Lab Publications

Below is a list of publications co-authored by members of the Carleton Computer Security Lab. Additional publications may be found on individual author web pages. The research page provides a summary of publications organized by subject area.

2012
C. Herley, P.C. van Oorschot. A Research Agenda Acknowledging the Persistence of Passwords. IEEE Security & Privacy Magazine (to appear, 2012).
S. Chiasson, E. Stobert, A. Forget, R. Biddle, P.C. van Oorschot. Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE TDSC (to appear, 2012).
R. Biddle, S. Chiasson, P.C. van Oorschot. Graphical Passwords: Learning from the First Twelve Years. ACM Computing Surveys 44(4), 2012 (to appear, 2012).
2011
T. Jaeger, P.C. van Oorschot, G. Wurster. Countering Unauthorized Code Execution on Commodity Kernels: A Survey of Common Interfaces Allowing Kernel Code Modification. Computers & Security (to appear, 2011 or later).
K. Bicakci, P.C. van Oorschot. A Multi-Word Password Proposal (gridWord) and Exploring Questions about Science in Security Research and Usable Security Evaluation. NSPW 2011, Sept.12-15, Marin County, Calfornia.
M. Alsaleh, M. Mannan, P.C. van Oorschot. Revisiting Defenses Against Large-Scale Online Password Guessing Attacks. DOI: 10.1109/TDSC.2011.24. IEEE TDSC (to appear).
P.C. van Oorschot, G. Wurster. Reducing Unauthorized Modification of Digital Objects. DOI: 10.1109/TSE.2011.7. IEEE Transactions on Software Engineering (to appear, 2011 or later).
R. Biddle, M. Mannan, P.C. van Oorschot, T. Whalen. User Study, Analysis, and Usable Security of Passwords Based on Digital Objects. IEEE TIFS 6(3):970-979, Sept.2011. DOI: 10.1109/TIFS.2011.2116781.
D. Barrera, P.C. van Oorschot. Secure Software Installation on Smartphones. DOI: 10.1109/MSP.2010.202. IEEE Security & Privacy Magazine 9(3):42-48 (May/June 2011).
P.C. van Oorschot, J. Thorpe. Exploiting Predictability in Click-Based Graphical Passwords. DOI: 10.3233/JCS-2010-0411. Journal of Computer Security 19(4): 669-702 (2011).
M. Mannan, P.C. van Oorschot. Leveraging Personal Devices for Stronger Password Authentication from Untrusted Computers. Journal of Computer Security 19(4): 703-750 (2011).
D. Barrera, P.C. van Oorschot. Accommodating IPv6 Addresses in Security Visualization Tools. DOI: 10.1057/ivs.2011.1. Information Visualization 10(2): 107-116 (April 2011).
M. Alsaleh, P.C. van Oorschot. Lightweight Quick and Stateful Network Scanning Detector. ASIACCS 2011.
K. Bicakci, N.B. Atalay, M. Yuceel, P.C. van Oorschot. Exploration and Field Study of a Browser-based Password Manager using Icon-based Passwords. 2nd Workshop on Real-Life Cryptographic Protocols and Standardization (RLCPS'11), 4 March 2011, St. Lucia (co-located with FC 2011); Springer LNCS (to appear).
M. Mannan, D. Barrera, C. D. Brown, D. Lie, P.C. van Oorschot. Mercury: Recovering Forgotten Passwords Using Personal Devices. Financial Cryptography and Data Security, Feb. 2011.
D. Barrera, G. Wurster, P.C. van Oorschot. Back to the Future: Revisiting IPv6 Privacy Extensions. USENIX ;login: 36(1):16-26 (Feb.2011 issue).
2010
E. Stobert, A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle. Exploring Usability Effects of Increasing Security in Click-based Graphical Passwords. ACSAC 2010.
D. Barrera, H.G. Kayacik, P.C. van Oorschot, A. Somayaji. A Methodology for Empirical Analysis of Permission-Based Security Models and Its Application to Android. ACM CCS 2010.
G. Wurster, P.C. van Oorschot. A Control Point for Reducing Root Abuse of File-System Privileges. ACM CCS 2010.
P.C. van Oorschot. System Security, Platform Security and Usability (extended abstract). 5th Annual ACM Workshop on Scalable Trusted Computing (ACM STC'10), 4 October 2010, Chicago.
G. Wurster, P.C. van Oorschot. A Control Point for Reducing Root Abuse of File-System Privileges. ACM CCS. Oct. 2010
@inproceedings{wurster-ccs-10, author = {G. Wurster and P.C. van Oorschot}, title = {A Control Point for Reducing Root Abuse of File-System Privileges}, booktitle = {ACM CCS}, month = {Oct}, year = {2010}, url = {../paper-archive/wurster-ccs-10.pdf} }
P.C. van Oorschot, A. Salehi-Abari, J. Thorpe. Purely Automated Attacks on PassPoints-Style Graphical Passwords. IEEE Trans. Info. Forensics and Security 5(3): 393-405 (Sept.2010).
T. Oda, A. Somayaji. Visual Security Policy for the Web. USENIX HotSec'10 (5th Workshop on Hot Topics in Security). Aug. 2010
@article{oda-HotSec-10, author = {T. Oda and A. Somayaji}, title = {Visual Security Policy for the Web}, year = {2010}, month = {Aug}, journal = {USENIX HotSec'10 (5th Workshop on Hot Topics in Security)}, url = {../paper-archive/oda-hotsec-10.pdf} }
A. Cowperthwaite, A. Somayaji. The Futility of DNSSec. Annual Symposium on Information Security. Jun. 2010
@inproceedings{cowperthwaite-ASIA-10, title = {The Futility of DNSSec}, author = {A. Cowperthwaite and A. Somayaji}, booktitle = {Annual Symposium on Information Security}, pages = {2--8}, month = {Jun}, year = {2010}, url = {../paper-archive/cowperthwaite-asia-10.pdf} }
T. Oda, A. Somayaji. No Web Site Left Behind: Are We Making Web Security Only for the Elite? Web 2.0 Security and Privacy (W2SP). May 2010
@article{oda-W2SP0-10, author = {T. Oda and A. Somayaji}, title = {No Web Site Left Behind: Are We Making Web Security Only for the Elite?}, year = {2010}, month = {May}, journal = {Web 2.0 Security and Privacy (W2SP)}, url = {../paper-archive/oda-w2sp-10.pdf} }
2009
J.A. Muir, P.C. van Oorschot. Internet Geolocation: Evasion and Counterevasion. ACM Computing Surveys (vol.42 no.1, Article 4). Dec. 2009
@article{muir-ComputingSurveys-09, author = {J.A. Muir and P.C. van Oorschot}, title = {Internet Geolocation: Evasion and Counterevasion}, year = {2009}, month = {Dec}, journal = {ACM Computing Surveys (vol.42 no.1, Article 4)}, url = {../paper-archive/muir-computingsurveys-09.pdf} }
S. Chiasson, A. Forget, R. Biddle, P.C. van Oorschot. User Interface Design Affects Security: Patterns in Click-Based Graphical Passwords. Int. J. Inf. Security 8(6):387-398. Dec. 2009
@article{chiasson-JINFS-09, author = {S. Chiasson and A. Forget and R. Biddle and P.C. van Oorschot}, title = {User Interface Design Affects Security: Patterns in Click-Based Graphical Passwords}, year = {2009}, month = {Dec}, journal = {Int. J. Inf. Security 8(6):387-398}, url = {../paper-archive/chiasson-jinfs-09.pdf} }
S. Chiasson, A. Forget, E. Stobert, P.C. van Oorschot, R. Biddle. Multiple Password Interference in Text Passwords and Click-Based Graphical Passwords. ACM CCS. Nov. 2009
@inproceedings{chiasson-CCS-09, author = {S. Chiasson and A. Forget and E. Stobert and P.C. van Oorschot and R. Biddle}, title = {Multiple Password Interference in Text Passwords and Click-Based Graphical Passwords}, booktitle = {ACM CCS}, year = {2009}, month = {Nov}, url = {../paper-archive/chiasson-ccs-09.pdf} }
R. Biddle, P.C. van Oorschot, A.S. Patrick, J. Sobey, T. Whalen. Browser Interfaces and Extended Validation SSL Certificates: An Empirical Study. CCSW: The ACM Cloud Computing Security Workshop. Nov. 2009
@inproceedings{biddle-CCSW-09, author = {R. Biddle and P.C. van Oorschot and A.S. Patrick and J. Sobey and T. Whalen}, title = {Browser Interfaces and Extended Validation SSL Certificates: An Empirical Study}, booktitle = {CCSW: The ACM Cloud Computing Security Workshop}, year = {2009}, month = {Nov}, url = {../paper-archive/biddle-ccsw-09.pdf} }
D. Barrera, P.C. van Oorschot. Security Visualization Tools and IPv6 Addresses. 6th International Workshop on Visualization for Cyber Security (VizSec'09). Oct. 2009
@inproceedings{barrera-VizSec-09, author = {D. Barrera and P.C. van Oorschot}, title = {Security Visualization Tools and IPv6 Addresses}, booktitle = {6th International Workshop on Visualization for Cyber Security (VizSec'09)}, year = {2009}, month = {Oct}, url = {../paper-archive/barrera-vizsec-09.pdf} }
M. Mannan, P.C. van Oorschot. Reducing Threats from Flawed Security APIs: The Banking PIN Case. Computers & Security (vol.28 no.6, pp.410-420). Sep. 2009
@article{mannan-ComSec-09, author = {M. Mannan and P.C. van Oorschot}, title = {Reducing Threats from Flawed Security APIs: The Banking PIN Case}, year = {2009}, month = {Sep}, journal = {Computers & Security (vol.28 no.6, pp.410-420)}, url = {../paper-archive/mannan-comsec-09.pdf} }
Glenn Wurster, P.C. van Oorschot. System Configuration as a Privilege. USENIX HotSec'09. Aug. 2009
@inproceedings{wurster-HotSec-09, author = {Glenn Wurster and P.C. van Oorschot}, title = {System Configuration as a Privilege}, booktitle = {USENIX HotSec'09}, year = {2009}, month = {Aug}, url = {../paper-archive/wurster-hotsec-09.pdf} }
C. Brown, A. Cowperthwaite, A. Hijazi, A. Somayaji. Analysis of the 1999 DARPA/Lincoln Laboratory IDS evaluation data with NetADHICT. IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA'2009). Jul. 2009
@inproceedings{brown-cisda-09, author = {C. Brown and A. Cowperthwaite and A. Hijazi and A. Somayaji}, booktitle = {IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA'2009)}, title = {Analysis of the 1999 DARPA/Lincoln Laboratory IDS evaluation data with NetADHICT}, year = {2009}, month = {Jul}, pages = {1-7}, url = {../paper-archive/brown-cisda-09.pdf} }
P.C. van Oorschot, T. Wan. TwoStep: An Authentication Method Combining Text and Graphical Passwords. MCETECH 2009: 4th International MCETECH Conference on eTechnologies. May 2009
@inproceedings{van-Oorschot-MCETECH-09, author = {P.C. van Oorschot and T. Wan}, title = {TwoStep: An Authentication Method Combining Text and Graphical Passwords}, booktitle = {MCETECH 2009: 4th International MCETECH Conference on eTechnologies}, year = {2009}, month = {May}, url = {../paper-archive/van-Oorschot-MCETECH-09.pdf} }
C. Herley, P.C. van Oorschot, A.S. Patrick. Passwords: If We're So Smart, Why Are We Still Using Them? Financial Cryptography and Data Security (FC 2009). Feb. 2009
@inproceedings{herley-FC-09, author = {C. Herley and P.C. van Oorschot and A.S. Patrick}, title = {Passwords: If We're So Smart, Why Are We Still Using Them?}, booktitle = {Financial Cryptography and Data Security (FC 2009)}, year = {2009}, month = {Feb}, url = {../paper-archive/herley-fc-09.pdf} }
2008
A. Salehi-Abari, J. Thorpe, P.C. van Oorschot. On Purely Automated Attacks and Click-Based Graphical Passwords. 24th Annual Computer Security Applications Conference (ACSAC'08). Dec. 2008
@inproceedings{thorpe-ACSAC-08, author = {A. Salehi-Abari and J. Thorpe and P.C. van Oorschot}, title = {On Purely Automated Attacks and Click-Based Graphical Passwords}, booktitle = {24th Annual Computer Security Applications Conference (ACSAC'08)}, year = {2008}, month = {Dec}, url = {../paper-archive/salehiabari-acsac-08.pdf} }
M. Alsaleh, D. Barrera, P.C. van Oorschot. Improving Security Visualization with Exposure Map Filtering. 24th Annual Computer Security Applications Conference (ACSAC'08). Dec. 2008
@inproceedings{alsaleh-ACSAC-08, author = {M. Alsaleh and D. Barrera and P.C. van Oorschot}, title = {Improving Security Visualization with Exposure Map Filtering}, booktitle = {24th Annual Computer Security Applications Conference (ACSAC'08)}, year = {2008}, month = {Dec}, url = {../paper-archive/alsaleh-acsac-08.pdf} }
D. Nali, P.C. van Oorschot. CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud. European Symposium on Research in Computer Security (ESORICS'08). Oct. 2008
@inproceedings{nali-ESORICS-08, author = {D. Nali and P.C. van Oorschot}, title = {CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud}, booktitle = {European Symposium on Research in Computer Security (ESORICS'08)}, year = {2008}, month = {Oct}, url = {../paper-archive/nali-esorics-08.pdf} }
J. Sobey, R. Biddle, P.C. van Oorschot, A.S. Patrick. Exploring User Reactions to Browser Cues for Extended Validation Certificates. European Symposium on Research in Computer Security (ESORICS'08). Oct. 2008
@inproceedings{sobey-ESORICS-08, author = {J. Sobey and R. Biddle and P.C. van Oorschot and A.S. Patrick}, title = {Exploring User Reactions to Browser Cues for Extended Validation Certificates}, booktitle = {European Symposium on Research in Computer Security (ESORICS'08)}, year = {2008}, month = {Oct}, url = {../paper-archive/sobey-esorics-08.pdf} }
T. Oda, G. Wurster, P.C. van Oorschot, A. Somayaji. SOMA: Mutual Approval for Included Content in Web Pages. ACM Computer and Communications Security (CCS'08). Oct. 2008
@inproceedings{oda-CCS-08, author = {T. Oda and G. Wurster and P.C. van Oorschot and A. Somayaji}, title = {SOMA: Mutual Approval for Included Content in Web Pages}, booktitle = {ACM Computer and Communications Security (CCS'08)}, year = {2008}, month = {Oct}, url = {../paper-archive/oda-ccs-08.pdf} }
S. Chiasson, A. Forget, R. Biddle, P.C. van Oorschot. Influencing Users Towards Better Passwords: Persuasive Cued Click-Points. Human-Computer Interaction (HCI'08). Sep. 2008
@inproceedings{chiasson-HCI-08, author = {S. Chiasson and A. Forget and R. Biddle and P.C. van Oorschot}, title = {Influencing Users Towards Better Passwords: Persuasive Cued Click-Points}, booktitle = {Human-Computer Interaction (HCI'08)}, year = {2008}, month = {Sep}, url = {../paper-archive/chiasson-hci08.pdf} }
M. Mannan, P.C. van Oorschot. Localization of Credential Information to Address Increasingly Inevitable Data Breaches. New Security Paradigms Workshop (NSPW'08). Sep. 2008
@inproceedings{mannan-NSPW-08, author = {M. Mannan and P.C. van Oorschot}, title = {Localization of Credential Information to Address Increasingly Inevitable Data Breaches}, booktitle = {New Security Paradigms Workshop (NSPW'08)}, year = {2008}, month = {Sep}, url = {../paper-archive/mannan-nspw-08.pdf} }
G. Wurster, P.C. van Oorschot. The Developer is the Enemy. New Security Paradigms Workshop (NSPW'08). Sep. 2008
@inproceedings{wurster-NSPW-08, author = {G. Wurster and P.C. van Oorschot}, title = {The Developer is the Enemy}, booktitle = {New Security Paradigms Workshop (NSPW'08)}, year = {2008}, month = {Sep}, url = {../paper-archive/wurster-nspw-08.pdf} }
A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle. Improving Text Passwords Through Persuasion. Symposium on Usable Privacy and Security (SOUPS'08). Jul. 2008
@inproceedings{forget-SOUPS-08, author = {A. Forget and S. Chiasson and P.C. van Oorschot and R. Biddle}, title = {Improving Text Passwords Through Persuasion}, booktitle = {Symposium on Usable Privacy and Security (SOUPS'08)}, year = {2008}, month = {Jul}, url = {../paper-archive/forget-soups08.pdf} }
M. Mannan, P.C. van Oorschot. Digital Objects as Passwords. USENIX HotSec'08 (3rd Workshop on Hot Topics in Security). Jul. 2008
@inproceedings{mannan-HotSec-08, author = {M. Mannan and P.C. van Oorschot}, title = {Digital Objects as Passwords}, booktitle = {USENIX HotSec'08 (3rd Workshop on Hot Topics in Security)}, year = {2008}, month = {Jul}, url = {../paper-archive/mannan-hotsec08.pdf} }
A. Forget, S. Chiasson, P.C. van Oorschot, R. Biddle. Persuasion for Stronger Passwords: Motivation and Pilot Study. Third International Conference on Persuasive Technology. Jun. 2008
@inproceedings{forget-PT-08, author = {A. Forget and S. Chiasson and P.C. van Oorschot and R. Biddle}, title = {Persuasion for Stronger Passwords: Motivation and Pilot Study}, booktitle = {Third International Conference on Persuasive Technology}, year = {2008}, month = {Jun}, url = {../paper-archive/forget-pt08.pdf} }
T. Oda, A. Somayaji, T. White. Content Provider Conflict on the Modern Web. 3rd Annual Symposium on Information Assurance (ASIA'08). Jun. 2008
@inproceedings{oda-ASIA-08, author = {T. Oda and A. Somayaji and T. White}, title = {Content Provider Conflict on the Modern Web}, booktitle = {3rd Annual Symposium on Information Assurance (ASIA'08)}, year = {2008}, month = {Jun}, url = {../paper-archive/oda-asia-08.pdf} }
A. Hijazi, H. Inoue, A. Matrawy, P.C. van Oorschot, A. Somayaji. Discovering Packet Structure through Lightweight Hierarchical Clustering. IEEE International Conference on Communications (ICC'08). May 2008
@inproceedings{hijazi-ICC-08, author = {A. Hijazi and H. Inoue and A. Matrawy and P.C. van Oorschot and A. Somayaji}, title = {Discovering Packet Structure through Lightweight Hierarchical Clustering}, booktitle = {IEEE International Conference on Communications (ICC'08)}, year = {2008}, month = {May}, url = {../paper-archive/hijazi-icc08.pdf} }
M. Mannan, P.C. van Oorschot. Privacy-Enhanced Sharing of Personal Content on the Web. World Wide Web (WWW'08). Apr. 2008
@inproceedings{mannan-WWW-08, author = {M. Mannan and P.C. van Oorschot}, title = {Privacy-Enhanced Sharing of Personal Content on the Web}, booktitle = {World Wide Web (WWW'08)}, year = {2008}, month = {Apr}, url = {../paper-archive/mannan-www08.pdf} }
S. Chiasson, J. Srinivasan, R. Biddle, P. van Oorschot. Centered Discretization with Application to Graphical Passwords. USENIX Usability, Psychology and Security (UPSEC'08). Apr. 2008
@inproceedings{chiasson-UPSEC-08, author = {S. Chiasson and J. Srinivasan and R. Biddle and P. van Oorschot}, title = {Centered Discretization with Application to Graphical Passwords}, booktitle = {USENIX Usability, Psychology and Security (UPSEC'08)}, year = {2008}, month = {Apr}, url = {../paper-archive/chiasson-upsec08.pdf} }
P.C. van Oorschot, J. Thorpe. On Predictive Models and User-Drawn Graphical Passwords. ACM TISSEC, Vol. 10, No. 4. Jan. 2008
@inproceedings{van_Oorschot-Thorpe-TISSEC-08, author = {P.C. van Oorschot and J. Thorpe}, title = {On Predictive Models and User-Drawn Graphical Passwords}, booktitle = {ACM TISSEC, Vol. 10, No. 4}, year = {2008}, month = {Jan}, url = {../paper-archive/DAS_journal_preprint.pdf} }
M. Mannan, P.C. van Oorschot. Weighing Down ``The Unbearable Lightness of PIN Cracking''. Financial Cryptography and Data Security (FC'08). Jan. 2008
@inproceedings{mannan-FC-08, author = {M. Mannan and P.C. van Oorschot}, title = {Weighing Down ``The Unbearable Lightness of PIN Cracking''}, booktitle = {Financial Cryptography and Data Security (FC'08)}, year = {2008}, month = {Jan}, url = {../paper-archive/mannan-fc08.pdf} }
2007
H. Inoue, D. Jansens, A. Hijazi, A. Somayaji. NetADHICT: A Tool for Understanding Network Traffic. Large Installation System Administration Conference (LISA'07). Nov. 2007
@inproceedings{inoue-LISA-07, author = {H. Inoue and D. Jansens and A. Hijazi and A. Somayaji}, title = {NetADHICT: A Tool for Understanding Network Traffic}, booktitle = {Large Installation System Administration Conference (LISA'07)}, year = {2007}, month = {Nov}, url = {../paper-archive/inoue-lisa07.pdf} }
K.L. Ingham, A. Somayaji, J. Burge, Stephanie Forrest. Learning DFA representations of HTTP for protecting web applications. Computer Networks, Vol. 51, No. 5. 2007
@inproceedings{Ingham-CN-07, author = {K.L. Ingham and A. Somayaji and J. Burge and Stephanie Forrest}, title = {Learning DFA representations of HTTP for protecting web applications}, booktitle = {Computer Networks, Vol. 51, No. 5}, year = {2007}, url = {../paper-archive/sdarticle.pdf} }
D. Whyte, P.C. van Oorschot, E. Kranakis. Tracking Darkports for Network Defense. 23rd Annual Computer Security Applications Conference (ACSAC'07). Dec. 2007
@inproceedings{Whyte-ACSAC-07, author = {D. Whyte and P.C. van Oorschot and E. Kranakis}, title = {Tracking Darkports for Network Defense}, booktitle = {23rd Annual Computer Security Applications Conference (ACSAC'07)}, year = {2007}, month = {Dec}, url = {../paper-archive/whyte-acsac07.pdf} }
K.L. Ingham, A. Somayaji. A Methodology for Designing Accurate Anomaly Detection Systems. IFIP/ACM Latin American Networking Conference (LANC'07). Oct. 2007
@inproceedings{ingham-LANC-07, author = {K.L. Ingham and A. Somayaji}, title = {A Methodology for Designing Accurate Anomaly Detection Systems}, booktitle = {IFIP/ACM Latin American Networking Conference (LANC'07)}, year = {2007}, month = {Oct}, url = {../paper-archive/ingham-lanc07.pdf} }
S. Chiasson, P.C. van Oorschot, R. Biddle. Graphical Password Authentication Using Cued Click Points. European Symposium on Research in Computer Security (ESORICS'07). Sep. 2007
@inproceedings{chiasson-ESORICS-07, author = {S. Chiasson and P.C. van Oorschot and R. Biddle}, title = {Graphical Password Authentication Using Cued Click Points}, booktitle = {European Symposium on Research in Computer Security (ESORICS'07)}, year = {2007}, month = {Sep}, url = {../paper-archive/chiasson-esorics07.pdf} }
K. Ingham, H. Inoue. Comparing Anomaly Detection Techniques for HTTP. International Symposium on Recent Advances in Intrusion Detection (RAID'07). Sep. 2007
@inproceedings{Ingham-RAID-07, author = {K. Ingham and H. Inoue}, title = {Comparing Anomaly Detection Techniques for HTTP}, booktitle = {International Symposium on Recent Advances in Intrusion Detection (RAID'07)}, year = {2007}, month = {Sep} }
M. Mannan, P.C. van Oorschot. Security and Usability: The Gap in Real-World Online Banking. New Security Paradigms Workshop (NSPW'07). Sep. 2007
@inproceedings{mannan-NSPW-07, author = {M. Mannan and P.C. van Oorschot}, title = {Security and Usability: The Gap in Real-World Online Banking}, booktitle = {New Security Paradigms Workshop (NSPW'07)}, year = {2007}, month = {Sep}, url = {../paper-archive/mannan-nspw07.pdf} }
D. Nali, P.C. van Oorschot, A. Adler. VideoTicket: Detecting Identity Fraud Attempts via Audiovisual Certificates and Signatures. New Security Paradigms Workshop (NSPW'07). Sep. 2007
@inproceedings{nali-NSPW-07, author = {D. Nali and P.C. van Oorschot and A. Adler}, title = {VideoTicket: Detecting Identity Fraud Attempts via Audiovisual Certificates and Signatures}, booktitle = {New Security Paradigms Workshop (NSPW'07)}, year = {2007}, month = {Sep}, url = {../paper-archive/nali-nspw07.pdf} }
J. Thorpe, P.C. van Oorschot. Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. 16th USENIX Security Symposium. Aug. 2007
@inproceedings{Thorpe-USENIX-07, author = {J. Thorpe and P.C. van Oorschot}, title = {Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords}, booktitle = {16th USENIX Security Symposium}, year = {2007}, month = {Aug}, url = {../paper-archive/usenix07.hotspots.pdf} }
G. Wurster, P.C. van Oorschot. Self-signed Executables: Restricting Replacement of Program Binaries by Malware. USENIX HotSec'07 (2nd Workshop on Hot Topics in Security). Aug. 2007
@inproceedings{wurster-hotsec-07, author = {G. Wurster and P.C. van Oorschot}, title = {Self-signed Executables: Restricting Replacement of Program Binaries by Malware}, booktitle = {USENIX HotSec'07 (2nd Workshop on Hot Topics in Security)}, year = {2007}, month = {Aug}, url = {../paper-archive/wurster-hotsec07.pdf} }
P.C. van Oorschot, T. Wan, E. Kranakis. On Inter-domain Routing Security and Pretty Secure BGP (psBGP). ACM TISSEC, Vol. 10, No. 3. Jul. 2007
@inproceedings{van_Oorschot-Wan-TISSEC-07, author = {P.C. van Oorschot and T. Wan and E. Kranakis}, title = {On Inter-domain Routing Security and Pretty Secure BGP (psBGP)}, booktitle = {ACM TISSEC, Vol. 10, No. 3}, year = {2007}, month = {Jul}, url = {../paper-archive/psBGP-journal-draft.pdf} }
J. Clark, P.C. van Oorschot, C. Adams. Usability of Anonymous Web Browsing: An Examination of Tor Interfaces and Deployability. Symposium on Usable Privacy and Security (SOUPS'07). Jul. 2007
@inproceedings{Clark-SOUPS-07, author = {J. Clark and P.C. van Oorschot and C. Adams}, title = {Usability of Anonymous Web Browsing: An Examination of Tor Interfaces and Deployability}, booktitle = {Symposium on Usable Privacy and Security (SOUPS'07)}, year = {2007}, month = {Jul}, url = {../paper-archive/soups2007.tor.pdf} }
S. Chiasson, Robert Biddle, P.C. van Oorschot. A Second Look at the Usability of Click-Based Graphical Passwords. Symposium on Usable Privacy and Security (SOUPS'07). Jul. 2007
@inproceedings{chiasson-SOUPS-07, author = {S. Chiasson and Robert Biddle and P.C. van Oorschot}, title = {A Second Look at the Usability of Click-Based Graphical Passwords}, booktitle = {Symposium on Usable Privacy and Security (SOUPS'07)}, year = {2007}, month = {Jul}, url = {../paper-archive/soups2007.passpoints-usability.pdf} }
S. Chiasson, R. Biddle, A. Somayaji. Even Experts Deserve Usable Security: Design guidelines for security management systems. Workshop on Usable IT Security Management (USM'07). Jul. 2007
@inproceedings{chiasson-USM-07, author = {S. Chiasson and R. Biddle and A. Somayaji}, title = {Even Experts Deserve Usable Security: Design guidelines for security management systems}, booktitle = {Workshop on Usable IT Security Management (USM'07)}, year = {2007}, month = {Jul}, url = {../paper-archive/Chiasson_DesignGuidelinesForExperts_USM07.pdf} }
H. Inoue, A. Somayaji. Lookahead Pairs and Full Sequences: A Tale of Two Anomaly Detection Methods. 2nd Annual Symposium on Information Assurance. Jun. 2007
@inproceedings{Inoue-ASIA-07, author = {H. Inoue and A. Somayaji}, title = {Lookahead Pairs and Full Sequences: A Tale of Two Anomaly Detection Methods}, booktitle = {2nd Annual Symposium on Information Assurance}, year = {2007}, month = {Jun}, url = {../paper-archive/inoue-albany07.pdf} }
M. Mannan, P. C. van Oorschot. Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer. Financial Cryptography and Data Security (FC'07). Feb. 2007
@inproceedings{mmannan-fc-07, author = {M. Mannan and P. C. van Oorschot}, title = {Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer}, booktitle = {Financial Cryptography and Data Security (FC'07)}, publisher = {Springer-Verlag}, series = {LNCS}, year = {2007}, month = {Feb}, url = {../paper-archive/mmannan-fc-07.pdf} }
2006
D. Whyte, P.C. van Oorschot, E. Kranakis. Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks. 22nd Annual Computer Security Applications Conference (ACSAC'06). Dec. 2006
@inproceedings{Whyte-ACSAC-06, author = {D. Whyte and P.C. van Oorschot and E. Kranakis}, title = {Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks}, booktitle = {22nd Annual Computer Security Applications Conference (ACSAC'06)}, year = {2006}, month = {Dec}, url = {../paper-archive/93.pdf} }
P. C. van Oorschot, S. Stubblebine. On Countering Online Dictionary Attacks with Login Histories and Humans-in-the-Loop. ACM Transactions on Information and System Security (TISSEC). Aug. 2006
@article{pvanoorschot-tissec-06, author = {P. C. van Oorschot and S. Stubblebine}, title = {On Countering Online Dictionary Attacks with Login Histories and Humans-in-the-Loop}, year = {2006}, month = {Aug}, journal = {ACM Transactions on Information and System Security (TISSEC)}, url = {../paper-archive/pvanoorschot-tissec-06.pdf} }
S. Chiasson, P.C. van Oorschot, R. Biddle. A Usability Study and Critique of Two Password Managers. USENIX Security Symposium. Aug. 2006
@inproceedings{chiasson-usenix-06, author = {S. Chiasson, P.C. van Oorschot and R. Biddle}, title = {A Usability Study and Critique of Two Password Managers}, booktitle = {USENIX Security Symposium}, year = {2006}, month = {Aug}, url = {../paper-archive/chiasson-usenix-06.pdf} }
D. Whyte, P.C. van Oorschot, E. Kranakis. Exposure Maps: Removing Reliance on Attribution During Scan Detection. USENIX HotSec'06 (1st Workshop on Hot Topics in Security). Jul. 2006
@inproceedings{whyte-hotsec-06, author = {D. Whyte and P.C. van Oorschot and E. Kranakis}, title = {Exposure Maps: Removing Reliance on Attribution During Scan Detection}, booktitle = {USENIX HotSec'06 (1st Workshop on Hot Topics in Security)}, year = {2006}, month = {Jul}, url = {../paper-archive/whyte-hotsec-06.pdf} }
T. Wan, P.C. van Oorschot. Analysis of BGP Prefix Origins During Google.s May 2005 Outage. Security in Systems and Networks (SSN'06). Apr. 2006
@inproceedings{twan-ssn-06, author = {T. Wan and P.C. van Oorschot}, title = {Analysis of BGP Prefix Origins During Google.s May 2005 Outage}, year = {2006}, month = {Apr}, booktitle = {Security in Systems and Networks (SSN'06)}, url = {../paper-archive/twan-ssn-06.pdf} }
M. Mannan, P. C. van Oorschot. A Protocol for Secure Public Instant Messaging. Financial Cryptography and Data Security (FC'06). Feb. 2006
@inproceedings{mmannan-fc-06, author = {M. Mannan and P. C. van Oorschot}, title = {A Protocol for Secure Public Instant Messaging}, booktitle = {Financial Cryptography and Data Security (FC'06)}, publisher = {Springer-Verlag}, series = {LNCS}, year = {2006}, month = {Feb}, url = {../paper-archive/mmannan-fc-06.pdf} }
P. C. van Oorschot, J.M. Robert, M. Vargas Martin. A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms. International Journal of Information Security. Feb. 2006
@article{pvanoorschot-ijis-06, author = {P. C. van Oorschot and J.M. Robert and M. Vargas Martin}, title = {A Monitoring System for Detecting Repeated Packets with Applications to Computer Worms}, year = {2006}, month = {Feb}, journal = {International Journal of Information Security}, url = {../paper-archive/pvanoorschot-ijis-06.pdf} }
2005
D. Whyte, P.C. van Oorschot, E. Kranakis. Detecting Intra-Enterprise Scanning Worms Based on Address Resolution. Annual Computer Security Applications Conference (ACSAC'05). Dec. 2005
@inproceedings{dwhyte-acsac-05, author = {D. Whyte and P.C. van Oorschot and E. Kranakis}, title = {Detecting Intra-Enterprise Scanning Worms Based on Address Resolution}, year = {2005}, month = {Dec}, booktitle = {Annual Computer Security Applications Conference (ACSAC'05)}, url = {../paper-archive/dwhyte-acsac-05.pdf} }
Y. Li, A. Somayaji. Securing Email Archives through User Modeling. Annual Computer Security Applications Conference (ACSAC'05). Dec. 2005
@inproceedings{yli-acsac-05, author = {Y. Li and A. Somayaji}, title = {Securing Email Archives through User Modeling}, booktitle = {Annual Computer Security Applications Conference (ACSAC'05)}, year = {2005}, month = {Dec}, url = {../paper-archive/yli-acsac-05.pdf} }
E. Hughes, A. Somayaji. Towards Network Awareness. Large Installation System Administration Conference (LISA'05). Dec. 2005
@inproceedings{ehughes-lisa-05, author = {E. Hughes and A. Somayaji}, title = {Towards Network Awareness}, booktitle = {Large Installation System Administration Conference (LISA'05)}, year = {2005}, month = {Dec}, url = {../paper-archive/ehughes-lisa-05.pdf} }
M. Mannan, P. C. van Oorschot. On Instant Messaging Worms, Analysis and Countermeasures. ACM Workshop on Rapid Malcode (WORM'05). Nov. 2005
@inproceedings{mmannan-worm-05, author = {M. Mannan and P. C. van Oorschot}, title = {On Instant Messaging Worms, Analysis and Countermeasures}, year = {2005}, month = {Nov}, address = {Fairfax, VA}, booktitle = {ACM Workshop on Rapid Malcode (WORM'05)}, url = {../paper-archive/mmannan-worm-05.pdf} }
T. Wan, P.C. van Oorschot, E. Kranakis. A Selective Introduction to Border Gateway Protocol (BGP) Security Issues. NATO Advanced Studies Institute on Network Security and Intrusion Detection. Oct. 2005
@inproceedings{twan-nato-05, author = {T. Wan and P.C. van Oorschot and E. Kranakis}, title = {A Selective Introduction to Border Gateway Protocol (BGP) Security Issues}, year = {2005}, month = {Oct}, booktitle = {NATO Advanced Studies Institute on Network Security and Intrusion Detection}, url = {../paper-archive/twan-nato-05.pdf} }
J. Thorpe, P. C. van Oorschot, A. Somayaji. Pass-thoughts: Authenticating With Our Minds. New Security Paradigms Workshop, (NSPW'05). Sep. 2005
@inproceedings{jthorpe-nspw-05, author = {J. Thorpe and P. C. van Oorschot and A. Somayaji}, title = {Pass-thoughts: Authenticating With Our Minds}, year = {2005}, month = {Sep}, booktitle = {New Security Paradigms Workshop, (NSPW'05)}, url = {../paper-archive/jthorpe-nspw-05.pdf} }
P. C. van Oorschot. Message Authentication by Integrity with Public Corroboration. New Security Paradigms Workshop, (NSPW'05). Sep. 2005
@inproceedings{pvanoorschot-nspw-05, author = {P. C. van Oorschot}, title = {Message Authentication by Integrity with Public Corroboration}, year = {2005}, month = {Sep}, booktitle = {New Security Paradigms Workshop, (NSPW'05)}, url = {../paper-archive/pvanoorschot-nspw-05.pdf} }
P. van Oorschot, A. Somayaji, G. Wurster. Hardware-assisted circumvention of self-hashing software tamper resistance. IEEE Transactions on Dependable and Secure Computing. Jun. 2005
@article{pvanoorschot-ieeetdsc-05, author = {P. van Oorschot and A. Somayaji and G. Wurster}, title = {Hardware-assisted circumvention of self-hashing software tamper resistance}, year = {2005}, month = {Jun}, journal = {IEEE Transactions on Dependable and Secure Computing}, url = {../paper-archive/pvanoorschot-ieeetdsc-05.pdf} }
A. Matrawy, P. C. van Oorschot, A. Somayaji. Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management. Applied Cryptography and Network Security (ACNS'05). Jun. 2005
@inproceedings{amatrawy-acns-05, author = {A. Matrawy and P. C. van Oorschot and A. Somayaji}, title = {Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management}, booktitle = {Applied Cryptography and Network Security (ACNS'05)}, year = {2005}, month = {Jun}, pages = {104-121}, url = {../paper-archive/amatrawy-acns-05.pdf} }
G. Wurster, P. van Oorschot, A. Somayaji. A generic attack on checksumming-based software tamper resistance. IEEE Symposium on Security and Privacy. May 2005
@inproceedings{gwurster-ieeesp-05, author = {G. Wurster and P. van Oorschot and A. Somayaji}, title = {A generic attack on checksumming-based software tamper resistance}, year = {2005}, month = {May}, booktitle = {IEEE Symposium on Security and Privacy}, url = {../paper-archive/gwurster-ieeesp-05.pdf} }
D. Whyte, E. Kranakis, P.C. van Oorschot. DNS-based Detection of Scanning Worms in an Enterprise Network. Network and Distributed System Security Symposium (NDSS'05). Feb. 2005
@inproceedings{dwhyte-ndss-05, author = {D. Whyte and E. Kranakis and P.C. van Oorschot}, title = {DNS-based Detection of Scanning Worms in an Enterprise Network}, year = {2005}, month = {Feb}, booktitle = {Network and Distributed System Security Symposium (NDSS'05)}, url = {../paper-archive/dwhyte-ndss-05.pdf} }
P. C. van Oorschot, S. Stubblebine. Countering Identity Theft through Digital Uniqueness, Location Cross-Checking, and Funneling. Financial Cryptography and Data Security (FC'05). Feb. 2005
@inproceedings{pvanoorschot-fc-05, author = {P. C. van Oorschot and S. Stubblebine}, title = {Countering Identity Theft through Digital Uniqueness, Location Cross-Checking, and Funneling}, year = {2005}, month = {Feb}, booktitle = {Financial Cryptography and Data Security (FC'05)}, url = {../paper-archive/pvanoorschot-fc-05.pdf} }
T. Wan, E. Kranakis, P.C. van Oorschot. Pretty Secure BGP. Network and Distributed System Security Symposium (NDSS'05). Feb. 2005
@inproceedings{twan-ndss-05, author = {T. Wan and E. Kranakis and P.C. van Oorschot}, title = {Pretty Secure BGP}, year = {2005}, month = {Feb}, booktitle = {Network and Distributed System Security Symposium (NDSS'05)}, url = {../paper-archive/twan-ndss-05.pdf} }
2004
J. Thorpe, P. C. van Oorschot. Towards Secure Design Choices for Implementing Graphical Passwords. Annual Computer Security Applications Conference (ACSAC'04). Dec. 2004
@inproceedings{jthorpe-acsac-04, author = {J. Thorpe and P. C. van Oorschot}, title = {Towards Secure Design Choices for Implementing Graphical Passwords}, year = {2004}, month = {Dec}, booktitle = {Annual Computer Security Applications Conference (ACSAC'04)}, url = {../paper-archive/jthorpe-acsac-04.pdf} }
M. Mannan, P. C. van Oorschot. Secure Public Instant Messaging: A Survey. Privacy, Security and Trust (PST'04). Oct. 2004
@inproceedings{mmannan-pst-04, author = {M. Mannan and P. C. van Oorschot}, title = {Secure Public Instant Messaging: A Survey}, year = {2004}, month = {Oct}, address = {Fredericton, NB}, booktitle = {Privacy, Security and Trust (PST'04)}, pages = {69--77}, url = {../paper-archive/mmannan-pst-04.pdf} }
T. Wan, E. Kranakis, P.C. van Oorschot. Securing the Destination Sequenced Distance Vector Routing Protocol (S-DSDV). International Conference on Information and Communications Security (ICICS'04). Oct. 2004
@inproceedings{twan-icics-04, author = {T. Wan and E. Kranakis and P.C. van Oorschot}, title = {Securing the Destination Sequenced Distance Vector Routing Protocol (S-DSDV)}, year = {2004}, month = {Oct}, booktitle = {International Conference on Information and Communications Security (ICICS'04)}, url = {../paper-archive/twan-icics-04.pdf} }
J. Thorpe, P. C. van Oorschot. Graphical Dictionaries and the Memorable Space of Graphical Passwords. USENIX Security Symposium. Aug. 2004
@inproceedings{jthorpe-usenix-04, author = {J. Thorpe and P. C. van Oorschot}, title = {Graphical Dictionaries and the Memorable Space of Graphical Passwords}, year = {2004}, month = {Aug}, booktitle = {USENIX Security Symposium}, url = {../paper-archive/jthorpe-usenix-04.pdf} }
T. Wan, E. Kranakis, P.C. van Oorschot. S-RIP: A Secure Distance Vector Routing Protocol. Applied Cryptography and Network Security (ACNS'04). Jun. 2004
@inproceedings{twan-acns-04, author = {T. Wan and E. Kranakis and P.C. van Oorschot}, title = {S-RIP: A Secure Distance Vector Routing Protocol}, year = {2004}, month = {Jun}, booktitle = {Applied Cryptography and Network Security (ACNS'04)}, url = {../paper-archive/twan-acns-04.pdf} }
S. Stubblebine, P. C. van Oorschot. Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-Loop. Financial Cryptography and Data Security (FC'04). Feb. 2004
@inproceedings{pvanoorschot-fc-04, author = {S. Stubblebine and P. C. van Oorschot}, title = {Addressing Online Dictionary Attacks with Login Histories and Humans-in-the-Loop}, year = {2004}, month = {Feb}, booktitle = {Financial Cryptography and Data Security (FC'04)}, url = {../paper-archive/pvanoorschot-fc-04.pdf} }