1.
|
Users’ Expectations, Experiences, and Concerns With COVID Alert, an Exposure-Notification App
/ Yue Huang ; Borke Obada-Obieh ; Satya Lokam ; Konstantin Beznosov
[LERSSE-RefConfPaper-2022-005]
We conducted semi-structured interviews with 20 users of Canada’s exposure-notification app, COVID Alert. [...]
Published in Yue Huang, Borke Obada-Obieh, Satya Lokam, and Konstantin Beznosov. 2022. Users’ Expectations, Experiences, and Concerns With COVID Alert, an Exposure-Notification App. Proceeding of ACM Human-Computer Interact. 6, CSCW2, https://doi.org/10.1145/3555770:
Fulltext: PDF;
|
2.
|
Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User Access-Control Solutions on Smartphones
/ Masoud Mehrabi Koushki ; Yue Huang ; Julia Rubin ; Konstantin Beznosov
[LERSSE-RefConfPaper-2022-004]
The incumbent all-or-nothing model of access control on smartphones has been known to dissatisfy users, due to high overhead (both cognitive and physical) and lack of device-sharing support. [...]
Published in Masoud Mehrabi Koushki, Yue Huang, Julia Rubin, and Konstantin Beznosov. Neither Access nor Control: A Longitudinal Investigation of The Efficacy of User Access Control Solutions on Smartphones. In Proceedings of the 31st USENIX Security Symposium, 2022.:
Fulltext: PDF;
|
3.
|
Users' Perceptions of Chrome's Compromised Credential Notification
/ Yue Huang ; Borke Obada-Obieh ; Konstantin Beznosov
[LERSSE-RefConfPaper-2022-003]
This paper reports the challenges that users experienced and their concerns regarding the Chrome compromised credentials notification. [...]
Published in Yue Huang, Borke Obada-Obieh, and Konstantin Beznosov, Users' Perceptions of Chrome’s Compromised Credential Notification, In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022):
Fulltext: PDF;
|
4.
|
SoK: The Dual Nature of Technology in Sexual Abuse
/ Borke Obada-Obieh, ; Yue Huang, ; Lucrezia Spagnolo, ; Konstantin Beznosov
[LERSSE-RefConfPaper-2022-002]
This paper systematizes and contextualizes the ex- isting body of knowledge on technology’s dual nature regarding sexual abuse: facilitator of it and assistant to its prevention, reporting, and restriction. [...]
Published in Borke Obada-Obieh,Yue Huang, Lucrezia Spagnolo, & Konstantin Beznosov. (2022, May). SoK: The Dual Nature of Technology in Sexual Assault. In Proceedings of the Forty-Third Symposium of the Institute of Electrical and Electronics Engineers, Security and Privacy (IEEE S&P 2022):
Fulltext: PDF;
|
5.
|
COVID-19 Information-Tracking Solutions: A Qualitative Investigation of the Factors Influencing People’s Adoption Intention
/ Yue Huang ; Borke Obada-Obieh ; Elissa M. Redmiles ; Satya Lokam ; et al
[LERSSE-RefConfPaper-2022-001]
Numerous information-tracking solutions have been implemented worldwide to fight the COVID-19 pandemic. [...]
Published in Yue Huang, Borke Obada-Obieh, Elissa M. Redmiles, Satya Lokam, and Konstantin Beznosov. 2022. COVID 19 Information-Tracking Solutions: A Qualitative Investigation of the Factors Influencing People’s Adoption Intention. In Proceedings of the 2022 ACM SIGIR Conference on Human Information Interaction and Retrieval (CHIIR ’22), March 14–18, 2022, Regensburg, Germany. ACM, New York, NY, USA, 23 pages. https://doi.org/10.1145/3498366.3505756:
Fulltext: PDF;
|
6.
|
Challenges and Threats of Mass Telecommuting: A Qualitative Study of Workers
/ Borke Obada-Obieh ; Yue Huang ; Konstantin Beznosov
[LERSSE-RefConfPaper-2021-008]
This paper reports the security and privacy challenges and threats that people experience while working from home. [...]
Published in Obada-Obieh, B., Huang, Y., & Beznosov, K. (2021, August). Challenges and Threats of Mass Telecommuting: A Qualitative Study of Workers. In Seventeenth Symposium on Usable Privacy and Security ({SOUPS} 2021) (pp. 675-694).:
Fulltext: PDF;
|
7.
|
What Makes Security-Related Code Examples Different
/ Azadeh Mokhberi ; Tiffany Quon ; Konstantin Beznosov
[LERSSE-RefConfPaper-2021-007]
Developers relying on code examples (CEs) in software engineering can impact code security. [...]
Published in Azadeh Mokhberi, Tiffany Quon, Konstantin Beznosov. What Makes Security-Related Code Examples Different. In The 7th Workshop on Security Information Workers at SOUPS workshops, 2021.:
Fulltext: PDF;
|
8.
|
SoK: Human, Organizational, and Technological Dimensions of Developers’ Challenges in Engineering Secure Software
/ Azadeh Mokhberi ; Konstantin Beznosov
[LERSSE-RefConfPaper-2021-006]
Despite all attempts to improve software security, vulnerabilities are still propagated within software. [...]
Published in Azadeh Mokhberi, Konstantin Beznosov. SoK: Human, Organizational, and Technological Dimensions of Developers’ Challenges in Engineering Secure Software. Proceedings of the ACM European Symposium on Usable Security (ACM EuroUSEC'21), 2021:
Fulltext: PDF;
|
9.
|
Non-Adoption Of Crypto-Assets: Exploring The Role Of Trust, Self-Efficacy, And Risk
/ Artemij Voskobojnikov ; Svetlana Abramova ; Konstantin Beznosov ; Rainer Böhme
[LERSSE-RefConfPaper-2021-005]
Over the last years, crypto-assets have gained significant interest from private investors, academia, and industry. [...]
Published in Voskobojnikov, Artemij; Abramova, Svetlana; Beznosov, Konstantin (Kosta); and Böhme, Rainer, “Non-Adoption of Crypto-Assets: Exploring the Role of Trust, Self-Efficacy, and Risk” (2021). In Proceedings of the 29th European Conference on Information Systems (ECIS), An Online AIS Conference, June 14-16, 2021.:
Fulltext: PDF;
|
10.
|
Security Notifications in Static Analysis Tools: Developers’ Attitudes, Comprehension, and Ability to Act on Them
/ Mohammad Tahaei ; Kami Vaniea ; Konstantin Beznosov ; Maria K. Wolters
[LERSSE-RefConfPaper-2021-004]
Static analysis tools (SATs) have the potential to assist developers in finding and fixing vulnerabilities in the early stages of software development, requiring them to be able to understand and act on tools’ notifications. [...]
Published in Mohammad Tahaei, Kami Vaniea, Konstantin Beznosov, Maria K. Wolters. Security Notifications in Static Analysis Tools: Developers’ Attitudes, Comprehension, and Ability to Act on Them. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'21), 2021:
Fulltext: PDF;
|
11.
|
On Smartphone Users’ Difficulty with Understanding Implicit Authentication
/ Masoud Mehrabi Koushki ; Borke Obada-Obieh ; Jun Ho Huh ; Konstantin Beznosov
[LERSSE-RefConfPaper-2021-003]
Implicit authentication (IA) has recently become a popular approach for providing physical security on smartphones. [...]
Published in Masoud Mehrabi Koushki, Borke Obada-Obieh, Jun Ho Huh, Konstantin Beznosov. On Smartphone Users’ Difficulty with Understanding Implicit Authentication. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'21), 2021.:
Fulltext: PDF;
|
12.
|
The U in Crypto Stands for Usable: An Empirical Study of User Experience with Mobile Cryptocurrency Wallets
/ Artemij Voskobojnikov ; Oliver Wiese ; Masoud Mehrabi Koushki ; Volker Roth ; et al
[LERSSE-RefConfPaper-2021-002]
In a corpus of 45,821 app reviews of the top five mobile cryptocurrency wallets, we identified and qualitatively analyzed 6,859 reviews pertaining to the user experience (UX) with those wallets. [...]
Published in Artemij Voskobojnikov, Oliver Wiese, Masoud Mehrabi Koushki, Volker Roth, Konstantin Beznosov. The U in Crypto Stands for Usable: An Empirical Study of User Experience with Mobile Cryptocurrency Wallets. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'21), 2021.:
Fulltext: PDF;
|
13.
|
Bits Under the Mattress: Understanding Different Risk Perceptions and Security Behaviors of Crypto-Asset Users
/ Svetlana Abramova ; Artemij Voskobojnikov ; Konstantin Beznosov ; Rainer Böhme
[LERSSE-RefConfPaper-2021-001]
Crypto-assets are unique in tying financial wealth to the secrecy of private keys. [...]
Published in Svetlana Abramova, Artemij Voskobojnikov, Konstantin Beznosov, Rainer Böhme. Bits Under the Mattress: Understanding Different Risk Perceptions and Security Behaviors of Crypto-Asset Users. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'21), 2021.:
Fulltext: PDF;
|
14.
|
Is Implicit Authentication on Smartphones Really Popular? On Android Users’ Perception of “Smart Lock for Android”
/ Masoud Mehrabi Koushki ; Borke Obada-Obieh ; Jun Ho Huh ; Konstantin Beznosov
[LERSSE-RefConfPaper-2020-005]
Implicit authentication (IA) on smartphones has gained a lot of attention from the research community over the past decade. [...]
Published in Masoud Mehrabi Koushki, Borke Obada-Obieh, Jun Ho Huh, Konstantin Beznosov. Is Implicit Authentication on Smartphones Really Popular? On Android Users’ Perception of “Smart Lock for Android”. In the Proceedings of Twenty-Second International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI 2020), Virtual Conference, 2020.:
Fulltext: PDF;
|
15.
|
Towards Understanding Privacy and Trust in Online Reporting of Sexual Assault
/ Borke Obada-Obieh ; Lucrezia Spagnolo ; Konstantin Beznosov
[LERSSE-RefConfPaper-2020-004]
According to the United States Department of Justice, every 73 seconds, an American is sexually assaulted. [...]
Published in Borke Obada-Obieh, Lucrezia Spagnolo, and Konstantin Beznosov. "Towards Understanding Privacy and Trust in Online Reporting of Sexual Assault." In Proceedings of the Sixteenth Symposium on Usable Privacy and Security (SOUPS), 2020.:
Fulltext: PDF;
|
16.
|
Surviving the Cryptojungle: Perception and Management of Risk Among North American Cryptocurrency (Non)Users
/ Artemij Voskobojnikov ; Borke Obada-Obieh ; Yue Huang ; Konstantin Beznosov
[LERSSE-RefConfPaper-2020-003]
With the massive growth of cryptocurrency markets in recent years has come an influx of new users and investors, pushing the overall number of owners into the millions. [...]
Published in Artemij Voskobojnikov, Borke Obada-Obieh, Yue Huang, Konstantin Beznosov. Surviving the Cryptojungle: Perception and Management of Risk Among North American Cryptocurrency (Non)Users. In the Proceedings of Twenty-Fourth International Conference on Financial Cryptography and Data Security (FC'20), Kota Kinabalu, 2020:
Fulltext: PDF;
|
17.
|
The Burden of Ending Online Account Sharing
/ Borke Obada-Obieh ; Yue Huang ; Konstantin Beznosov
[LERSSE-RefConfPaper-2020-002]
Many people share online accounts, even in situations where high privacy and security are expected. [...]
Published in Borke Obada-Obieh, Yue Huang, Konstantin Beznosov. The Burden of Ending Online Account Sharing. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'20), 2020.:
Fulltext: PDF;
|
18.
|
Amazon vs. My Brother: How Users of Shared Smart Speakers Perceive and Cope with Privacy Risks
/ Yue Huang ; Borke Obada-Obieh ; Konstantin Beznosov
[LERSSE-RefConfPaper-2020-001]
With the rapid adoption of smart speakers in people’s homes, there is a corresponding increase in users’ privacy and security concerns. [...]
Published in Yue Huang, Borke Obada-Obieh, Konstantin Beznosov. Amazon vs. My Brother: How Users of Shared Smart Speakers Perceive and Cope with Privacy Risks. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI'20), 2020, pages 402:1-13.:
Fulltext: PDF;
|
19.
|
Vulnerability & Blame: Making Sense of Unauthorized Access to Smartphones
/ Diogo Marques ; Tiago Guerreiro ; Luís Carriço ; Ivan Beschastnikh ; et al
[LERSSE-RefConfPaper-2019-002]
Unauthorized physical access to personal devices by people known to the owner of the device is a common concern, and a common occurrence. [...]
Published in In Proceedings of CHI 2019, Glasgow, UK:
Fulltext: PDF PDF (PDFA);
|
20.
|
Towards Understanding the Link Between Age and Smartphone Authentication
/ Lina Qiu ; Alexander De Luca ; Ildar Muslukhov ; Konstantin Beznosov
[LERSSE-RefConfPaper-2019-001]
While previous work on smartphone (un)locking has revealed real world usage patterns, several aspects still need to be explored. [...]
Published in In Proceedings of CHI 2019, Glasgow, UK:
Fulltext: PDF PDF (PDFA);
|
21.
|
Forecasting Suspicious Account Activity at Large-Scale Online Service Providers
/ Hassan Halawa ; Konstantin Beznosov ; Baris Coskun ; Meizhu Liu ; et al
[LERSSE-RefConfPaper-2018-003]
In the face of large-scale automated social engineering attacks to large online services, fast detection and remediation of compromised accounts are crucial to limit the spread of the attack and to mitigate the overall damage to users, companies, and the public at large. [...]
Published in In the proceedings of Twenty-Third International Conference on Financial Cryptography and Data Security (FC'19), St. Kitts, 2019:
Fulltext: Final-verson - PDF; FC19-1-CameraReady-a - PDF PDF (PDFA);
|
22.
|
Source Attribution of Cryptographic API Misuse in Android Applications
/ Ildar Muslukhov ; Yazan Boshmaf ; Konstantin Beznosov
[LERSSE-RefConfPaper-2018-002]
Recent research suggests that 88% of Android applications that use Java cryptographic APIs make at least one mistake, which results in an insecure implementation. [...]
Published in Ildar Muslukhov, Yazan Boshmaf, Konstantin Beznosov. Source Attribution of Cryptographic API Misuse in Android Applications. Proceedings of the 13th ACM ASIA Conference on Information, Computer and Communications Security (ACM ASIACCS '18), 2018.:
Fulltext: PDF PDF (PDFA);
|
23.
|
Forecasting Suspicious Account Activity at Large-Scale Online Service Providers
/ Hassan Halawa ; Matei Ripeanu ; Konstantin Beznosov ; Baris Coskun ; et al
[LERSSE-REPORT-2018-001]
In the face of large-scale automated social engineering attacks to large online services, fast detection and remediation of compromised accounts are crucial to limit the spread of new attacks and to mitigate the overall damage to users, companies, and the public at large. [...]
Published in H. Halawa, M. Ripeanu, K. Beznosov, B. Coskun, and M. Liu "Forecasting Suspicious Account Activity at Large-Scale Online Service Providers", published in arXiv https://arxiv.org/abs/1801.08629v1:
Fulltext: PDF PDF (PDFA);
|
24.
|
Dynamically Regulating Mobile Application Permissions
/ Primal Wijesekera ; Arjun Baokar ; Lynn Tsai ; Joel Reardon ; et al
[LERSSE-etc-2018-001]
Current smartphone operating systems employ permission systems to regulate how apps access sensitive resources. [...]
Published in P. Wijesekera et al., "Dynamically Regulating Mobile Application Permissions," in IEEE Security & Privacy, vol. 16, no. 1, pp. 64-71, January/February 2018. doi: 10.1109/MSP.2018.1331031 keywords: {Computer security;Medical devices;Mobile communication;Privacy;Smart phones;IEEE Symposium on Security and Privacy;machine learning;mobile privacy;permission systems;security}, URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8283440&isnumber=8283426:
Fulltext: PDF PDF (PDFA);
|
25.
|
Contextualizing Privacy Decisions for Better Prediction (and Protection)
/ Primal Wijesekera ; Joel Reardon ; Irwin Reyes ; Lynn Tsai ; et al
[LERSSE-RefConfPaper-2018-001]
Modern mobile operating systems implement an ask-on-first-use policy to regulate applications’ access to private user data: the user is prompted to allow or deny access to a sensitive resource the first time an app attempts to use it. [...]
Published in Primal Wijesekera, Joel Reardon, Irwin Reyes, Lynn Tsai, Jung-Wei Chen, Nathan Good, David Wagner, Konstantin Beznosov, and Serge Egelman. Contextualizing Privacy Decisions for Better Prediction (and Protection). Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’18), 2018.:
Fulltext: PDF PDF (PDFA);
|
26.
|
Android users in the wild: Their authentication and usage behavior
/ Ahmed Mahfouz ; Ildar Muslukhov ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2017-002]
In this paper, we performed a longitudinal field study with 41 participants, who installed our monitoring framework on their Android smartphones and ran it for at least 20 days. [...]
Published in A. Mahfouz, I. Muslukhov, K. Beznosov, “Android users in the wild: Their authentication and usage behavior,” Pervasive and Mobile Computing, v. 32, 2016, 50-61.:
Fulltext: PDF PDF (PDFA);
|
27.
|
Decoupling data-at-rest encryption and smartphone locking with wearable devices
/ Ildar Muslukhov ; San-Tsai Sun ; Primal Wijesekera ; Yazan Boshmaf ; et al
[LERSSE-RefJnlPaper-2017-001]
Smartphones store sensitive and confidential data, e.g., business related documents or emails. [...]
Published in I. Muslukhov, S.-T. Sun, P. Wijesekera, Y. Boshmaf, K. Beznosov, “Decoupling data-at-rest encryption and smartphone locking with wearable devices,” Pervasive and Mobile Computing, v. 32, 2016, 26-34.:
Fulltext: PDF PDF (PDFA);
|
28.
|
The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences
/ Primal Wijesekera ; Arjun Baokar ; Lynn Tsai ; Joel Reardon ; et al
[LERSSE-RefConfPaper-2017-004]
Current smartphone operating systems regulate application permissions by prompting users on an ask-on-first-use basis. [...]
Published in P. Wijesekera, A. Baokar, L.Tsai, J. Reardon, S. Egelman, D. Wagner, K. Beznosov, “The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences,” in IEEE Symposium on Security and Privacy (IEEE S&P), San-Jose, CA, May 2017, 17 pages.:
Fulltext: PDF PDF (PDFA);
|
29.
|
Characterizing Social Insider Attacks on Facebook
/ Wali Ahmed Usmani ; Diogo Marques ; Ivan Beschastnikh ; Konstantin Beznosov ; et al
[LERSSE-RefConfPaper-2017-003]
Facebook accounts are secured against unauthorized access through passwords and device-level security. [...]
Published in W. A. Usmani, D. Marques, I. Beschastnikh, K. Beznosov, T. Guerreiro, L. Carrico, “Characterizing Social Insider Attacks on Facebook,” to appear in Proc. of the ACM Conference on Human Factors in Computing Systems (CHI), 2017, 11 pages.:
Fulltext: PDF PDF (PDFA);
|
30.
|
I’m too Busy to Reset my LinkedIn Password: On the Effectiveness of Password Reset Emails
/ Jun Ho Huh ; Hyoungshick Kim ; Swathi S.V.P. Rayala ; Rakesh B. Bobba ; et al
[LERSSE-RefConfPaper-2017-002]
A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. [...]
Published in J. H. Huh, H. Kim, S. S. V. Rayala, R. B. Bobba, K. Beznosov, “I’m too busy to reset my LinkedIn password: On the effectiveness of password reset emails,” to appear in Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), 2017, 5 pages.:
Fulltext: PDF PDF (PDFA);
|
31.
|
I Don’t Use Apple Pay Because It’s Less Secure ...: Perception of Security and Usability in Mobile Tap-and-Pay
/ Jun Ho Huh ; Saurabh Verma ; Swathi Sri V Rayala ; Rakesh B. Bobba ; et al
[LERSSE-RefConfPaper-2017-001]
This paper reports on why people use, not use, or have stopped using mobile tap-and-pay in stores. [...]
Published in J. H. Huh, S. Verma, S. S. V. Rayala, R. B. Bobba, K. Beznosov, H. Kim, “I Don’t Use Apple Pay Because It’s Less Secure ...: Perception of Security and Usability in Mobile Tap-and-Pay,” to appear in Proceedings of the Workshop on Usable Security (USEC), 2017, 12 pages.:
Fulltext: PDF PDF (PDFA);
|
32.
|
Harvesting the Low-hanging Fruits: Defending Against Automated Large-Scale Cyber-Intrusions by Focusing on the Vulnerable Populations
/ Hassan Halawa ; Konstantin Beznosov ; Yazan Boshmaf ; Baris Coskun ; et al
[LERSSE-RefConfPaper-2016-003]
The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic [...]
Published in In Proceedings of the New Security Paradigms Workshop (NSPW), September 26-29, 2016, Granby, CO, USA.:
Fulltext: PDF PDF (PDFA);
|
33.
|
Snooping on Mobile Phones: Prevalence and Trends
/ Diogo Marques ; Ildar Muslukhov ; Tiago Guerreiro ; Konstantin Beznosov ; et al
[LERSSE-RefConfPaper-2016-002]
Personal mobile devices keep private information which people other than the owner may try to access [...]
Published in Diogo Marques, Ildar Muslukhov, Tiago Guerreiro, Konstantin Beznosov and Luis Carrico. 2016. Snooping on Mobile Phones: Prevalence and Trends, SOUPS'16: Symposium On Usable Privacy and Security. Denver, Colorado, USA:
Fulltext: PDF PDF (PDFA);
|
34.
|
Sharing Health Information on Facebook: Practices, Preferences, and Risk Perceptions of North American Users
/ Sadegh Torabi ; Konstantin Beznosov
[LERSSE-RefConfPaper-2016-001]
Motivated by the benefits, people have used a variety of webbased services to share health information (HI) online. [...]
Published in Sadegh Torabi and Konstantin Beznosov. 2016. Sharing Health Information on Facebook: Practices, Preferences, and Risk Perceptions of North American Users, SOUPS'16: Symposium On Usable Privacy and Security. Denver, Colorado, USA:
Fulltext: PDF PDF (PDFA);
|
35.
|
Phishing threat avoidance behaviour: An empirical investigation
/ Nalin Asanka Gamagedara Arachchilage ; Steve Love ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2016-001]
Abstract Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. [...]
Published in Nalin Asanka Gamagedara Arachchilage, Steve Love, Konstantin Beznosov, Phishing threat avoidance behaviour: An empirical investigation, Computers in Human Behavior, Volume 60, July 2016, Pages 185-197, ISSN 0747-5632:
Fulltext: PDF PDF (PDFA);
|
36.
|
Android Rooting: Methods, Detection, and Evasion
/ San-Tsai Sun ; Andrea Cuadros ; Konstantin Beznosov
[LERSSE-RefConfPaper-2015-007]
Android rooting enables device owners to freely customize their own devices and run useful apps that require root privileges. [...]
Published in San-Tsai Sun, Andrea Cuadros and Konstantin Beznosov. Android Rooting: Methods, Detection, and Evasion. Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, October 2015.:
Fulltext: PDF PDF (PDFA);
|
37.
|
Surpass: System-initiated User-replaceable Passwords
/ Jun Ho Huh ; Seongyeol Oh ; Hyoungshick Kim ; Konstantin Beznosov
[LERSSE-RefConfPaper-2015-006]
System-generated random passwords have maximum pass- word security and are highly resistant to guessing attacks. [...]
Published in Jun Ho Huh, Seongyeol Oh, Hyoungshick Kim and Konstantin Beznosov. Surpass: System-initiated User-replaceable Passwords. In Proceedings of ACM Conference on Computer and Communications Security (CCS'15), October 2015.:
Fulltext: PDF PDF (PDFA);
|
38.
|
Thwarting Fake OSN Accounts by Predicting their Victims
/ Yazan Boshmaf ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-RefConfPaper-2015-005]
Traditional defense mechanisms for fighting against automated fake accounts in online social networks are victim-agnostic. [...]
Published in Yazan Boshmaf, Matei Ripeanu, Konstantin Beznosov. Thwarting Fake OSN Accounts by Predicting their Victims. In Proceedings of the 2015 Workshop on Artificial Intelligent and Security Workshop (AISec'15), Denver, Colorado, USA, Oct, 2015:
Fulltext: PDF PDF (PDFA);
|
39.
|
Android Permissions Remystified: A Field Study on Contextual Integrity
/ Primal Wijesekera ; Arjun Baokar ; Ashkan Hosseini ; Serge Egelman ; et al
[LERSSE-RefConfPaper-2015-004]
We instrumented the Android platform to collect data regarding how often and under what circumstances smartphone applications access protected resources regulated by permissions. [...]
Published in Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David Wagner and Konstantin Beznosov. 2015. Android Permissions Remystified: A Field Study on Contextual Integrity. USENIX Security 2015, Washington DC, USA.:
Fulltext: PDF PDF (PDFA);
|
40.
|
On the Memorability of System-generated PINs: Can Chunking Help?
/ Jun Ho Huh ; Hyoungschick Kim ; Rakesh B. Bobba ; Masooda N. Bashir ; et al
[LERSSE-RefConfPaper-2015-003]
To ensure that users do not choose weak personal identification numbers (PINs), many banks give out system-generated random PINs. [...]
Published in Jun Ho Huh, Hyoungschick Kim, Rakesh B. Bobba, Masooda N. Bashir and Konstantin Beznosov. 2015. On the Memorability of System-generated PINs: Can Chunking Help? SOUPS'15: Symposium On Usable Privacy and Security. Ottawa, Ontario, Canada:
Fulltext: PDF PDF (PDFA);
|
41.
|
A Study on the Influential Neighbors to Maximize Information Diffusion in Online Social Networks
/ Hyoungshick Kim ; Konstantin Beznosov ; Eiko Yoneki
[LERSSE-RefConfPaper-2015-002]
The problem of spreading information is a topic of considerable recent interest, but the traditional influence maximization problem is inadequate for a typical viral marketer who cannot access the entire network topology. [...]
Published in Kim, K. Beznosov, and E. Yoneki, “A Study on the Influential Neighbors to Maximize Information Diffusion in Online Social Networks” in Computational Social Networks, February 2015, v2n3.:
Fulltext: PDF PDF (PDFA);
|
42.
|
On the Impact of Touch ID on iPhone Passcodes
/ Ivan Cherapau ; Ildar Muslukhov ; Nalin Asanka ; Konstantin Beznosov
[LERSSE-RefConfPaper-2015-001]
Smartphones today store large amounts of data that can be confidential, private or sensitive. [...]
Published in LERSSE-RefConfPaper-2015-001:
Fulltext: PDF PDF (PDFA);
|
43.
|
Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs
/ Yazan Boshmaf ; Dionysios Logothetis ; Georgos Siganos ; Jorge Leria ; et al
[LERSSE-PRESENTATION-2015-001]
Detecting fake accounts in online social networks (OSNs) protects OSN operators and their users from various malicious activities. [...]
Published in Boshmaf et al. "Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs" In proceedings the 2015 Network and Distributed System Security Symposium (NDSS'15), San Diego, USA.:
Fulltext: PDF PDF (PDFA);
|
44.
|
Engineering Access Control For Distributed Enterprise Systems
/ Konstantin Beznosov
[LERSSE-THESIS-2015-001]
Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. [...]
Published in Florida International University, 2000:
Fulltext: PDF PDF (PDFA);
|
45.
|
Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs
/ Yazan Boshmaf ; Dionysios Logothetis ; Georgos Siganos ; Jorge Leria ; et al
[LERSSE-RefConfPaper-2014-004]
Detecting fake accounts in online social networks (OSNs) protects OSN operators and their users from various malicious activities. [...]
Published in Boshmaf et al. "Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs" In proceedings the 2015 Network and Distributed System Security Symposium (NDSS'15), San Diego, USA.:
Fulltext: NDSS_260_Final - PDF PDF (PDFA); boshmaf_ndss_2015 - PDF PDF (PDFA);
|
46.
|
To authorize or not authorize: helping users review access policies in organizations
/ Pooya Jaferian ; Hootan Rashtian ; Konstantin Beznosov
[LERSSE-RefConfPaper-2014-003]
This work addresses the problem of reviewing complex access policies in an organizational context using two studies [...]
Published in Pooya Jaferian, Hootan Rashtian, and Konstantin Beznosov. 2014. To authorize or not authorize: helping users review access policies in organizations. SOUPS'14: Symposium On Usable Privacy and Security. Menlo Park, CA.:
Fulltext: PDF PDF (PDFA);
|
47.
|
To Befriend Or Not? A Model of Friend Request Acceptance on Facebook
/ Hootan Rashtian ; Yazan Boshmaf ; Pooya Jaferian ; Konstantin Beznosov
[LERSSE-RefConfPaper-2014-002]
Accepting friend requests from strangers in Facebook-like online social networks is known to be a risky behavior. [...]
Published in Rashtian, H., Boshmaf, Y., Jaferian, P., Beznosov, K. (2014, July). To Befriend Or Not? A Model of Friend Request Acceptance on Facebook. In Proceedings of the 10th symposium on Usable Privacy and Security. ACM.:
Fulltext: PDF PDF (PDFA);
|
48.
|
Access Review Survey Report
/ Pooya Jaferian ; Konstantin Beznosov
[LERSSE-REPORT-2014-001]
To further understand the state of the practice in access review, and collect quantitative results on how companies perform access review, we conducted a survey of security practitioners [...]
Published in P. Jaferian and K. Beznosov. Access Review Survey Report. Technical Report LERSSE-TR-2014-001, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, May 2014.:
Fulltext: PDF PDF (PDFA);
|
49.
|
Thwarting fake accounts by predicting their victims
/ Yazan Boshmaf ; Dionysios Logothetis ; Georgos Siganos ; Matei Ripeanu ; et al
[LERSSE-PRESENTATION-2014-001]
Traditional fake account detection systems employed by today's online social networks rely on either features extracted from user activities, or ranks computed from the underlying social graph. [...]
Published in Boshmaf et al. Thwarting fake accounts by predicting their victims. Invited talk at AAAI 2014 Spring Symposia, Social Hacking and Cognitive Security on the Internet and New Media, Stanford, CA, March, 2014.:
Fulltext: PDF PDF (PDFA);
|
50.
|
Finding Influential Neighbors to Maximize Information Diffusion in Twitter
/ Hyoungshick Kim ; Konstantin Beznosov ; Eiko Yoneki
[LERSSE-RefConfPaper-2014-001]
The problem of spreading information is a topic of considerable recent interest, but the traditional influence maximization problem is inadequate for a typical viral marketer who cannot access the entire network topology. [...]
Published in Finding Influential Neighbors to Maximize Information Diffusion in Twitter, Hyoungshick Kim, Konstantin Beznosov, and Eiko Yoneki, WWW’14 Companion, April 7–11, 2014, Seoul, Korea.:
Fulltext: PDF PDF (PDFA);
|
51.
|
Security and Privacy in Online Social Networks
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2013-001]
Facebook has more monthly active users than almost any nation in the world. [...]
Published in Konstantin Beznosov, "Security and Privacy in Online Social Networks," Presentation, 2013, 81p.:
Fulltext: PDF PDF (PDFA);
|
52.
|
Privacy Aspects of Health Related Information Sharing in Online Social Networks
/ Sadegh Torabi ; Konstantin Beznosov
[LERSSE-RefConfPaper-2013-003]
Online social networks (OSNs) have formed virtual social networks where people meet and share information. [...]
Published in Sadegh Torabi and Konstantin Beznosov. “Privacy Aspects of Health Related Information Sharing in Online Social Networks,” USENIX Workshop on Health Information Technologies (HealthTech '13), August 2013, Washington, USA.:
Fulltext: PDF PDF (PDFA);
|
53.
|
Heuristics for Evaluating IT Security Management Tools
/ Pooya Jaferian ; Kirstie Hawkey ; Andreas Sotirakopoulos ; Maria Velez-Rojas ; et al
[LERSSE-RefJnlPaper-2013-002]
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. [...]
Published in Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, Maria Velez-Rojas, Konstantin Beznosov, Heuristics for Evaluating IT Security Management Tools, Accepted in Human–Computer Interaction, doi:10.1080/07370024.2013.819198.:
Fulltext: PDF PDF (PDFA);
|
54.
|
Know Your Enemy: The Risk of Unauthorized Access in Smartphones by Insiders
/ Ildar Muslukhov ; Yazan Boshmaf ; Cynthia Kuo ; Jonathan Lester ; et al
[LERSSE-RefConfPaper-2013-002]
Smartphones store large amounts of sensitive data, such as SMS messages, photos, or email. [...]
Published in Ildar Muslukhov, Yazan Boshmaf, Cynthia Kuo, Jonathan Lester and Konstantin Beznosov, Know Your Enemy: The Risk of Unauthorized Access in Smartphones by Insiders. In Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services companion:
Fulltext: paper.rev2 - PDF; paper - PDF PDF (PDFA); ASONAM_2013 - PDF PDF (PDFA);
|
55.
|
Investigating Users' Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
/ San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al
[LERSSE-RefJnlPaper-2013-001]
OpenID and OAuth are open and simple web single sign-on (SSO) protocols that have been adopted by major service providers, and millions of supporting websites. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. Investigating users' perspectives of web single sign-on: Conceptual gaps and acceptance model. Accepted for publication in ACM Transactions on Internet Technology (TOIT) on June 4th, 2013.:
Fulltext: PDF PDF (PDFA);
|
56.
|
Graph-based Sybil Detection in Social and Information Systems
/ Yazan Boshmaf ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-RefConfPaper-2013-001]
Sybil attacks in social and information systems have serious security implications. [...]
Published in Yazan Boshmaf, Konstantin Beznosov, Matei Ripeanu. Graph-based Sybil Detection in Social and Information Systems. In the Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM'13), Niagara Falls, Canada, August 25-28, 2013.:
Fulltext: PDF;
|
57.
|
Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection
/ Serge Egelman ; Andreas Sotirakopoulos ; Ildar Muslukhov ; Konstantin Beznosov ; et al
[LERSSE-RefConfPaper-2013-001]
Password meters tell users whether their passwords are "weak" or "strong." We performed a laboratory experiment to examine whether these meters influenced users' password selections when they were forced to change their real passwords, and when they were not told that their passwords were the subject of a study. [...]
Published in Serge Egelman, Andreas Sotirakopoulos, Ildar Muslukhov, Konstantin Beznosov, and Cormac Herley. Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection. In Proceedings of Computer-Human Interaction conference, April 2013.:
Transfer from CDS 0.99.7: PDF;
|
58.
|
Speculative Authorization
/ Pranab Kini ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2012-003]
We present Speculative Authorization (SPAN), a prediction technique that reduces authorization latency in enterprise systems. [...]
Published in Pranab Kini, Konstantin Beznosov, "Speculative Authorization," IEEE Transactions on Parallel and Distributed Systems, 10 Aug. 2012.:
Transfer from CDS 0.99.7: PDF;
|
59.
|
The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-RefConfPaper-2012-003]
Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. [...]
Published in San-Tsai Sun and Konstantin Beznosov. The devil is in the (implementation) details: An empirical analysis of OAuth SSO systems. In Proceedings of ACM Conference on Computer and Communications Security (CCS'12), October 2012.:
Transfer from CDS 0.99.7: PDF;
|
60.
|
Augur: Aiding Malware Detection Using Large-Scale Machine Learning
/ Yazan Boshmaf ; Matei Ripeanu ; Konstantin Beznosov ; Kyle Zeeuwen ; et al
[LERSSE-POSTER-2012-001]
We present Augur: a large-scale machine learning system that uses malware static and dynamic analyses to predict the maliciousness of new files. [...]
Published in Yazan Boshmaf, Matei Ripeanu, Konstantin Beznosov, Kyle Zeeuwen, David Cornell, Dmitry Samosseiko. Augur: Aiding Malware Detection Using Large-Scale Machine Learning. At the Poster Session of the 21st Usenix Security Symposium, Bellevue, WA, 2012:
Transfer from CDS 0.99.7: PDF;
|
61.
|
Design and Analysis of a Social Botnet
/ Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-RefJnlPaper-2012-002]
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. Design and Analysis of a Social Botnet. Elsevier Journal of Computer Network - Special Issue on Botnets, 2012.:
Transfer from CDS 0.99.7: PDF;
|
62.
|
Key Challenges in Defending Against Malicious Socialbots
/ Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-PRESENTATION-2012-001]
The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. [...]
Published in Usenix 5th Workshop on Large-scale Exploits and Emerging Threats (LEET'12), San Jose, CA, USA.:
Transfer from CDS 0.99.7: PDF;
|
63.
|
Key Challenges in Defending Against Malicious Socialbots
/ Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-RefConfPaper-2012-002]
The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. Key challenges in defending against malicious socialbots. In Proceedings of the 5th USENIX workshop on Large-scale exploits and emergent threats, LEET'12, Berkeley, CA, USA. USENIX Association.:
Transfer from CDS 0.99.7: PDF;
|
64.
|
Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures
/ San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2012-001]
OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures. Computers & Security, Accepted 7 February 2012.:
Transfer from CDS 0.99.7: PDF;
|
65.
|
The Socialbot Network: Are Social Botnets Possible?
/ Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-etc-2012-001]
In this invited piece at the ACM Interactions Magazine, we briefly describe our research into the use, impact, and implications of socialbots on Facebook..
Published in Article by Tim Hwang, Ian Pearce, and Max Nanis. Socialbots: voices from the fronts. In ACM Interactions 19, 2 (March 2012). Piece by Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. The Socialbot Network: Are Social Botnets Possible?:
Transfer from CDS 0.99.7: PDF;
|
66.
|
The Socialbot Network: When Bots Socialize for Fame and Money
/ Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-REPORT-2012-001]
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu. The socialbot network: when bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11), December 2011:
Transfer from CDS 0.99.7: PDF;
|
67.
|
Understanding Users’ Requirements for Data Protection in Smartphones
/ Ildar Muslukhov ; Yazan Boshmaf ; Cynthia Kuo ; Jonathan Lester ; et al
[LERSSE-RefConfPaper-2012-001]
Securing smartphones’ data is a new and growing concern, especially when this data represents valuable or sensitive information. [...]
Published in Ildar Muslukhov, Yazan Boshmaf, Cynthia Kuo, Jonathan Lester, and Konstantin Beznosov.
Understanding users' requirements for data protection in smartphones. In Workshop on Secure Data Management on Smartphones and Mobiles, 2012.:
Transfer from CDS 0.99.7: PDF;
|
68.
|
Strategies for Monitoring Fake AV Distribution Networks
/ Onur Komili ; Kyle Zeeuwen ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-UnrefConfPaper-2011-001]
We perform a study of Fake AV networks advertised via search engine optimization. [...]
Published in Onur Komili, Kyle Zeeuwen, Matei Ripeanu, and Konstantin Beznosov. Strategies for Monitoring Fake AV Distribution Networks. In Proceedings of the 21st Virus Bulletin Conference, October 5-7, 2011.:
Transfer from CDS 0.99.7: PDF;
|
69.
|
Automated Social Engineering Attacks in OSNs
/ Yazan Boshmaf ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-PRESENTATION-2011-003]
In this presentation, we outline the latest automated social engineering attacks in Online Social Networks (OSNs) such as Facebook [...]
Published in Yazan Boshmaf, Konstantin Beznosov, and Matei Ripeanu. Automated social engineering attacks in OSNs. The Office of the Privacy Commissioner of Canada (Ottawa), May 2010:
Transfer from CDS 0.99.7: PPT;
|
70.
|
[POSTER] The Socialbot Network: When Bots Socialize for Fame and Money
/ Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-POSTER-2011-002]
Online Social Networks (OSNs) have become an integral part of today's Web. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu. The socialbot network: when bots socialize for fame and money. In the Poster Session of the 20th USENIX Conference on Security (SEC'11), August 2011.:
Transfer from CDS 0.99.7: PDF;
|
71.
|
The Socialbot Network: When Bots Socialize for Fame and Money
/ Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu
[258]
[LERSSE-RefConfPaper-2011-008]
Online Social Networks (OSNs) have become an integral part of today's Web. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu. The socialbot network: when bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11), December 2011. For the technical report, please refer to http://lersse-dl.ece.ubc.ca/record/272:
Transfer from CDS 0.99.7: PDF;
|
72.
|
Analysis of ANSI RBAC Support in EJB
/ Wesam Darwish ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2011-001]
This paper analyzes access control mechanisms of the Enterprise Java Beans (EJB) architecture and defines a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB 3.0 standard. [...]
Published in Wesam Darwish and Konstantin Beznosov. Analysis of ANSI RBAC support in EJB. International Journal of Secure Software Engineering, 2(2):25-52, April-June 2011.:
Transfer from CDS 0.99.7: PDF;
|
73.
|
A Brick Wall, a Locked Door, and a Bandit: A Physical Security Metaphor For Firewall Warnings
/ Fahimeh Raja ; Kirstie Hawkey ; Steven Hsu ; Kai-Le Clement Wang ; et al
[LERSSE-RefConfPaper-2011-007]
We used an iterative process to design firewall warnings in which the functionality of a personal firewall is visualized based on a physical security metaphor. [...]
Published in Fahimeh Raja, Kirstie Hawkey, Steven Hsu, Kai-Le Clement Wang, and Konstantin Beznosov. A Brick Wall, a Locked Door, and a Bandit: A Physical Security Metaphor For Firewall Warnings. In SOUPS '11: Proceedings of the 7th symposium on Usable privacy and security, 20 pages.:
Transfer from CDS 0.99.7: PDF;
|
74.
|
Heuristics for Evaluating IT Security Management Tools
/ Pooya Jaferian ; Kirstie Hawkey ; Andreas Sotirakopoulos ; Maria Velez-Rojas ; et al
[LERSSE-RefConfPaper-2011-006]
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. [...]
Published in Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, Maria Velez-Rojas, Konstantin Beznosov, Heuristics for Evaluating IT Security Management Tools, in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), Carnegie Mellon University, Pittsburgh, PA, USA, July 20-22, 2011. :
Transfer from CDS 0.99.7: PDF;
|
75.
|
On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings
/ Andreas Sotirakopoulos ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2011-005]
We replicated and extended a 2008 study conducted at CMU that investigated the e effectiveness of SSL warnings. [...]
Published in Andreas Sotirakopoulos, Kirstie Hawkey, and Konstantin Beznosov. On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings. In Proceedings of Symposium on Usable Privacy and Security, July 2011:
Transfer from CDS 0.99.7: PDF;
|
76.
|
What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID
/ San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al
[LERSSE-RefConfPaper-2011-004]
OpenID is an open and promising Web single sign-on (SSO) solution. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. What makes users refuse web single sign-on? an empirical investigation of OpenID. In Proceedings of Symposium on Usable Privacy and Security, July 2011.:
Transfer from CDS 0.99.7: PDF;
|
77.
|
The Socialbot Network: When Bots Socialize for Fame and Money
/ Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu
[258]
[LERSSE-RefConfPaper-2011-008]
Online Social Networks (OSNs) have become an integral part of today's Web. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu. The socialbot network: when bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11), December 2011:
Transfer from CDS 0.99.7: PDF;
|
78.
|
Improving Malicious URL Re-Evaluation Scheduling Through an Empirical Study of Malware Download Centers
/ Kyle Zeeuwen ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-RefConfPaper-2011-003]
The retrieval and analysis of malicious content is an essential task for security researchers. [...]
Published in K. Zeeuwen, M. Ripeanu, K. Beznosov, “Improving Malicious URL Re-Evaluation Scheduling Through an Empirical Study of Malware Download Centers”. WebQuality Workshop 2011, March 28, 2011.:
Transfer from CDS 0.99.7: PDF;
|
79.
|
Password Managers, Single Sign-On, Federated ID: Have users signed up?
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2011-002]
Users have not signed up for OpenId. [...]
Published in Konstantin Beznosov, "Password Managers, Single Sign-On, Federated ID: Have users signed up?," panel presentation given at "Workshop on The Future of User Authentication and Authorization on the Web: Challenges in Current Practice, New Threats, and Research Directions," 4 March 2011, 23 pages.:
Transfer from CDS 0.99.7: PDF;
|
80.
|
Is OpenID too Open? Technical, Business, and Human Issues That Get in the Way of OpenID and Ways of Addressing Them
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-PRESENTATION-2011-001]
The web is essential for business and personal activities well beyond information retrieval, such online banking, financial transactions, and payment authorization, but reliable user authentication remains a challenge. [...]
Published in San-Tsai Sun and Konstantin Beznosov, "Is OpenID too Open? Technical, Business, and Human Issues That Get in the Way of OpenID and Ways of Addressing Them," presented at Eurecom, February 24, 2011. 57 pages.:
Transfer from CDS 0.99.7: PDF;
|
81.
|
Heuristics for Evaluating IT Security Management Tools
/ Pooya Jaferian ; Kirstie Hawkey ; Andreas Sotirakopoulos ; Konstantin Beznosov
[LERSSE-RefConfPaper-2011-002]
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive [...]
Published in Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, and Konstantin Beznosov, Heuristics for Evaluating IT Security Management Tools, In Proceedings of the 29th international conference extended abstracts on Human factors in computing systems (CHI '11), Vancouver, Canada, 2011. :
Transfer from CDS 0.99.7: PDF;
|
82.
|
Promoting A Physical Security Mental Model For Personal Firewall Warnings
/ Fahimeh Raja ; Kirstie Hawkey ; Steven Hsu ; Kai-Le Clement Wang ; et al
[LERSSE-POSTER-2011-001]
We used an iterative process to design personal firewall warnings in which the functionality of a firewall is visualized based on a physical security mental model. [...]
Published in Fahimeh Raja, Kirstie Hawkey, Steven Hsu, Kai-Le Clement Wang, and Konstantin Beznosov. Promoting A Physical Security Mental Model For Personal Firewall Warnings. In Proceedings of the 29th International Conference Extended Abstracts on Human Factors in Computing Systems (Vancouver, BC, Canada, 2011). ACM, New York, NY, 6 pages.:
Transfer from CDS 0.99.7: PDF;
|
83.
|
OpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On
/ San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al
[LERSSE-RefConfPaper-2011-001]
OpenID is an open and promising Web single sign-on solution; however, the interaction flows provided by OpenID are inconsistent and counter-intuitive, and vulnerable to phishing attacks. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, Konstantin Beznosov. OpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On. In Proceedings of the 29th International Conference Extended abstracts on Human Factors in Computing Systems (CHI '11), Vancouver, Canada, 2011.:
Transfer from CDS 0.99.7: PDF;
|
84.
|
Speculative Authorization
/ Pranab Kini ; Konstantin Beznosov
[LERSSE-REPORT-2010-002]
As enterprises aim towards achieving zero latency for their systems, latency introduced by authorization process can act as an obstacle towards achieving their goal. [...]
Published in Pranab Kini and Konstantin Beznosov, "Speculative Authorizaion," Tech. Rep. LERSSE-TR-2010-002, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, December 2010: :
Transfer from CDS 0.99.7: PDF;
|
85.
|
OpenID Security Analysis and Evaluation
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-PRESENTATION-2010-002]
OpenID is a promising user-centric Web single sign-on protocol. [...]
Published in San-Tsai Sun and Konstantin Beznosov, "OpenID Security Analysis and Evaluation," presented at the OWASP Chapter Meeting, Vancouver, Canada, October 21th 2010:
Transfer from CDS 0.99.7: PDF;
|
86.
|
Toward Understanding Distributed Cognition in IT Security Management: The Role of Cues and Norms
/ David Botta ; Kasia Muldner ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2010-002]
Information technology security management (ITSM) entails significant challenges, including the distribution of tasks and stakeholders across the organization, the need for security practitioners to cooperate with others, and technological complexity. [...]
Published in 1. D. Botta, K. Muldner, K. Hawkey, and K. Beznosov, “Toward Understanding Distributed Cognition in IT Security Management: The Role of Cues and Norms,” accepted for publication to the International Journal of Cognition, Technology and Work on 16 / Aug / 2010.:
Transfer from CDS 0.99.7: PDF;
|
87.
|
It's Too Complicated, So I Turned It Off! Expectations, Perceptions, and Misconceptions of Personal Firewalls
/ Fahimeh Raja ; Kirstie Hawkey ; Pooya Jaferian ; Konstantin Beznosov ; et al
[LERSSE-RefConfPaper-2010-008]
Even though personal firewalls are an important aspect of security for the users of personal computers, little attention has been given to their usability. [...]
Published in Fahimeh Raja, Kirstie Hawkey, Pooya Jaferian, Konstantin Beznosov, and Kellogg S. Booth. It's Too Complicated, So I Turned It Off! Expectations, Perceptions, and Misconceptions of Personal Firewalls. In Proceedings of the Third ACM Workshop on Assurable & Usable Security Configuration (SafeConfig), October 4, 2010.:
Transfer from CDS 0.99.7: PDF;
|
88.
|
OpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On Triangle
/ San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2010-007]
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. OpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On Triangle. In Proceedings of the Sixth ACM Workshop on Digital Identity Management (DIM), October 8 2010.:
Transfer from CDS 0.99.7: PDF;
|
89.
|
A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On
/ San-Tsai Sun ; Yazan Boshmaf ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2010-006]
OpenID and InfoCard are two mainstream Web single sign-on (SSO) solutions intended for Internet-scale adoption. [...]
Published in San-Tsai Sun, Yazan Boshmaf, Kirstie Hawkey, and Konstantin Beznosov. A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On. In Proceedings of the New Security Paradigms Workshop (NSPW), September 20-22, 2010. :
Transfer from CDS 0.99.7: PDF;
|
90.
|
Challenges in evaluating complex IT security management systems
/ Pooya Jaferian ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2010-005]
Performing ecologically valid user studies for IT security management (ITSM) systems is challenging. [...]
Published in P. Jaferian, K. Hawkey, and K. Beznosov. Challenges in evaluating complex IT security management systems. In SOUPS Usable Security Experiment Reports (USER) Workshop, 2010.:
Transfer from CDS 0.99.7: PDF;
|
91.
|
The Challenges of Understanding Users’ Security-related Knowledge, Behaviour, and Motivations
/ Sara Motiee ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2010-004]
In order to improve current security solutions or devise novel ones, it is important to understand users' knowledge, behaviour, motivations and challenges in using a security solution. [...]
Published in S. Motiee, K. Hawkey, and K. Beznosov. The Challenges of Understanding Users’ Security-related Knowledge, Behaviour, and Motivations. In SOUPS Usable Security Experiment Reports (USER) Workshop, 2010.:
Transfer from CDS 0.99.7: PDF;
|
92.
|
Expectations, Perceptions, and Misconceptions of Personal Firewalls
/ Fahimeh Raja ; Kirstie Hawkey ; Pooya Jaferian ; Konstantin Beznosov ; et al
[LERSSE-POSTER-2010-007]
In this research, our goal is to better understand users' knowledge, expectations, perceptions, and misconceptions of personal firewalls. [...]
Published in Raja, F., Jaferian, P., Hawkey, K., Beznosov, K., Booth, K. 2009. Expectations, Perceptions, and Misconceptions of Personal Firewalls. In Proceedings of the 6th Symposium on Usable Privacy and Security (Redmond, WA, July 14 - 16, 2010). SOUPS '10. ACM, New York, NY, 1-2.:
Transfer from CDS 0.99.7: PDF;
|
93.
|
Poster: OpenIDemail Enabled Browser, Towards Fixing the Broken Web Single Sign-On Triangle
/ San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-POSTER-2010-006]
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Poster: Openidemail enabled browser, towards fixing the broken web single sign-on triangl. poster at the SOUPS 2009, July 13th 2010.:
Transfer from CDS 0.99.7: PDF;
|
94.
|
Poster: Validating and Extending a Study on the Effectiveness of SSL Warnings
/ Andreas Sotirakopoulos ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-POSTER-2010-005]
We recently replicated and extended a 2009 study that investigated the effectiveness of SSL warnings. [...]
Published in A. Sotirakopoulos, K. Hawkey, and K. Beznosov. Poster: Validating and extending a study on the effectiveness of ssl warnings. Poster at Symposium on Usable Privacy and Security, 2010.:
Transfer from CDS 0.99.7: PDF;
|
95.
|
"I did it because I trusted you": Challenges with the Study Environment Biasing Participant Behaviours
/ Andreas Sotirakopoulos ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2010-003]
We recently replicated and extended a 2009 study that investigated the effectiveness of SSL warnings. [...]
Published in A. Sotirakopoulos, K. Hawkey, and K. Beznosov. "I did it because I trusted you": Challenges with the study environment biasing participant behaviours. In SOUPS Usable Security Experiment Reports (USER) Workshop, 2010.:
Transfer from CDS 0.99.7: PDF;
|
96.
|
Do Windows Users Follow the Principle of Least Privilege? Investigating User Account Control Practices
/ Sara Motiee ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2010-002]
The principle of least privilege requires that users and their programs be granted the most restrictive set of privileges possible to perform required tasks in order to limit the damages caused by security incidents. [...]
Published in Motiee, S., Hawkey, K., and Beznosov, K. 2010. Do windows users follow the principle of least privilege?: investigating user account control practices. In Proceedings of the Sixth Symposium on Usable Privacy and Security (Redmond, Washington, July 14 - 16, 2010). SOUPS '10, vol. 485. ACM, New York, NY, 1-13.:
Transfer from CDS 0.99.7: PDF;
|
97.
|
Analysis of ANSI RBAC Support in COM+
/ Wesam Darwish ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2010-001]
We analyze access control mechanisms of the COM+ architecture and define a configuration of the COM+ protection system in more precise and less ambiguous language than the COM+ documentation. [...]
Published in Darwish, W. and Beznosov, K. Analysis of ANSI RBAC Support in COM+. Comput. Stand. Interfaces 32, 4 (Jan. 2010), 197-214. :
Transfer from CDS 0.99.7: PDF;
|
98.
|
Open problems in Web 2.0 user content sharing
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-PRESENTATION-2010-001]
Users need useful mechanisms for sharing their Web 2.0 content with each other in a controlled manner across boundaries of content-hosting and service providers (CSPs). [...]
Published in San-Tsai Sun and Konstantin Beznosov, "Open problems in Web 2.0 user content sharing," presented at the iNetSec Workshop, Zurich, Switzerland, April 23th 2009, 44 pages.:
Transfer from CDS 0.99.7: PDF;
|
99.
|
Investigating User Account Control Practices
/ Sara Motiee ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-POSTER-2010-004]
Non-administrator user accounts and the user account control (UAC) approach of Windows Vista are two practical solutions to limit the damage of malware infection [...]
Published in Sara Motiee, Kirstie Hawkey and Konstantin Beznosov. Investigating User Account Control Practices. In Proceedings of the 28th international Conference Extended Abstracts on Human Factors in Computing Systems (Atlanta, GA, USA, April 10 - 15, 2010). ACM, New York, NY, 6 pages.:
Transfer from CDS 0.99.7: PDF;
|
100.
|
Investigating an Appropriate Design for Personal Firewalls
/ Fahimeh Raja ; Kirstie Hawkey ; Konstantin Beznosov ; Kellogg S. Booth
[LERSSE-POSTER-2010-003]
Personal firewalls are an important aspect of security for home computer users, but little attention has been given to their usability. [...]
Published in Fahimeh Raja, Kirstie Hawkey, Konstantin Beznosov, and Kellogg S. Booth. Investigating an Appropriate Design for Personal Firewalls. In Proceedings of the 28th international Conference Extended Abstracts on Human Factors in Computing Systems (Atlanta, GA, USA, April 10 - 15, 2010). ACM, New York, NY, 6 pages.:
Transfer from CDS 0.99.7: PDF;
|
101.
|
Poster: OpenIDemail Enabled Browser
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-POSTER-2010-002]
Today's Web is site-centric. [...]
Published in San-Tsai Sun and Konstantin Beznosov. Poster: OpenIDemail Enabled Browser. In the poster session of the 25th Annual Computer Security Applications Conference (ACSAC), December 2009:
Transfer from CDS 0.99.7: PDF;
|
102.
|
An RT-based Policy Model for Converged Networks
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-REPORT-2010-001]
Technologies advanced in communication devices and wireless networks enable telecommunication network operators to provide rich personalized multimedia services. [...]
Published in San-Tsai Sun and Konstantin Beznosov, "An RT-based Policy Model for Converged Networks," Tech. Rep. LERSSE-TR-2010-001, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, January 2010:
Transfer from CDS 0.99.7: PDF;
|
103.
|
Authorization Recycling in Hierarchical RBAC Systems
/ Qiang Wei ; Jason Crampton ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-RefJnlPaper-2009-014]
As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. [...]
Published in Q. Wei, J. Crampton, K. Beznosov, M. Ripeanu, “Authorization Recycling in Hierarchical RBAC Systems,” to appear in ACM Transactions on Information and System Security (TISSEC), 32 pages, preprint.:
Transfer from CDS 0.99.7: PDF;
|
104.
|
Security Research Advances in 2009
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2009-083]
This presentation reviews latest scientific conference reports on the cutting edge research in computer security. [...]
Published in Konstantin Beznosov, "Security Research Advances in 2009," presented at Vancouver International Security Conference, November 30-December 1, 2009, 56 pages.:
Transfer from CDS 0.99.7: PDF;
|
105.
|
Preparation, detection, and analysis: the diagnostic work of IT security incident response
/ Rodrigo Werlinger ; Kasia Muldner ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2009-013]
Purpose — The purpose of this study is to examine security incident response practices of IT security practitioners as a diagnostic work process, including the preparation phase, detection, and analysis of anomalies. [...]
Published in Rodrigo Werlinger, Kasia Muldner, Kirstie Hawkey, and Konstantin Beznosov. Preparation,
detection, and analysis: the diagnostic work of IT security incident response. Journal of
Information Management & Computer Security, 18(1):26-42, January 2010.
:
Transfer from CDS 0.99.7: PDF;
|
106.
|
Towards Developing Usability Heuristics for Evaluation of IT Security Management (ITSM) Tools
/ Pooya Jaferian ; David Botta ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-POSTER-2009-010]
Evaluating the usability of specific information technology (IT) security tools is challenging. [...]
Published in Pooya Jaferian, David Botta, Kirstie Hawkey, Konstantin Beznosov, Towards Developing Usability Heuristics for Evaluation of IT Security Management (ITSM) Tools. Poster at CHIMIT 2009, Baltimore, MD, 2009.:
Transfer from CDS 0.99.7: PDF;
|
107.
|
A Case Study of Enterprise Identity Management System Adoption in an Insurance Organization
/ Pooya Jaferian ; David Botta ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2009-039]
This case study describes the adoption of an enterprise identity management(IdM) system in an insurance organization [...]
Published in Jaferian, P., Botta, D., Hawkey, K., and Beznosov, K. 2009. A Case Study of Enterprise Identity Management System Adoption in an Insurance Organization. In Proceedings of the 3rd ACM Symposium on Computer Human interaction For Management of information Technology (Baltimore, Maryland, November 7 - 8, 2009). CHiMiT '09. ACM, New York, NY.:
Transfer from CDS 0.99.7: PDF;
|
108.
|
Towards Investigating User Account Control Practices in Windows Vista
/ Sara Motiee, Kirstie Hawkey, Konstantin Beznosov
[LERSSE-POSTER-2009-009]
This poster presents the research plan for investigating user account control practices in Windows Vista. [...]
Published in S. Motiee, K. Hawkey and K. Beznosov, Towards Investigating User Account Control Practices in Windows Vista. Poster in18th USENIX Security Symposium, August 2009.:
Transfer from CDS 0.99.7: PDF;
|
109.
|
Secure Web 2.0 Content Sharing Beyond Walled Gardens
/ San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2009-038]
Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Secure Web 2.0 content sharing beyond walled gardens. In Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC), pages 409-418, December 2009:
Transfer from CDS 0.99.7: PDF;
|
110.
|
Support for ANSI RBAC in EJB
/ Wesam Darwish ; Konstantin Beznosov
[LERSSE-REPORT-2009-034]
We analyze access control mechanisms of the Enterprise Java Beans (EJB)architecture and define a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB 3.0 standard. [...]
Published in Wesam Darwish and Konstantin Beznosov. Support for ANSI RBAC in EJB. Technical Report LERSSE-TR-2009-34, accessible from http://lersse-dl.ece.ubc.ca, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, January 21 2009:
Transfer from CDS 0.99.7: PDF;
|
111.
|
Authorization Using the Publish-Subscribe Model
/ Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-PRESENTATION-2009-080]
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. [...]
Published in Qei Wei, Konstantin Beznosov, and Matei Ripeanu, “Authorization Using Publish/Subscribe Models,” In Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA'08), 10-12 December, 2008, Sydney, Australia. IEEE Computer Society, pp.53-62.:
Transfer from CDS 0.99.7: PDF;
|
112.
|
Authorization Recycling in RBAC Systems
/ Qiang Wei ; Jason Crampton ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-PRESENTATION-2009-079]
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. [...]
Published in Qiang Wei, Jason Crampton, Konstantin Beznosov, and Matei Ripeanu, “Authorization Recycling in RBAC Systems,” in the Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT’08), Estes Park, Colorado, 11-13 June, 2008, pp.63-72.:
Transfer from CDS 0.99.7: PDF;
|
113.
|
A Multi-method Approach for User-centered Design of Identity Management Systems
/ Pooya Jaferian ; David Botta ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-POSTER-2009-006]
Identity management (IdM) comprises the processes and infrastructure for the creation, maintenance, and use of digital identities. [...]
Published in Pooya Jaferian, David Botta, Kirstie Hawkey, Konstantin Beznosov, A multi-method approach for user-centered design of identity management systems. Poster at SOUPS 2009, Mountain View, CA, 2009. :
Transfer from CDS 0.99.7: PDF;
|
114.
|
Towards Understanding Diagnostic Work During the Detection and Investigation of Security Incidents
/ Rodrigo Werlinger ; Kasia Muldner ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2009-037]
This study investigates how security practitioners perform diagnostic work during the identification of security incidents. [...]
Published in Werlinger, R., Muldner, K., Hawkey, K., and Beznosov, K. (2009). Towards Understanding Diagnostic Work during the Detection and Investigation of Security Incidents. Proc. of Int. Symposium on Human Aspects of Information Security & Assurance (HAISA 2009), Athens, Greece, June 25-26, 2009, 119-132.:
Transfer from CDS 0.99.7: PDF;
|
115.
|
Revealing Hidden Context: Improving Users' Mental Models of Personal Firewalls
/ Fahimeh Raja ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-PRESENTATION-2009-078]
Windows Vista’s personal firewall provides its diverse users with a basic interface that hides many operational details. [...]
Published in Talk given at Symposium On Usable Privacy and Security (SOUPS), July 2009, at Google in Mountain View, California, US.:
Transfer from CDS 0.99.7: PDF;
|
116.
|
Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2009-012]
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs) without the involvement of application developers. [...]
Published in Sun-Tsai Sun and Konstantin Beznosov. Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks. In International Journal of Secure Software Engineering, pages 20-40, 1(1), January 2010.:
Transfer from CDS 0.99.7: PDF;
|
117.
|
Towards Enabling Web 2.0 Content Sharing Beyond Walled Gardens
/ San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2009-036]
Web 2.0 users have many choices of content-hosting or application-service providers (CSPs). [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Towards enabling Web 2.0 content sharing beyond walled gardens. In Proceedings of the Workshop on Security and Privacy in Online Social Networking, pages 979-984, August 29th 2009.:
Transfer from CDS 0.99.7: PDF;
|
118.
|
Revealing Hidden Context: Improving Mental Models of Personal Firewall Users
/ Fahimeh Raja ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-PRESENTATION-2009-076]
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. [...]
Published in Talk given at NSERC ISSNet Workshop 2009, Carleton University, Ottawa, Canada.:
Transfer from CDS 0.99.7: PDF;
|
119.
|
Open Problems in Web 2.0 User Content Sharing
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-RefConfPaper-2009-035]
Users need useful mechanisms for sharing their Web 2.0 content with each other in a controlled manner across boundaries of content-hosting and service providers (CSPs). [...]
Published in San-Tsai Sun and Konstantin Beznosov. Open problems in Web 2.0 user content sharing. In Proceedings of the iNetSec Workshop, pages 37-51, Zurich, Switzerland, April 23th 2009.:
Transfer from CDS 0.99.7: PDF;
|
120.
|
Towards Web 2.0 Content Sharing Beyond Walled Gardens
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-PRESENTATION-2009-075]
Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). [...]
Published in Talk given at NSERC ISSNet Workshop 2009, Carleton University, Ottawa, Canada:
Transfer from CDS 0.99.7: PPT;
|
121.
|
Poster: Toward Enabling Secure Web 2.0 Content Sharing Beyond Walled Gardens
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-POSTER-2009-005]
Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). [...]
Published in San-Tsai Sun and Konstantin Beznosov. "Poster: Towards enabling secure Web 2.0 user content sharing beyond walled gardens," poster at the USENIX Security 2009, August 13th 2009.:
Transfer from CDS 0.99.7: PDF;
|
122.
|
Revealing Hidden Context: Improving Mental Models of Personal Firewall Users
/ Fahimeh Raja ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2009-034]
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details [...]
Published in Fahimeh Raja, Kirstie Hawkey, and Konstantin Beznosov. Revealing hidden context: Improving
mental models of personal firewall users. In SOUPS '09: Proceedings of the 5th
symposium on Usable privacy and security, New York, NY, USA, 2009. ACM, pp 1-12.
:
Transfer from CDS 0.99.7: PDF;
|
123.
|
Toward Improving Availability and Performance of Enterprise Authorization Services
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2009-001]
In currently deployed large enterprise systems, policy enforcement points (PDPs) are commonly implemented as logically centralized authorization servers [...]
Published in Talk given at the Faculty of Computer Science, Technical University of Dortmund.:
Transfer from CDS 0.99.7: PDF;
|
124.
|
Speculative Authorizations
/ Pranab Kini ; Konstantin (Kosta) Beznosov
[LERSSE-POSTER-2009-003]
In a large-scale enterprise system, making authorization decisions is often computationally expensive due to the complexity of the policies involved and the large size of the resource and user populations [...]
Transfer from CDS 0.99.7: PDF;
|
125.
|
Poster: Towards Secure Web 2.0 User Content Sharing Beyond Walled Gardens
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-POSTER-2009-002]
Web 2.0 users need usable mechanisms for sharing
their content with each other in a controlled manner across
boundaries of content-hosting or application-service providers
(CSPs) [...]
Published in San-Tsai Sun and Konstantin Beznosov. "Poster: Towards enabling secure Web 2.0 user content sharing beyond walled gardens," poster at the IEEE Security and Privacy 2009, May 17th 2009.:
Transfer from CDS 0.99.7: PDF;
|
126.
|
Identification of sources of failures and their propagation in critical infrastructures from 12 years of public failure reports
/ Hafiz Abdur Rahman ; Konstantin Beznosov ; José R. Martí
[LERSSE-RefJnlPaper-2009-010]
Understanding the origin of infrastructure failures and their propagation patterns in critical infrastructures can provide important information for secure and reliable infrastructure design. [...]
Published in Hafiz Abdur Rahman, Konstantin Beznosov and José R. Martí, "Identification of sources of failures and their propagation in critical infrastructures from 12 years of public failure reports ", International Journal of Critical Infrastructures 2009 - Vol. 5, No.3 pp. 220 - 244:
Transfer from CDS 0.99.7: PDF;
|
127.
|
Application-Based TCP Hijacking
/ Oliver Zheng ; Jason Poon ; Konstantin Beznosov
[LERSSE-RefConfPaper-2009-033]
We present application-based TCP hijacking (ABTH), a new attack on TCP applications that exploits flaws due to the interplay between TCP and application protocols to inject data into an application session without either server or client applications noticing the spoofing attack. [...]
Published in Oliver Zheng, Jason Poon, Konstantin Beznosov, "Application-Based TCP Hijacking," in Proceedings of the 2009 European Workshop on System Security, Nuremberg, Germany, ACM, 31 March 2009, pp. 9-15.:
Transfer from CDS 0.99.7: PDF;
|
128.
|
Usability Meets Access Control: Challenges and Research Opportunities
/ Konstantin Beznosov ; Philip Inglesant ; Jorge Lobo ; Rob Reeder ; et al
[LERSSE-UnrefConfPaper-2009-005]
This panel discusses specific challenges in the usability of access control technologies and new opportunities for research [...]
Published in Konstantin Beznosov, Philip Inglesant, Jorge Lobo, Rob Reeder, and Mary Ellen Zurko, "Usability Meets Access Control: Challenges and Research Opportunities," in Proceedings of the ACM Symposium on Access Control Models and Aechnologies (SACMAT), Stresa, Italy, ACM, 3-5 June, 2009 :
Transfer from CDS 0.99.7: PDF;
|
129.
|
SQLPrevent: Effective Dynamic Protection Against SQL Injection Attacks
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-REPORT-2009-032]
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs). [...]
Published in San-Tsai Sun and Konstantin Beznosov, "SQLPrevent: Effective Dynamic Protection Against SQL Injection Attacks," Tech. Rep. LERSSE-TR-2009-32, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, March 2009:
Transfer from CDS 0.99.7: PDF;
|
130.
|
An integrated view of human, organizational, and technological challenges of IT security management
/ Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2009-009]
Abstract Purpose – The purpose of this study is to determine the main challenges that IT security practitioners face in their organizations, including the interplay among human, organizational, and technological factors [...]
Published in Rodrigo Werlinger, Kirstie Hawkey and Konstantin Beznosov, "An integrated view of human, organizational, and technological challenges of IT security management", Information Management & Computer Security, vol. 17, n. 1, 2009, pp.4-19.:
Transfer from CDS 0.99.7: PDF;
|
131.
|
Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders within Organizations
/ Rodrigo Werlinger ; Kirstie Hawkey ; David Botta ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2009-007]
This study investigates the context of interactions of IT security practitioners, based on a qualitative analysis of 30 interviews and participatory observation. [...]
Published in Rodrigo Werlinger, Kirstie Hawkey, David Botta, Konstantin Beznosov, "Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders within Organizations", International Journal of Human-Computer Studies, 67(7):584–606, March 2009. :
Transfer from CDS 0.99.7: PDF;
|
132.
|
Mobile Applications for Public Sector: Balancing Usability and Security
/ Yurij Natchetoi ; Konstantin Beznosov ; Viktor Kaufman
[LERSSE-RefConfPaper-2009-032]
Development of mobile software applications for use in specific domains such as Public Security must conform to stringent security requirements [...]
Published in Yurij Natchetoi, Konstantin Beznosov, Viktor Kaufman, “Mobile Applications for Public Sector: Balancing Usability and Security” in the Collaboration and the Knowledge Economy: Issues, Applications, Case Studies, Paul Cunningham and Miriam Cunningham (Eds), IOS Press, 2008 Amsterdam, ISBN 978–1–58603–924-0, Stockholm, Sweden, 22 - 24 October 2008, article #117, 6 pages.:
Transfer from CDS 0.99.7: PDF;
|
133.
|
Towards Improving Mental Models of Personal Firewall Users
/ Fahimeh Raja ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-POSTER-2009-001]
Windows Vista’s personal firewall provides its diverse users with a basic interface that hides many operational details. [...]
Published in Fahimeh Raja, Kirstie Hawkey, and Konstantin Beznosov, "Towards Improving Mental Models of Personal Firewall Users," in Proceedings of CHI 2009 (Work in Progress), Boston, USA, 4-9 April, 2009, 6 pages.:
Transfer from CDS 0.99.7: PDF;
|
134.
|
Auxiliary Material for the Study of Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders Within Organizations
/ Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-REPORT-2009-028]
This technical report contains additional material for the study, which investigated the context of interactions of IT security practitioners..
Published in Rodrigo Werlinger, Kirstie Hawkey, and Konstantin Beznosov, "Auxiliary Material for the Study of Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders Within Organizations," Tech. Rep. LERSSE-TR-2009-01, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, Jan 2009:
Transfer from CDS 0.99.7: PDF;
|
135.
|
Authorization Using the Publish-Subscribe Model
/ Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-RefConfPaper-2008-031]
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov. Authorization using the publishsubscribe model. In Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA), pages 53-62, Sydney, Australia, December 10-12 2008. IEEE Computer Society.:
Transfer from CDS 0.99.7: PDF;
|
136.
|
On the Imbalance of the Security Problem Space and its Expected Consequences
/ Konstantin Beznosov ; Olga Beznosova
[LERSSE-RefJnlPaper-2008-006]
Purpose – This paper aims to report on the results of an analysis of the computer security problem space, to suggest the areas with highest potential for making progress in the attacker-defender game, and to propose questions for future research. [...]
Published in Konstantin Beznosov and Olga Beznosova, "On the Imbalance of the Security Problem Space and its Expected Consequences," Journal of Information Management & Computer Security, Emerald, vol. 15 n.5, September 2007, pp.420-431.:
Transfer from CDS 0.99.7: PDF;
|
137.
|
Guidelines for Designing IT Security Management Tools
/ Pooya Jaferian ; David Botta ; Fahimeh Raja ; Kirstie Hawkey ; et al
[LERSSE-RefConfPaper-2008-030]
An important factor that impacts the effectiveness of security systems within an organization is the usability of security management tools. [...]
Published in Pooya Jaferian, David Botta, Fahimeh Raja, Kirstie Hawkey, Konstantin Beznosov, "Guidelines for Designing IT Security Management Tools," In CHIMIT '08: Proceedings of the 2008 symposium on Computer Human Interaction for the Management of Information Technology, San Diego, CA, USA, 7:1-7:10, ACM.:
Transfer from CDS 0.99.7: PDF;
|
138.
|
A Two-factor Authentication Mechanism Using Mobile Phones
/ Nima Kaviani ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-REPORT-2008-027]
Mobile devices are becoming more pervasive and more advanced with respect to their processing power and memory size. [...]
Published in Nima Kaviani and Kirstie Hawkey and Konstantin Beznosov, "A Two-factor Authentication Mechanism Using Mobile Phones," Tech. Rep. LERSSE-TR-2008-03, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, August 2008:
Transfer from CDS 0.99.7: PDF;
|
139.
|
Cooperative Secondary Authorization Recycling
/ Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2008-005]
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are facing challenges of fragility and poor scalability. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," IEEE Transactions on Parallel and Distributed Systems, vol. 20 n.2, February 2009, pp.275-288.:
Transfer from CDS 0.99.7: PDF;
|
140.
|
Management of IT Security in Organizations: What Makes It Hard?
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2008-073]
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after security breaches. [...]
Published in Konstantin Beznosov, “Management of IT Security in Organizations: What Makes It Hard?” talk given at the SAP Research, Campus-based Engineering Center, Karlsruhe, Germany, 08 July 2008.:
Transfer from CDS 0.99.7: PDF;
|
141.
|
Searching for the Right Fit: Balancing IT Security Management Model Trade-Offs
/ Kirstie Hawkey ; Kasia Muldner ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2008-004]
IT security professionals’ effectiveness in an organization is influenced not only by how usable their security management tools are but also by how well the organization’s security management model (SMM) fits. [...]
Published in Kirstie Hawkey, Kasia Muldner and Konstantin Beznosov, "Searching for the Right Fit Balancing IT Security Management Model Trade-Offs", Special Issue on Useful Computer Security, IEEE Internet Computing Magazine, 12(3), 2008, p. 22-30.:
Transfer from CDS 0.99.7: PDF;
|
142.
|
Why (Managing) IT Security is Hard and Some Ideas for Making It Easier
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2008-072]
The way security mechanisms for distributed applications are engineered today has a number of serious drawbacks. [...]
Published in Konstantin Beznosov, “Why (Managing) IT Security is Hard and Some Ideas for Making It Easier” talk given at the St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, 2 June 2008.:
Transfer from CDS 0.99.7: PDF;
|
143.
|
The Secondary and Approximate Authorization Model and its Application to BLP and RBAC Policies
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2008-071]
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers through remote procedure calls. [...]
Published in Konstantin Beznosov, “The Secondary and Approximate Authorization Model and its Application to BLP and RBAC Policies” talk given at the Computer Science Department, IBM Research Laboratory, Rüeschlikon, Switzerland, 5 June 2008.:
Transfer from CDS 0.99.7: PDF;
|
144.
|
Toward Understanding the Workplace of IT Security Practitioners
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2008-070]
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after security breaches. [...]
Published in Konstantin Beznosov, “Toward Understanding the Workplace of IT Security Practitioners” talk given at the Computer Science Department, College University London, 04 July 2008.:
Transfer from CDS 0.99.7: PDF;
|
145.
|
Responding to security incidents: are security tools everything you need?
/ Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-PRESENTATION-2008-069]
Presentation given at FIRST'08 conference [...]
Published in Rodrigo Werlinger, Kirstie Hawkey, Konstantin Beznosov, "Responding to security incidents: are security tools everything you need?", presented at FIRST, Vancouver, Canada, June 23-27, 2008.:
Transfer from CDS 0.99.7: PDF;
|
146.
|
The Challenges of Using an Intrusion Detection System: Is It Worth the Effort?
/ Rodrigo Werlinger ; Kirstie Hawkey ; Kasia Muldner ; Pooya Jaferian ; et al
[LERSSE-RefConfPaper-2008-029]
An intrusion detection system (IDS) can be a key component of security incident response within organizations. [...]
Published in R. Werlinger, K. Hawkey, K. Muldner, P. Jaferian, and K. Beznosov. The challenges of using an intrusion detection system: Is it worth the effort? In Proc. of ACM Symposium on Usable Privacy and Security (SOUPS) , pp 107 - 116 , 2008:
Transfer from CDS 0.99.7: PDF;
|
147.
|
Human, Organizational and Technological Challenges of Implementing IT Security in Organizations
/ Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2008-028]
Our qualitative research provides a comprehensive list of challenges to the practice of IT security within organizations, including the interplay between human, organizational, and technical factors. [...]
Published in R. Werlinger, K. Hawkey, and K. Beznosov. Human, Organizational and Technological Challenges of Implementing IT Security in Organizations. In Proc of. HAISA '08: Human Aspects of Information Security and Assurance, 10 pages), July 2008, pp 35-48.:
Transfer from CDS 0.99.7: PDF;
|
148.
|
Cooperative Secondary Authorization Recycling
/ Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-REPORT-2008-026]
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures---based predominantly on the request-response paradigm---are facing challenges of fragility and poor scalability. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," Tech. Rep. LERSSE-TR-2008-02, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, April 2008.:
Transfer from CDS 0.99.7: PDF;
|
149.
|
Identifying Differences Between Security and Other IT Professionals: a Qualitative Analysis.
/ Andre Gagne ; Kasia Muldner ; Konstantin Beznosov
[LERSSE-RefConfPaper-2008-027]
We report factors differentiating security and other IT responsibilities. [...]
Published in Andre Gagne, Kasia Muldner, and Konstantin Beznosov. Identifying Differences between Security and other IT Professionals: a Qualitative Analysis. In proceedings of Human Aspects of Information Security and Assurance (HAISA), Plymouth, England, July 2008, pp 69-80.:
Transfer from CDS 0.99.7: PDF;
|
150.
|
Authorization Recycling in RBAC Systems
/ Qiang Wei ; Jason Crampton ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-RefConfPaper-2008-026]
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. [...]
Published in Qiang Wei, Jason Crampton, Konstantin Beznosov, and Matei Ripeanu. Authorization recycling in RBAC systems. In SACMAT '08: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, Estes Park, Colorado, USA, June 11-13 2008, pp. 63-72. :
Transfer from CDS 0.99.7: PDF;
|
151.
|
A Broad Empirical Study of IT Security Practioners
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2008-068]
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after a security breach [...]
Published in Konstantin Beznosov, "A Broad Empirical Study of IT Security Practioners," talk given at the Coast to Coast Seminar Series, 2008-03-18.:
Transfer from CDS 0.99.7: PDF;
|
152.
|
HOT Admin Research Project: Overview and Results to Date
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2008-067]
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after a security breach [...]
Published in Konstantin Beznosov, "HOT Admin Research Project: Overview and Results to Date," presented at the seminar series of GONDWANA (Towards Quantitative Security Metrics) research project, 41 pages, École Polytechnique de Montréal, February 21, 2008.:
Transfer from CDS 0.99.7: PDF;
|
153.
|
SQLPrevent: Effective Dynamic Detection and Prevention of SQL Injection Attacks Without Access to the Application Source Code
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-REPORT-2008-025]
This paper presents an effective approach for detecting and preventing known as well as novel SQL injection attacks. [...]
Published in San-Tsai Sun and Konstantin Beznosov, "SQLPrevent: Effective dynamic detection and prevention of SQL injection attacks without access to the application source code," Tech. Rep. LERSSE-TR-2008-01, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, February 2008.:
Transfer from CDS 0.99.7: PDF;
|
154.
|
A Two-Factor Authentication System using Mobile Phones
/ Nima Kaviani ; Konstantin Beznosov
[LERSSE-POSTER-2008-003]
The use of untrusted computers to access critical information introduces one of the main challenges in protecting the security of users’ confidential information. [...]
Published in Nima Kaviani, Konstantin Beznosov, "A Two-Factor Authentication System using Mobile Phones", Poster Presentation in the National Privacy and Security Conference, Victoria, Canada, February 2008.:
Transfer from CDS 0.99.7: PDF;
|
155.
|
Security Practitioners in Context: Their Activities and Collaborative Interactions
/ Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-POSTER-2008-002]
This study develops the context of interactions of IT security practitioners [...]
Published in Werlinger, R., Hawkey, K., and Beznosov, K. Poster presented at "Security and Privacy Conference", Victoria, BC, Canada, February 2008.:
Transfer from CDS 0.99.7: PDF;
|
156.
|
Security Practitioners in Context: Their Activities and Interactions
/ Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefConfPaper-2008-025]
This study develops the context of interactions of IT security practitioners [...]
Published in Rodrigo Werlinger, Kirstie Hawkey, and Konstantin Beznosov. Security practitioners in context: their activities and interactions. In CHI ’08 extended abstracts on Human factors in computing systems, pages 3789–3794, Florence, Italy, 2008.
:
Transfer from CDS 0.99.7: PDF;
|
157.
|
Searching for the Right Fit: Considerations when Balancing IT Security Management Model Tradeoffs
/ Kirstie Hawkey, Kasia Muldner and Konstantin Beznosov
[LERSSE-POSTER-2008-004]
The effectiveness of IT security professionals in an organization is influenced not only by the usability of security management tools, but also by the fit of an organization's security management model (SMM). [...]
Published in Kirstie Hawkey, Kasia Muldner, Konstantin Beznosov, "Searching for the Right Fit: Considerations when Balancing IT Security Management Model Tradeoffs", Poster presented at the 7th Annual Conference & Exposition Privacy & Security Conference, Victoria, B.C., February 7-8, 2008.:
Transfer from CDS 0.99.7: PDF;
|
158.
|
Searching for the Right Fit: A Case Study of IT Security Management Model Tradeoffs
/ Kirstie Hawkey ; Kasia Muldner ; Konstantin Beznosov
[LERSSE-REPORT-2007-024]
The usability of security systems within an organization is impacted not only by tool interfaces but also by the security management model (SMM) of the IT security team. [...]
Published in Kirstie Hawkey, Kasia Muldnery, and Konstantin Beznosov, "Searching for the Right Fit: A Case Study of IT Security Management Model Tradeoffs", Laboratory for Education and Research in Secure Systems Engineering, Vancouver, Canada, University of British Columbia, technical report LERSSE-TR-2007-03, 16 November, 2007, pp.23.:
Transfer from CDS 0.99.7: PDF;
|
159.
|
On the Imbalance of the Security Problem Space and its Expected Consequences
/ Konstantin Beznosov ; Olga Beznosova
[LERSSE-PRESENTATION-2007-064]
This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon [...]
Published in Konstantin Beznosov, Olga Beznosova "On the Imbalance of the Security Problem Space and its Expected Consequences," Presented at the Symposium on Human Aspects of Information Security & Assurance (HAISA), Plymouth, UK, 10 July, 2007, pp.29.:
Transfer from CDS 0.99.7: PDF;
|
160.
|
Cooperative Secondary Authorization Recycling
/ Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-PRESENTATION-2007-063]
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are facing challenges in terms of fragility and poor scalability [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," presented at the 16th Symposium on High Performance Distributed Computing (HPDC'07), June 27, 2007, Monterey, California, USA. pp.24. :
Transfer from CDS 0.99.7: PDF;
|
161.
|
Towards Understanding IT Security Professionals and Their Tools
/ David Botta ; Rodrigo Werlinger ; André Gagné ; Konstantin Beznosov ; et al
[LERSSE-PRESENTATION-2007-062]
It is estimated that organizations worldwide will spend around $100 Billion USD on IT Security in 2007. [...]
Published in David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Sid Fels, Lee Iverson, Brian Fisher, "Towards Understanding IT Security Professionals and Their Tools," CIPS Vancouver Security SIG Meeting, Vancouver, 13 June, 2007, pp.20.:
Transfer from CDS 0.99.7: PDF;
|
162.
|
Understanding IT Security Administration through a Field Study
/ David Botta ; Rodrigo Werlinger ; André Gagné ; Konstantin Beznosov ; et al
[LERSSE-REPORT-2007-002]
[LERSSE-REPORT-2007-020]
The security administration of large organizations is exceptionally challenging due to the increasingly large numbers of application instances, resources, and users; the growing complexity and dynamics of business processes; and the spiralling volume of change that results from the interaction of the first two factors. [...]
Published in David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Lee Iverson, Sidney Fels and Brian Fisher, "Understanding Information Technology Security Administration through a Field Study", Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, 2007:
Transfer from CDS 0.99.7: PDF;
|
163.
|
Towards Understanding IT Security Professionals and Their Tools
/ David Botta ; Rodrigo Werlinger ; André Gagné ; Konstantin Beznosov ; et al
[LERSSE-RefConfPaper-2007-023]
We report preliminary results of our ongoing field study of IT professionals who are involved in security management. [...]
Published in David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Lee Iverson, Sidney Fels, Brian Fisher, "Towards Understanding IT Security Professionals and Their Tools" in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), Carnegie Mellon University, Pittsburgh, PA, USA, July 18-20, 2007, pp.100-111.:
Transfer from CDS 0.99.7: PDF;
|
164.
|
Support for ANSI RBAC in CORBA
/ Konstantin Beznosov ; Wesam Darwish
[LERSSE-REPORT-2007-019]
We describe access control mechanisms of the Common Ob ject Request Broker Architecture (CORBA) and define a configuration of the CORBA protection system in more precise and less ambiguous language than the CORBA Security specification (CORBASec). [...]
Published in Konstantin Beznosov, Wesam Darwish "Support for ANSI RBAC in CORBA," Laboratory for Education and Research in Secure Systems Engineering, Vancouver, Canada, University of British Columbia, technical report LERSSE-TR-2007-01, 26 July, 2007, pp.42.:
Transfer from CDS 0.99.7: PDF;
|
165.
|
Cooperative Secondary Authorization Recycling
/ Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-RefConfPaper-2007-022]
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are facing challenges in terms of fragility and poor scalability. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," in Proceedings of the 16th Symposium on High Performance Distributed Computing (HPDC'07), June 25–29, 2007, Monterey, California, USA. pp.65-74:
Transfer from CDS 0.99.7: PDF;
|
166.
|
On the Imbalance of the Security Problem Space and its Expected Consequences
/ Konstantin Beznosov ; Olga Beznosova
[LERSSE-RefConfPaper-2007-021]
This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon [...]
Published in Konstantin Beznosov, Olga Beznosova "On the Imbalance of the Security Problem Space and its Expected Consequences," To appear in Symposium on Human Aspects of Information Security & Assurance (HAISA), Plymouth, UK, 10 July, 2007, pp.10. :
Transfer from CDS 0.99.7: PDF;
|
167.
|
Studying IT Security Professionals: Research Design and Lessons Learned
/ David Botta ; Rodrigo Werlinger ; André Gagné ; Konstantin Beznosov ; et al
[LERSSE-RefConfPaper-2007-020]
The HOT Admin Field Study used qualitative methods to study information technology security administrators. [...]
Published in David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Lee Iverson, Sidney Fels, and Brian Fisher, "Studying IT Security Professionals: Research Design and Lessons Learned" position paper at the CHI Workshop on Security User studies: Methodologies and Best Practices, San Francisco, CA, 28 April 2007, 4 pages.:
Transfer from CDS 0.99.7: PDF;
|
168.
|
A Security Analysis of the Precise Time Protocol
/ Jeanette Tsang ; Konstantin Beznosov
[LERSSE-PRESENTATION-2006-061]
We present a security analysis of the IEEE 1588 standard, a.k.a [...]
Published in Jeanette Tsang, Konstantin Beznosov, "A Security Analysis of the Precise Time Protocol", presented at the Eighth International Conference on Information and Communications Security (ICICS), Raleigh, North Carolina, USA, 5 December, 2006.:
Transfer from CDS 0.99.7: PDF;
|
169.
|
A Security Analysis of the Precise Time Protocol
/ Jeanette Tsang ; Konstantin Beznosov
[LERSSE-REPORT-2006-018]
This paper reports on a security analysis of the IEEE 1588 standard, a.k.a. [...]
Published in Jeanette Tsang, Konstantin Beznosov, "A Security Analysis of the Precise Time Protocol" LERSSE Technical Report LERSSE-TR-2006-02, December 04, 2006.:
Transfer from CDS 0.99.7: PDF;
|
170.
|
A Security Analysis of the Precise Time Protocol (Short Paper)
/ Jeanette Tsang ; Konstantin Beznosov
[LERSSE-RefConfPaper-2006-019]
This paper reports on a security analysis of the IEEE 1588 standard, a.k.a [...]
Published in Jeanette Tsang, Konstantin Beznosov "A Security Analysis of the Precise Time Protocol (Short Paper)," In Proceedings of Eighth International Conference on Information and Communications Security (ICICS), Raleigh, North Carolina, USA, Springer-Verlag Berlin Heidelberg, LNCS 4307, 4-7 December, 2006, pp.50-59. :
Transfer from CDS 0.99.7: PDF;
|
171.
|
Employing Secondary and Approximate Authorizations to Improve Access Control Systems
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2006-060]
The request-response paradigm used for developing access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers through remote procedure calls. [...]
Published in Konstantin Beznosov "Employing Secondary and Approximate Authorizations to Improve Access Control Systems," Halifax, NS, Canada, Faculty of Computer Science, Dalhousie University, 12 October, 2006, pp.43.:
Transfer from CDS 0.99.7: PDF;
|
172.
|
The Secondary and Approximate Authorization Model and its Application to BellLaPadula Policies
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2006-059]
The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures, with security enforcement logic obtaining decisions from authorization servers through remote procedure calls. [...]
Published in Konstantin Beznosov "The Secondary and Approximate Authorization Model and its Application to BellLaPadula Policies," Marina del Rey, Clifornia, USA, Computer Networks Division, Information Sciences Institute, the University of Southern California, 6 February, 2006, pp.35.:
Transfer from CDS 0.99.7: PDF;
|
173.
|
Issues in the Security Architecture of the Computerized Patient Record Enterprise
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2006-058]
We discuss issues in CPR enterprise security architecture. [...]
Published in Konstantin Beznosov "Issues in the Security Architecture of the Computerized Patient Record Enterprise," presented at the Second Workshop on Distributed Object Computing Security (DOCSec), Baltimore, Maryland, USA, 7 May, 1998, pp.11.:
Transfer from CDS 0.99.7: PDF;
|
174.
|
Identification of Sources of Failures and Their Propagation in Critical Infrastructures from 12 Years of Public Failure Reports
/ Hafiz A. Rahman ; Konstantin Beznosov ; Jose R. Martí
[LERSSE-UnrefConfPaper-2006-004]
Survival in our society relies on continued services from interdependent critical infrastructures. [...]
Published in Hafiz A. Rahman, Konstantin Beznosov, Jose R. Martí "Identification of Sources of Failures and Their Propagation in Critical Infrastructures from 12 Years of Public Failure Reports," Proceedings of the Third International Conference on Critical Infrastructures, Alexandria, VA, USA, The International Institute for Critical Infrastructures, 24-27 September, 2006, pp.11.:
Transfer from CDS 0.99.7: PDF;
|
175.
|
Towards Agile Security Assurance
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2006-057]
Agile development methods are promising to become the next generation replacing waterfall development. [...]
Published in Konstantin Beznosov "Towards Agile Security Assurance," presentation given at the Calgary Agile Methods User Group (CAMUG), Calgary, Alberta, Canada, University of Calgary, 3 October, 2006.:
Transfer from CDS 0.99.7: PDF;
|
176.
|
Usable Security: Quo Vadis?
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2006-056]
The presentation discusses the current state of HCISec and challanges for future research..
Published in Konstantin Beznosov "Usable Security: Quo Vadis?," presented at the USENIX Security panel on usability and security, Vancouver, BC, Canada, USENIX, 2 August, 2006, pp.9.:
Transfer from CDS 0.99.7: PDF;
|
177.
|
Multiple-Channel Security Architecture and Its Implementation over SSL
/ Yong Song ; Konstantin Beznosov ; Victor C.M. Leung
[LERSSE-RefJnlPaper-2006-003]
This paper presents multiple-channel SSL (MC-SSL), an architecture and protocol for protecting client-server communications. [...]
Published in Song, Y., Beznosov, K., and Leung, V. C. Multiple-channel security architecture and its implementation over SSL. EURASIP J. EURASIP Journal on Wireless Communications and Networking. 2006, 2 (Apr. 2006), 78-78.:
Transfer from CDS 0.99.7: PDF;
|
178.
|
Cooperative Secondary Authorization Recycling
/ Qiang Wei ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-POSTER-2006-001]
As distributed enterprise systems scale up and become increasingly complex their authorization infrastructures are facing new challenges [...]
Published in Qiang Wei, Konstantin Beznosov, Matei Ripeanu, "Cooperative Approximate Authorization Recycling", Poster, 15th USENIX Security Symposium, August 2006.:
Transfer from CDS 0.99.7: PDF;
|
179.
|
Evaluation of SAAM_BLP
/ Kyle Zeeuwen ; Konstantin Beznosov
[LERSSE-REPORT-2006-017]
Request response access control systems that use Policy Decision Points have their reliability and latency bounded by network communication. [...]
Published in Kyle Zeeuwen, Konstantin Beznosov, "Evaluation of SAAM_BLP" LERSSE Technical Report LERSSE-TR-2006-01, July 21, 2006.:
Transfer from CDS 0.99.7: PDF;
|
180.
|
The Secondary and Approximate Authorization Model and its Application to Bell-LaPadula Policies
/ Jason Crampton ; Wing Leung ; Konstantin Beznosov
[LERSSE-RefConfPaper-2006-017]
We introduce the concept, model, and policy-specific algorithms for inferring new access control decisions from previous ones. [...]
Published in Jason Crampton, Wing Leung, Konstantin Beznosov "The Secondary and Approximate Authorization Model and its Application to Bell-LaPadula Policies," In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), Lake Tahoe, California, USA, ACM, 7-9 June, 2006, pp.111-120.:
Transfer from CDS 0.99.7: PDF;
|
181.
|
Summary of the HOT Admin Proposal
/ Konstantin Beznosov ; Sidney Fels ; Brian Fisher ; Lee Iverson
[LERSSE-etc-2006-001]
Published in Konstantin Beznosov, Sidney Fels, Brian Fisher, Lee Iverson, "Summary of the HOT Admin Proposal," December 2005, pp. 2.:
Transfer from CDS 0.99.7: PDF;
|
182.
|
HOT Admin: Human, Organization, and Technology Centred Improvement of the IT Security Administration
/ Konstantin Beznosov ; Sid Fels ; Lee Iverson ; Brian Fisher
[LERSSE-PRESENTATION-2006-055]
While cryptography, access control, accountability, and other security technologies have received a great deal of attention, to our knowledge this is the first attempt to address systematically the interaction of security administrative models and technologies with usability within an organization [...]
Published in Konstantin Beznosov, Sid Fels, Lee Iverson, Brian Fisher, "HOT Admin: Human, Organization, and Technology Centred Improvement of the IT Security Administration," CIPS Vancouver Security SIG Meeting, Vancouver, 8 March, 2006, pp.35.:
Transfer from CDS 0.99.7: PDF;
|
183.
|
Extending XP Practices to Support Security Requirements Engineering
/ Gustav Boström ; Jaana Wäyrynen ; Marine Bodén, ; Konstantin Beznosov ; et al
[LERSSE-RefConfPaper-2006-016]
This paper proposes a way of extending eXtreme Programming (XP) practices, in particular the original planning game and the coding guidelines, to aid the developers and the customer to engineer security requirements while maintaining the iterative and rapid feedback-driven nature of XP. [...]
Published in Gustav Boström, Jaana Wäyrynen, Marine Bodén, Konstantin Beznosov, Philippe Kruchten, "Extending XP Practices to Support Security Requirements Engineering," Proceedings of Workshop on Software Engineering for Secure Systems (SESS), Shanghai, China, ACM, 20–21 May, 2006, pp.11-17.:
Transfer from CDS 0.99.7: PDF;
|
184.
|
Assessment of Interdependencies between Communication and Information Technology Infrastructure and other Critical Infrastructures from Public Failure Reports
/ Hafiz Abdur Rahman ; Konstantin Beznosov
[LERSSE-REPORT-2006-015]
Failure in Communication and Information Technology Infrastructure (CITI) can disrupt the effective functionalities of many of the critical infrastructures. [...]
Published in Hafiz Abdur Rahman, Konstantin Beznosov, "Assessment of Interdependencies between Communication and Information Technology Infrastructure and other Critical infrastructures from Public Failure Reports," Laboratory for Education and Research in Secure Systems Engineering, Vancouver, B.C., Canada, University of British Columbia, technical report LERSSE-TR-2005-03, 24 February, 2005, pp.34.:
Transfer from CDS 0.99.7: PDF;
|
185.
|
Analysis of Interdependencies between CITI and other Critical Infrastructures using RISKS Forum data
/ Hafiz Abdur Rahman ; Konstantin Beznosov
[LERSSE-PRESENTATION-2006-052]
* Objectives * Information Requirement for CITI Failure Analysis * Use of Public Domain Failure Reports * Existing Classification Methods * Our Method of Classification and Analysis * Results of our Analysis * Conclusions
Published in Hafiz Abdur Rahman and Konstantin Beznosov, "Analysis of Interdependencies between CITI and other Critical Infrastructures using RISKS Forum data," JIIRP Technical Meeting, University of British Columbia, ICICS, 27 January, 2006, pp.26. :
Transfer from CDS 0.99.7: PDF;
|
186.
|
Resource Access Decision Service for CORBA-based Distributed Systems
/ Konstantin Beznosov ; Yi Deng ; Bob Blakley ; Carol Burt ; et al
[LERSSE-PRESENTATION-2006-051]
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those polices and factors are [...]
Published in Barkley, "A Resource Access Decision Service for CORBA-based Distributed
Systems," presented at the Annual Computer Security Applications Conference
(ACSAC), Phoenix, Arizona, U.S.A., 10 December, 1999, pp.13. :
Transfer from CDS 0.99.7: PDF;
|
187.
|
Secondary and Approximate Authorization Model (SAAM) and its Application to Bell-LaPadula Policies
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2006-050]
The talk defines the secondary and approximate authorization model (SAAM) [...]
Published in Authorization Model (SAAM) and its Application to Bell-LaPadula Policies," Los
Angeles, Information Sciences Institute, 6 February, 2006, pp.35. :
Transfer from CDS 0.99.7: PDF;
|
188.
|
Usability of Security Administration vs. Usability of End-user Security
/ Mary Ellen Zurko ; Steve Chan ; Greg Conti ; Konstantin Beznosov
[LERSSE-PRESENTATION-2005-049]
Having recently received increasing attention, usable security is implicitly all about the end user who employs a computer system to accomplish security-unrelated business or personal goals [...]
Published in Mary Ellen Zurko, Steve Chan, Greg Conti, Konstantin Beznosov, "Usability of Security Administration vs. Usability of End-user Security," slides of the corresponding panel at the Symposium on Usable Privacy and Security (SOUPS), Pittsburgh, PA, USA, 8 July, 2005, pp.35.:
Transfer from CDS 0.99.7: PDF;
|
189.
|
Update on Security Domain Membership RFP Proposal
/ Konstantin Beznosov ; Tadashi Kaji
[LERSSE-PRESENTATION-2005-048]
Presentation explains structural design proposed by the SDMM proposal, as it was standing on December 2000..
Published in Konstantin Beznosov, Tadashi Kaji, "Update on Security Domain Membership RFP Proposal," presented to the OMG ORB/OS PTF, OMG docuement orbos/00-12-07, 12 December, 2000, pp.23. :
Transfer from CDS 0.99.7: PDF;
|
190.
|
Upcoming OMG HealthCare Resource Access Control Facility
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2005-047]
Outline: • CORBA in 5 minutes • CORBA security model • Why HRAC • HRAC concepts • HRAC framework design • Work status
Published in Konstantin Beznosov, "Upcoming OMG HealthCare Resource Access Control Facility," presentation on Resource Access Decision facility given to SIG Secure at HL7 meeting, Orlando, FL, USA, SIG Secure, HL7, 26 January, 1999, pp.14.:
Transfer from CDS 0.99.7: PDF;
|
191.
|
Towards Agile Security Assurance
/ Konstantin Beznosov ; Philippe Kruchten
[LERSSE-PRESENTATION-2005-046]
Agile development methods are promising to become the next generation replacing water-fall development. [...]
Published in Konstantin Beznosov, Philippe Kruchten, "Towards Agile Security Assurance," presentation given at The New Security Paradigms Workshop (NSPW), White Point Beach Resort, Nova Scotia, Canada, 20 September, 2004. :
Transfer from CDS 0.99.7: PDF;
|
192.
|
Towards Agile Security Assurance
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2005-045]
Agile development methods are promising to become the next generation replacing water-fall development. [...]
Published in Konstantin Beznosov, "Towards Agile Security Assurance," presentation given at the Department of Computer Science, Waterloo, Ontario, Canada, University of Waterloo, 18 October, 2004. :
Transfer from CDS 0.99.7: PDF;
|
193.
|
Towards Agile Security Assurance
/ Konstantin Beznosov ; Philippe Kruchten
[LERSSE-RefConfPaper-2005-015]
Agile development methods are promising to become the next generation replacing water-fall development. [...]
Published in Proceedings of the workshop on New security paradigms, Nova Scotia, Canada: (2004) pp. 47-54
Transfer from CDS 0.99.7: PDF;
|
194.
|
Toward Usable Security Administration
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2005-044]
Administration of protection mechanisms for large networked information enterprises is challenging due to large numbers of application instances resources and users, complex and dynamic business processes, and high (and always growing) volume of change because of the first two (large scale and dynamics). [...]
Published in Konstantin Beznosov, "Toward Usable Security Administration," presented at the 4th Annual Advanced Networks Conference, Vancouver, Canada, 27 April, 2004.:
Transfer from CDS 0.99.7: PDF;
|
195.
|
Toward Usable Security Administration
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2005-043]
Administration of protection mechanisms for large networked information enterprises is challenging due to large numbers of application instances resources and users, complex and dynamic business processes, and high (and always growing) volume of change because of the first two (large scale and dynamics). [...]
Published in Konstantin Beznosov, "Toward Usable Security Administration," presentation given at the 4th Annual Advanced Networks Conference, Vancouver, BC, Canada, 27 April, 2004.:
Transfer from CDS 0.99.7: PDF;
|
196.
|
Taxonomy of CPR Enterprise Security Concerns at Baptist Health Systems of South Florida
/ Konstantin Beznosov
[LERSSE-REPORT-2005-013]
This document categorizes security concerns of Computerized Patient Record enterprise according to federal and Florida state legal requirements, as well as to the internal security policies of Baptist Health Systems of South Florida..
Published in Konstantin Beznosov, "Taxonomy of CPR Enterprise Security Concerns at Baptist Health Systems of South Florida," Object Technology Group, Miami, FL, USA, Baptist Health Systems of South Florida.: (December, 1997)
Transfer from CDS 0.99.7: PDF;
|
197.
|
Supporting Relationships in Access Control Using Role Based Access Control
/ John Barkley ; Konstantin Beznosov ; Jinny Uppal ; John Barkley ; et al
[LERSSE-RefConfPaper-2005-014]
The Role Based Access Control (RBAC) model and mechanism have proven to be useful and effective. [...]
Published in Proceedings of the Fourth ACM Workshop on
Role-Based Access Control, Fairfax, Virginia, USA: (October, 1999) pp. 55-65
Transfer from CDS 0.99.7: PDF;
|
198.
|
SPAPI: A Security and Protection Architecture for Physical Infrastructures and Its Deployment Strategy Using Sensor Networks
/ Hafiz Rahman ; Konstantin Beznosov
[LERSSE-RefConfPaper-2005-013]
In recent years, concerns about the safety and security of critical infrastructures have increased enormously. [...]
Published in Proceedings of 10th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA 2005), Catania, Italy: (19-22 September, 2005) pp. 885-892
Transfer from CDS 0.99.7: PDF;
|
199.
|
Software Engineering at ECE
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2005-042]
This talk gives a brief overview of the Software Engineering teaching and research at the Department of Electrical and Computer Engineering, the University of British Columbia..
Published in Konstantin Beznosov, "Software Engineering at ECE," brief update given at the UBC\'s ECE Advisory Council meeting, Vancouver, B.C., Canada, 2 November, 2003. :
Transfer from CDS 0.99.7: PDF;
|
200.
|
Security Requirements in Healthcare
/ Konstantin Beznosov
[LERSSE-PRESENTATION-2005-041]
Presentation on requirements in US healthcare organizations to security vendors, given to the joint SecSIG/CORBAmed session [...]
Published in Konstantin Beznosov, "Security Requirements in Healthcare," presentation given to the joint SecSIG/CORBAmed, OMG, OMG doc # corbamed/99-03-16, 23 March, 1999, pp.16. :
Transfer from CDS 0.99.7: PDF;
|