NSPW 2021
Blessed Are The Lawyers, For They Shall Inherit Cybersecurity (DOI)
Daniel W Woods, Aaron Ceross
COLBAC: Shifting Cybersecurity from Hierarchical to Horizontal Designs (DOI)
Kevin Gallagher, Santiago Torres-Arias, Nasir Memon, Jessica Feldman
Change that Respects Business Expertise: Stories as Prompts for a Conversation about Organisation Security (DOI)
Simon Parkin, Simon Arnell, Jeremy Ward
The tragedy of common bandwidth: rDDoS (DOI)
Arturs Lavrenovs, Eireann Leverett, Aaron Kaplan
Beyond NVD: Cybersecurity meets the Semantic Web. (DOI)
Raúl Aranovich, Muting Wu, Dian Yu, Katya Katsy, Benyamin Ahmadnia, Matthew Bishop, Vladimir Filkov, Kenji Sagae
Shame in Cyber Security: Effective Behavior Modification Tool or Counterproductive Foil? (DOI)
Karen Renaud, Rosalind Searle, Marc Dupuis
VoxPop: An Experimental Social Media Platform for Calibrated (Mis)information Discourse (DOI)
Filipo Sharevski, Peter Jachim, Emma Pieroni, Nate Jachim
“Taking out the Trash”: Why Security Behavior Change requires Intentional Forgetting (DOI)
Jonas Hielscher, Annette Kluge, Uta Menges, M. Angela Sasse
NSPW 2020
Categorizing Uses of Communications Metadata: Systematizing Knowledge and Presenting a Path for Privacy (DOI)
Susan Landau
Towards In-Band Non-Cryptographic Authentication (DOI)
Nour Dabbour, Anil Somayaji
Putting the Sec in DevSecOps: Using Social Practice Theory to Improve Secure Software Development (DOI)
Debi Ashenden, Gail Ollis
The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely (DOI)
Verena Distler, Gabriele Lenzini, Carine Lallemand, Vincent Koenig
TrollHunter [Evader]: Automated Detection [Evasion] of Twitter Trolls During the COVID-19 Pandemic (DOI)
Peter Jachim, Filipo Sharevski, Paige Treebridge
Trust-Based Security; Or, Trust Considered Harmful (DOI)
Abe Singer, Matt Bishop
Transcending the Teetering Tower of Trust: Demonstrated with Virtual Memory Fuses for Software Enclaves (DOI)
Scott Brookes
Deconstructing Cybersecurity: From Ontological Security to Ontological Insecurity (DOI)
Justin Joque, S M Taiabul Haque
On managing vulnerabilities in AI/ML systems (DOI)
Jonathan M. Spring, April Galyardt, Allen D. Householder, Nathan VanHoudnos
Out of Sight, Out of Mind: UI Design and the Inhibition of Mental Models of Security (DOI)
Eric Spero, Robert Biddle
NSPW 2019
Usability analysis of shared device ecosystem security: informing support for survivors of IoT-facilitated tech-abuse (DOI)
Simon Parkin, Trupti Patel, Isabel Lopez-Neira, Leonie Tanczer
Employing attack graphs for intrusion detection (DOI)
Frank Capobianco, Rahul George, Kaiming Huang, Trent Jaeger, Srikanth Krishnamurthy, Zhiyun Qian, Mathias Payer, Paul Yu
Manipulation of perceived politeness in a web-based email discourse through a malicious browser extension (DOI)
Filipo Sharevski, Paige Treebridge, Jessica Westbrook
Cyber security fear appeals: unexpectedly complicated (DOI)
Karen Renaud, Marc Dupuis
Opt out of privacy or "go home": understanding reluctant privacy behaviours through the FoMO-centric design paradigm (DOI)
Fiona Westin, Sonia Chiasson
FrameProv: towards end-to-end video provenance (DOI)
Mansoor Ahmed-Rengers
Privacy controls for always-listening devices (DOI)
Nathan Malkin, Serge Egelman, David Wagner
Everything-as-a-hack: claims-making for access to digital and social resources (DOI)
Wolter Pieters
Towards models for quantifying the known adversary (DOI)
Alaadin Addas, Julie Thorpe, Amirali Salehi-Abari
Why Jenny can't figure out which of these messages is a covert information operation (DOI)
Tristan Caulfield, Jonathan M. Spring, M. Angela Sasse
NSPW 2018
Augmenting Machine Learning with Argumentation (DOI)
Matthew A. Bishop, Carrie E. Gates, Karl N. Levitt
Against Mindset (DOI)
Arne Padmos
Shifting Paradigms: Using Strategic Foresight to Plan for Security Evolution (DOI)
Heather Vescent, Bob Blakley
Can Software Licenses Contribute to Cyberarms Control? (DOI)
Steve Dierker, Volker Roth
Going Dark: A Retrospective on the North American Blackout of 2038 (DOI)
Prashant Anantharaman, J Peter Brady, Patrick Flathers, Vijay H. Kothari, Michael C. Millian, William G. Nisen, Jason Reeves, Nathan Reitinger, Sean W. Smith
An Online Consent Maturity Model: Moving from Acceptable Use Towards Ethical Practice (DOI)
Vivien M Rooney, Simon N Foley
On Security Singularities (DOI)
Wolter Pieters
Rethinking the Proposition of Privacy Engineering (DOI)
Aaron Ceross, Andrew C Simpson
After the BlockCloud Apocalypse (DOI)
Mark Burgess, Anil Somayaji
Digital Signatures to Ensure the Authenticity and Integrity of Synthetic DNA Molecules (DOI)
Diptendu Mohan Kar, Indrajit Ray, Jenna Gallegos, Jean Peccoud
Malicious User Experience Design Research for Cybersecurity (DOI)
Adam Trowbridge, Filipo Sharevski, Jessica Westbrook
NSPW 2017
Practicing a Science of Security: A Philosophy of Science Perspective (DOI)
Jonathan M. Spring, Tyler Moore, David Pym
Market-based Security for Distributed Applications (DOI)
George Bissias, Brian N. Levine, Nikunj Kapadia
Beyond the pretty penny: the Economic Impact of Cybercrime (DOI)
Carlos H. Gañán, Michael Ciere, Michel van Eeten
Developer-centered security and the symmetry of ignorance (DOI)
Olgierd Pieczul, Simon Foley, Mary Ellen Zurko
Risk Homeostasis in Information Security: Challenges in Confirming Existence and Verifying Impact (DOI)
Karen Renaud, Merrill Warkentin
Is the Future of Authenticity All In Our Heads?: Moving Passthoughts From the Lab to the World (DOI)
Nick Merrill, Max T. Curran, John Chuang
A Model of Owner Controlled, Full-Provenance, Non-Persistent, High-Availability Information Sharing (DOI)
Sean Peisert, Matt Bishop, Ed Talbot
Panel: Empirically-based Secure OS Design (DOI)
Sam Weber, Adam Shostack, Jon A. Solworth, Mary Ellen Zurko
Can I believe you?: Establishing Trust in Computer Mediated Introductions (DOI)
Borke Obada-Obieh, Anil Somayaji
End-to-End Passwords (DOI)
Scott Ruoti, Kent Seamons
The Third Wave?: Inclusive Privacy and Security (DOI)
Yang Wang
NSPW 2016
I'm not sure if we're okay: uncertainty for attackers and defenders (DOI)
Mark E. Fioravanti, Matt Bishop, Richard Ford
Harvesting the low-hanging fruits: defending against automated large-scale cyber-intrusions by focusing on the vulnerable population (DOI)
Hassan Halawa, Konstantin Beznosov, Yazan Boshmaf, Baris Coskun, Matei Ripeanu, Elizeu Santos-Neto
Cross-layer personalization as a first-class citizen for situation awareness and computer infrastructure security (DOI)
Aokun Chen, Pratik Brahma, Dapeng Oliver Wu, Natalie Ebner, Brandon Matthews, Jedidiah Crandall, Xuetao Wei, Michalis Faloutsos, Daniela Oliveira
Cybersecurity as a Politikum: implications of security discourses for infrastructures (DOI)
Laura Fichtner, Wolter Pieters, André Teixeira
Content-based security for the web (DOI)
Alexander Afanasyev, J. Alex Halderman, Scott Ruoti, Kent Seamons, Yingdi Yu, Daniel Zappala, Lixia Zhang
Trusted execution environment-based authentication gauge (TEEBAG) (DOI)
Ranjbar A. Balisane, Andrew Martin
Rethinking operating system design: asymmetric multiprocessing for security and performance (DOI)
Scott Brookes, Stephen Taylor
Searching for software diversity: attaining artificial diversity through program synthesis (DOI)
Gilmore R. Lundquist, Vishwath Mohan, Kevin W. Hamlen
A case for the economics of secure software development (DOI)
Chad Heitzenrater, Andrew Simpson
NSPW 2015
Choose Your Own Authentication (DOI)
Alain Forget, Sonia Chiasson, Robert Biddle
The Myth of the Average User: Improving Privacy and Security Systems through Individualization (DOI)
Serge Egelman, Eyal Peer
Milware: Identification and Implications of State Authored Malicious Software (DOI)
Trey Herr, Eric Armbrust
Exploiting the Physical Environment for Securing the Internet of Things (DOI)
Christian T. Zenger, Jan Zimmer, Mario Pietersz, Jan-Felix Posielek, Christof Paar
Examining the Contribution of Critical Visualisation to Information Security (DOI)
Peter Hall, Claude Heath, Lizzie Coles-Kemp, Axel Tanner
Employee Rule Breakers, Excuse Makers and Security Champions:: Mapping the risk perceptions and emotions that drive security behaviors (DOI)
Odette Beris, Adam Beautement, M. Angela Sasse
Maybe Poor Johnny Really Cannot Encrypt: The Case for a Complexity Theory for Usable Security (DOI)
Zinaida Benenson, Gabriele Lenzini, Daniela Oliveira, Simon Parkin, Sven Uebelacker
Towards Managed Role Explosion (DOI)
Aaron Elliott, Scott Knight
"If you were attacked, you'd be sorry": Counterfactuals as security arguments (DOI)
Cormac Herley, Wolter Pieters
Peace vs. Privacy: Leveraging Conflicting Jurisdictions for Email Security (DOI)
Mohammad Mannan, Arash Shahkar, Atieh Saberi Pirouz, Vladimir Rabotka
WebSheets: Web Applications for Non-Programmers (DOI)
Riccardo Pelizzi, R. Sekar
Bridging the Trust Gap: Integrating Models of Behavior and Perception (DOI)
Raquel Hill, Devan Ray Donaldson
NSPW 2014
Emergent Properties & Security: The Complexity ofSecurity as a Science (DOI)
Nathaniel Husted, Steven Myers
Cyber Security as Social Experiment (DOI)
Wolter Pieters, Dina Hadžiosmanović, Francien Dechesne
Isn't that Fantabulous: Security, Linguistic and Usability Challenges of Pronounceable Tokens (DOI)
Andrew M. White, Katherine Shaw, Fabian Monrose, Elliott Moreton
A Password Manager that Doesn't Remember Passwords (DOI)
Elizabeth Stobert, Robert Biddle
Vulnerabilities as Blind Spots in Developer's Heuristic-Based Decision-Making Processes (DOI)
Justin Cappos, Yanyan Zhuang, Daniela Oliveira, Marissa Rosenthal, Kuo-Chuan Yeh
Shifts in the Cybersecurity Paradigm: Zero-Day Exploits, Discourse, and Emerging Institutions (DOI)
Andreas Kuehn, Milton Mueller
An Asset to Security Modeling?: Analyzing Stakeholder Collaborations Instead of Threats to Assets (DOI)
Andreas Poller, Sven Türpe, Katharina Kinder-Kurlanda
Understanding the Experience-Centeredness of Privacy and Security Technologies (DOI)
Paul Dunphy, John Vines, Lizzie Coles-Kemp, Rachel Clarke, Vasilis Vlachokyriakos, Peter Wright, John McCarthy, Patrick Olivier
I'm OK, You're OK, the System's OK: Normative Security for Systems (DOI)
Olgierd Pieczul, Simon N. Foley, Vivien M. Rooney
Data Is the New Currency (DOI)
Carrie Gates, Peter Matthews
Panel Summary: The Future of Software Regulation (DOI)
Benjamin Edwards, Michael Locasto, Jeremy Epstein
Planning and Integrating Deception into Computer Security Defenses (DOI)
Mohammed H. Almeshekah, Eugene H. Spafford
NSPW 2013
Forgive and forget: return to obscurity (DOI)
Matt Bishop, Emily Rine Butler, Kevin Butler, Carrie Gates, Steven Greenspan
Towards the realization of a public health system for shared secure cyber-space (DOI)
Jeff Rowe, Karl Levitt, Mike Hogarth
Detecting hidden enemy lines in IP address space (DOI)
Suhas Mathur, Baris Coskun, Suhrid Balakrishnan
Useful password hashing: how to waste computing cycles with style (DOI)
Markus Dürmuth
Markets for zero-day exploits: ethics and implications (DOI)
Serge Egelman, Cormac Herley, Paul C. van Oorschot
Principles of authentication (DOI)
Sean Peisert, Ed Talbot, Tom Kroeger
Towards narrative authentication: or, against boring authentication (DOI)
Anil Somayaji, David Mould, Carson Brown
Go with the flow: toward workflow-oriented security assessment (DOI)
Binbin Chen, Zbigniew Kalbarczyk, David M. Nicol, William H. Sanders, Rui Tan, William G. Temple, Nils Ole Tippenhauer, An Hoa Vu, David K.Y. Yau
Explicit authentication response considered harmful (DOI)
Lianying Zhao, Mohammad Mannan
Can we sell security like soap?: a new approach to behaviour change (DOI)
Debi Ashenden, Darren Lawrence
Booby trapping software (DOI)
Stephen Crane, Per Larsen, Stefan Brunthaler, Michael Franz
Information behaving badly (DOI)
Julie Boxwell Ard, Matt Bishop, Carrie Gates, Michael Xin Sun
Designing forensic analysis techniques through anthropology (DOI)
Sathya Chandran Sundaramurthy
NSPHD: the polyglot computer (DOI)
Daniel Medeiros Nunes de Castro
NSPW 2012
A move in the security measurement stalemate: elo-style ratings to quantify vulnerability (DOI)
Wolter Pieters, Sanne H.G. van der Ven, Christian W. Probst
Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems (DOI)
Sean Peisert, Ed Talbot, Matt Bishop
Point-and-shoot security design: can we build better tools for developers? (DOI)
Sven Türpe
Argumentation logic to assist in security administration (DOI)
Jeff Rowe, Karl Levitt, Simon Parsons, Elizabeth Sklar, Andrew Applebaum, Sharmin Jalal
Beyond the blacklist: modeling malware spread and the effect of interventions (DOI)
Benjamin Edwards, Tyler Moore, George Stelle, Steven Hofmeyr, Stephanie Forrest
Someone to watch over me (DOI)
Heather Richter Lipford, Mary Ellen Zurko
Pools, clubs and security: designing for a party not a person (DOI)
Zheng Dong, Vaibhav Garg, L. Jean Camp, Apu Kapadia
Privacy is a process, not a PET: a theory for effective privacy practice (DOI)
Anthony Morton, M. Angela Sasse
All your base are belong to US (DOI)
Richard Ford, Liam M. Mayron
The need for application-aware access control evaluation (DOI)
William C. Garrison, Adam J. Lee, Timothy L. Hinrichs
Video-passwords: advertising while authenticating (DOI)
Julie Thorpe, Amirali Salehi-Abari, Robert Burden
Holographic vulnerability studies: vulnerabilities as fractures in interpretation as information flows across abstraction boundaries (DOI)
Jedidiah R. Crandall, Daniela Oliveira
NSPW 2011
Security and privacy considerations in digital death (DOI)
Michael E. Locasto, Michael Massimi, Peter J. DePasquale
Reducing normative conflicts in information security (DOI)
Wolter Pieters, Lizzie Coles-Kemp
A multi-word password proposal (gridWord) and exploring questions about science in security research and usable security evaluation (DOI)
Kemal Bicakci, Paul C. van Oorschot
Applying problem-structuring methods to problems in computer security (DOI)
Peter Gutmann
Towards a formal model of accountability (DOI)
Joan Feigenbaum, Aaron D. Jaggard, Rebecca N. Wright
Influencing mental models of security: a research agenda (DOI)
Rick Wash, Emilee Rader
The security cost of cheap user interaction (DOI)
Rainer Böhme, Jens Grossklags
Position paper: why are there so many vulnerabilities in web applications? (DOI)
Wenliang Du, Karthick Jayaraman, Xi Tan, Tongbo Luo, Steve Chapin
Resilience is more than availability (DOI)
Matt Bishop, Marco Carvalho, Richard Ford, Liam M. Mayron
Sherlock holmes' evil twin: on the impact of global inference for online privacy (DOI)
Gerald Friedland, Gregor Maier, Robin Sommer, Nicholas Weaver
Public security: simulations need to replace conventional wisdom (DOI)
Kay Hamacher, Stefan Katzenbeisser
Gaming security by obscurity (DOI)
Dusko Pavlovic
NSPW 2010
Why is there no science in cyber science?: a panel discussion at NSPW 2010 (DOI)
Roy A. Maxion, Thomas A. Longstaff, John McHugh
E unibus pluram: massive-scale software diversity as a defense mechanism (DOI)
Michael Franz
On information flow for intrusion detection: what if accurate full-system dynamic information flow tracking was possible? (DOI)
Mohammed I. Al-Saleh, Jedidiah R. Crandall
A stealth approach to usable security: helping IT security managers to identify workable security solutions (DOI)
Simon Parkin, Aad van Moorsel, Philip Inglesant, M. Angela Sasse
VM-based security overkill: a lament for applied systems security research (DOI)
Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, Sean W. Smith
A billion keys, but few locks: the crisis of web single sign-on (DOI)
San-Tsai Sun, Yazan Boshmaf, Kirstie Hawkey, Konstantin Beznosov
To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design (DOI)
Shamal Faily, Ivan Flechais
Would a 'cyber warrior' protect us: exploring trade-offs between attack and defense of information systems (DOI)
Tyler Moore, Allan Friedman, Ariel D. Procaccia
On-line privacy and consent: a dialogue, not a monologue (DOI)
Lizzie Coles-Kemp, Elahe Kani-Zabihi
A risk management process for consumers: the next step in information security (DOI)
André van Cleeff
Ontological semantic technology for detecting insider threat and social engineering (DOI)
Victor Raskin, Julia M. Taylor, Christian F. Hempelmann
The pervasive trust foundation for security in next generation networks (DOI)
Leszek Lilien, Adawia Al-Alawneh, Lotfi Ben Othmane
This is your data on drugs: lessons computer security can learn from the drug war (DOI)
David Molnar, Serge Egelman, Nicolas Christin
Relationships and data sanitization: a study in scarlet (DOI)
Matt Bishop, Justin Cummins, Sean Peisert, Anhad Singh, Bhume Bhumiratana, Deborah Agarwal, Deborah Frincke, Michael Hogarth
NSPW 2009
Laissez-faire file sharing: access control designed for individuals at the endpoints (DOI)
Maritza L. Johnson, Steven M. Bellovin, Robert W. Reeder, Stuart E. Schechter
Server-side detection of malware infection (DOI)
Markus Jakobsson, Ari Juels
What is the shape of your security policy?: security as a classification problem (DOI)
Sven Türpe
Quantified security is a weak hypothesis: a critical survey of results and assumptions (DOI)
Vilhelm Verendel
Generative usability: security and user centered design beyond the appliance (DOI)
Luke Church, Alma Whitten
The sisterhood of the traveling packets (DOI)
Matt Bishop, Carrie Gates, Jeffrey Hunker
Quis Custodiet ipsos Custodes?: a new paradigm for analyzing security paradigms with appreciation to the Roman poet Juvenal (DOI)
Sean Peisert, Matt Bishop, Laura Corriss, Steven J. Greenwald
Musipass: authenticating me softly with "my" song (DOI)
Marcia Gibson, Karen Renaud, Marc Conrad, Carsten Maple
A reinforcement model for collaborative security and Its formal analysis (DOI)
Janardan Misra, Indranil Saha
Securing data through avoidance routing (DOI)
Erik Kline, Peter Reiher
Fluid information systems (DOI)
Christian W. Probst, René Rydhof Hansen
So long, and no thanks for the externalities: the rational rejection of security advice by users (DOI)
Cormac Herley
NSPW 2008
We have met the enemy and he is us (DOI)
Matt Bishop, Sophie Engle, Sean Peisert, Sean Whalen, Carrie Gates
Localization of credential information to address increasingly inevitable data breaches (DOI)
Mohammad Mannan, P. C. van Oorschot
ROFL: routing as the firewall layer (DOI)
Hang Zhao, Chi-Kin Chau, Steven M. Bellovin
The user is not the enemy: fighting malware by tracking user intentions (DOI)
Jeffrey Shirley, David Evans
The compliance budget: managing security behaviour in organisations (DOI)
Adam Beautement, M. Angela Sasse, Mike Wonham
A profitless endeavor: phishing as tragedy of the commons (DOI)
Cormac Herley, Dinei Florêncio
Security compliance: the next frontier in security research (DOI)
Klaus Julisch
Towards an ethical code for information security? (DOI)
Steven J. Greenwald, Brian D. Snow, Richard Ford, Richard Thieme
The developer is the enemy (DOI)
Glenn Wurster, P. C. van Oorschot
The ecology of Malware (DOI)
Jedidiah R. Crandall, Roya Ensafi, Stephanie Forrest, Joshua Ladau, Bilal Shebaro
Trading in risk: using markets to improve access control (DOI)
Ian Molloy, Pau-Chen Cheng, Pankaj Rohatgi
Choose the red pill and the blue pill: a position paper (DOI)
Ben Laurie, Abe Singer
NSPW 2007
Security and usability: the gap in real-world online banking (DOI)
Mohammad Mannan, P. C. van Oorschot
A privacy expectations and security assurance offer system (DOI)
Jeffrey Hunker
Authenticated names (DOI)
Stanley Chow, Christophe Gustave, Dmitri Vinokurov
Security automation considered harmful? (DOI)
W. Keith Edwards, Erika Shehan Poole, Jennifer Stoll
Self-healing: science, engineering, and fiction (DOI)
Michael E. Locasto
The future of biologically-inspired security: is there anything left to learn? (DOI)
Anil Somayaji, Michael Locasto, Jan Feyereisl
Robustly secure computer systems: a new security paradigm of system discontinuity (DOI)
Jon A. Solworth
Information protection via environmental data tethers (DOI)
Matt Beaumont-Gay, Kevin Eustice, Peter Reiher
Position: the user is the enemy (DOI)
S. Vidyaraman, M. Chandrasekaran, S. Upadhyaya
Computing under occupation (DOI)
Klaus Kursawe, Stefan Katzenbeisser
VideoTicket: detecting identity fraud attempts via audiovisual certificates and signatures (DOI)
D. Nali, P. C. van Oorschot, A. Adler
NSPW 2006
Cent, five cent, ten cent, dollar: hitting botnets where it really hurts (DOI)
Richard Ford, Sarah Gordon
Dark application communities (DOI)
Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis
Challenging the anomaly detection paradigm: a provocative discussion (DOI)
Carrie Gates, Carol Taylor
Inconsistency in deception for defense (DOI)
Vicentiu Neagoe, Matt Bishop
Sanitization models and their limitations (DOI)
R. Crawford, M. Bishop, B. Bhumiratana, L. Clark, K. Levitt
Large-scale collection and sanitization of network security data: risks and challenges (DOI)
Phillip Porras, Vitaly Shmatikov
Googling considered harmful (DOI)
Gregory Conti
A pact with the devil (DOI)
Mike Bond, George Danezis
E-Prime for security: a new security paradigm (DOI)
Steven J. Greenwald
Diffusion and graph spectral methods for network forensic analysis (DOI)
Wei Wang, Thomas E. Daniels
PKI design for the real world (DOI)
Peter Gutmann
NSPW 2005
Internet instability and disturbance: goal or menace? (DOI)
Richard Ford, Mark Bush, Alex Boulatov
Diversity as a computer defense mechanism (DOI)
Carol Taylor, Jim Alves-Foss
Diversity: the biological perspective position statement (DOI)
Carol Taylor
"Diversity as a computer defense mechanism" (DOI)
Bev Littlewood
Software diversity: use of diversity as a defense mechanism (DOI)
John McHugh
Use of diversity as a defense mechanism (DOI)
Roy A. Maxion
Average case vs. worst case: margins of safety in system design (DOI)
Christian W. Probst, Andreas Gal, Michael Franz
Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems (DOI)
Ivan Flechais, Jens Riegelsberger, M. Angela Sasse
Pass-thoughts: authenticating with our minds (DOI)
Julie Thorpe, P. C. van Oorschot, Anil Somayaji
Message authentication by integrity with public corroboration (DOI)
P. C. van Oorschot
Flooding and recycling authorizations (DOI)
Konstantin (Kosta) Beznosov
The insider problem revisited (DOI)
Matt Bishop
Position: "insider" is relative (DOI)
Matt Bishop
Position paper (DOI)
Irene Schwarting
Principles-driven forensic analysis (DOI)
Sean Peisert, Sidney Karin, Matt Bishop, Keith Marzullo
Visual security protocol modeling (DOI)
J. McDermott
Empirical privilege profiling (DOI)
Carla Marceau, Rob Joyce
Speculative virtual verification: policy-constrained speculative execution (DOI)
Michael E. Locasto, Stelios Sidiroglou, Angelos D. Keromytis
NSPW 2004
Support for multi-level security policies in DRM architectures (DOI)
Bogdan C. Popescu, Bruno Crispo, Andrew S. Tanenbaum
A collaborative approach to autonomic security protocols (DOI)
Hongbin Zhou, Simon N. Foley
A qualitative framework for Shannon information theories (DOI)
Gerard Allwein
The user non-acceptance paradigm: INFOSEC's dirty little secret (DOI)
Steven J. Greenwald, Kenneth G. Olthoff, Victor Raskin, Willibald Ruch
Towards agile security assurance (DOI)
Konstantin Beznosov, Philippe Kruchten
Information exposure control through data manipulation for ubiquitous computing (DOI)
Boris Dragovic, Jon Crowcroft
Property-based attestation for computing platforms: caring about properties, not mechanisms (DOI)
Ahmad-Reza Sadeghi, Christian Stüble
Symmetric behavior-based trust: a new paradigm for internet computing (DOI)
Vivek Haldar, Michael Franz
The role of suspicion in model-based intrusion detection (DOI)
Timothy Hollebeek, Rand Waltzman
Omnivore: risk management through bidirectional transparency (DOI)
Scott Flinn, Steve Stoyles
Profiling the defenders (DOI)
Carrie Gates, Tara Whalen
NSPW 2003
Locality: a new paradigm for thinking about normal behavior and outsider threat (DOI)
John McHugh, Carrie Gates
Alliance formation for DDoS defense (DOI)
Jelena Mirkovic, Max Robinson, Peter Reiher
Merging paradigms of survivability and security: stochastic faults and designed faults (DOI)
J. McDermott, A. Kim, J. Froscher
SELF: a transparent security extension for ELF binaries (DOI)
Daniel C. DuVarney, V. N. Venkatakrishnan, Sandeep Bhatkar
Dynamic label binding at run-time (DOI)
Yolanta Beres, Chris I. Dalton
Bringing security home: a process for developing secure and usable systems (DOI)
Ivan Flechais, M. Angela Sasse, Stephen M. V. Hailes
Security check: a formal yet practical framework for secure software architecture (DOI)
Arnab Ray
From absence of certain vulnerabilities towards security proofs: pushing the limits of formal verification (DOI)
Michael Backes, Matthias Schunter
Secure object identification: or: solving the Chess Grandmaster Problem (DOI)
Ammar Alkassar, Christian Stüble, Ahmad-Reza Sadeghi
Public key distribution through "cryptoIDs" (DOI)
Trevor Perrin
Owner-controlled information (DOI)
Carrie Gates, Jacob Slonim
Towards a new paradigm for securing wireless sensor networks (DOI)
K. Jones, A. Wadaa, S. Olariu, L. Wilson, M. Eltoweissy
Securing nomads: the case for quarantine, examination, and decontamination (DOI)
Kevin Eustice, Leonard Kleinrock, Shane Markstrum, Gerald Popek, V. Ramakrishna, Peter Reiher
NSPW 2002
MET: an experimental system for Malicious Email Tracking (DOI)
Manasi Bhattacharyya, Shlomo Hershkop, Eleazar Eskin
Predators: good will mobile codes combat against computer viruses (DOI)
Hiroshi Toyoizumi, Atsuhi Kara
An empirical analysis of NATE: Network Analysis of Anomalous Traffic Events (DOI)
Carol Taylor, Jim Alves-Foss
Small worlds in security systems: an analysis of the PGP certificate graph (DOI)
Srdjan Čapkun, Levente Buttyán, Jean-Pierre Hubaux
Breaking the barriers: high performance security for high performance computing (DOI)
Kay Connelly, Andrew A. Chien
From privacy promises to privacy management: a new approach for enforcing privacy throughout an enterprise (DOI)
Paul Ashley, Calvin Powers, Matthias Schunter
Anomaly intrusion detection in dynamic execution environments (DOI)
Hajime Inoue, Stephanie Forrest
Empowering mobile code using expressive security policies (DOI)
V. N. Venkatakrishnan, Ram Peri, R. Sekar
The source is the proof (DOI)
Vivek Haldar, Christian H. Stork, Michael Franz
An approach to usable security based on event monitoring and visualization (DOI)
Paul Dourish, David Redmiles
Moving from the design of usable security technologies to the design of useful secure applications (DOI)
D. K. Smetters, R. E. Grinter
Assurance in life/nation critical endeavors a panel (DOI)
Steven J. Greenwald, Marv Schaefer
Biometrics or ... biohazards? (DOI)
John Michael Williams
An evolutionary approach to cyber security (DOI)
Carla Marceau
Assuring critical systems (DOI)
Bob Blakley
Capacity is the wrong paradigm (DOI)
Ira S. Moskowitz, LiWu Chang, Richard E. Newman
A practical approach to solve Secure Multi-party Computation problems (DOI)
Wenliang Du, Zhijun Zhan
Guarding the next Internet frontier: countering denial of information attacks (DOI)
Mustaque Ahamad, Leo Mark, Wenke Lee, Edward Omicienski, Andre dos Santos, Ling Liu, Calton Pu
NSPW 2001
Computational paradigms and protection (DOI)
Simon N. Foley, John P. Morrison
Secure multi-party computation problems and their applications: a review and open problems (DOI)
Wenliang Du, Mikhail J. Atallah
Model-Carrying Code (MCC): a new paradigm for mobile-code security (DOI)
R. Sekar, C. R. Ramakrishnan, I. V. Ramakrishnan, S. A. Smolka
Heterogeneous networking: a new survivability paradigm (DOI)
Yongguang Zhang, Harrick Vin, Lorenzo Alvisi, Wenke Lee, Son K. Dao
Safe and sound: a safety-critical approach to security (DOI)
Sacha Brostoff, M. Angela Sasse
Ontology in information security: a useful theoretical foundation and methodological tool (DOI)
Victor Raskin, Christian F. Hempelmann, Katrina E. Triezenberg, Sergei Nirenburg
AngeL: a tool to disarm computer systems (DOI)
Danilo Bruschi, Emilia Rosti
Survival by defense-enabling (DOI)
Partha Pal, Franklin Webber, Richard Schantz
A trusted process to digitally sign a document (DOI)
Boris Balacheff, Liqun Chen, David Plaquin, Graeme Proudler
NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach (DOI)
Carol Taylor, Jim Alves-Foss
Information security is information risk management (DOI)
Bob Blakley, Ellen McDermott, Dan Geer
The New Security Paradigms Workshop - boom or bust?: a panel (DOI)
Steven J. Greenwald
Position statement for New Security Paradigms Workshop - boom or bust?: neither boom nor bust (DOI)
Hilary H. Hosmer
Tracking influence through citation index comparisons and preliminary case studies panel position statement (DOI)
Mary Ellen Zurko
The New Security Paradigms Workshop - boom or bust?: thinking in an age of instant communication; communicating in a time of reflective thought (DOI)
Marvin Schaefer
A note on proactive password checking (DOI)
Jianxin Jeff Yan
Pretty good persuasion: a first step towards effective password security in the real world (DOI)
Dirk Weirich, Martina Angela Sasse
NSPW 2000
Attack net penetration testing (DOI)
J. P. McDermott
Adversary work factor as a metric for information assurance (DOI)
Gregg Schudel, Bradley Wood
A requires/provides model for computer attacks (DOI)
Steven J. Templeton, Karl Levitt
A new paradigm hidden in steganography (DOI)
Ira S. Moskowitz, Garth E. Longdon, LiWu Chang
Natural language processing for information assurance and security: an overview and implementations (DOI)
Mikhail J. Atallah, Craig J. McDonough, Victor Raskin, Sergei Nirenburg
Disarming offense to facilitate defense (DOI)
Danilo Bruschi, Emilia Rosti
Dynamic analysis of security protocols (DOI)
Alec Yasinsac
Quality of security service (DOI)
Cynthia Irvine, Timothy Levin
Characterizing the behavior of a program using multiple-length N-grams (DOI)
Carla Marceau
Reflections on ratings (DOI)
Kenneth G. Olthoff
Network traffic tracking systems: folly in the large? (DOI)
Thomas E. Daniels, Eugene H. Spafford
Incentives to help stop floods (DOI)
Clifford Kahn
New paradigms in incident management (DOI)
Tom Perrine, Abe Singer
Conduit cascades and secure synchronization (DOI)
Simon N. Foley
Multilateral security a concept and examples for balanced security (DOI)
Kai Rannenberg
NSPW 1999
Secure dynamic adaptive traffic masking (DOI)
Brenda Timmerman
Security architecture-based system design (DOI)
Edward A. Schneider
Survivability—a new technical and business perspective on security (DOI)
Howard F. Lipson, David A. Fisher
Optimistic security: a new access control paradigm (DOI)
Dean Povey
Discussion: strike back: offensive actions in information warfare (DOI)
Donald J. Welch, Nathan Buchheit, Anthony Ruocco
Security service level agreements: quantifiable security for the enterprise? (DOI)
Ronda R. Henning
A cursory examination of market forces driving the use of protection profiles (DOI)
Kenneth G. Olthoff
Report on the discussion of “A cursory examination of market forces driving the common criteria” (DOI)
Kenneth G. Olthoff
Paradigm shifts in protocol analysis (DOI)
Susan Pancho
Secure group management in large distributed systems: what is a group and what does it do? (DOI)
John McHugh, J. Bret Michael
SASI enforcement of security policies: a retrospective (DOI)
Úlfar Erlingsson, Fred B. Schneider
Security modeling in the COTS environment (DOI)
Tom Markham, Dwight Colby, Mary Denz
On the functional relation between security and dependability impairments (DOI)
Erland Jonsson, Lars Strömberg, Stefan Lindskog
Securing information transmission by redundancy (DOI)
Jun Li, Peter Reiher, Gerald Popek
The high assurance brake job—a cautionary tale in five scenes (DOI)
Kenneth G. Olthoff
NSPW 1998
Toward a secure system engineering methodolgy (DOI)
Chris Salter, O. Sami Saydjari, Bruce Schneier, Jim Wallner
Security engineering in an evolutionary acquisition environment (DOI)
Marshall D. Abrams
An integrated framework for security and dependability (DOI)
Erland Jonsson
Meta objects for access control: a formal model for role-based principals (DOI)
Thomas Riechmann, Franz J. Hauck
Evaluating system integrity (DOI)
Simon N. Foley
Prolepsis on the problem of Trojan-horse based integrity attacks (position paper) (DOI)
J. McDermott
Death, taxes, and imperfect software: surviving the inevitable (DOI)
Crispin Cowan, Calton Pu
A graph-based system for network-vulnerability analysis (DOI)
Cynthia Phillips, Laura Painton Swiler
Parsimonious downgrading and decision trees applied to the inference problem (DOI)
LiWu Chang, Ira S. Moskowitz
Server-assisted cryptography (DOI)
Donald Beaver
Discussion topic: what is the old security paradigm? (DOI)
Steven J. Greenwald
Tolerating penetrations and insider attacks by requiring independent corroboration (DOI)
Clifford Kahn
A new model for availability in the face of self-propagating attacks (DOI)
Meng-Jang Lin, Aleta M. Ricciardi, Keith Marzullo
NSPW 1997
Integrating formalism and pragmatism: architectural security (DOI)
Ruth Nelson
A practical approach to security assessment (DOI)
Darrell M. Kienzle, William A. Wulf
Meta objects for access control: extending capability-based security (DOI)
Thomas Riechmann, Franz J. Hauck
A tentative approach to constructing tamper-resistant software (DOI)
Masahiro Mambo, Takanori Murayama, Eiji Okamoto
Three paradigms in computer security (DOI)
Catherine Meadows
Patterns of trust and policy (DOI)
Daniel J. Essin
A distributed trust model (DOI)
Alfarez Abdul-Rahman, Stephen Hailes
An insecurity flow model (DOI)
Ira S. Moskowitz, Myong H. Kang
Principles of a computer immune system (DOI)
Anil Somayaji, Steven Hofmeyr, Stephanie Forrest
Under-specification, composition and emergent properties (DOI)
H. M. Hinton
Protecting routing infrastructures from denial of service using cooperative intrusion detection (DOI)
Steven Cheung, Karl N. Levitt
A security model for dynamic adaptive traffic masking (DOI)
Brenda Timmerman
NSPW 1996
The Emperor's old armor (DOI)
Bob Blakley
Simulated social control for secure Internet commerce (DOI)
Lars Rasmusson, Sverker Jansson
User-centered security (DOI)
Mary Ellen Zurko, Richard T. Simon
A new model of security for distributed systems (DOI)
Wm A. Wulf, Chenxi Wang, Darrell Kienzle
SafeBots: a paradigm for software security controls (DOI)
Robert Filman, Ted Linden
A credibility-based model of computer system security (DOI)
Shaw-Cheng Chuang, Paul Wernick
Developing and using a “policy neutral” access control policy (DOI)
Duane Olawsky, Todd Fine, Edward Schneider, Ray Spencer
Run-time security evaluation: can we afford it? (DOI)
Cristina Serban, Bruce McMillin
A new security policy for distributed resource management and access control (DOI)
Steven J. Greenwald
Access control in federated systems (DOI)
Sabrina De Capitani di Vimercati, Pierangela Samarati
Managing time for service and security (DOI)
Ruth Nelson, Elizabeth Schwartz
Availability policies in an adversarial environment (DOI)
Hilary H. Hosmer
The right type of trust for distributed systems (DOI)
Audun Jøsang
CAPSL: Common Authentication Protocol Specification Language (DOI)
Jonathan K. Millen
Positive feedback and the madness of crowds (DOI)
Hilarie Orman, Richard Schroeppel
Just sick about security (DOI)
Jeff Williams
Fortresses built upon sand (DOI)
Dixie B. Baker
NSPW 1995
Foreward (DOI)
Hilary H. Hosmer
'TSUPDOOD?: Repackaged problems for you and MMI (DOI)
Rebecca G. Bace, Marvin Schaefer
Security for infinite networks (DOI)
Ruth Nelson, Hilary Hosmer
Research issues in authorization models for hypertext systems (DOI)
Elisa Bertino, Pierangela Samarati
Unhelpfulness as a security policy: or it's about time (DOI)
Ruth Nelson
QuARC: expressive security mechanisms (DOI)
John D. Yesberg, Mark S. Anderson
Administration in a multiple policy/domain environment: the administration and melding of disparate policies (DOI)
William R. Ford
Virtual enterprises and the enterprise security architecture (DOI)
Tom Haigh
Software system risk management and assurance (DOI)
Sharon K. Fletcher, Roxana M. Jansma, Judy J. Lim, Ron Halbgewachs, Martin D. Murphy, Gregory D. Wyss
Applying the dependability paradigm to computer security (DOI)
Catherine Meadows
Pretty good assurance (DOI)
Jeffrey R. Williams, Marv Schaefer, Douglas J. Landoll
Credentials for privacy and interoperation (DOI)
Vicki E. Jones, Neil Ching, Marianne Winslett
NSPW 1994
Modeling the “multipolicy machine” (DOI)
D. Elliott Bell
Messages, communication, information security and value (DOI)
John Dobson
New email security infrastructure (DOI)
Martin Ferris
“HIS-Treck -- the next generation”: an introduction to future hospital information systems (DOI)
Thomas L. Lincoln
Healthcare information architecture: elements of a new paradigm (DOI)
Daniel J. Essin, Thomas L. Lincoln
Anomaly detection: a soft computing approach (DOI)
T. Y. Lin
Fuzzy sets and secure computer systems (DOI)
Sergei Ovchinnikov
Formal semantics of confidentiality in multilevel logic databases (DOI)
Adrian Spalka
What is a secret—and—what does that have to do with computer security? (DOI)
Ruth Nelson
A new approach to security system development (DOI)
Silvana Castano, Giancarlo Martella, Pierangela Samarati
Providing non-hierarchical security through interface mechanisms (DOI)
Deborah Hamilton
Designing encryption algorithms for real people (DOI)
Bruce Schneier
A discretionary access control model with temporal authorizations (DOI)
Elisa Bertino, Claudio Bettini, Pierangela Samarati
Versatile integrity and security environment (VISE) for computer systems (DOI)
Charles G. Limoges, Ruth R. Nelson, John H. Heimann, David S. Becker
NSPW 1992 & 1993
Managing complexity in secure networks (DOI)
David Bailey
New security paradigms: what other concepts do we need as well? (DOI)
John Dobson
The multipolicy paradigm for trusted systems (DOI)
Hilary H. Hosmer
An outline of a taxonomy of computer security research and development (DOI)
Catherine Meadows
A new paradigm for trusted systems (DOI)
Dorothy E. Denning
New paradigms for high assurance software (DOI)
John McLean
Confidentiality, integrity, assured service: tying security all together (DOI)
Grace L. Hammonds
Information system security engineering: a spiral approach to revolution (DOI)
Donald M. Howe
A shift in security modeling paradigms (DOI)
James G. Williams
Prospect on security paradigms (DOI)
Leonard J. LaPadula
Integration of formal and heuristic reasoning as a basis for testing and debugging computer security policy (DOI)
J. Bret Michael, Edgar H. Sibley, David C. Littleman
Secure computing with the actor paradigm (DOI)
Bhavani Thuraisingham
Bell and LaPadula axioms: a “new” paradigm for an “old” model (DOI)
T. Y. Lin
Concurrent automata, database computers, and security: a “new” security paradigm for secure parallel processing (DOI)
T. Y. Lin
Application level security using an object-oriented graphical user interface (DOI)
Terry Rooker
The no-policy paradigm: towards a policy-free protocol supporting a secure X Window System (DOI)
Mark Smith
We need to think about the foundations of computer security (DOI)
Marvin Schaefer
The evolved threat paradigm: look who's wearing the black hats! (DOI)
Dixie B. Baker
External consistency in a network environment (DOI)
Leonard J. LaPadula, James G. Williams
Towards a task-based paradigm for flexible and adaptable access control in distributed applications (DOI)
R. K. Thomas, R. S. Sandhu
How responsibility modelling leads to security requirements (DOI)
Ros Strens, John Dobson
Neighborhood data and database security (DOI)
Kioumars Yazdanian, Frédéric Cuppens
Security in an object-oriented database (DOI)
James M. Slack
Computer security by redefining what a computer is (DOI)
Yvo Desmedt
Modelling multidomain security (DOI)
José de J. Vázquez-Gómez
Security is fuzzy!: applying the fuzzy logic paradigm to the multipolicy paradigm (DOI)
Hilary H. Hosmer
Identification and authentication when users have multiple accounts (DOI)
W. R. Shockley
The reference monitor: an idea whose time has come (DOI)
Terry Rooker