Publications of the Laboratory for Education and Research in Secure Systems Engineering (LERSSE) 122 records found  1 - 100next  jump to record: Search took 0.00 seconds. 
1. Challenges and Threats of Mass Telecommuting: A Qualitative Study of Workers / Borke Obada-Obieh ; Yue Huang ; Konstantin Beznosov [LERSSE-RefConfPaper-2021-008]
This paper reports the security and privacy challenges and threats that people experience while working from home. [...]
Published in Obada-Obieh, B., Huang, Y., & Beznosov, K. (2021, August). Challenges and Threats of Mass Telecommuting: A Qualitative Study of Workers. In Seventeenth Symposium on Usable Privacy and Security ({SOUPS} 2021) (pp. 675-694).:
Fulltext: Download fulltextPDF;
2. What Makes Security-Related Code Examples Different / Azadeh Mokhberi ; Tiffany Quon ; Konstantin Beznosov [LERSSE-RefConfPaper-2021-007]
Developers relying on code examples (CEs) in software engineering can impact code security. [...]
Published in Azadeh Mokhberi, Tiffany Quon, Konstantin Beznosov. What Makes Security-Related Code Examples Different. In The 7th Workshop on Security Information Workers at SOUPS workshops, 2021.:
Fulltext: Download fulltextPDF;
3. SoK: Human, Organizational, and Technological Dimensions of Developers’ Challenges in Engineering Secure Software / Azadeh Mokhberi ; Konstantin Beznosov [LERSSE-RefConfPaper-2021-006]
Despite all attempts to improve software security, vulnerabilities are still propagated within software. [...]
Published in Azadeh Mokhberi, Konstantin Beznosov. SoK: Human, Organizational, and Technological Dimensions of Developers’ Challenges in Engineering Secure Software. Proceedings of the ACM European Symposium on Usable Security (ACM EuroUSEC'21), 2021:
Fulltext: Download fulltextPDF;
4. Non-Adoption Of Crypto-Assets: Exploring The Role Of Trust, Self-Efficacy, And Risk / Artemij Voskobojnikov ; Svetlana Abramova ; Konstantin Beznosov ; Rainer Böhme [LERSSE-RefConfPaper-2021-005]
Over the last years, crypto-assets have gained significant interest from private investors, academia, and industry. [...]
Published in Voskobojnikov, Artemij; Abramova, Svetlana; Beznosov, Konstantin (Kosta); and Böhme, Rainer, “Non-Adoption of Crypto-Assets: Exploring the Role of Trust, Self-Efficacy, and Risk” (2021). In Proceedings of the 29th European Conference on Information Systems (ECIS), An Online AIS Conference, June 14-16, 2021.:
Fulltext: Download fulltextPDF;
5. Security Notifications in Static Analysis Tools: Developers’ Attitudes, Comprehension, and Ability to Act on Them / Mohammad Tahaei ; Kami Vaniea ; Konstantin Beznosov ; Maria K. Wolters [LERSSE-RefConfPaper-2021-004]
Static analysis tools (SATs) have the potential to assist developers in finding and fixing vulnerabilities in the early stages of software development, requiring them to be able to understand and act on tools’ notifications. [...]
Published in Mohammad Tahaei, Kami Vaniea, Konstantin Beznosov, Maria K. Wolters. Security Notifications in Static Analysis Tools: Developers’ Attitudes, Comprehension, and Ability to Act on Them. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'21), 2021:
Fulltext: Download fulltextPDF;
6. On Smartphone Users’ Difficulty with Understanding Implicit Authentication / Masoud Mehrabi Koushki ; Borke Obada-Obieh ; Jun Ho Huh ; Konstantin Beznosov [LERSSE-RefConfPaper-2021-003]
Implicit authentication (IA) has recently become a popular approach for providing physical security on smartphones. [...]
Published in Masoud Mehrabi Koushki, Borke Obada-Obieh, Jun Ho Huh, Konstantin Beznosov. On Smartphone Users’ Difficulty with Understanding Implicit Authentication. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'21), 2021.:
Fulltext: Download fulltextPDF;
7. The U in Crypto Stands for Usable: An Empirical Study of User Experience with Mobile Cryptocurrency Wallets / Artemij Voskobojnikov ; Oliver Wiese ; Masoud Mehrabi Koushki ; Volker Roth ; et al [LERSSE-RefConfPaper-2021-002]
In a corpus of 45,821 app reviews of the top five mobile cryptocurrency wallets, we identified and qualitatively analyzed 6,859 reviews pertaining to the user experience (UX) with those wallets. [...]
Published in Artemij Voskobojnikov, Oliver Wiese, Masoud Mehrabi Koushki, Volker Roth, Konstantin Beznosov. The U in Crypto Stands for Usable: An Empirical Study of User Experience with Mobile Cryptocurrency Wallets. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'21), 2021.:
Fulltext: Download fulltextPDF;
8. Bits Under the Mattress: Understanding Different Risk Perceptions and Security Behaviors of Crypto-Asset Users / Svetlana Abramova ; Artemij Voskobojnikov ; Konstantin Beznosov ; Rainer Böhme [LERSSE-RefConfPaper-2021-001]
Crypto-assets are unique in tying financial wealth to the secrecy of private keys. [...]
Published in Svetlana Abramova, Artemij Voskobojnikov, Konstantin Beznosov, Rainer Böhme. Bits Under the Mattress: Understanding Different Risk Perceptions and Security Behaviors of Crypto-Asset Users. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'21), 2021.:
Fulltext: Download fulltextPDF;
9. Is Implicit Authentication on Smartphones Really Popular? On Android Users’ Perception of “Smart Lock for Android” / Masoud Mehrabi Koushki ; Borke Obada-Obieh ; Jun Ho Huh ; Konstantin Beznosov [LERSSE-RefConfPaper-2020-005]
Implicit authentication (IA) on smartphones has gained a lot of attention from the research community over the past decade. [...]
Published in Masoud Mehrabi Koushki, Borke Obada-Obieh, Jun Ho Huh, Konstantin Beznosov. Is Implicit Authentication on Smartphones Really Popular? On Android Users’ Perception of “Smart Lock for Android”. In the Proceedings of Twenty-Second International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI 2020), Virtual Conference, 2020.:
Fulltext: Download fulltextPDF;
10. Towards Understanding Privacy and Trust in Online Reporting of Sexual Assault / Borke Obada-Obieh ; Lucrezia Spagnolo ; Konstantin Beznosov [LERSSE-RefConfPaper-2020-004]
According to the United States Department of Justice, every 73 seconds, an American is sexually assaulted. [...]
Published in Borke Obada-Obieh, Lucrezia Spagnolo, and Konstantin Beznosov. "Towards Understanding Privacy and Trust in Online Reporting of Sexual Assault." In Proceedings of the Sixteenth Symposium on Usable Privacy and Security (SOUPS), 2020.:
Fulltext: Download fulltextPDF;
11. Surviving the Cryptojungle: Perception and Management of Risk Among North American Cryptocurrency (Non)Users / Artemij Voskobojnikov ; Borke Obada-Obieh ; Yue Huang ; Konstantin Beznosov [LERSSE-RefConfPaper-2020-003]
With the massive growth of cryptocurrency markets in recent years has come an influx of new users and investors, pushing the overall number of owners into the millions. [...]
Published in Artemij Voskobojnikov, Borke Obada-Obieh, Yue Huang, Konstantin Beznosov. Surviving the Cryptojungle: Perception and Management of Risk Among North American Cryptocurrency (Non)Users. In the Proceedings of Twenty-Fourth International Conference on Financial Cryptography and Data Security (FC'20), Kota Kinabalu, 2020:
Fulltext: Download fulltextPDF;
12. The Burden of Ending Online Account Sharing / Borke Obada-Obieh ; Yue Huang ; Konstantin Beznosov [LERSSE-RefConfPaper-2020-002]
Many people share online accounts, even in situations where high privacy and security are expected. [...]
Published in Borke Obada-Obieh, Yue Huang, Konstantin Beznosov. The Burden of Ending Online Account Sharing. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'20), 2020.:
Fulltext: Download fulltextPDF;
13. Amazon vs. My Brother: How Users of Shared Smart Speakers Perceive and Cope with Privacy Risks / Yue Huang ; Borke Obada-Obieh ; Konstantin Beznosov [LERSSE-RefConfPaper-2020-001]
With the rapid adoption of smart speakers in people’s homes, there is a corresponding increase in users’ privacy and security concerns. [...]
Published in Yue Huang, Borke Obada-Obieh, Konstantin Beznosov. Amazon vs. My Brother: How Users of Shared Smart Speakers Perceive and Cope with Privacy Risks. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'20), 2020, pages 402:1-13.:
Fulltext: Download fulltextPDF;
14. Vulnerability & Blame: Making Sense of Unauthorized Access to Smartphones / Diogo Marques ; Tiago Guerreiro ; Luís Carriço ; Ivan Beschastnikh ; et al [LERSSE-RefConfPaper-2019-002]
Unauthorized physical access to personal devices by people known to the owner of the device is a common concern, and a common occurrence. [...]
Published in In Proceedings of CHI 2019, Glasgow, UK:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
15. Towards Understanding the Link Between Age and Smartphone Authentication / Lina Qiu ; Alexander De Luca ; Ildar Muslukhov ; Konstantin Beznosov [LERSSE-RefConfPaper-2019-001]
While previous work on smartphone (un)locking has revealed real world usage patterns, several aspects still need to be explored. [...]
Published in In Proceedings of CHI 2019, Glasgow, UK:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
16. Forecasting Suspicious Account Activity at Large-Scale Online Service Providers / Hassan Halawa ; Konstantin Beznosov ; Baris Coskun ; Meizhu Liu ; et al [LERSSE-RefConfPaper-2018-003]
In the face of large-scale automated social engineering attacks to large online services, fast detection and remediation of compromised accounts are crucial to limit the spread of the attack and to mitigate the overall damage to users, companies, and the public at large. [...]
Published in In the proceedings of Twenty-Third International Conference on Financial Cryptography and Data Security (FC'19), St. Kitts, 2019:
Fulltext: Final-verson - Download fulltextPDF; FC19-1-CameraReady-a - Download fulltextPDF Download fulltextPDF (PDFA);
17. Source Attribution of Cryptographic API Misuse in Android Applications / Ildar Muslukhov ; Yazan Boshmaf ; Konstantin Beznosov [LERSSE-RefConfPaper-2018-002]
Recent research suggests that 88% of Android applications that use Java cryptographic APIs make at least one mistake, which results in an insecure implementation. [...]
Published in Ildar Muslukhov, Yazan Boshmaf, Konstantin Beznosov. Source Attribution of Cryptographic API Misuse in Android Applications. Proceedings of the 13th ACM ASIA Conference on Information, Computer and Communications Security (ACM ASIACCS '18), 2018.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
18. Contextualizing Privacy Decisions for Better Prediction (and Protection) / Primal Wijesekera ; Joel Reardon ; Irwin Reyes ; Lynn Tsai ; et al [LERSSE-RefConfPaper-2018-001]
Modern mobile operating systems implement an ask-on-first-use policy to regulate applications’ access to private user data: the user is prompted to allow or deny access to a sensitive resource the first time an app attempts to use it. [...]
Published in Primal Wijesekera, Joel Reardon, Irwin Reyes, Lynn Tsai, Jung-Wei Chen, Nathan Good, David Wagner, Konstantin Beznosov, and Serge Egelman. Contextualizing Privacy Decisions for Better Prediction (and Protection). Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’18), 2018.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
19. Android users in the wild: Their authentication and usage behavior / Ahmed Mahfouz ; Ildar Muslukhov ; Konstantin Beznosov [LERSSE-RefJnlPaper-2017-002]
In this paper, we performed a longitudinal field study with 41 participants, who installed our monitoring framework on their Android smartphones and ran it for at least 20 days. [...]
Published in A. Mahfouz, I. Muslukhov, K. Beznosov, “Android users in the wild: Their authentication and usage behavior,” Pervasive and Mobile Computing, v. 32, 2016, 50-61.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
20. Decoupling data-at-rest encryption and smartphone locking with wearable devices / Ildar Muslukhov ; San-Tsai Sun ; Primal Wijesekera ; Yazan Boshmaf ; et al [LERSSE-RefJnlPaper-2017-001]
Smartphones store sensitive and confidential data, e.g., business related documents or emails. [...]
Published in I. Muslukhov, S.-T. Sun, P. Wijesekera, Y. Boshmaf, K. Beznosov, “Decoupling data-at-rest encryption and smartphone locking with wearable devices,” Pervasive and Mobile Computing, v. 32, 2016, 26-34.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
21. The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences / Primal Wijesekera ; Arjun Baokar ; Lynn Tsai ; Joel Reardon ; et al [LERSSE-RefConfPaper-2017-004]
Current smartphone operating systems regulate application permissions by prompting users on an ask-on-first-use basis. [...]
Published in P. Wijesekera, A. Baokar, L.Tsai, J. Reardon, S. Egelman, D. Wagner, K. Beznosov, “The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences,” in IEEE Symposium on Security and Privacy (IEEE S&P), San-Jose, CA, May 2017, 17 pages.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
22. Characterizing Social Insider Attacks on Facebook / Wali Ahmed Usmani ; Diogo Marques ; Ivan Beschastnikh ; Konstantin Beznosov ; et al [LERSSE-RefConfPaper-2017-003]
Facebook accounts are secured against unauthorized access through passwords and device-level security. [...]
Published in W. A. Usmani, D. Marques, I. Beschastnikh, K. Beznosov, T. Guerreiro, L. Carrico, “Characterizing Social Insider Attacks on Facebook,” to appear in Proc. of the ACM Conference on Human Factors in Computing Systems (CHI), 2017, 11 pages.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
23. I’m too Busy to Reset my LinkedIn Password: On the Effectiveness of Password Reset Emails / Jun Ho Huh ; Hyoungshick Kim ; Swathi S.V.P. Rayala ; Rakesh B. Bobba ; et al [LERSSE-RefConfPaper-2017-002]
A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. [...]
Published in J. H. Huh, H. Kim, S. S. V. Rayala, R. B. Bobba, K. Beznosov, “I’m too busy to reset my LinkedIn password: On the effectiveness of password reset emails,” to appear in Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), 2017, 5 pages.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
24. I Don’t Use Apple Pay Because It’s Less Secure ...: Perception of Security and Usability in Mobile Tap-and-Pay / Jun Ho Huh ; Saurabh Verma ; Swathi Sri V Rayala ; Rakesh B. Bobba ; et al [LERSSE-RefConfPaper-2017-001]
This paper reports on why people use, not use, or have stopped using mobile tap-and-pay in stores. [...]
Published in J. H. Huh, S. Verma, S. S. V. Rayala, R. B. Bobba, K. Beznosov, H. Kim, “I Don’t Use Apple Pay Because It’s Less Secure ...: Perception of Security and Usability in Mobile Tap-and-Pay,” to appear in Proceedings of the Workshop on Usable Security (USEC), 2017, 12 pages.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
25. Harvesting the Low-hanging Fruits: Defending Against Automated Large-Scale Cyber-Intrusions by Focusing on the Vulnerable Populations / Hassan Halawa ; Konstantin Beznosov ; Yazan Boshmaf ; Baris Coskun ; et al [LERSSE-RefConfPaper-2016-003]
The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic [...]
Published in In Proceedings of the New Security Paradigms Workshop (NSPW), September 26-29, 2016, Granby, CO, USA.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
26. Snooping on Mobile Phones: Prevalence and Trends / Diogo Marques ; Ildar Muslukhov ; Tiago Guerreiro ; Konstantin Beznosov ; et al [LERSSE-RefConfPaper-2016-002]
Personal mobile devices keep private information which people other than the owner may try to access [...]
Published in Diogo Marques, Ildar Muslukhov, Tiago Guerreiro, Konstantin Beznosov and Luis Carrico. 2016. Snooping on Mobile Phones: Prevalence and Trends, SOUPS'16: Symposium On Usable Privacy and Security. Denver, Colorado, USA:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
27. Sharing Health Information on Facebook: Practices, Preferences, and Risk Perceptions of North American Users / Sadegh Torabi ; Konstantin Beznosov [LERSSE-RefConfPaper-2016-001]
Motivated by the benefits, people have used a variety of webbased services to share health information (HI) online. [...]
Published in Sadegh Torabi and Konstantin Beznosov. 2016. Sharing Health Information on Facebook: Practices, Preferences, and Risk Perceptions of North American Users, SOUPS'16: Symposium On Usable Privacy and Security. Denver, Colorado, USA:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
28. Phishing threat avoidance behaviour: An empirical investigation / Nalin Asanka Gamagedara Arachchilage ; Steve Love ; Konstantin Beznosov [LERSSE-RefJnlPaper-2016-001]
Abstract Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. [...]
Published in Nalin Asanka Gamagedara Arachchilage, Steve Love, Konstantin Beznosov, Phishing threat avoidance behaviour: An empirical investigation, Computers in Human Behavior, Volume 60, July 2016, Pages 185-197, ISSN 0747-5632:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
29. Android Rooting: Methods, Detection, and Evasion / San-Tsai Sun ; Andrea Cuadros ; Konstantin Beznosov [LERSSE-RefConfPaper-2015-007]
Android rooting enables device owners to freely customize their own devices and run useful apps that require root privileges. [...]
Published in San-Tsai Sun, Andrea Cuadros and Konstantin Beznosov. Android Rooting: Methods, Detection, and Evasion. Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, October 2015.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
30. Surpass: System-initiated User-replaceable Passwords / Jun Ho Huh ; Seongyeol Oh ; Hyoungshick Kim ; Konstantin Beznosov [LERSSE-RefConfPaper-2015-006]
System-generated random passwords have maximum pass- word security and are highly resistant to guessing attacks. [...]
Published in Jun Ho Huh, Seongyeol Oh, Hyoungshick Kim and Konstantin Beznosov. Surpass: System-initiated User-replaceable Passwords. In Proceedings of ACM Conference on Computer and Communications Security (CCS'15), October 2015.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
31. Thwarting Fake OSN Accounts by Predicting their Victims / Yazan Boshmaf ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-RefConfPaper-2015-005]
Traditional defense mechanisms for fighting against automated fake accounts in online social networks are victim-agnostic. [...]
Published in Yazan Boshmaf, Matei Ripeanu, Konstantin Beznosov. Thwarting Fake OSN Accounts by Predicting their Victims. In Proceedings of the 2015 Workshop on Artificial Intelligent and Security Workshop (AISec'15), Denver, Colorado, USA, Oct, 2015:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
32. Android Permissions Remystified: A Field Study on Contextual Integrity / Primal Wijesekera ; Arjun Baokar ; Ashkan Hosseini ; Serge Egelman ; et al [LERSSE-RefConfPaper-2015-004]
We instrumented the Android platform to collect data regarding how often and under what circumstances smartphone applications access protected resources regulated by permissions. [...]
Published in Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David Wagner and Konstantin Beznosov. 2015. Android Permissions Remystified: A Field Study on Contextual Integrity. USENIX Security 2015, Washington DC, USA.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
33. On the Memorability of System-generated PINs: Can Chunking Help? / Jun Ho Huh ; Hyoungschick Kim ; Rakesh B. Bobba ; Masooda N. Bashir ; et al [LERSSE-RefConfPaper-2015-003]
To ensure that users do not choose weak personal identification numbers (PINs), many banks give out system-generated random PINs. [...]
Published in Jun Ho Huh, Hyoungschick Kim, Rakesh B. Bobba, Masooda N. Bashir and Konstantin Beznosov. 2015. On the Memorability of System-generated PINs: Can Chunking Help? SOUPS'15: Symposium On Usable Privacy and Security. Ottawa, Ontario, Canada:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
34. A Study on the Influential Neighbors to Maximize Information Diffusion in Online Social Networks / Hyoungshick Kim ; Konstantin Beznosov ; Eiko Yoneki [LERSSE-RefConfPaper-2015-002]
The problem of spreading information is a topic of considerable recent interest, but the traditional influence maximization problem is inadequate for a typical viral marketer who cannot access the entire network topology. [...]
Published in Kim, K. Beznosov, and E. Yoneki, “A Study on the Influential Neighbors to Maximize Information Diffusion in Online Social Networks” in Computational Social Networks, February 2015, v2n3.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
35. On the Impact of Touch ID on iPhone Passcodes / Ivan Cherapau ; Ildar Muslukhov ; Nalin Asanka ; Konstantin Beznosov [LERSSE-RefConfPaper-2015-001]
Smartphones today store large amounts of data that can be confidential, private or sensitive. [...]
Published in LERSSE-RefConfPaper-2015-001:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
36. Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs / Yazan Boshmaf ; Dionysios Logothetis ; Georgos Siganos ; Jorge Leria ; et al [LERSSE-RefConfPaper-2014-004]
Detecting fake accounts in online social networks (OSNs) protects OSN operators and their users from various malicious activities. [...]
Published in Boshmaf et al. "Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs" In proceedings the 2015 Network and Distributed System Security Symposium (NDSS'15), San Diego, USA.:
Fulltext: NDSS_260_Final - Download fulltextPDF Download fulltextPDF (PDFA); boshmaf_ndss_2015 - Download fulltextPDF Download fulltextPDF (PDFA);
37. To authorize or not authorize: helping users review access policies in organizations / Pooya Jaferian ; Hootan Rashtian ; Konstantin Beznosov [LERSSE-RefConfPaper-2014-003]
This work addresses the problem of reviewing complex access policies in an organizational context using two studies [...]
Published in Pooya Jaferian, Hootan Rashtian, and Konstantin Beznosov. 2014. To authorize or not authorize: helping users review access policies in organizations. SOUPS'14: Symposium On Usable Privacy and Security. Menlo Park, CA.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
38. To Befriend Or Not? A Model of Friend Request Acceptance on Facebook / Hootan Rashtian ; Yazan Boshmaf ; Pooya Jaferian ; Konstantin Beznosov [LERSSE-RefConfPaper-2014-002]
Accepting friend requests from strangers in Facebook-like online social networks is known to be a risky behavior. [...]
Published in Rashtian, H., Boshmaf, Y., Jaferian, P., Beznosov, K. (2014, July). To Befriend Or Not? A Model of Friend Request Acceptance on Facebook. In Proceedings of the 10th symposium on Usable Privacy and Security. ACM.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
39. Finding Influential Neighbors to Maximize Information Diffusion in Twitter / Hyoungshick Kim ; Konstantin Beznosov ; Eiko Yoneki [LERSSE-RefConfPaper-2014-001]
The problem of spreading information is a topic of considerable recent interest, but the traditional influence maximization problem is inadequate for a typical viral marketer who cannot access the entire network topology. [...]
Published in Finding Influential Neighbors to Maximize Information Diffusion in Twitter, Hyoungshick Kim, Konstantin Beznosov, and Eiko Yoneki, WWW’14 Companion, April 7–11, 2014, Seoul, Korea.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
40. Privacy Aspects of Health Related Information Sharing in Online Social Networks / Sadegh Torabi ; Konstantin Beznosov [LERSSE-RefConfPaper-2013-003]
Online social networks (OSNs) have formed virtual social networks where people meet and share information. [...]
Published in Sadegh Torabi and Konstantin Beznosov. “Privacy Aspects of Health Related Information Sharing in Online Social Networks,” USENIX Workshop on Health Information Technologies (HealthTech '13), August 2013, Washington, USA.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
41. Heuristics for Evaluating IT Security Management Tools / Pooya Jaferian ; Kirstie Hawkey ; Andreas Sotirakopoulos ; Maria Velez-Rojas ; et al [LERSSE-RefJnlPaper-2013-002]
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. [...]
Published in Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, Maria Velez-Rojas, Konstantin Beznosov, Heuristics for Evaluating IT Security Management Tools, Accepted in Human–Computer Interaction, doi:10.1080/07370024.2013.819198.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
42. Know Your Enemy: The Risk of Unauthorized Access in Smartphones by Insiders / Ildar Muslukhov ; Yazan Boshmaf ; Cynthia Kuo ; Jonathan Lester ; et al [LERSSE-RefConfPaper-2013-002]
Smartphones store large amounts of sensitive data, such as SMS messages, photos, or email. [...]
Published in Ildar Muslukhov, Yazan Boshmaf, Cynthia Kuo, Jonathan Lester and Konstantin Beznosov, Know Your Enemy: The Risk of Unauthorized Access in Smartphones by Insiders. In Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services companion:
Fulltext: paper.rev2 - Download fulltextPDF; paper - Download fulltextPDF Download fulltextPDF (PDFA); ASONAM_2013 - Download fulltextPDF Download fulltextPDF (PDFA);
43. Investigating Users' Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model / San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al [LERSSE-RefJnlPaper-2013-001]
OpenID and OAuth are open and simple web single sign-on (SSO) protocols that have been adopted by major service providers, and millions of supporting websites. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. Investigating users' perspectives of web single sign-on: Conceptual gaps and acceptance model. Accepted for publication in ACM Transactions on Internet Technology (TOIT) on June 4th, 2013.:
Fulltext: Download fulltextPDF Download fulltextPDF (PDFA);
44. Graph-based Sybil Detection in Social and Information Systems / Yazan Boshmaf ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-RefConfPaper-2013-001]
Sybil attacks in social and information systems have serious security implications. [...]
Published in Yazan Boshmaf, Konstantin Beznosov, Matei Ripeanu. Graph-based Sybil Detection in Social and Information Systems. In the Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM'13), Niagara Falls, Canada, August 25-28, 2013.:
Fulltext: Download fulltextPDF;
45. Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection / Serge Egelman ; Andreas Sotirakopoulos ; Ildar Muslukhov ; Konstantin Beznosov ; et al [LERSSE-RefConfPaper-2013-001]
Password meters tell users whether their passwords are "weak" or "strong." We performed a laboratory experiment to examine whether these meters influenced users' password selections when they were forced to change their real passwords, and when they were not told that their passwords were the subject of a study. [...]
Published in Serge Egelman, Andreas Sotirakopoulos, Ildar Muslukhov, Konstantin Beznosov, and Cormac Herley. Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection. In Proceedings of Computer-Human Interaction conference, April 2013.:
Transfer from CDS 0.99.7: Download fulltextPDF;
46. Speculative Authorization / Pranab Kini ; Konstantin Beznosov [LERSSE-RefJnlPaper-2012-003]
We present Speculative Authorization (SPAN), a prediction technique that reduces authorization latency in enterprise systems. [...]
Published in Pranab Kini, Konstantin Beznosov, "Speculative Authorization," IEEE Transactions on Parallel and Distributed Systems, 10 Aug. 2012.:
Transfer from CDS 0.99.7: Download fulltextPDF;
47. The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems / San-Tsai Sun ; Konstantin Beznosov [LERSSE-RefConfPaper-2012-003]
Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. [...]
Published in San-Tsai Sun and Konstantin Beznosov. The devil is in the (implementation) details: An empirical analysis of OAuth SSO systems. In Proceedings of ACM Conference on Computer and Communications Security (CCS'12), October 2012.:
Transfer from CDS 0.99.7: Download fulltextPDF;
48. Design and Analysis of a Social Botnet / Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-RefJnlPaper-2012-002]
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. Design and Analysis of a Social Botnet. Elsevier Journal of Computer Network - Special Issue on Botnets, 2012.:
Transfer from CDS 0.99.7: Download fulltextPDF;
49. Key Challenges in Defending Against Malicious Socialbots / Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-RefConfPaper-2012-002]
The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. Key challenges in defending against malicious socialbots. In Proceedings of the 5th USENIX workshop on Large-scale exploits and emergent threats, LEET'12, Berkeley, CA, USA. USENIX Association.:
Transfer from CDS 0.99.7: Download fulltextPDF;
50. Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures / San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefJnlPaper-2012-001]
OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures. Computers & Security, Accepted 7 February 2012.:
Transfer from CDS 0.99.7: Download fulltextPDF;
51. Understanding Users’ Requirements for Data Protection in Smartphones / Ildar Muslukhov ; Yazan Boshmaf ; Cynthia Kuo ; Jonathan Lester ; et al [LERSSE-RefConfPaper-2012-001]
Securing smartphones’ data is a new and growing concern, especially when this data represents valuable or sensitive information. [...]
Published in Ildar Muslukhov, Yazan Boshmaf, Cynthia Kuo, Jonathan Lester, and Konstantin Beznosov. Understanding users' requirements for data protection in smartphones. In Workshop on Secure Data Management on Smartphones and Mobiles, 2012.:
Transfer from CDS 0.99.7: Download fulltextPDF;
52. The Socialbot Network: When Bots Socialize for Fame and Money / Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu [258] [LERSSE-RefConfPaper-2011-008]
Online Social Networks (OSNs) have become an integral part of today's Web. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu. The socialbot network: when bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11), December 2011. For the technical report, please refer to http://lersse-dl.ece.ubc.ca/record/272:
Transfer from CDS 0.99.7: Download fulltextPDF;
53. Analysis of ANSI RBAC Support in EJB / Wesam Darwish ; Konstantin Beznosov [LERSSE-RefJnlPaper-2011-001]
This paper analyzes access control mechanisms of the Enterprise Java Beans (EJB) architecture and defines a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB 3.0 standard. [...]
Published in Wesam Darwish and Konstantin Beznosov. Analysis of ANSI RBAC support in EJB. International Journal of Secure Software Engineering, 2(2):25-52, April-June 2011.:
Transfer from CDS 0.99.7: Download fulltextPDF;
54. A Brick Wall, a Locked Door, and a Bandit: A Physical Security Metaphor For Firewall Warnings / Fahimeh Raja ; Kirstie Hawkey ; Steven Hsu ; Kai-Le Clement Wang ; et al [LERSSE-RefConfPaper-2011-007]
We used an iterative process to design firewall warnings in which the functionality of a personal firewall is visualized based on a physical security metaphor. [...]
Published in Fahimeh Raja, Kirstie Hawkey, Steven Hsu, Kai-Le Clement Wang, and Konstantin Beznosov. A Brick Wall, a Locked Door, and a Bandit: A Physical Security Metaphor For Firewall Warnings. In SOUPS '11: Proceedings of the 7th symposium on Usable privacy and security, 20 pages.:
Transfer from CDS 0.99.7: Download fulltextPDF;
55. Heuristics for Evaluating IT Security Management Tools / Pooya Jaferian ; Kirstie Hawkey ; Andreas Sotirakopoulos ; Maria Velez-Rojas ; et al [LERSSE-RefConfPaper-2011-006]
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. [...]
Published in Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, Maria Velez-Rojas, Konstantin Beznosov, Heuristics for Evaluating IT Security Management Tools, in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), Carnegie Mellon University, Pittsburgh, PA, USA, July 20-22, 2011. :
Transfer from CDS 0.99.7: Download fulltextPDF;
56. On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings / Andreas Sotirakopoulos ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2011-005]
We replicated and extended a 2008 study conducted at CMU that investigated the e effectiveness of SSL warnings. [...]
Published in Andreas Sotirakopoulos, Kirstie Hawkey, and Konstantin Beznosov. On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings. In Proceedings of Symposium on Usable Privacy and Security, July 2011:
Transfer from CDS 0.99.7: Download fulltextPDF;
57. What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID / San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al [LERSSE-RefConfPaper-2011-004]
OpenID is an open and promising Web single sign-on (SSO) solution. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. What makes users refuse web single sign-on? an empirical investigation of OpenID. In Proceedings of Symposium on Usable Privacy and Security, July 2011.:
Transfer from CDS 0.99.7: Download fulltextPDF;
58. The Socialbot Network: When Bots Socialize for Fame and Money / Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu [258] [LERSSE-RefConfPaper-2011-008]
Online Social Networks (OSNs) have become an integral part of today's Web. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu. The socialbot network: when bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11), December 2011:
Transfer from CDS 0.99.7: Download fulltextPDF;
59. Improving Malicious URL Re-Evaluation Scheduling Through an Empirical Study of Malware Download Centers / Kyle Zeeuwen ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-RefConfPaper-2011-003]
The retrieval and analysis of malicious content is an essential task for security researchers. [...]
Published in K. Zeeuwen, M. Ripeanu, K. Beznosov, “Improving Malicious URL Re-Evaluation Scheduling Through an Empirical Study of Malware Download Centers”. WebQuality Workshop 2011, March 28, 2011.:
Transfer from CDS 0.99.7: Download fulltextPDF;
60. Heuristics for Evaluating IT Security Management Tools / Pooya Jaferian ; Kirstie Hawkey ; Andreas Sotirakopoulos ; Konstantin Beznosov [LERSSE-RefConfPaper-2011-002]
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive [...]
Published in Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, and Konstantin Beznosov, Heuristics for Evaluating IT Security Management Tools, In Proceedings of the 29th international conference extended abstracts on Human factors in computing systems (CHI '11), Vancouver, Canada, 2011. :
Transfer from CDS 0.99.7: Download fulltextPDF;
61. OpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On / San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al [LERSSE-RefConfPaper-2011-001]
OpenID is an open and promising Web single sign-on solution; however, the interaction flows provided by OpenID are inconsistent and counter-intuitive, and vulnerable to phishing attacks. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, Konstantin Beznosov. OpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On. In Proceedings of the 29th International Conference Extended abstracts on Human Factors in Computing Systems (CHI '11), Vancouver, Canada, 2011.:
Transfer from CDS 0.99.7: Download fulltextPDF;
62. Toward Understanding Distributed Cognition in IT Security Management: The Role of Cues and Norms / David Botta ; Kasia Muldner ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefJnlPaper-2010-002]
Information technology security management (ITSM) entails significant challenges, including the distribution of tasks and stakeholders across the organization, the need for security practitioners to cooperate with others, and technological complexity. [...]
Published in 1. D. Botta, K. Muldner, K. Hawkey, and K. Beznosov, “Toward Understanding Distributed Cognition in IT Security Management: The Role of Cues and Norms,” accepted for publication to the International Journal of Cognition, Technology and Work on 16 / Aug / 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
63. It's Too Complicated, So I Turned It Off! Expectations, Perceptions, and Misconceptions of Personal Firewalls / Fahimeh Raja ; Kirstie Hawkey ; Pooya Jaferian ; Konstantin Beznosov ; et al [LERSSE-RefConfPaper-2010-008]
Even though personal firewalls are an important aspect of security for the users of personal computers, little attention has been given to their usability. [...]
Published in Fahimeh Raja, Kirstie Hawkey, Pooya Jaferian, Konstantin Beznosov, and Kellogg S. Booth. It's Too Complicated, So I Turned It Off! Expectations, Perceptions, and Misconceptions of Personal Firewalls. In Proceedings of the Third ACM Workshop on Assurable & Usable Security Configuration (SafeConfig), October 4, 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
64. OpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On Triangle / San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2010-007]
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. OpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On Triangle. In Proceedings of the Sixth ACM Workshop on Digital Identity Management (DIM), October 8 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
65. A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On / San-Tsai Sun ; Yazan Boshmaf ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2010-006]
OpenID and InfoCard are two mainstream Web single sign-on (SSO) solutions intended for Internet-scale adoption. [...]
Published in San-Tsai Sun, Yazan Boshmaf, Kirstie Hawkey, and Konstantin Beznosov. A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On. In Proceedings of the New Security Paradigms Workshop (NSPW), September 20-22, 2010. :
Transfer from CDS 0.99.7: Download fulltextPDF;
66. Challenges in evaluating complex IT security management systems / Pooya Jaferian ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2010-005]
Performing ecologically valid user studies for IT security management (ITSM) systems is challenging. [...]
Published in P. Jaferian, K. Hawkey, and K. Beznosov. Challenges in evaluating complex IT security management systems. In SOUPS Usable Security Experiment Reports (USER) Workshop, 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
67. The Challenges of Understanding Users’ Security-related Knowledge, Behaviour, and Motivations / Sara Motiee ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2010-004]
In order to improve current security solutions or devise novel ones, it is important to understand users' knowledge, behaviour, motivations and challenges in using a security solution. [...]
Published in S. Motiee, K. Hawkey, and K. Beznosov. The Challenges of Understanding Users’ Security-related Knowledge, Behaviour, and Motivations. In SOUPS Usable Security Experiment Reports (USER) Workshop, 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
68. "I did it because I trusted you": Challenges with the Study Environment Biasing Participant Behaviours / Andreas Sotirakopoulos ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2010-003]
We recently replicated and extended a 2009 study that investigated the effectiveness of SSL warnings. [...]
Published in A. Sotirakopoulos, K. Hawkey, and K. Beznosov. "I did it because I trusted you": Challenges with the study environment biasing participant behaviours. In SOUPS Usable Security Experiment Reports (USER) Workshop, 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
69. Do Windows Users Follow the Principle of Least Privilege? Investigating User Account Control Practices / Sara Motiee ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2010-002]
The principle of least privilege requires that users and their programs be granted the most restrictive set of privileges possible to perform required tasks in order to limit the damages caused by security incidents. [...]
Published in Motiee, S., Hawkey, K., and Beznosov, K. 2010. Do windows users follow the principle of least privilege?: investigating user account control practices. In Proceedings of the Sixth Symposium on Usable Privacy and Security (Redmond, Washington, July 14 - 16, 2010). SOUPS '10, vol. 485. ACM, New York, NY, 1-13.:
Transfer from CDS 0.99.7: Download fulltextPDF;
70. Analysis of ANSI RBAC Support in COM+ / Wesam Darwish ; Konstantin Beznosov [LERSSE-RefJnlPaper-2010-001]
We analyze access control mechanisms of the COM+ architecture and define a configuration of the COM+ protection system in more precise and less ambiguous language than the COM+ documentation. [...]
Published in Darwish, W. and Beznosov, K. Analysis of ANSI RBAC Support in COM+. Comput. Stand. Interfaces 32, 4 (Jan. 2010), 197-214. :
Transfer from CDS 0.99.7: Download fulltextPDF;
71. SIMD-Scan: Ultra Fast in-Memory Table Scan Using on-Chip Vector Processing Units / Thomas Willhalm ; Nicolae Popovici ; Yazan Boshmaf ; Hasso Plattner ; et al [LERSSE-RefConfPaper-2010-001]
The availability of huge system memory, even on standard servers, generated a lot of interest in main memory database engines. [...]
Published in Willhalm, T., Popovici, N., Boshmaf, Y., Plattner, H., Zeier, A., and Schaffner, J. 2009. SIMD-scan: ultra fast in-memory table scan using on-chip vector processing units. Proc. VLDB Endow. 2, 1 (Aug. 2009), 385-394. :
Transfer from CDS 0.99.7: Download fulltextPDF;
72. Authorization Recycling in Hierarchical RBAC Systems / Qiang Wei ; Jason Crampton ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-RefJnlPaper-2009-014]
As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. [...]
Published in Q. Wei, J. Crampton, K. Beznosov, M. Ripeanu, “Authorization Recycling in Hierarchical RBAC Systems,” to appear in ACM Transactions on Information and System Security (TISSEC), 32 pages, preprint.:
Transfer from CDS 0.99.7: Download fulltextPDF;
73. Preparation, detection, and analysis: the diagnostic work of IT security incident response / Rodrigo Werlinger ; Kasia Muldner ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefJnlPaper-2009-013]
Purpose — The purpose of this study is to examine security incident response practices of IT security practitioners as a diagnostic work process, including the preparation phase, detection, and analysis of anomalies. [...]
Published in Rodrigo Werlinger, Kasia Muldner, Kirstie Hawkey, and Konstantin Beznosov. Preparation, detection, and analysis: the diagnostic work of IT security incident response. Journal of Information Management & Computer Security, 18(1):26-42, January 2010. :
Transfer from CDS 0.99.7: Download fulltextPDF;
74. A Case Study of Enterprise Identity Management System Adoption in an Insurance Organization / Pooya Jaferian ; David Botta ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-039]
This case study describes the adoption of an enterprise identity management(IdM) system in an insurance organization [...]
Published in Jaferian, P., Botta, D., Hawkey, K., and Beznosov, K. 2009. A Case Study of Enterprise Identity Management System Adoption in an Insurance Organization. In Proceedings of the 3rd ACM Symposium on Computer Human interaction For Management of information Technology (Baltimore, Maryland, November 7 - 8, 2009). CHiMiT '09. ACM, New York, NY.:
Transfer from CDS 0.99.7: Download fulltextPDF;
75. Secure Web 2.0 Content Sharing Beyond Walled Gardens / San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-038]
Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Secure Web 2.0 content sharing beyond walled gardens. In Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC), pages 409-418, December 2009:
Transfer from CDS 0.99.7: Download fulltextPDF;
76. Towards Understanding Diagnostic Work During the Detection and Investigation of Security Incidents / Rodrigo Werlinger ; Kasia Muldner ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-037]
This study investigates how security practitioners perform diagnostic work during the identification of security incidents. [...]
Published in Werlinger, R., Muldner, K., Hawkey, K., and Beznosov, K. (2009). Towards Understanding Diagnostic Work during the Detection and Investigation of Security Incidents. Proc. of Int. Symposium on Human Aspects of Information Security & Assurance (HAISA 2009), Athens, Greece, June 25-26, 2009, 119-132.:
Transfer from CDS 0.99.7: Download fulltextPDF;
77. Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks / San-Tsai Sun ; Konstantin Beznosov [LERSSE-RefJnlPaper-2009-012]
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs) without the involvement of application developers. [...]
Published in Sun-Tsai Sun and Konstantin Beznosov. Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks. In International Journal of Secure Software Engineering, pages 20-40, 1(1), January 2010.:
Transfer from CDS 0.99.7: Download fulltextPDF;
78. Towards Enabling Web 2.0 Content Sharing Beyond Walled Gardens / San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-036]
Web 2.0 users have many choices of content-hosting or application-service providers (CSPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Towards enabling Web 2.0 content sharing beyond walled gardens. In Proceedings of the Workshop on Security and Privacy in Online Social Networking, pages 979-984, August 29th 2009.:
Transfer from CDS 0.99.7: Download fulltextPDF;
79. Open Problems in Web 2.0 User Content Sharing / San-Tsai Sun ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-035]
Users need useful mechanisms for sharing their Web 2.0 content with each other in a controlled manner across boundaries of content-hosting and service providers (CSPs). [...]
Published in San-Tsai Sun and Konstantin Beznosov. Open problems in Web 2.0 user content sharing. In Proceedings of the iNetSec Workshop, pages 37-51, Zurich, Switzerland, April 23th 2009.:
Transfer from CDS 0.99.7: Download fulltextPDF;
80. Revealing Hidden Context: Improving Mental Models of Personal Firewall Users / Fahimeh Raja ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-034]
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details [...]
Published in Fahimeh Raja, Kirstie Hawkey, and Konstantin Beznosov. Revealing hidden context: Improving mental models of personal firewall users. In SOUPS '09: Proceedings of the 5th symposium on Usable privacy and security, New York, NY, USA, 2009. ACM, pp 1-12. :
Transfer from CDS 0.99.7: Download fulltextPDF;
81. Identification of sources of failures and their propagation in critical infrastructures from 12 years of public failure reports / Hafiz Abdur Rahman ; Konstantin Beznosov ; José R. Martí [LERSSE-RefJnlPaper-2009-010]
Understanding the origin of infrastructure failures and their propagation patterns in critical infrastructures can provide important information for secure and reliable infrastructure design. [...]
Published in Hafiz Abdur Rahman, Konstantin Beznosov and José R. Martí, "Identification of sources of failures and their propagation in critical infrastructures from 12 years of public failure reports ", International Journal of Critical Infrastructures 2009 - Vol. 5, No.3 pp. 220 - 244:
Transfer from CDS 0.99.7: Download fulltextPDF;
82. Application-Based TCP Hijacking / Oliver Zheng ; Jason Poon ; Konstantin Beznosov [LERSSE-RefConfPaper-2009-033]
We present application-based TCP hijacking (ABTH), a new attack on TCP applications that exploits flaws due to the interplay between TCP and application protocols to inject data into an application session without either server or client applications noticing the spoofing attack. [...]
Published in Oliver Zheng, Jason Poon, Konstantin Beznosov, "Application-Based TCP Hijacking," in Proceedings of the 2009 European Workshop on System Security, Nuremberg, Germany, ACM, 31 March 2009, pp. 9-15.:
Transfer from CDS 0.99.7: Download fulltextPDF;
83. An integrated view of human, organizational, and technological challenges of IT security management / Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefJnlPaper-2009-009]
Abstract Purpose – The purpose of this study is to determine the main challenges that IT security practitioners face in their organizations, including the interplay among human, organizational, and technological factors [...]
Published in Rodrigo Werlinger, Kirstie Hawkey and Konstantin Beznosov, "An integrated view of human, organizational, and technological challenges of IT security management", Information Management & Computer Security, vol. 17, n. 1, 2009, pp.4-19.:
Transfer from CDS 0.99.7: Download fulltextPDF;
84. Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders within Organizations / Rodrigo Werlinger ; Kirstie Hawkey ; David Botta ; Konstantin Beznosov [LERSSE-RefJnlPaper-2009-007]
This study investigates the context of interactions of IT security practitioners, based on a qualitative analysis of 30 interviews and participatory observation. [...]
Published in Rodrigo Werlinger, Kirstie Hawkey, David Botta, Konstantin Beznosov, "Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders within Organizations", International Journal of Human-Computer Studies, 67(7):584–606, March 2009. :
Transfer from CDS 0.99.7: Download fulltextPDF;
85. Mobile Applications for Public Sector: Balancing Usability and Security / Yurij Natchetoi ; Konstantin Beznosov ; Viktor Kaufman [LERSSE-RefConfPaper-2009-032]
Development of mobile software applications for use in specific domains such as Public Security must conform to stringent security requirements [...]
Published in Yurij Natchetoi, Konstantin Beznosov, Viktor Kaufman, “Mobile Applications for Public Sector: Balancing Usability and Security” in the Collaboration and the Knowledge Economy: Issues, Applications, Case Studies, Paul Cunningham and Miriam Cunningham (Eds), IOS Press, 2008 Amsterdam, ISBN 978–1–58603–924-0, Stockholm, Sweden, 22 - 24 October 2008, article #117, 6 pages.:
Transfer from CDS 0.99.7: Download fulltextPDF;
86. Authorization Using the Publish-Subscribe Model / Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-RefConfPaper-2008-031]
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov. Authorization using the publishsubscribe model. In Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA), pages 53-62, Sydney, Australia, December 10-12 2008. IEEE Computer Society.:
Transfer from CDS 0.99.7: Download fulltextPDF;
87. On the Imbalance of the Security Problem Space and its Expected Consequences / Konstantin Beznosov ; Olga Beznosova [LERSSE-RefJnlPaper-2008-006]
Purpose – This paper aims to report on the results of an analysis of the computer security problem space, to suggest the areas with highest potential for making progress in the attacker-defender game, and to propose questions for future research. [...]
Published in Konstantin Beznosov and Olga Beznosova, "On the Imbalance of the Security Problem Space and its Expected Consequences," Journal of Information Management & Computer Security, Emerald, vol. 15 n.5, September 2007, pp.420-431.:
Transfer from CDS 0.99.7: Download fulltextPDF;
88. Guidelines for Designing IT Security Management Tools / Pooya Jaferian ; David Botta ; Fahimeh Raja ; Kirstie Hawkey ; et al [LERSSE-RefConfPaper-2008-030]
An important factor that impacts the effectiveness of security systems within an organization is the usability of security management tools. [...]
Published in Pooya Jaferian, David Botta, Fahimeh Raja, Kirstie Hawkey, Konstantin Beznosov, "Guidelines for Designing IT Security Management Tools," In CHIMIT '08: Proceedings of the 2008 symposium on Computer Human Interaction for the Management of Information Technology, San Diego, CA, USA, 7:1-7:10, ACM.:
Transfer from CDS 0.99.7: Download fulltextPDF;
89. Cooperative Secondary Authorization Recycling / Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-RefJnlPaper-2008-005]
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are facing challenges of fragility and poor scalability. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," IEEE Transactions on Parallel and Distributed Systems, vol. 20 n.2, February 2009, pp.275-288.:
Transfer from CDS 0.99.7: Download fulltextPDF;
90. Searching for the Right Fit: Balancing IT Security Management Model Trade-Offs / Kirstie Hawkey ; Kasia Muldner ; Konstantin Beznosov [LERSSE-RefJnlPaper-2008-004]
IT security professionals’ effectiveness in an organization is influenced not only by how usable their security management tools are but also by how well the organization’s security management model (SMM) fits. [...]
Published in Kirstie Hawkey, Kasia Muldner and Konstantin Beznosov, "Searching for the Right Fit Balancing IT Security Management Model Trade-Offs", Special Issue on Useful Computer Security, IEEE Internet Computing Magazine, 12(3), 2008, p. 22-30.:
Transfer from CDS 0.99.7: Download fulltextPDF;
91. The Challenges of Using an Intrusion Detection System: Is It Worth the Effort? / Rodrigo Werlinger ; Kirstie Hawkey ; Kasia Muldner ; Pooya Jaferian ; et al [LERSSE-RefConfPaper-2008-029]
An intrusion detection system (IDS) can be a key component of security incident response within organizations. [...]
Published in R. Werlinger, K. Hawkey, K. Muldner, P. Jaferian, and K. Beznosov. The challenges of using an intrusion detection system: Is it worth the effort? In Proc. of ACM Symposium on Usable Privacy and Security (SOUPS) , pp 107 - 116 , 2008:
Transfer from CDS 0.99.7: Download fulltextPDF;
92. Human, Organizational and Technological Challenges of Implementing IT Security in Organizations / Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2008-028]
Our qualitative research provides a comprehensive list of challenges to the practice of IT security within organizations, including the interplay between human, organizational, and technical factors. [...]
Published in R. Werlinger, K. Hawkey, and K. Beznosov. Human, Organizational and Technological Challenges of Implementing IT Security in Organizations. In Proc of. HAISA '08: Human Aspects of Information Security and Assurance, 10 pages), July 2008, pp 35-48.:
Transfer from CDS 0.99.7: Download fulltextPDF;
93. Identifying Differences Between Security and Other IT Professionals: a Qualitative Analysis. / Andre Gagne ; Kasia Muldner ; Konstantin Beznosov [LERSSE-RefConfPaper-2008-027]
We report factors differentiating security and other IT responsibilities. [...]
Published in Andre Gagne, Kasia Muldner, and Konstantin Beznosov. Identifying Differences between Security and other IT Professionals: a Qualitative Analysis. In proceedings of Human Aspects of Information Security and Assurance (HAISA), Plymouth, England, July 2008, pp 69-80.:
Transfer from CDS 0.99.7: Download fulltextPDF;
94. Authorization Recycling in RBAC Systems / Qiang Wei ; Jason Crampton ; Konstantin Beznosov ; Matei Ripeanu [LERSSE-RefConfPaper-2008-026]
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. [...]
Published in Qiang Wei, Jason Crampton, Konstantin Beznosov, and Matei Ripeanu. Authorization recycling in RBAC systems. In SACMAT '08: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, Estes Park, Colorado, USA, June 11-13 2008, pp. 63-72. :
Transfer from CDS 0.99.7: Download fulltextPDF;
95. Security Practitioners in Context: Their Activities and Interactions / Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov [LERSSE-RefConfPaper-2008-025]
This study develops the context of interactions of IT security practitioners [...]
Published in Rodrigo Werlinger, Kirstie Hawkey, and Konstantin Beznosov. Security practitioners in context: their activities and interactions. In CHI ’08 extended abstracts on Human factors in computing systems, pages 3789–3794, Florence, Italy, 2008. :
Transfer from CDS 0.99.7: Download fulltextPDF;
96. Human, Organizational, and Technological Factors of IT Security / Kirstie Hawkey ; David Botta ; Kasia Muldner ; Rodrigo Werlinger ; et al [LERSSE-RefConfPaper-2008-024]
This paper describes the HOT Admin research project, which is investigating the human, organizational, and technological factors of IT security from the perspective of security practitioners. [...]
Published in Hawkey, K., Botta, D., Muldner, K., Werlinger, R., Gagne, A., Beznosov, K., "Human, Organizational, and Technological Factors of IT Security" In CHI’08 extended abstract on Human factors in computing systems, pages 3639–3644, Florence, Italy, 2008.:
Transfer from CDS 0.99.7: Download fulltextPDF;
97. Detecting, Analyzing and Responding to Security Incidents: A Qualitative Analysis / Rodrigo Werlinger ; David Botta [LERSSE-RefConfPaper-2007-024]
This study develops categories of responses to security incidents, based on a grounded theory analysis of interviews with security practitioners, with a focus on the tasks performed during security incidents, and the necessary resources to perform these tasks. [...]
Published in Rodrigo Werlinger, David Botta, "Detecting, Analyzing and Responding to Security Incidents: A Qualitative Analysis," in Workshop on Usable IT Security Management (USM'07), July 18, 2007, Pittsburgh, PA, USA.:
Transfer from CDS 0.99.7: Download fulltextPDF;
98. Towards Understanding IT Security Professionals and Their Tools / David Botta ; Rodrigo Werlinger ; André Gagné ; Konstantin Beznosov ; et al [LERSSE-RefConfPaper-2007-023]
We report preliminary results of our ongoing field study of IT professionals who are involved in security management. [...]
Published in David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Lee Iverson, Sidney Fels, Brian Fisher, "Towards Understanding IT Security Professionals and Their Tools" in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), Carnegie Mellon University, Pittsburgh, PA, USA, July 18-20, 2007, pp.100-111.:
Transfer from CDS 0.99.7: Download fulltextPDF;
99. Cooperative Secondary Authorization Recycling / Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov [LERSSE-RefConfPaper-2007-022]
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are facing challenges in terms of fragility and poor scalability. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," in Proceedings of the 16th Symposium on High Performance Distributed Computing (HPDC'07), June 25–29, 2007, Monterey, California, USA. pp.65-74:
Transfer from CDS 0.99.7: Download fulltextPDF;
100. On the Imbalance of the Security Problem Space and its Expected Consequences / Konstantin Beznosov ; Olga Beznosova [LERSSE-RefConfPaper-2007-021]
This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon [...]
Published in Konstantin Beznosov, Olga Beznosova "On the Imbalance of the Security Problem Space and its Expected Consequences," To appear in Symposium on Human Aspects of Information Security & Assurance (HAISA), Plymouth, UK, 10 July, 2007, pp.10. :
Transfer from CDS 0.99.7: Download fulltextPDF;

Publications of the Laboratory for Education and Research in Secure Systems Engineering (LERSSE) : 122 records found   1 - 100next  jump to record:
Interested in being notified about new results for this query?
Set up a personal email alert or subscribe to the RSS feed.