SQLPrevent: Effective Dynamic Protection Against SQL Injection Attacks
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs). This approach (1) is resistant to...
View ArticleUsability Meets Access Control: Challenges and Research Opportunities
This panel discusses specific challenges in the usability of access control technologies and new opportunities for research. The questions vary from “Why nobody, even experts, uses access control lists...
View ArticleRevealing Hidden Context: Improving Mental Models of Personal Firewall Users
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. However, concealing the impact of network context on the security state of...
View ArticleRevealing Hidden Context: Improving Mental Models of Personal Firewall Users
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. However, concealing the impact of network context on the security state of the...
View ArticleUser Centered Design of ITSM Tools
IT Security Management (ITSM) requires collaboration between diverse stakeholders, has an environment of numerous technological and business specializations (is complex), has many issues that need to...
View ArticleRetrofitting Existing Web Applications with Effective Dynamic Protection...
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs) without the involvement of application...
View ArticleRevealing Hidden Context: Improving Users' Mental Models of Personal Firewalls
Windows Vista’s personal firewall provides its diverse users with a basic interface that hides many operational details. However, our study of this interface revealed that concealing the impact of...
View ArticleTowards Understanding Diagnostic Work During the Detection and Investigation...
This study investigates how security practitioners perform diagnostic work during the identification of security incidents. Based on empirical data from 16 interviews with security practitioners, we...
View ArticleA Multi-method Approach for User-centered Design of Identity Management Systems
Identity management (IdM) comprises the processes and infrastructure for the creation, maintenance, and use of digital identities. This includes designating who has access to resources, who grants that...
View ArticleTowards Improving the Availability and Performance of Enterprise...
Authorization protects application resources by allowing only authorized entities to access them. Existing authorization solutions are widely based on the request-response model, where a policy...
View ArticleA Case Study of Enterprise Identity Management System Adoption in an...
This case study describes the adoption of an enterprise identity management(IdM) system in an insurance organization. We describe the state of the organization before deploying the IdM system, and...
View ArticleTowards Developing Usability Heuristics for Evaluation of IT Security...
Evaluating the usability of specific information technology (IT) security tools is challenging. For example, laboratory experiments can have little validity due to the complexity of real-world security...
View ArticlePreparation, detection, and analysis: the diagnostic work of IT security...
Purpose — The purpose of this study is to examine security incident response practices of IT security practitioners as a diagnostic work process, including the preparation phase, detection, and...
View ArticleSecurity Research Advances in 2009
This presentation reviews latest scientific conference reports on the cutting edge research in computer security. It presents and explains 2009 highlights from such top world annual research...
View ArticleInvestigating an Appropriate Design for Personal Firewalls
Personal firewalls are an important aspect of security for home computer users, but little attention has been given to their usability. We conducted semi-structured interviews to understand...
View ArticleInvestigating User Account Control Practices
Non-administrator user accounts and the user account control (UAC) approach of Windows Vista are two practical solutions to limit the damage of malware infection. UAC in Windows Vista supports usage of...
View ArticleDo Windows Users Follow the Principle of Least Privilege? Investigating User...
The principle of least privilege requires that users and their programs be granted the most restrictive set of privileges possible to perform required tasks in order to limit the damages caused by...
View Article"I did it because I trusted you": Challenges with the Study Environment...
We recently replicated and extended a 2009 study that investigated the effectiveness of SSL warnings. Our experimental design aimed to mitigate some of the limitations of that prior study, including...
View ArticleExpectations, Perceptions, and Misconceptions of Personal Firewalls
In this research, our goal is to better understand users' knowledge, expectations, perceptions, and misconceptions of personal firewalls. We conducted interviews with 30 participants and analyzed the...
View ArticleThe Challenges of Understanding Users’ Security-related Knowledge, Behaviour,...
In order to improve current security solutions or devise novel ones, it is important to understand users' knowledge, behaviour, motivations and challenges in using a security solution. However,...
View ArticleChallenges in evaluating complex IT security management systems
Performing ecologically valid user studies for IT security management (ITSM) systems is challenging. The users of these systems are security professionals who are difficult to recruit for interviews,...
View ArticleIt's Too Complicated, So I Turned It Off! Expectations, Perceptions, and...
Even though personal firewalls are an important aspect of security for the users of personal computers, little attention has been given to their usability. We conducted semi-structured interviews with...
View ArticleToward Understanding Distributed Cognition in IT Security Management: The...
Information technology security management (ITSM) entails significant challenges, including the distribution of tasks and stakeholders across the organization, the need for security practitioners to...
View ArticleOpenID Security Analysis and Evaluation
OpenID is a promising user-centric Web single sign-on protocol. According to the OpenID Foundation, there are currently more than one billion OpenID-enabled user accounts provided by major service...
View ArticlePromoting A Physical Security Mental Model For Personal Firewall Warnings
We used an iterative process to design personal firewall warnings in which the functionality of a firewall is visualized based on a physical security mental model. We performed a study to determine the...
View Article
