All NSPW Papers

NSPW 2021

Front Matter

Blessed Are The Lawyers, For They Shall Inherit Cybersecurity (DOI)
Daniel W Woods, Aaron Ceross

COLBAC: Shifting Cybersecurity from Hierarchical to Horizontal Designs (DOI)
Kevin Gallagher, Santiago Torres-Arias, Nasir Memon, Jessica Feldman

Change that Respects Business Expertise: Stories as Prompts for a Conversation about Organisation Security (DOI)
Simon Parkin, Simon Arnell, Jeremy Ward

The tragedy of common bandwidth: rDDoS (DOI)
Arturs Lavrenovs, Eireann Leverett, Aaron Kaplan

Beyond NVD: Cybersecurity meets the Semantic Web. (DOI)
Raúl Aranovich, Muting Wu, Dian Yu, Katya Katsy, Benyamin Ahmadnia, Matthew Bishop, Vladimir Filkov, Kenji Sagae

Shame in Cyber Security: Effective Behavior Modification Tool or Counterproductive Foil? (DOI)
Karen Renaud, Rosalind Searle, Marc Dupuis

VoxPop: An Experimental Social Media Platform for Calibrated (Mis)information Discourse (DOI)
Filipo Sharevski, Peter Jachim, Emma Pieroni, Nate Jachim

“Taking out the Trash”: Why Security Behavior Change requires Intentional Forgetting (DOI)
Jonas Hielscher, Annette Kluge, Uta Menges, M. Angela Sasse

NSPW 2020

Front Matter

Categorizing Uses of Communications Metadata: Systematizing Knowledge and Presenting a Path for Privacy (DOI)
Susan Landau

Towards In-Band Non-Cryptographic Authentication (DOI)
Nour Dabbour, Anil Somayaji

Putting the Sec in DevSecOps: Using Social Practice Theory to Improve Secure Software Development (DOI)
Debi Ashenden, Gail Ollis

The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely (DOI)
Verena Distler, Gabriele Lenzini, Carine Lallemand, Vincent Koenig

TrollHunter [Evader]: Automated Detection [Evasion] of Twitter Trolls During the COVID-19 Pandemic (DOI)
Peter Jachim, Filipo Sharevski, Paige Treebridge

Trust-Based Security; Or, Trust Considered Harmful (DOI)
Abe Singer, Matt Bishop

Transcending the Teetering Tower of Trust: Demonstrated with Virtual Memory Fuses for Software Enclaves (DOI)
Scott Brookes

Deconstructing Cybersecurity: From Ontological Security to Ontological Insecurity (DOI)
Justin Joque, S M Taiabul Haque

On managing vulnerabilities in AI/ML systems (DOI)
Jonathan M. Spring, April Galyardt, Allen D. Householder, Nathan VanHoudnos

Out of Sight, Out of Mind: UI Design and the Inhibition of Mental Models of Security (DOI)
Eric Spero, Robert Biddle

NSPW 2019

Front Matter

Usability analysis of shared device ecosystem security: informing support for survivors of IoT-facilitated tech-abuse (DOI)
Simon Parkin, Trupti Patel, Isabel Lopez-Neira, Leonie Tanczer

Employing attack graphs for intrusion detection (DOI)
Frank Capobianco, Rahul George, Kaiming Huang, Trent Jaeger, Srikanth Krishnamurthy, Zhiyun Qian, Mathias Payer, Paul Yu

Manipulation of perceived politeness in a web-based email discourse through a malicious browser extension (DOI)
Filipo Sharevski, Paige Treebridge, Jessica Westbrook

Cyber security fear appeals: unexpectedly complicated (DOI)
Karen Renaud, Marc Dupuis

Opt out of privacy or "go home": understanding reluctant privacy behaviours through the FoMO-centric design paradigm (DOI)
Fiona Westin, Sonia Chiasson

FrameProv: towards end-to-end video provenance (DOI)
Mansoor Ahmed-Rengers

Privacy controls for always-listening devices (DOI)
Nathan Malkin, Serge Egelman, David Wagner

Everything-as-a-hack: claims-making for access to digital and social resources (DOI)
Wolter Pieters

Towards models for quantifying the known adversary (DOI)
Alaadin Addas, Julie Thorpe, Amirali Salehi-Abari

Why Jenny can't figure out which of these messages is a covert information operation (DOI)
Tristan Caulfield, Jonathan M. Spring, M. Angela Sasse

NSPW 2018

Front matter

Augmenting Machine Learning with Argumentation (DOI)
Matthew A. Bishop, Carrie E. Gates, Karl N. Levitt

Against Mindset (DOI)
Arne Padmos

Shifting Paradigms: Using Strategic Foresight to Plan for Security Evolution (DOI)
Heather Vescent, Bob Blakley

Can Software Licenses Contribute to Cyberarms Control? (DOI)
Steve Dierker, Volker Roth

Going Dark: A Retrospective on the North American Blackout of 2038 (DOI)
Prashant Anantharaman, J Peter Brady, Patrick Flathers, Vijay H. Kothari, Michael C. Millian, William G. Nisen, Jason Reeves, Nathan Reitinger, Sean W. Smith

An Online Consent Maturity Model: Moving from Acceptable Use Towards Ethical Practice (DOI)
Vivien M Rooney, Simon N Foley

On Security Singularities (DOI)
Wolter Pieters

Rethinking the Proposition of Privacy Engineering (DOI)
Aaron Ceross, Andrew C Simpson

After the BlockCloud Apocalypse (DOI)
Mark Burgess, Anil Somayaji

Digital Signatures to Ensure the Authenticity and Integrity of Synthetic DNA Molecules (DOI)
Diptendu Mohan Kar, Indrajit Ray, Jenna Gallegos, Jean Peccoud

Malicious User Experience Design Research for Cybersecurity (DOI)
Adam Trowbridge, Filipo Sharevski, Jessica Westbrook

NSPW 2017

Front Matter

Practicing a Science of Security: A Philosophy of Science Perspective (DOI)
Jonathan M. Spring, Tyler Moore, David Pym

Market-based Security for Distributed Applications (DOI)
George Bissias, Brian N. Levine, Nikunj Kapadia

Beyond the pretty penny: the Economic Impact of Cybercrime (DOI)
Carlos H. Gañán, Michael Ciere, Michel van Eeten

Developer-centered security and the symmetry of ignorance (DOI)
Olgierd Pieczul, Simon Foley, Mary Ellen Zurko

Risk Homeostasis in Information Security: Challenges in Confirming Existence and Verifying Impact (DOI)
Karen Renaud, Merrill Warkentin

Is the Future of Authenticity All In Our Heads?: Moving Passthoughts From the Lab to the World (DOI)
Nick Merrill, Max T. Curran, John Chuang

A Model of Owner Controlled, Full-Provenance, Non-Persistent, High-Availability Information Sharing (DOI)
Sean Peisert, Matt Bishop, Ed Talbot

Panel: Empirically-based Secure OS Design (DOI)
Sam Weber, Adam Shostack, Jon A. Solworth, Mary Ellen Zurko

Can I believe you?: Establishing Trust in Computer Mediated Introductions (DOI)
Borke Obada-Obieh, Anil Somayaji

End-to-End Passwords (DOI)
Scott Ruoti, Kent Seamons

The Third Wave?: Inclusive Privacy and Security (DOI)
Yang Wang

NSPW 2016

Front Matter

I'm not sure if we're okay: uncertainty for attackers and defenders (DOI)
Mark E. Fioravanti, Matt Bishop, Richard Ford

Harvesting the low-hanging fruits: defending against automated large-scale cyber-intrusions by focusing on the vulnerable population (DOI)
Hassan Halawa, Konstantin Beznosov, Yazan Boshmaf, Baris Coskun, Matei Ripeanu, Elizeu Santos-Neto

Cross-layer personalization as a first-class citizen for situation awareness and computer infrastructure security (DOI)
Aokun Chen, Pratik Brahma, Dapeng Oliver Wu, Natalie Ebner, Brandon Matthews, Jedidiah Crandall, Xuetao Wei, Michalis Faloutsos, Daniela Oliveira

Cybersecurity as a Politikum: implications of security discourses for infrastructures (DOI)
Laura Fichtner, Wolter Pieters, André Teixeira

Content-based security for the web (DOI)
Alexander Afanasyev, J. Alex Halderman, Scott Ruoti, Kent Seamons, Yingdi Yu, Daniel Zappala, Lixia Zhang

Trusted execution environment-based authentication gauge (TEEBAG) (DOI)
Ranjbar A. Balisane, Andrew Martin

Rethinking operating system design: asymmetric multiprocessing for security and performance (DOI)
Scott Brookes, Stephen Taylor

Searching for software diversity: attaining artificial diversity through program synthesis (DOI)
Gilmore R. Lundquist, Vishwath Mohan, Kevin W. Hamlen

A case for the economics of secure software development (DOI)
Chad Heitzenrater, Andrew Simpson

NSPW 2015

Front Matter

Choose Your Own Authentication (DOI)
Alain Forget, Sonia Chiasson, Robert Biddle

The Myth of the Average User: Improving Privacy and Security Systems through Individualization (DOI)
Serge Egelman, Eyal Peer

Milware: Identification and Implications of State Authored Malicious Software (DOI)
Trey Herr, Eric Armbrust

Exploiting the Physical Environment for Securing the Internet of Things (DOI)
Christian T. Zenger, Jan Zimmer, Mario Pietersz, Jan-Felix Posielek, Christof Paar

Examining the Contribution of Critical Visualisation to Information Security (DOI)
Peter Hall, Claude Heath, Lizzie Coles-Kemp, Axel Tanner

Employee Rule Breakers, Excuse Makers and Security Champions:: Mapping the risk perceptions and emotions that drive security behaviors (DOI)
Odette Beris, Adam Beautement, M. Angela Sasse

Maybe Poor Johnny Really Cannot Encrypt: The Case for a Complexity Theory for Usable Security (DOI)
Zinaida Benenson, Gabriele Lenzini, Daniela Oliveira, Simon Parkin, Sven Uebelacker

Towards Managed Role Explosion (DOI)
Aaron Elliott, Scott Knight

"If you were attacked, you'd be sorry": Counterfactuals as security arguments (DOI)
Cormac Herley, Wolter Pieters

Peace vs. Privacy: Leveraging Conflicting Jurisdictions for Email Security (DOI)
Mohammad Mannan, Arash Shahkar, Atieh Saberi Pirouz, Vladimir Rabotka

WebSheets: Web Applications for Non-Programmers (DOI)
Riccardo Pelizzi, R. Sekar

Bridging the Trust Gap: Integrating Models of Behavior and Perception (DOI)
Raquel Hill, Devan Ray Donaldson

NSPW 2014

Front Matter

Emergent Properties & Security: The Complexity ofSecurity as a Science (DOI)
Nathaniel Husted, Steven Myers

Cyber Security as Social Experiment (DOI)
Wolter Pieters, Dina Hadžiosmanović, Francien Dechesne

Isn't that Fantabulous: Security, Linguistic and Usability Challenges of Pronounceable Tokens (DOI)
Andrew M. White, Katherine Shaw, Fabian Monrose, Elliott Moreton

A Password Manager that Doesn't Remember Passwords (DOI)
Elizabeth Stobert, Robert Biddle

Vulnerabilities as Blind Spots in Developer's Heuristic-Based Decision-Making Processes (DOI)
Justin Cappos, Yanyan Zhuang, Daniela Oliveira, Marissa Rosenthal, Kuo-Chuan Yeh

Shifts in the Cybersecurity Paradigm: Zero-Day Exploits, Discourse, and Emerging Institutions (DOI)
Andreas Kuehn, Milton Mueller

An Asset to Security Modeling?: Analyzing Stakeholder Collaborations Instead of Threats to Assets (DOI)
Andreas Poller, Sven Türpe, Katharina Kinder-Kurlanda

Understanding the Experience-Centeredness of Privacy and Security Technologies (DOI)
Paul Dunphy, John Vines, Lizzie Coles-Kemp, Rachel Clarke, Vasilis Vlachokyriakos, Peter Wright, John McCarthy, Patrick Olivier

I'm OK, You're OK, the System's OK: Normative Security for Systems (DOI)
Olgierd Pieczul, Simon N. Foley, Vivien M. Rooney

Data Is the New Currency (DOI)
Carrie Gates, Peter Matthews

Panel Summary: The Future of Software Regulation (DOI)
Benjamin Edwards, Michael Locasto, Jeremy Epstein

Planning and Integrating Deception into Computer Security Defenses (DOI)
Mohammed H. Almeshekah, Eugene H. Spafford

NSPW 2013

Front Matter

Forgive and forget: return to obscurity (DOI)
Matt Bishop, Emily Rine Butler, Kevin Butler, Carrie Gates, Steven Greenspan

Towards the realization of a public health system for shared secure cyber-space (DOI)
Jeff Rowe, Karl Levitt, Mike Hogarth

Detecting hidden enemy lines in IP address space (DOI)
Suhas Mathur, Baris Coskun, Suhrid Balakrishnan

Useful password hashing: how to waste computing cycles with style (DOI)
Markus Dürmuth

Markets for zero-day exploits: ethics and implications (DOI)
Serge Egelman, Cormac Herley, Paul C. van Oorschot

Principles of authentication (DOI)
Sean Peisert, Ed Talbot, Tom Kroeger

Towards narrative authentication: or, against boring authentication (DOI)
Anil Somayaji, David Mould, Carson Brown

Go with the flow: toward workflow-oriented security assessment (DOI)
Binbin Chen, Zbigniew Kalbarczyk, David M. Nicol, William H. Sanders, Rui Tan, William G. Temple, Nils Ole Tippenhauer, An Hoa Vu, David K.Y. Yau

Explicit authentication response considered harmful (DOI)
Lianying Zhao, Mohammad Mannan

Can we sell security like soap?: a new approach to behaviour change (DOI)
Debi Ashenden, Darren Lawrence

Booby trapping software (DOI)
Stephen Crane, Per Larsen, Stefan Brunthaler, Michael Franz

Information behaving badly (DOI)
Julie Boxwell Ard, Matt Bishop, Carrie Gates, Michael Xin Sun

Designing forensic analysis techniques through anthropology (DOI)
Sathya Chandran Sundaramurthy

NSPHD: the polyglot computer (DOI)
Daniel Medeiros Nunes de Castro

NSPW 2012

Front Matter

A move in the security measurement stalemate: elo-style ratings to quantify vulnerability (DOI)
Wolter Pieters, Sanne H.G. van der Ven, Christian W. Probst

Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems (DOI)
Sean Peisert, Ed Talbot, Matt Bishop

Point-and-shoot security design: can we build better tools for developers? (DOI)
Sven Türpe

Argumentation logic to assist in security administration (DOI)
Jeff Rowe, Karl Levitt, Simon Parsons, Elizabeth Sklar, Andrew Applebaum, Sharmin Jalal

Beyond the blacklist: modeling malware spread and the effect of interventions (DOI)
Benjamin Edwards, Tyler Moore, George Stelle, Steven Hofmeyr, Stephanie Forrest

Someone to watch over me (DOI)
Heather Richter Lipford, Mary Ellen Zurko

Pools, clubs and security: designing for a party not a person (DOI)
Zheng Dong, Vaibhav Garg, L. Jean Camp, Apu Kapadia

Privacy is a process, not a PET: a theory for effective privacy practice (DOI)
Anthony Morton, M. Angela Sasse

All your base are belong to US (DOI)
Richard Ford, Liam M. Mayron

The need for application-aware access control evaluation (DOI)
William C. Garrison, Adam J. Lee, Timothy L. Hinrichs

Video-passwords: advertising while authenticating (DOI)
Julie Thorpe, Amirali Salehi-Abari, Robert Burden

Holographic vulnerability studies: vulnerabilities as fractures in interpretation as information flows across abstraction boundaries (DOI)
Jedidiah R. Crandall, Daniela Oliveira

NSPW 2011

Front Matter

Security and privacy considerations in digital death (DOI)
Michael E. Locasto, Michael Massimi, Peter J. DePasquale

Reducing normative conflicts in information security (DOI)
Wolter Pieters, Lizzie Coles-Kemp

A multi-word password proposal (gridWord) and exploring questions about science in security research and usable security evaluation (DOI)
Kemal Bicakci, Paul C. van Oorschot

Applying problem-structuring methods to problems in computer security (DOI)
Peter Gutmann

Towards a formal model of accountability (DOI)
Joan Feigenbaum, Aaron D. Jaggard, Rebecca N. Wright

Influencing mental models of security: a research agenda (DOI)
Rick Wash, Emilee Rader

The security cost of cheap user interaction (DOI)
Rainer Böhme, Jens Grossklags

Position paper: why are there so many vulnerabilities in web applications? (DOI)
Wenliang Du, Karthick Jayaraman, Xi Tan, Tongbo Luo, Steve Chapin

Resilience is more than availability (DOI)
Matt Bishop, Marco Carvalho, Richard Ford, Liam M. Mayron

Sherlock holmes' evil twin: on the impact of global inference for online privacy (DOI)
Gerald Friedland, Gregor Maier, Robin Sommer, Nicholas Weaver

Public security: simulations need to replace conventional wisdom (DOI)
Kay Hamacher, Stefan Katzenbeisser

Gaming security by obscurity (DOI)
Dusko Pavlovic

NSPW 2010

Front Matter

Why is there no science in cyber science?: a panel discussion at NSPW 2010 (DOI)
Roy A. Maxion, Thomas A. Longstaff, John McHugh

E unibus pluram: massive-scale software diversity as a defense mechanism (DOI)
Michael Franz

On information flow for intrusion detection: what if accurate full-system dynamic information flow tracking was possible? (DOI)
Mohammed I. Al-Saleh, Jedidiah R. Crandall

A stealth approach to usable security: helping IT security managers to identify workable security solutions (DOI)
Simon Parkin, Aad van Moorsel, Philip Inglesant, M. Angela Sasse

VM-based security overkill: a lament for applied systems security research (DOI)
Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, Sean W. Smith

A billion keys, but few locks: the crisis of web single sign-on (DOI)
San-Tsai Sun, Yazan Boshmaf, Kirstie Hawkey, Konstantin Beznosov

To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design (DOI)
Shamal Faily, Ivan Flechais

Would a 'cyber warrior' protect us: exploring trade-offs between attack and defense of information systems (DOI)
Tyler Moore, Allan Friedman, Ariel D. Procaccia

On-line privacy and consent: a dialogue, not a monologue (DOI)
Lizzie Coles-Kemp, Elahe Kani-Zabihi

A risk management process for consumers: the next step in information security (DOI)
André van Cleeff

Ontological semantic technology for detecting insider threat and social engineering (DOI)
Victor Raskin, Julia M. Taylor, Christian F. Hempelmann

The pervasive trust foundation for security in next generation networks (DOI)
Leszek Lilien, Adawia Al-Alawneh, Lotfi Ben Othmane

This is your data on drugs: lessons computer security can learn from the drug war (DOI)
David Molnar, Serge Egelman, Nicolas Christin

Relationships and data sanitization: a study in scarlet (DOI)
Matt Bishop, Justin Cummins, Sean Peisert, Anhad Singh, Bhume Bhumiratana, Deborah Agarwal, Deborah Frincke, Michael Hogarth

NSPW 2009

Front Matter

Laissez-faire file sharing: access control designed for individuals at the endpoints (DOI)
Maritza L. Johnson, Steven M. Bellovin, Robert W. Reeder, Stuart E. Schechter

Server-side detection of malware infection (DOI)
Markus Jakobsson, Ari Juels

What is the shape of your security policy?: security as a classification problem (DOI)
Sven Türpe

Quantified security is a weak hypothesis: a critical survey of results and assumptions (DOI)
Vilhelm Verendel

Generative usability: security and user centered design beyond the appliance (DOI)
Luke Church, Alma Whitten

The sisterhood of the traveling packets (DOI)
Matt Bishop, Carrie Gates, Jeffrey Hunker

Quis Custodiet ipsos Custodes?: a new paradigm for analyzing security paradigms with appreciation to the Roman poet Juvenal (DOI)
Sean Peisert, Matt Bishop, Laura Corriss, Steven J. Greenwald

Musipass: authenticating me softly with "my" song (DOI)
Marcia Gibson, Karen Renaud, Marc Conrad, Carsten Maple

A reinforcement model for collaborative security and Its formal analysis (DOI)
Janardan Misra, Indranil Saha

Securing data through avoidance routing (DOI)
Erik Kline, Peter Reiher

Fluid information systems (DOI)
Christian W. Probst, René Rydhof Hansen

So long, and no thanks for the externalities: the rational rejection of security advice by users (DOI)
Cormac Herley

NSPW 2008

Front Matter

We have met the enemy and he is us (DOI)
Matt Bishop, Sophie Engle, Sean Peisert, Sean Whalen, Carrie Gates

Localization of credential information to address increasingly inevitable data breaches (DOI)
Mohammad Mannan, P. C. van Oorschot

ROFL: routing as the firewall layer (DOI)
Hang Zhao, Chi-Kin Chau, Steven M. Bellovin

The user is not the enemy: fighting malware by tracking user intentions (DOI)
Jeffrey Shirley, David Evans

The compliance budget: managing security behaviour in organisations (DOI)
Adam Beautement, M. Angela Sasse, Mike Wonham

A profitless endeavor: phishing as tragedy of the commons (DOI)
Cormac Herley, Dinei Florêncio

Security compliance: the next frontier in security research (DOI)
Klaus Julisch

Towards an ethical code for information security? (DOI)
Steven J. Greenwald, Brian D. Snow, Richard Ford, Richard Thieme

The developer is the enemy (DOI)
Glenn Wurster, P. C. van Oorschot

The ecology of Malware (DOI)
Jedidiah R. Crandall, Roya Ensafi, Stephanie Forrest, Joshua Ladau, Bilal Shebaro

Trading in risk: using markets to improve access control (DOI)
Ian Molloy, Pau-Chen Cheng, Pankaj Rohatgi

Choose the red pill and the blue pill: a position paper (DOI)
Ben Laurie, Abe Singer

NSPW 2007

Front Matter

Security and usability: the gap in real-world online banking (DOI)
Mohammad Mannan, P. C. van Oorschot

A privacy expectations and security assurance offer system (DOI)
Jeffrey Hunker

Authenticated names (DOI)
Stanley Chow, Christophe Gustave, Dmitri Vinokurov

Security automation considered harmful? (DOI)
W. Keith Edwards, Erika Shehan Poole, Jennifer Stoll

Self-healing: science, engineering, and fiction (DOI)
Michael E. Locasto

The future of biologically-inspired security: is there anything left to learn? (DOI)
Anil Somayaji, Michael Locasto, Jan Feyereisl

Robustly secure computer systems: a new security paradigm of system discontinuity (DOI)
Jon A. Solworth

Information protection via environmental data tethers (DOI)
Matt Beaumont-Gay, Kevin Eustice, Peter Reiher

Position: the user is the enemy (DOI)
S. Vidyaraman, M. Chandrasekaran, S. Upadhyaya

Computing under occupation (DOI)
Klaus Kursawe, Stefan Katzenbeisser

VideoTicket: detecting identity fraud attempts via audiovisual certificates and signatures (DOI)
D. Nali, P. C. van Oorschot, A. Adler

NSPW 2006

Front Matter

Cent, five cent, ten cent, dollar: hitting botnets where it really hurts (DOI)
Richard Ford, Sarah Gordon

Dark application communities (DOI)
Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis

Challenging the anomaly detection paradigm: a provocative discussion (DOI)
Carrie Gates, Carol Taylor

Inconsistency in deception for defense (DOI)
Vicentiu Neagoe, Matt Bishop

Sanitization models and their limitations (DOI)
R. Crawford, M. Bishop, B. Bhumiratana, L. Clark, K. Levitt

Large-scale collection and sanitization of network security data: risks and challenges (DOI)
Phillip Porras, Vitaly Shmatikov

Googling considered harmful (DOI)
Gregory Conti

A pact with the devil (DOI)
Mike Bond, George Danezis

E-Prime for security: a new security paradigm (DOI)
Steven J. Greenwald

Diffusion and graph spectral methods for network forensic analysis (DOI)
Wei Wang, Thomas E. Daniels

PKI design for the real world (DOI)
Peter Gutmann

NSPW 2005

Front Matter

Internet instability and disturbance: goal or menace? (DOI)
Richard Ford, Mark Bush, Alex Boulatov

Diversity as a computer defense mechanism (DOI)
Carol Taylor, Jim Alves-Foss

Diversity: the biological perspective position statement (DOI)
Carol Taylor

"Diversity as a computer defense mechanism" (DOI)
Bev Littlewood

Software diversity: use of diversity as a defense mechanism (DOI)
John McHugh

Use of diversity as a defense mechanism (DOI)
Roy A. Maxion

Average case vs. worst case: margins of safety in system design (DOI)
Christian W. Probst, Andreas Gal, Michael Franz

Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems (DOI)
Ivan Flechais, Jens Riegelsberger, M. Angela Sasse

Pass-thoughts: authenticating with our minds (DOI)
Julie Thorpe, P. C. van Oorschot, Anil Somayaji

Message authentication by integrity with public corroboration (DOI)
P. C. van Oorschot

Flooding and recycling authorizations (DOI)
Konstantin (Kosta) Beznosov

The insider problem revisited (DOI)
Matt Bishop

Position: "insider" is relative (DOI)
Matt Bishop

Position paper (DOI)
Irene Schwarting

Principles-driven forensic analysis (DOI)
Sean Peisert, Sidney Karin, Matt Bishop, Keith Marzullo

Visual security protocol modeling (DOI)
J. McDermott

Empirical privilege profiling (DOI)
Carla Marceau, Rob Joyce

Speculative virtual verification: policy-constrained speculative execution (DOI)
Michael E. Locasto, Stelios Sidiroglou, Angelos D. Keromytis

NSPW 2004

Front Matter

Support for multi-level security policies in DRM architectures (DOI)
Bogdan C. Popescu, Bruno Crispo, Andrew S. Tanenbaum

A collaborative approach to autonomic security protocols (DOI)
Hongbin Zhou, Simon N. Foley

A qualitative framework for Shannon information theories (DOI)
Gerard Allwein

The user non-acceptance paradigm: INFOSEC's dirty little secret (DOI)
Steven J. Greenwald, Kenneth G. Olthoff, Victor Raskin, Willibald Ruch

Towards agile security assurance (DOI)
Konstantin Beznosov, Philippe Kruchten

Information exposure control through data manipulation for ubiquitous computing (DOI)
Boris Dragovic, Jon Crowcroft

Property-based attestation for computing platforms: caring about properties, not mechanisms (DOI)
Ahmad-Reza Sadeghi, Christian Stüble

Symmetric behavior-based trust: a new paradigm for internet computing (DOI)
Vivek Haldar, Michael Franz

The role of suspicion in model-based intrusion detection (DOI)
Timothy Hollebeek, Rand Waltzman

Omnivore: risk management through bidirectional transparency (DOI)
Scott Flinn, Steve Stoyles

Profiling the defenders (DOI)
Carrie Gates, Tara Whalen

NSPW 2003

Locality: a new paradigm for thinking about normal behavior and outsider threat (DOI)
John McHugh, Carrie Gates

Alliance formation for DDoS defense (DOI)
Jelena Mirkovic, Max Robinson, Peter Reiher

Merging paradigms of survivability and security: stochastic faults and designed faults (DOI)
J. McDermott, A. Kim, J. Froscher

SELF: a transparent security extension for ELF binaries (DOI)
Daniel C. DuVarney, V. N. Venkatakrishnan, Sandeep Bhatkar

Dynamic label binding at run-time (DOI)
Yolanta Beres, Chris I. Dalton

Bringing security home: a process for developing secure and usable systems (DOI)
Ivan Flechais, M. Angela Sasse, Stephen M. V. Hailes

Security check: a formal yet practical framework for secure software architecture (DOI)
Arnab Ray

From absence of certain vulnerabilities towards security proofs: pushing the limits of formal verification (DOI)
Michael Backes, Matthias Schunter

Secure object identification: or: solving the Chess Grandmaster Problem (DOI)
Ammar Alkassar, Christian Stüble, Ahmad-Reza Sadeghi

Public key distribution through "cryptoIDs" (DOI)
Trevor Perrin

Owner-controlled information (DOI)
Carrie Gates, Jacob Slonim

Towards a new paradigm for securing wireless sensor networks (DOI)
K. Jones, A. Wadaa, S. Olariu, L. Wilson, M. Eltoweissy

Securing nomads: the case for quarantine, examination, and decontamination (DOI)
Kevin Eustice, Leonard Kleinrock, Shane Markstrum, Gerald Popek, V. Ramakrishna, Peter Reiher

NSPW 2002

MET: an experimental system for Malicious Email Tracking (DOI)
Manasi Bhattacharyya, Shlomo Hershkop, Eleazar Eskin

Predators: good will mobile codes combat against computer viruses (DOI)
Hiroshi Toyoizumi, Atsuhi Kara

An empirical analysis of NATE: Network Analysis of Anomalous Traffic Events (DOI)
Carol Taylor, Jim Alves-Foss

Small worlds in security systems: an analysis of the PGP certificate graph (DOI)
Srdjan Čapkun, Levente Buttyán, Jean-Pierre Hubaux

Breaking the barriers: high performance security for high performance computing (DOI)
Kay Connelly, Andrew A. Chien

From privacy promises to privacy management: a new approach for enforcing privacy throughout an enterprise (DOI)
Paul Ashley, Calvin Powers, Matthias Schunter

Anomaly intrusion detection in dynamic execution environments (DOI)
Hajime Inoue, Stephanie Forrest

Empowering mobile code using expressive security policies (DOI)
V. N. Venkatakrishnan, Ram Peri, R. Sekar

The source is the proof (DOI)
Vivek Haldar, Christian H. Stork, Michael Franz

An approach to usable security based on event monitoring and visualization (DOI)
Paul Dourish, David Redmiles

Moving from the design of usable security technologies to the design of useful secure applications (DOI)
D. K. Smetters, R. E. Grinter

Assurance in life/nation critical endeavors a panel (DOI)
Steven J. Greenwald, Marv Schaefer

Biometrics or ... biohazards? (DOI)
John Michael Williams

An evolutionary approach to cyber security (DOI)
Carla Marceau

Assuring critical systems (DOI)
Bob Blakley

Capacity is the wrong paradigm (DOI)
Ira S. Moskowitz, LiWu Chang, Richard E. Newman

A practical approach to solve Secure Multi-party Computation problems (DOI)
Wenliang Du, Zhijun Zhan

Guarding the next Internet frontier: countering denial of information attacks (DOI)
Mustaque Ahamad, Leo Mark, Wenke Lee, Edward Omicienski, Andre dos Santos, Ling Liu, Calton Pu

NSPW 2001

Computational paradigms and protection (DOI)
Simon N. Foley, John P. Morrison

Secure multi-party computation problems and their applications: a review and open problems (DOI)
Wenliang Du, Mikhail J. Atallah

Model-Carrying Code (MCC): a new paradigm for mobile-code security (DOI)
R. Sekar, C. R. Ramakrishnan, I. V. Ramakrishnan, S. A. Smolka

Heterogeneous networking: a new survivability paradigm (DOI)
Yongguang Zhang, Harrick Vin, Lorenzo Alvisi, Wenke Lee, Son K. Dao

Safe and sound: a safety-critical approach to security (DOI)
Sacha Brostoff, M. Angela Sasse

Ontology in information security: a useful theoretical foundation and methodological tool (DOI)
Victor Raskin, Christian F. Hempelmann, Katrina E. Triezenberg, Sergei Nirenburg

AngeL: a tool to disarm computer systems (DOI)
Danilo Bruschi, Emilia Rosti

Survival by defense-enabling (DOI)
Partha Pal, Franklin Webber, Richard Schantz

A trusted process to digitally sign a document (DOI)
Boris Balacheff, Liqun Chen, David Plaquin, Graeme Proudler

NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach (DOI)
Carol Taylor, Jim Alves-Foss

Information security is information risk management (DOI)
Bob Blakley, Ellen McDermott, Dan Geer

The New Security Paradigms Workshop - boom or bust?: a panel (DOI)
Steven J. Greenwald

Position statement for New Security Paradigms Workshop - boom or bust?: neither boom nor bust (DOI)
Hilary H. Hosmer

Tracking influence through citation index comparisons and preliminary case studies panel position statement (DOI)
Mary Ellen Zurko

The New Security Paradigms Workshop - boom or bust?: thinking in an age of instant communication; communicating in a time of reflective thought (DOI)
Marvin Schaefer

A note on proactive password checking (DOI)
Jianxin Jeff Yan

Pretty good persuasion: a first step towards effective password security in the real world (DOI)
Dirk Weirich, Martina Angela Sasse

NSPW 2000

Attack net penetration testing (DOI)
J. P. McDermott

Adversary work factor as a metric for information assurance (DOI)
Gregg Schudel, Bradley Wood

A requires/provides model for computer attacks (DOI)
Steven J. Templeton, Karl Levitt

A new paradigm hidden in steganography (DOI)
Ira S. Moskowitz, Garth E. Longdon, LiWu Chang

Natural language processing for information assurance and security: an overview and implementations (DOI)
Mikhail J. Atallah, Craig J. McDonough, Victor Raskin, Sergei Nirenburg

Disarming offense to facilitate defense (DOI)
Danilo Bruschi, Emilia Rosti

Dynamic analysis of security protocols (DOI)
Alec Yasinsac

Quality of security service (DOI)
Cynthia Irvine, Timothy Levin

Characterizing the behavior of a program using multiple-length N-grams (DOI)
Carla Marceau

Reflections on ratings (DOI)
Kenneth G. Olthoff

Network traffic tracking systems: folly in the large? (DOI)
Thomas E. Daniels, Eugene H. Spafford

Incentives to help stop floods (DOI)
Clifford Kahn

New paradigms in incident management (DOI)
Tom Perrine, Abe Singer

Conduit cascades and secure synchronization (DOI)
Simon N. Foley

Multilateral security a concept and examples for balanced security (DOI)
Kai Rannenberg

NSPW 1999

Secure dynamic adaptive traffic masking (DOI)
Brenda Timmerman

Security architecture-based system design (DOI)
Edward A. Schneider

Survivability—a new technical and business perspective on security (DOI)
Howard F. Lipson, David A. Fisher

Optimistic security: a new access control paradigm (DOI)
Dean Povey

Discussion: strike back: offensive actions in information warfare (DOI)
Donald J. Welch, Nathan Buchheit, Anthony Ruocco

Security service level agreements: quantifiable security for the enterprise? (DOI)
Ronda R. Henning

A cursory examination of market forces driving the use of protection profiles (DOI)
Kenneth G. Olthoff

Report on the discussion of “A cursory examination of market forces driving the common criteria” (DOI)
Kenneth G. Olthoff

Paradigm shifts in protocol analysis (DOI)
Susan Pancho

Secure group management in large distributed systems: what is a group and what does it do? (DOI)
John McHugh, J. Bret Michael

SASI enforcement of security policies: a retrospective (DOI)
Úlfar Erlingsson, Fred B. Schneider

Security modeling in the COTS environment (DOI)
Tom Markham, Dwight Colby, Mary Denz

On the functional relation between security and dependability impairments (DOI)
Erland Jonsson, Lars Strömberg, Stefan Lindskog

Securing information transmission by redundancy (DOI)
Jun Li, Peter Reiher, Gerald Popek

The high assurance brake job—a cautionary tale in five scenes (DOI)
Kenneth G. Olthoff

NSPW 1998

Toward a secure system engineering methodolgy (DOI)
Chris Salter, O. Sami Saydjari, Bruce Schneier, Jim Wallner

Security engineering in an evolutionary acquisition environment (DOI)
Marshall D. Abrams

An integrated framework for security and dependability (DOI)
Erland Jonsson

Meta objects for access control: a formal model for role-based principals (DOI)
Thomas Riechmann, Franz J. Hauck

Evaluating system integrity (DOI)
Simon N. Foley

Prolepsis on the problem of Trojan-horse based integrity attacks (position paper) (DOI)
J. McDermott

Death, taxes, and imperfect software: surviving the inevitable (DOI)
Crispin Cowan, Calton Pu

A graph-based system for network-vulnerability analysis (DOI)
Cynthia Phillips, Laura Painton Swiler

Parsimonious downgrading and decision trees applied to the inference problem (DOI)
LiWu Chang, Ira S. Moskowitz

Server-assisted cryptography (DOI)
Donald Beaver

Discussion topic: what is the old security paradigm? (DOI)
Steven J. Greenwald

Tolerating penetrations and insider attacks by requiring independent corroboration (DOI)
Clifford Kahn

A new model for availability in the face of self-propagating attacks (DOI)
Meng-Jang Lin, Aleta M. Ricciardi, Keith Marzullo

NSPW 1997

Integrating formalism and pragmatism: architectural security (DOI)
Ruth Nelson

A practical approach to security assessment (DOI)
Darrell M. Kienzle, William A. Wulf

Meta objects for access control: extending capability-based security (DOI)
Thomas Riechmann, Franz J. Hauck

A tentative approach to constructing tamper-resistant software (DOI)
Masahiro Mambo, Takanori Murayama, Eiji Okamoto

Three paradigms in computer security (DOI)
Catherine Meadows

Patterns of trust and policy (DOI)
Daniel J. Essin

A distributed trust model (DOI)
Alfarez Abdul-Rahman, Stephen Hailes

An insecurity flow model (DOI)
Ira S. Moskowitz, Myong H. Kang

Principles of a computer immune system (DOI)
Anil Somayaji, Steven Hofmeyr, Stephanie Forrest

Under-specification, composition and emergent properties (DOI)
H. M. Hinton

Protecting routing infrastructures from denial of service using cooperative intrusion detection (DOI)
Steven Cheung, Karl N. Levitt

A security model for dynamic adaptive traffic masking (DOI)
Brenda Timmerman

NSPW 1996

The Emperor's old armor (DOI)
Bob Blakley

Simulated social control for secure Internet commerce (DOI)
Lars Rasmusson, Sverker Jansson

User-centered security (DOI)
Mary Ellen Zurko, Richard T. Simon

A new model of security for distributed systems (DOI)
Wm A. Wulf, Chenxi Wang, Darrell Kienzle

SafeBots: a paradigm for software security controls (DOI)
Robert Filman, Ted Linden

A credibility-based model of computer system security (DOI)
Shaw-Cheng Chuang, Paul Wernick

Developing and using a “policy neutral” access control policy (DOI)
Duane Olawsky, Todd Fine, Edward Schneider, Ray Spencer

Run-time security evaluation: can we afford it? (DOI)
Cristina Serban, Bruce McMillin

A new security policy for distributed resource management and access control (DOI)
Steven J. Greenwald

Access control in federated systems (DOI)
Sabrina De Capitani di Vimercati, Pierangela Samarati

Managing time for service and security (DOI)
Ruth Nelson, Elizabeth Schwartz

Availability policies in an adversarial environment (DOI)
Hilary H. Hosmer

The right type of trust for distributed systems (DOI)
Audun Jøsang

CAPSL: Common Authentication Protocol Specification Language (DOI)
Jonathan K. Millen

Positive feedback and the madness of crowds (DOI)
Hilarie Orman, Richard Schroeppel

Just sick about security (DOI)
Jeff Williams

Fortresses built upon sand (DOI)
Dixie B. Baker

NSPW 1995

Foreward (DOI)
Hilary H. Hosmer

Committees (DOI)

'TSUPDOOD?: Repackaged problems for you and MMI (DOI)
Rebecca G. Bace, Marvin Schaefer

Security for infinite networks (DOI)
Ruth Nelson, Hilary Hosmer

Research issues in authorization models for hypertext systems (DOI)
Elisa Bertino, Pierangela Samarati

Unhelpfulness as a security policy: or it's about time (DOI)
Ruth Nelson

QuARC: expressive security mechanisms (DOI)
John D. Yesberg, Mark S. Anderson

Administration in a multiple policy/domain environment: the administration and melding of disparate policies (DOI)
William R. Ford

Virtual enterprises and the enterprise security architecture (DOI)
Tom Haigh

Software system risk management and assurance (DOI)
Sharon K. Fletcher, Roxana M. Jansma, Judy J. Lim, Ron Halbgewachs, Martin D. Murphy, Gregory D. Wyss

Applying the dependability paradigm to computer security (DOI)
Catherine Meadows

Pretty good assurance (DOI)
Jeffrey R. Williams, Marv Schaefer, Douglas J. Landoll

Credentials for privacy and interoperation (DOI)
Vicki E. Jones, Neil Ching, Marianne Winslett

NSPW 1994

Front Matter

Modeling the “multipolicy machine” (DOI)
D. Elliott Bell

Messages, communication, information security and value (DOI)
John Dobson

New email security infrastructure (DOI)
Martin Ferris

“HIS-Treck -- the next generation”: an introduction to future hospital information systems (DOI)
Thomas L. Lincoln

Healthcare information architecture: elements of a new paradigm (DOI)
Daniel J. Essin, Thomas L. Lincoln

Anomaly detection: a soft computing approach (DOI)
T. Y. Lin

Fuzzy sets and secure computer systems (DOI)
Sergei Ovchinnikov

Formal semantics of confidentiality in multilevel logic databases (DOI)
Adrian Spalka

What is a secret—and—what does that have to do with computer security? (DOI)
Ruth Nelson

A new approach to security system development (DOI)
Silvana Castano, Giancarlo Martella, Pierangela Samarati

Providing non-hierarchical security through interface mechanisms (DOI)
Deborah Hamilton

Designing encryption algorithms for real people (DOI)
Bruce Schneier

A discretionary access control model with temporal authorizations (DOI)
Elisa Bertino, Claudio Bettini, Pierangela Samarati

Versatile integrity and security environment (VISE) for computer systems (DOI)
Charles G. Limoges, Ruth R. Nelson, John H. Heimann, David S. Becker

NSPW 1992 & 1993

Managing complexity in secure networks (DOI)
David Bailey

New security paradigms: what other concepts do we need as well? (DOI)
John Dobson

The multipolicy paradigm for trusted systems (DOI)
Hilary H. Hosmer

An outline of a taxonomy of computer security research and development (DOI)
Catherine Meadows

A new paradigm for trusted systems (DOI)
Dorothy E. Denning

New paradigms for high assurance software (DOI)
John McLean

Confidentiality, integrity, assured service: tying security all together (DOI)
Grace L. Hammonds

Information system security engineering: a spiral approach to revolution (DOI)
Donald M. Howe

A shift in security modeling paradigms (DOI)
James G. Williams

Prospect on security paradigms (DOI)
Leonard J. LaPadula

Integration of formal and heuristic reasoning as a basis for testing and debugging computer security policy (DOI)
J. Bret Michael, Edgar H. Sibley, David C. Littleman

Secure computing with the actor paradigm (DOI)
Bhavani Thuraisingham

Bell and LaPadula axioms: a “new” paradigm for an “old” model (DOI)
T. Y. Lin

Concurrent automata, database computers, and security: a “new” security paradigm for secure parallel processing (DOI)
T. Y. Lin

Application level security using an object-oriented graphical user interface (DOI)
Terry Rooker

The no-policy paradigm: towards a policy-free protocol supporting a secure X Window System (DOI)
Mark Smith

We need to think about the foundations of computer security (DOI)
Marvin Schaefer

The evolved threat paradigm: look who's wearing the black hats! (DOI)
Dixie B. Baker

External consistency in a network environment (DOI)
Leonard J. LaPadula, James G. Williams

Towards a task-based paradigm for flexible and adaptable access control in distributed applications (DOI)
R. K. Thomas, R. S. Sandhu

How responsibility modelling leads to security requirements (DOI)
Ros Strens, John Dobson

Neighborhood data and database security (DOI)
Kioumars Yazdanian, Frédéric Cuppens

Security in an object-oriented database (DOI)
James M. Slack

Computer security by redefining what a computer is (DOI)
Yvo Desmedt

Modelling multidomain security (DOI)
José de J. Vázquez-Gómez

Security is fuzzy!: applying the fuzzy logic paradigm to the multipolicy paradigm (DOI)
Hilary H. Hosmer

Identification and authentication when users have multiple accounts (DOI)
W. R. Shockley

The reference monitor: an idea whose time has come (DOI)
Terry Rooker