlee, Belgium, Catholic University of Leuven, 20 December, 2004. :
Transfer from CDS 0.99.7: Download fulltextPDF;
65. Human Factor in Security Administration: Brainstorming the Research Directions / Konstantin Beznosov [LERSSE-PRESENTATION-2005-021]
Although usability has been acknowledged by the security community as one of the design goals back in 1970s, there is dearth of applications of HCI methods to the domain of computer security in general and security administration in particular. [...]
Published in Konstantin Beznosov, "Human Factor in Security Administration: Brainstorming the Research Directions," presentation given at SEEDS, Vancouver, BC, Canada, SEEDS, ECE, UBC, 2 December, 2003. :
Transfer from CDS 0.99.7: Download fulltextPDF;
66. HIPAA and CPR Architecture / Konstantin Beznosov [LERSSE-PRESENTATION-2005-020]
The presentation that describes Health Insurance Portability and Accountability Act (HIPAA) from the perspective of the Computerized Patient Record (CPR) Architecture [...]
Published in Konstantin Beznosov, "HIPAA and CPR Architecture," presentation given to IT leadership of the Baptist Health Systems, Miami, FL, USA, Baptist Health Systems of South Florida, 19 April, 1999, pp.17.:
Transfer from CDS 0.99.7: Download fulltextPDF;
67. Handouts: Introduction to Cryptography / Konstantin Beznosov [LERSSE-PRESENTATION-2005-019]
Outline: - Probabilistic encryption - Identity-Based Public-Key Cryptography - Fair Coin Flipping Using Public-Key Cryptography - Fair Cryptosystems (Key Escrow) - Zero Knowledge Interactive Proof Systems
Published in Konstantin Beznosov, "Handouts: Introduction to Cryptography," handouts for the presentation given at class COT 6421, Theory of Computation II, Miami, FL, USA, School of Computer Science, Florida International University, April, 1998. :
Transfer from CDS 0.99.7: Download fulltextPDF;
68. Flooding and Recycling Authorizations / Konstantin Beznosov [LERSSE-PRESENTATION-2005-018]
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers through remote procedure calls. [...]
Published in Konstantin Beznosov, "Flooding and Recycling Authorizations," presentation given at the New Security Paradigms Workshop (NSPW), Lake Arrowhead, CA, USA, 22 September, 2005, pp.25. :
Transfer from CDS 0.99.7: Download fulltextPDF;
69. Experience Report: Design and Implementation of a Component-Based Protection Architecture for ASP.NET Web Services / Konstantin Beznosov [LERSSE-PRESENTATION-2005-016]
This presentation reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services. [...]
Published in Konstantin Beznosov, "Experience Report: Design and Implementation of a Component-Based Protection Architecture for ASP.NET Web Services," presented at the Eighth International SIGSOFT Symposium on Component-based Software Engineering (CBSE), St. Louis, Missouri, USA, 15 May, 2005. :
Transfer from CDS 0.99.7: Download fulltextPDF;
70. Design / Konstantin Beznosov [LERSSE-PRESENTATION-2005-006]
Learning objectives: * understand the principles of engineering secure systems. [...]
Published in application development course SecAppDev course, Brussels, Belgium, Katholieke Universiteit Leuven, 2, 3 March, 2005, pp.55. :
Transfer from CDS 0.99.7: Download fulltextPDF;
71. Computer and Distributed Security: Introductory Overview for Researchers / Konstantin Beznosov [LERSSE-PRESENTATION-2005-015]
Outline: - What is security of computer systems - Security and usability - The main challenge for security - Threats, Vulnerabilities, and Attacks - Security Concerns - Distributed Security - Security Functionalities - Summary - References
Published in Konstantin Beznosov, "Computer and Distributed Security: Introductory Overview for Researchers," presentation given at the CADSE, Miami, FL, USA, CADSE, School of Computer Science, FIU, 2 October, 1998, pp.25. :
Transfer from CDS 0.99.7: Download fulltextPDF;
72. BHS Information Enterprise Architecture / Konstantin Beznosov ; Eric Butler ; Eric Navarro [LERSSE-PRESENTATION-2005-014]
Published in Konstantin Beznosov, Eric Butler, Eric Navarro, "BHS Information Enterprise Architecture," presentation given at CADSE, Miami, FL, USA, CADSE, SCS, FIU, 22 January, 1999, pp.21. :
Transfer from CDS 0.99.7: Download fulltextPDF;
73. Attribute Function: an Enabler for Effective Inexpensive Application-specific Security Decisions / Konstantin Beznosov [LERSSE-PRESENTATION-2005-013]
Security is an essential feature and foremost concern to Internet and enterprise distributed software applications. [...]
Published in Konstantin Beznosov, "Attribute Function: an Enabler for Effective Inexpensive Application-specific Security Decisions," presentation given to the SEEDS, ECE, UBC, Vancouver, BC, Canada, ECE, UBC, 16 September, 2003. :
Transfer from CDS 0.99.7: Download fulltextPDF;
74. Architecture-Centered Composition of Adaptive and Dependable Enterprise Security Services / Yi Deng ; Konstantin Beznosov [LERSSE-PRESENTATION-2005-012]
Security is an essential feature and foremost concern to enterprise software systems. [...]
Published in Yi Deng, Konstantin Beznosov, "Architecture-Centered Composition of Adaptive and Dependable Enterprise Security Services," presented at IBM T. J. Watson Research Center, NY, USA, 14 February, 2000, pp.32. :
Transfer from CDS 0.99.7: Download fulltextPDF;
75. Architecture of Information Enterprises: Problems and Perspectives / Konstantin Beznosov [LERSSE-PRESENTATION-2005-011]
Current problems, constrains, goals, and approaches in developing architecture of information enterprises are reviewed [...]
Published in Konstantin Beznosov, "Architecture of Information Enterprises: Problems and Perspectives," term paper for graduate course in Advanced Software Engineering, Miami, FL, School of Computer Science, Florida International University, 15 April, 1998, pp.12.:
Transfer from CDS 0.99.7: Download fulltextPDF;
76. Architectural Separation of Authorization and Application Logic in Distributed Systems / Konstantin Beznosov [LERSSE-PRESENTATION-2005-010]
Security is an essential feature and foremost concern to enterprise software systems [...]
Published in Konstantin Beznosov, "Architectural Separation of Authorization and Application Logic in Distributed Systems," talk given at several organizations, see abstract for details, April--May, 2000. :
Transfer from CDS 0.99.7: Download fulltextPDF;
77. An Overview of The Ongoing Research at LERSSE / Konstantin Beznosov [LERSSE-PRESENTATION-2005-009]
This presentation provides an overview of the research projects undergoing at the Laboratory for Education and Research in Secure Systems Engineering (LERSSE) [...]
Published in Konstantin Beznosov, "An Overview of The Ongoing Research at LERSSE," KTH, Stockholm, 9 June, 2005, pp.76. :
Transfer from CDS 0.99.7: Download fulltextPDF;
78. Access Control Architectures: COM+ vs. EJB / Konstantin Beznosov [LERSSE-PRESENTATION-2005-008]
This tutorial provides an overview of access control mechanisms in two most popular commercial middleware technologies, COM+ and EJB. [...]
Published in Konstantin Beznosov, "Access Control Architectures: COM+ vs. EJB," tutorial has been given at the JavaPolis, Antwerpen, Belgium, 16 December, 2004. :
Transfer from CDS 0.99.7: Download fulltextPDF;
79. Access Control / Konstantin Beznosov [LERSSE-PRESENTATION-2005-007]
Learning objectives: Comprehend the principles behind access control mechanisms used in today\\\\\\\'s: * operating systems, * middleware, * virtual machines. [...]
Published in Konstantin Beznosov, "Access Control," lecture given at the secure application development course SecAppDev course, Brussels, Belgium, Katholieke Universiteit Leuven, 28 February, 2005, pp.46. :
Transfer from CDS 0.99.7: Download fulltextPDF;
80. A Study of Three Workstation-Server Architectures for Object Oriented Database Systems / Konstantin Beznosov [LERSSE-PRESENTATION-2005-006]
It presents a paper by David DeWitt, et al \"A Study of Three Workstation-Server Architectures for Object Oriented Database Systems\" [...]
Published in Architectures for Object Oriented Database Systems," presentation at graduate course COP 6545 \"Advanced Database Systems\", Miami, FL, School of Computer Science, Florida International University, 23 October, 1996, pp.11. :
Transfer from CDS 0.99.7: Download fulltextPDF;
81. A Framework for Implementing Role-based Access Control Using CORBA Security Service / Konstantin Beznosov [LERSSE-PRESENTATION-2005-005]
The presentation shows how role-based access control (RBAC) models could be implemented using CORBA Security service [...]
Published in Konstantin Beznosov, "A Framework for Implementing Role-based Access Control Using CORBA Security Service," presentation given at CADSE, Miami, FL, USA, Center for Advanced Distributed Systems Engineering (CADSE), School of Computer Science (SCS), Florida International University (FIU), 14, 21 May, 1999, pp.53. :
Transfer from CDS 0.99.7: Download fulltextPDF;
82. A Framework for Implementing Role-based Access Control Using CORBA Security Service / Konstantin Beznosov [LERSSE-PRESENTATION-2005-004]
The presentation shows how role-based access control (RBAC) models could be implemented using CORBA Security service [...]
Published in Konstantin Beznosov, "A Framework for Implementing Role-based Access Control Using CORBA Security Service," presented at the Fourth ACM Workshop on Role-Based Access Control (RBAC), Fairfax, Virginia, USA, ACM, 28 October, 1999, pp.29. :
Transfer from CDS 0.99.7: Download fulltextPDF;
83. A Design of An Authorization Service / Konstantin Beznosov [LERSSE-PRESENTATION-2005-003]
Outline: • CORBA security model • What CORBA Access Model does[ not] Cover • Healthcare Resource Access Control (H-RAC) high level view • Authorization Service framework design details
Published in Konstantin Beznosov, "A Design of An Authorization Service," presentation given at CADSE, Miami, FL, USA, SCS, FIU, 12 February, 1999, pp.16. :
Transfer from CDS 0.99.7: Download fulltextPDF;
84. Accountability and Availability / Konstantin Beznosov [LERSSE-PRESENTATION-2005-002]
Learning objectives: Comprehend the principles of security accountability and availability. [...]
Published in Konstantin Beznosov, "Accountability and Availability," lecture given at the secure application development course SecAppDev course, Brussels, Belgium, Katholieke Universiteit Leuven, 1 March, 2005, pp.43. :
Transfer from CDS 0.99.7: Download fulltextPDF;
85. A Security Analysis of the IEEE 1588 Standard / Jeanette Tsang ; Konstantin Beznosov [TEST-PRESENTATION-2005-001]
Published in Jeanette Tsang, Konstantin Beznosov, "A Security Analysis of the IEEE 1588 Standard", presented at the 2005 Conference on IEEE-1588 Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems, October 2005.:
Transfer from CDS 0.99.7: Download fulltextPDF;

Posters 20 records found  
1. Augur: Aiding Malware Detection Using Large-Scale Machine Learning / Yazan Boshmaf ; Matei Ripeanu ; Konstantin Beznosov ; Kyle Zeeuwen ; et al [LERSSE-POSTER-2012-001]
We present Augur: a large-scale machine learning system that uses malware static and dynamic analyses to predict the maliciousness of new files. [...]
Published in Yazan Boshmaf, Matei Ripeanu, Konstantin Beznosov, Kyle Zeeuwen, David Cornell, Dmitry Samosseiko. Augur: Aiding Malware Detection Using Large-Scale Machine Learning. At the Poster Session of the 21st Usenix Security Symposium, Bellevue, WA, 2012:
Transfer from CDS 0.99.7: Download fulltextPDF;
2. [POSTER] The Socialbot Network: When Bots Socialize for Fame and Money / Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-POSTER-2011-002]
Online Social Networks (OSNs) have become an integral part of today's Web. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu. The socialbot network: when bots socialize for fame and money. In the Poster Session of the 20th USENIX Conference on Security (SEC'11), August 2011.:
Transfer from CDS 0.99.7: Download fulltextPDF;
3. Promoting A Physical Security Mental Model For Personal Firewall Warnings / Fahimeh Raja ; Kirstie Hawkey ; Steven Hsu ; Kai-Le Clement Wang ; et al [LERSSE-POSTER-2011-001]
We used an iterative process to design personal firewall warnings in which the functionality of a firewall is visualized based on a physical security mental model. [...]
Published in Fahimeh Raja, Kirstie Hawkey, Steven Hsu, Kai-Le Clement Wang, and Konstantin Beznosov. Promoting A Physical Security Mental Model For Personal Firewall Warnings. In Proceedings of the 29th International Conference Extended Abstracts on Human Factors in Computing Systems (Vancouver, BC, Canada, 2011). ACM, New York, NY, 6 pages.:
Transfer from CDS 0.99.7: Download fulltextPDF;
4. Expectations, Perceptions, and Misconceptions of Personal Firewalls / Fahimeh Raja ; Kirstie Hawkey ; Pooya Jaferian ; Konstantin Beznosov ; et al [LERSSE-POSTER-2010-007]
In this research, our goal is to better understand users' knowledge, expectations, perceptions, and misconceptions of personal firewalls. [...]
Published in Raja, F., Jaferian, P., Hawkey, K., Beznosov, K., Booth, K. 2009. Expectations, Perceptions, and Misconceptions of Personal Firewalls. In Proceedings of the 6th Symposium on Usable Privacy and Security (Redmond, WA, July 14 - 16, 2010). SOUPS '10. ACM, New York, NY, 1-2.:
Transfer from CDS 0.99.7: Download fulltextPDF;
5. Poster: OpenIDemail Enabled Browser, Towards Fixing the Broken Web Single Sign-On Triangle / San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-POSTER-2010-006]
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Poster: Openidemail enabled browser, towards fixing the broken web single sign-on triangl. poster at the SOUPS 2009, July 13th 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
6. Poster: Validating and Extending a Study on the Effectiveness of SSL Warnings / Andreas Sotirakopoulos ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-POSTER-2010-005]
We recently replicated and extended a 2009 study that investigated the effectiveness of SSL warnings. [...]
Published in A. Sotirakopoulos, K. Hawkey, and K. Beznosov. Poster: Validating and extending a study on the effectiveness of ssl warnings. Poster at Symposium on Usable Privacy and Security, 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
7. Investigating User Account Control Practices / Sara Motiee ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-POSTER-2010-004]
Non-administrator user accounts and the user account control (UAC) approach of Windows Vista are two practical solutions to limit the damage of malware infection [...]
Published in Sara Motiee, Kirstie Hawkey and Konstantin Beznosov. Investigating User Account Control Practices. In Proceedings of the 28th international Conference Extended Abstracts on Human Factors in Computing Systems (Atlanta, GA, USA, April 10 - 15, 2010). ACM, New York, NY, 6 pages.:
Transfer from CDS 0.99.7: Download fulltextPDF;
8. Investigating an Appropriate Design for Personal Firewalls / Fahimeh Raja ; Kirstie Hawkey ; Konstantin Beznosov ; Kellogg S. Booth [LERSSE-POSTER-2010-003]
Personal firewalls are an important aspect of security for home computer users, but little attention has been given to their usability. [...]
Published in Fahimeh Raja, Kirstie Hawkey, Konstantin Beznosov, and Kellogg S. Booth. Investigating an Appropriate Design for Personal Firewalls. In Proceedings of the 28th international Conference Extended Abstracts on Human Factors in Computing Systems (Atlanta, GA, USA, April 10 - 15, 2010). ACM, New York, NY, 6 pages.:
Transfer from CDS 0.99.7: Download fulltextPDF;
9. Poster: OpenIDemail Enabled Browser / San-Tsai Sun ; Konstantin Beznosov [LERSSE-POSTER-2010-002]
Today's Web is site-centric. [...]
Published in San-Tsai Sun and Konstantin Beznosov. Poster: OpenIDemail Enabled Browser. In the poster session of the 25th Annual Computer Security Applications Conference (ACSAC), December 2009:
Transfer from CDS 0.99.7: Download fulltextPDF;
10. Towards Developing Usability Heuristics for Evaluation of IT Security Management (ITSM) Tools / Pooya Jaferian ; David Botta ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-POSTER-2009-010]
Evaluating the usability of specific information technology (IT) security tools is challenging. [...]
Published in Pooya Jaferian, David Botta, Kirstie Hawkey, Konstantin Beznosov, Towards Developing Usability Heuristics for Evaluation of IT Security Management (ITSM) Tools. Poster at CHIMIT 2009, Baltimore, MD, 2009.:
Transfer from CDS 0.99.7: Download fulltextPDF;
11. Towards Investigating User Account Control Practices in Windows Vista / Sara Motiee, Kirstie Hawkey, Konstantin Beznosov [LERSSE-POSTER-2009-009]
This poster presents the research plan for investigating user account control practices in Windows Vista. [...]
Published in S. Motiee, K. Hawkey and K. Beznosov, Towards Investigating User Account Control Practices in Windows Vista. Poster in18th USENIX Security Symposium, August 2009.:
Transfer from CDS 0.99.7: Download fulltextPDF;
12. A Multi-method Approach for User-centered Design of Identity Management Systems / Pooya Jaferian ; David Botta ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-POSTER-2009-006]
Identity management (IdM) comprises the processes and infrastructure for the creation, maintenance, and use of digital identities. [...]
Published in Pooya Jaferian, David Botta, Kirstie Hawkey, Konstantin Beznosov, A multi-method approach for user-centered design of identity management systems. Poster at SOUPS 2009, Mountain View, CA, 2009. :
Transfer from CDS 0.99.7: Download fulltextPDF;
13. Poster: Toward Enabling Secure Web 2.0 Content Sharing Beyond Walled Gardens / San-Tsai Sun ; Konstantin Beznosov [LERSSE-POSTER-2009-005]
Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). [...]
Published in San-Tsai Sun and Konstantin Beznosov. "Poster: Towards enabling secure Web 2.0 user content sharing beyond walled gardens," poster at the USENIX Security 2009, August 13th 2009.:
Transfer from CDS 0.99.7: Download fulltextPDF;
14. Speculative Authorizations / Pranab Kini ; Konstantin (Kosta) Beznosov [LERSSE-POSTER-2009-003]
In a large-scale enterprise system, making authorization decisions is often computationally expensive due to the complexity of the policies involved and the large size of the resource and user populations [...]
Transfer from CDS 0.99.7: Download fulltextPDF;
15. Poster: Towards Secure Web 2.0 User Content Sharing Beyond Walled Gardens / San-Tsai Sun ; Konstantin Beznosov [LERSSE-POSTER-2009-002]
Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs) [...]
Published in San-Tsai Sun and Konstantin Beznosov. "Poster: Towards enabling secure Web 2.0 user content sharing beyond walled gardens," poster at the IEEE Security and Privacy 2009, May 17th 2009.:
Transfer from CDS 0.99.7: Download fulltextPDF;
16. Towards Improving Mental Models of Personal Firewall Users / Fahimeh Raja ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-POSTER-2009-001]
Windows Vista’s personal firewall provides its diverse users with a basic interface that hides many operational details. [...]
Published in Fahimeh Raja, Kirstie Hawkey, and Konstantin Beznosov, "Towards Improving Mental Models of Personal Firewall Users," in Proceedings of CHI 2009 (Work in Progress), Boston, USA, 4-9 April, 2009, 6 pages.:
Transfer from CDS 0.99.7: Download fulltextPDF;
17. A Two-Factor Authentication System using Mobile Phones / Nima Kaviani ; Konstantin Beznosov [LERSSE-POSTER-2008-003]
The use of untrusted computers to access critical information introduces one of the main challenges in protecting the security of users’ confidential information. [...]
Published in Nima Kaviani, Konstantin Beznosov, "A Two-Factor Authentication System using Mobile Phones", Poster Presentation in the National Privacy and Security Conference, Victoria, Canada, February 2008.:
Transfer from CDS 0.99.7: Download fulltextPDF;
18. Security Practitioners in Context: Their Activities and Collaborative Interactions / Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-POSTER-2008-002]
This study develops the context of interactions of IT security practitioners [...]
Published in Werlinger, R., Hawkey, K., and Beznosov, K. Poster presented at "Security and Privacy Conference", Victoria, BC, Canada, February 2008.:
Transfer from CDS 0.99.7: Download fulltextPDF;
19. Searching for the Right Fit: Considerations when Balancing IT Security Management Model Tradeoffs / Kirstie Hawkey, Kasia Muldner and Konstantin Beznosov [LERSSE-POSTER-2008-004]
The effectiveness of IT security professionals in an organization is influenced not only by the usability of security management tools, but also by the fit of an organization's security management model (SMM). [...]
Published in Kirstie Hawkey, Kasia Muldner, Konstantin Beznosov, "Searching for the Right Fit: Considerations when Balancing IT Security Management Model Tradeoffs", Poster presented at the 7th Annual Conference & Exposition Privacy & Security Conference, Victoria, B.C., February 7-8, 2008.:
Transfer from CDS 0.99.7: Download fulltextPDF;
20. Cooperative Secondary Authorization Recycling / Qiang Wei ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-POSTER-2006-001]
As distributed enterprise systems scale up and become increasingly complex their authorization infrastructures are facing new challenges [...]
Published in Qiang Wei, Konstantin Beznosov, Matei Ripeanu, "Cooperative Approximate Authorization Recycling", Poster, 15th USENIX Security Symposium, August 2006.:
Transfer from CDS 0.99.7: Download fulltextPDF;

etc 3 records found  
1. Dynamically Regulating Mobile Application Permissions / Primal Wijesekera ; Arjun Baokar ; Lynn Tsai ; Joel Reardon ; et al [LERSSE-etc-2018-001]
Current smartphone operating systems employ permission systems to regulate how apps access sensitive resources. [...]
Published in P. Wijesekera et al., "Dynamically Regulating Mobile Application Permissions," in IEEE Security & Privacy, vol. 16, no. 1, pp. 64-71, January/February 2018. doi: 10.1109/MSP.2018.1331031 keywords: {Computer security;Medical devices;Mobile communication;Privacy;Smart phones;IEEE Symposium on Security and Privacy;machine learning;mobile privacy;permission systems;security}, URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8283440&isnumber=8283426:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
2. The Socialbot Network: Are Social Botnets Possible? / Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-etc-2012-001]
In this invited piece at the ACM Interactions Magazine, we briefly describe our research into the use, impact, and implications of socialbots on Facebook..
Published in Article by Tim Hwang, Ian Pearce, and Max Nanis. Socialbots: voices from the fronts. In ACM Interactions 19, 2 (March 2012). Piece by Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. The Socialbot Network: Are Social Botnets Possible?:
Transfer from CDS 0.99.7: Download fulltextPDF;
3. Summary of the HOT Admin Proposal / Konstantin Beznosov ; Sidney Fels ; Brian Fisher ; Lee Iverson [LERSSE-etc-2006-001]
Published in Konstantin Beznosov, Sidney Fels, Brian Fisher, Lee Iverson, "Summary of the HOT Admin Proposal," December 2005, pp. 2.:
Transfer from CDS 0.99.7: Download fulltextPDF;

Interested in being notified about new results for this query?
Subscribe to the RSS feed.