|
1.
|
Android users in the wild: Their authentication and usage behavior
/ Ahmed Mahfouz ; Ildar Muslukhov ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2017-002]
In this paper, we performed a longitudinal field study with 41 participants, who installed our monitoring framework on their Android smartphones and ran it for at least 20 days. [...]
Published in A. Mahfouz, I. Muslukhov, K. Beznosov, “Android users in the wild: Their authentication and usage behavior,” Pervasive and Mobile Computing, v. 32, 2016, 50-61.:
Fulltext:  PDF PDF (PDFA);
|
|
2.
|
Decoupling data-at-rest encryption and smartphone locking with wearable devices
/ Ildar Muslukhov ; San-Tsai Sun ; Primal Wijesekera ; Yazan Boshmaf ; et al
[LERSSE-RefJnlPaper-2017-001]
Smartphones store sensitive and confidential data, e.g., business related documents or emails. [...]
Published in I. Muslukhov, S.-T. Sun, P. Wijesekera, Y. Boshmaf, K. Beznosov, “Decoupling data-at-rest encryption and smartphone locking with wearable devices,” Pervasive and Mobile Computing, v. 32, 2016, 26-34.:
Fulltext: PDF PDF (PDFA);
|
|
3.
|
Phishing threat avoidance behaviour: An empirical investigation
/ Nalin Asanka Gamagedara Arachchilage ; Steve Love ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2016-001]
Abstract Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. [...]
Published in Nalin Asanka Gamagedara Arachchilage, Steve Love, Konstantin Beznosov, Phishing threat avoidance behaviour: An empirical investigation, Computers in Human Behavior, Volume 60, July 2016, Pages 185-197, ISSN 0747-5632:
Fulltext: PDF PDF (PDFA);
|
|
4.
|
Heuristics for Evaluating IT Security Management Tools
/ Pooya Jaferian ; Kirstie Hawkey ; Andreas Sotirakopoulos ; Maria Velez-Rojas ; et al
[LERSSE-RefJnlPaper-2013-002]
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. [...]
Published in Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, Maria Velez-Rojas, Konstantin Beznosov, Heuristics for Evaluating IT Security Management Tools, Accepted in Human–Computer Interaction, doi:10.1080/07370024.2013.819198.:
Fulltext: PDF PDF (PDFA);
|
|
5.
|
Investigating Users' Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
/ San-Tsai Sun ; Eric Pospisil ; Ildar Muslukhov ; Nuray Dindar ; et al
[LERSSE-RefJnlPaper-2013-001]
OpenID and OAuth are open and simple web single sign-on (SSO) protocols that have been adopted by major service providers, and millions of supporting websites. [...]
Published in San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. Investigating users' perspectives of web single sign-on: Conceptual gaps and acceptance model. Accepted for publication in ACM Transactions on Internet Technology (TOIT) on June 4th, 2013.:
Fulltext: PDF PDF (PDFA);
|
|
6.
|
Speculative Authorization
/ Pranab Kini ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2012-003]
We present Speculative Authorization (SPAN), a prediction technique that reduces authorization latency in enterprise systems. [...]
Published in Pranab Kini, Konstantin Beznosov, "Speculative Authorization," IEEE Transactions on Parallel and Distributed Systems, 10 Aug. 2012.:
Transfer from CDS 0.99.7: PDF;
|
|
7.
|
Design and Analysis of a Social Botnet
/ Yazan Boshmaf ; Ildar Muslukhov ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-RefJnlPaper-2012-002]
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. [...]
Published in Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. Design and Analysis of a Social Botnet. Elsevier Journal of Computer Network - Special Issue on Botnets, 2012.:
Transfer from CDS 0.99.7: PDF;
|
|
8.
|
Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures
/ San-Tsai Sun ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2012-001]
OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. [...]
Published in San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures. Computers & Security, Accepted 7 February 2012.:
Transfer from CDS 0.99.7: PDF;
|
|
9.
|
Analysis of ANSI RBAC Support in EJB
/ Wesam Darwish ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2011-001]
This paper analyzes access control mechanisms of the Enterprise Java Beans (EJB) architecture and defines a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB 3.0 standard. [...]
Published in Wesam Darwish and Konstantin Beznosov. Analysis of ANSI RBAC support in EJB. International Journal of Secure Software Engineering, 2(2):25-52, April-June 2011.:
Transfer from CDS 0.99.7: PDF;
|
|
10.
|
Toward Understanding Distributed Cognition in IT Security Management: The Role of Cues and Norms
/ David Botta ; Kasia Muldner ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2010-002]
Information technology security management (ITSM) entails significant challenges, including the distribution of tasks and stakeholders across the organization, the need for security practitioners to cooperate with others, and technological complexity. [...]
Published in 1. D. Botta, K. Muldner, K. Hawkey, and K. Beznosov, “Toward Understanding Distributed Cognition in IT Security Management: The Role of Cues and Norms,” accepted for publication to the International Journal of Cognition, Technology and Work on 16 / Aug / 2010.:
Transfer from CDS 0.99.7: PDF;
|
|
11.
|
Analysis of ANSI RBAC Support in COM+
/ Wesam Darwish ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2010-001]
We analyze access control mechanisms of the COM+ architecture and define a configuration of the COM+ protection system in more precise and less ambiguous language than the COM+ documentation. [...]
Published in Darwish, W. and Beznosov, K. Analysis of ANSI RBAC Support in COM+. Comput. Stand. Interfaces 32, 4 (Jan. 2010), 197-214. :
Transfer from CDS 0.99.7: PDF;
|
|
12.
|
Authorization Recycling in Hierarchical RBAC Systems
/ Qiang Wei ; Jason Crampton ; Konstantin Beznosov ; Matei Ripeanu
[LERSSE-RefJnlPaper-2009-014]
As distributed applications increase in size and complexity, traditional authorization architectures based on a dedicated authorization server become increasingly fragile because this decision point represents a single point of failure and a performance bottleneck. [...]
Published in Q. Wei, J. Crampton, K. Beznosov, M. Ripeanu, “Authorization Recycling in Hierarchical RBAC Systems,” to appear in ACM Transactions on Information and System Security (TISSEC), 32 pages, preprint.:
Transfer from CDS 0.99.7: PDF;
|
|
13.
|
Preparation, detection, and analysis: the diagnostic work of IT security incident response
/ Rodrigo Werlinger ; Kasia Muldner ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2009-013]
Purpose — The purpose of this study is to examine security incident response practices of IT security practitioners as a diagnostic work process, including the preparation phase, detection, and analysis of anomalies. [...]
Published in Rodrigo Werlinger, Kasia Muldner, Kirstie Hawkey, and Konstantin Beznosov. Preparation,
detection, and analysis: the diagnostic work of IT security incident response. Journal of
Information Management & Computer Security, 18(1):26-42, January 2010.
:
Transfer from CDS 0.99.7: PDF;
|
|
14.
|
Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks
/ San-Tsai Sun ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2009-012]
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs) without the involvement of application developers. [...]
Published in Sun-Tsai Sun and Konstantin Beznosov. Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks. In International Journal of Secure Software Engineering, pages 20-40, 1(1), January 2010.:
Transfer from CDS 0.99.7: PDF;
|
|
15.
|
Identification of sources of failures and their propagation in critical infrastructures from 12 years of public failure reports
/ Hafiz Abdur Rahman ; Konstantin Beznosov ; José R. Martí
[LERSSE-RefJnlPaper-2009-010]
Understanding the origin of infrastructure failures and their propagation patterns in critical infrastructures can provide important information for secure and reliable infrastructure design. [...]
Published in Hafiz Abdur Rahman, Konstantin Beznosov and José R. Martí, "Identification of sources of failures and their propagation in critical infrastructures from 12 years of public failure reports ", International Journal of Critical Infrastructures 2009 - Vol. 5, No.3 pp. 220 - 244:
Transfer from CDS 0.99.7: PDF;
|
|
16.
|
An integrated view of human, organizational, and technological challenges of IT security management
/ Rodrigo Werlinger ; Kirstie Hawkey ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2009-009]
Abstract Purpose – The purpose of this study is to determine the main challenges that IT security practitioners face in their organizations, including the interplay among human, organizational, and technological factors [...]
Published in Rodrigo Werlinger, Kirstie Hawkey and Konstantin Beznosov, "An integrated view of human, organizational, and technological challenges of IT security management", Information Management & Computer Security, vol. 17, n. 1, 2009, pp.4-19.:
Transfer from CDS 0.99.7: PDF;
|
|
17.
|
Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders within Organizations
/ Rodrigo Werlinger ; Kirstie Hawkey ; David Botta ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2009-007]
This study investigates the context of interactions of IT security practitioners, based on a qualitative analysis of 30 interviews and participatory observation. [...]
Published in Rodrigo Werlinger, Kirstie Hawkey, David Botta, Konstantin Beznosov, "Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders within Organizations", International Journal of Human-Computer Studies, 67(7):584–606, March 2009. :
Transfer from CDS 0.99.7: PDF;
|
|
18.
|
On the Imbalance of the Security Problem Space and its Expected Consequences
/ Konstantin Beznosov ; Olga Beznosova
[LERSSE-RefJnlPaper-2008-006]
Purpose – This paper aims to report on the results of an analysis of the computer security problem space, to suggest the areas with highest potential for making progress in the attacker-defender game, and to propose questions for future research. [...]
Published in Konstantin Beznosov and Olga Beznosova, "On the Imbalance of the Security Problem Space and its Expected Consequences," Journal of Information Management & Computer Security, Emerald, vol. 15 n.5, September 2007, pp.420-431.:
Transfer from CDS 0.99.7: PDF;
|
|
19.
|
Cooperative Secondary Authorization Recycling
/ Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2008-005]
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are facing challenges of fragility and poor scalability. [...]
Published in Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," IEEE Transactions on Parallel and Distributed Systems, vol. 20 n.2, February 2009, pp.275-288.:
Transfer from CDS 0.99.7: PDF;
|
|
20.
|
Searching for the Right Fit: Balancing IT Security Management Model Trade-Offs
/ Kirstie Hawkey ; Kasia Muldner ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2008-004]
IT security professionals’ effectiveness in an organization is influenced not only by how usable their security management tools are but also by how well the organization’s security management model (SMM) fits. [...]
Published in Kirstie Hawkey, Kasia Muldner and Konstantin Beznosov, "Searching for the Right Fit Balancing IT Security Management Model Trade-Offs", Special Issue on Useful Computer Security, IEEE Internet Computing Magazine, 12(3), 2008, p. 22-30.:
Transfer from CDS 0.99.7: PDF;
|
|
21.
|
Multiple-Channel Security Architecture and Its Implementation over SSL
/ Yong Song ; Konstantin Beznosov ; Victor C.M. Leung
[LERSSE-RefJnlPaper-2006-003]
This paper presents multiple-channel SSL (MC-SSL), an architecture and protocol for protecting client-server communications. [...]
Published in Song, Y., Beznosov, K., and Leung, V. C. Multiple-channel security architecture and its implementation over SSL. EURASIP J. EURASIP Journal on Wireless Communications and Networking. 2006, 2 (Apr. 2006), 78-78.:
Transfer from CDS 0.99.7: PDF;
|
|
22.
|
Supporting end-to-end Security Across Proxies with Multiple-Channel SSL
/ Yi Deng ; Jiacun Wang ; Jeffrey J. P. Tsai ; Konstantin Beznosov
[LERSSE-RefJnlPaper-2005-002]
Security system architecture governs the composition of components in security systems and interactions between them [...]
Published in Yong Song, Victor C. M. Leung, Konstantin Beznosov, Supporting end-to-end Security Across Proxies with Multiple-Channel SSL, Security and Protection in Information Processing Systems, Vol 147, 2004, 323-337 :
Transfer from CDS 0.99.7: PDF;
|
guest ::
