| Date | Paper | Venue | Discussion Lead |
|---|---|---|---|
| Feb. 5 | "Are You Ready to Lock? Understanding User Motivations for Smartphone Locking Behaviors" by Egelman et al. | ACM CCS 2014 | Zeinab Joudaki |
| Feb. 12 | “Security implications of password discretization for click-based graphical passwords" by Zhu et al. | WWW 2013 | Brent MacRae |
| Feb. 19 | Midterm break (no discussion) | -- | |
| Feb. 26 | "Leveraging Variations in Event Sequences in Keystroke-dynamics Authentication Systems" by Syed et al. | IEEE HASE 2014 | TBD |
| Mar. 5 | "Security Analyses of Click-based Graphical Passwords via Image Point Memorability" by Zhu et al. | 2014 ACM SIGSAC | TBD |
| Mar. 12 | "The Password Life Cycle: User Behaviour in Managing Passwords" by Stobert et al. | SOUPS 2014 | Ahmed Dauda |
| Mar. 19 | "Does my password go up to eleven?: the impact of password meters on password selection" by Egelman et al. | CHI 2103 | TBD |
| Mar. 26 | "Preventing Lunchtime Attacks: Fighting Insider Threats With Eye Movement Biometrics" by Eberz et al. | NDSS 2015 | TBD |
| Nov. 22 | "Optimizing Password Composition Policies" by Blocki et al. | EC 2013 | Michael Bourque |
| Nov. 29 | "Control-Alt-Hack: The Design and Evaluation of a Card Game for Computer Security Awareness and Education" by Denning et al. | ACM CCS 2013 | Julie Thorpe |
| Date | Paper | Venue | Discussion Lead |
|---|---|---|---|
| June 3 | "Chip and Skim: cloning EMV cards with the pre-play attack" by Bond et al. | IEEE S&P 2014 | Julie Thorpe |
| June 10 | “An Implicit Author Verification System for Text Messages Based on Gesture Typing Biometrics" by Burgbacher et al. | CHI 2014 | Zeinab Joudaki |
| June 17 | "Analyzing Forged SSL Certificates in the Wild" by Huang et al. | IEEE S&P 2014 | TBD |
| June 24 | “Exploring the Design Space of Graphical Passwords on Smartphones” by Schaub et al. | SOUPS 2013 | Igor Leonardo |
| July 1 | Canada Day (no discussion) | --- | --- |
| July 8 | "Pitfalls in the Automated Strengthening of Passwords" by Schmidt et al. | ACSAC 2013 | Alex Keller |
| July 15 | “Can Long Passwords Be Secure and Usable?” by Shay et al. | CHI 2014 | Chris Bonk |
| July 22 | "Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS" by Bhargavan et al. | IEEE S&P 2014 | Brent MacRae |
| July 29 | "A Study of Graphical Password for Mobile Devices" by Suo et al. | MobiCASE 2013 | Ahmed Dauda |
| Aug. 5 | “A Study of Probabilistic Password Models” by Ma et al. | IEEE S&P 2014 | Julie Thorpe |
| Date | Paper | Venue | Discussion Lead |
|---|---|---|---|
| Nov. 16 | "Leveraging Real-Life Facts to Make Random Passwords More Memorable" by Al-Ameen et al. | ESORICS 2015 | Zeinab Joudaki |
| Nov. 23 | "How to Memorize a Random 60-Bit String” by Ghazvininejad et al. | HLT-NAACL 2015 | TBD |
| Nov. 30 | "Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google" by Bonneau et al. | WWW 2015 | TBD |
| Dec. 7 | "Passwords and the Evolution of Imperfect Authentication" by Bonneau et al. | ACM, 2015 | Julie Thorpe |
| Date | Paper | Venue | Discussion Lead |
|---|---|---|---|
| Sept. 27 | "Looking inside the (Drop) box” by Kholia et al. | WOOT 2013 | Julie Thorpe |
| Oct. 4 | "CASA: Context-Aware Scalable Authentication" by Hayashi et al. | SOUPS 2013 | Zeinab Joudaki |
| Oct. 11 | "Understanding Scam Victims: Seven Principles for Systems Security" by Stajano et al. | Comm. of the ACM 2011 | Alex Keller |
| Oct. 18 | "On The Ecological Validity of a Password Study" by Fahl et al. | SOUPS 2013 | Robert Burden |
| Oct. 25 | "Confused Johnny: When Automatic Encryption Leads to Confusion and Mistakes" by Ruoti et al. | SOUPS 2013 | Frank Ong |
| Nov. 1 | "On the Security of Picture Gesture Authentication" by Zhao et al. | USENIX Security 2013 | Brent MacRae |
| Nov. 8 | “A Historical Examination of Open Source Releases and Their Vulnerabilities” by Edwards et al. | ACM CCS 2012 | Ryan Mohanta |
| Nov. 15 | "Studying the Effect of Human Cognition on User Authentication Tasks" by Belk et al. | UMAP 2013 | Chris Bonk |
| Nov. 22 | "Optimizing Password Composition Policies" by Blocki et al. | EC 2013 | Michael Bourque |
| Nov. 29 | "Control-Alt-Hack: The Design and Evaluation of a Card Game for Computer Security Awareness and Education" by Denning et al. | ACM CCS 2013 | Julie Thorpe |
| Date | Paper | Venue | Discussion Lead |
|---|---|---|---|
| June 13 | “Honeywords: Making Password-Cracking Detectable” by Juels et al. | Unpublished draft 2013 | Julie Thorpe |
| June 20 | "A Survey of Game Theory as Applied to Network Security," by Roy et al., | HICSS 2010 | Alex Keller |
| June 27 | "Cracking Associative Passwords" by Helkala et al. | NordSec 2012 | Christopher Bonk |
| Dec. 7 | "Passwords and the Evolution of Imperfect Authentication" by Bonneau et al. | ACM, 2015 | Julie Thorpe |
| Date | Paper | Venue | Discussion Lead |
|---|---|---|---|
| Jan. 31 | “Increasing the Security of Gaze-Based Cued-Recall Graphical Passwords Using Saliency Masks” by Bulling et al. | CHI 2012 | Abel Bacchus |
| Feb. 7 | “Building Better Passwords using Probabilistic Techniques” by Houshmand et al. | ACSAC 2012 | Christopher Bonk |
| Feb. 14 | "The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems” by Sun et al. | ACM CCS 2012 | Cate Dillon |
| Feb. 21 | -- | -- | -- |
| Feb. 28 | "Computing Arbitrary Functions of Encrypted Data" by Gentry et al. | Communications of the ACM 2010 | Alexander Keller |
| Mar. 7 | "Authentication at Scale" by Grosse et al. | IEEE Security & Privacy 2013 | Zeinab Joudaki |
| Mar. 14 | “User Study, Analysis, and Usable Security of Passwords Based on Digital Objects” by Biddle et al. | IEEE TIFS 2011 | Julie Thorpe |
| Mar. 21 | "User-driven access control: Rethinking permission granting in modern operating systems" by Roesner et al. | IEEE Symposium on Security and Privacy 2012 | Akisanmi Oluwatoyosi |
| Mar. 28 | “The Socialbot Network: When Bots Socialize for Fame and Money.” by Boshmaf et al. | ACSAC 2011 | Milad Ghaznavi |
| April. 4 | “Tapas: Design, Implementation, and Usability Evaluation of a Password Manager” by McCarney et al. | ACSAC 2012 | Frank Ong |
| Date | Paper | Venue | Discussion Lead |
|---|---|---|---|
| Oct. 4 | "How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation" by Ur et al. | USENIX Security 2012 | Julie Thorpe |
| Oct. 11 | "Correct horse battery staple: Exploring the usability of system-assigned passphrases" by Shay et al. | SOUPS 2012 | Christopher Bonk |
| Oct. 18 | “Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks” by Bojinov et al. | USENIX Security 2012 | Zeinab Joudaki |
| Oct. 25 | "On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces” by Martinovic et al. | USENIX Security 2012 | Geoff Vaughan |
| Nov. 1 | --- | --- | --- |
| Nov. 8 | "Computing machinery and intelligence” by Turing | MIND 1950 | Alexander Keller |
| Nov. 15 | "Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion" by Xu et al. | USENIX Security 2012 | TBD |
| Nov. 22 | “Balancing Usability and Security in a Video Captcha” by Kluever et al. | SOUPS 2009 | TBD |
| Nov. 29 | "Point-and-Shoot Security Design: Can We Build Better Tools for Developers?" by Türpe | NSPW 2012 | Abel Bacchus |
| Dec. 6 | "Before We Knew It. An Empirical Study of Zero-Day Exploits in the Real World” by Bilge et al. | ACM CCS 2012 | Miguel Vargas Martin |
| Date | Paper | Venue | Discussion Lead |
|---|---|---|---|
| May 24 | "The science of guessing: analyzing an anonymized corpus of 70 million passwords" by Bonneau | IEEE Symposium on Security and Privacy 2012 | Julie Thorpe |
| May 31 | "A birthday present every eleven wallets? The security of customer-chosen banking PINs" by Bonneau et al. | Financial Cryptography 2012 | Rafael Veras Guimaraes |
| June 7 | "Why do programmers make security errors?" by Xie et al. | Visual Languages and Human-Centric Computing 2011 | Geoff Vaughan |
| June 14 | "The quest to replace passwords: A framework for comparative evaluation of web authentication schemes" by Bonneau et al. | IEEE Symposium on Security and Privacy 2012 | Chris Bonk |
| June 21 | "Multi-vendor penetration testing in the advanced metering infrastructure" by McLaughlin et al. | ACSAC 2010 | Alexander Keller |
| June 28 | "Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms" by Kelley et al. | IEEE Symposium on Security and Privacy 2012 | Brent MacRae |
| July 5 | "Evaluating interactive support for secure programming" by Xie et al. | CHI 2012 | Ricardo Rodriguez Garcia |
| July 12 | "Signing me onto your accounts through Facebook and Google: a traffic-guided security study of commercially deployed single-sign-on web services" by Wang et al. | IEEE Symposium on Security and Privacy 2012 | Cate Dillon |
| July 19 | --- | --- | --- |
| July 26 | "Protecting consumer privacy from electric load monitoring" by McLaughlin et al. | ACM CCS 2011 | TBD |
| August 2 | "Prudent practices for designing malware experiments: status quo and outlook" by Rossow et al. | IEEE Symposium on Security and Privacy 2012 | TBD |
| Date | Paper | Venue | Discussion Lead |
|---|---|---|---|
| Jan. 26 | A Study of Android Application Security by Enck et al. | USENIX Security 2011 | Julie Thorpe |
| Feb. 2 | On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings by Sotirakopoulos et al. | SOUPS 2011 | Ricardo Rodriguez Garcia |
| Feb. 9 | Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism by Chiasson et al. | TDSC 2012 (to appear) | Christopher Bonk |
| Feb. 16 | GuardRails: A Data-Centric Web Application Security Framework by Burket et al. | USENIX WebApps 2011 | Ricardo Rodriguez Garcia |
| Feb. 23 | -- | -- | -- |
| Mar. 1 | Battling the Internet Water Army: Detection of Hidden Paid Posters by Chen et al., | arXiv.org (not yet refereed) | Daniel Snider |
| Mar. 8 | The True Cost of Unusable Password Policies: Password Use in the Wild by Inglesant et al. | CHI 2010 | Arie Frohlich |
| Mar. 15 | Exploring the Relationship Between Web Application Development Tools and Security by Finifter et al. | USENIX WebApps 2011 | Ricardo Rodriguez Garcia |
| Mar. 22 | Televisions, Video Privacy, and Powerline Electromagnetic Interference by Enev et al. | ACM CCS 2011 | -- |
| Mar. 29 | What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID by Sun et al. | SOUPS 2011 | Robert Burden |
| Apr. 5 | iSpy: Automatic Reconstruction of Typed Input from Compromising Reflections by Raguram et al. | ACM CCS 2011 | Jeff Hickson |
| Oct. 6 | A Research Agenda Acknowledging the Persistence of Passwords by Herley et al. | IEEE Security & Privacy Magazine (to appear) | Julie Thorpe |
|---|---|---|---|
| Oct. 13 | Idea: Interactive Support for Secure Software Development by Xie et al. | Engineering Secure Software and Systems (ESSoS) 2011 | Ricardo Rodriguez Garcia |
| Oct. 20 | Measuring Pay-per-Install: The Commoditization of Malware Distribution by Caballero et al. | USENIX Security 2011 | TBA |
| Oct. 27 | Forensic Triage for Mobile Phones with DEC0DE by Walls et al. | USENIX Security 2011 | TBA |
| Nov. 3 | Fortifying Web-Based Applications Automatically by Tang et al. | ACM CCS 2011 | Ricardo Rodriguez Garcia |
| Nov. 10 | What's in a name? Evaluating Statistical Attacks on Personal Knowledge Questions by Bonneau et al. | Financial Cryptography 2010 | TBA |
| Nov. 17 | deSEO: Combating Search-Result Poisoning by John et al. | USENIX Security 2011 | TBA |
| Nov. 24 | Static Detection of Access Control Vulnerabilities in Web Applications by Sun et al. | USENIX Security 2011 | TBA |
| Dec. 1 | A Framework for Reasoning About the Human in the Loop by Cranor | USENIX UPSEC 2008 | TBA |
| Date | Paper | Conference | Discussion Lead |
|---|---|---|---|
| May 26 | Of Passwords and People: Measuring the Effect of Password-Composition Policies by Komanduri et al. | CHI 2011 | Jeff Hickson |
| June 2 | APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services by Zhu et al. | INFOCOM 2011 | Xiaodong Lin |
| June 9 | No discussion to be held. | -- | -- |
| June 16 | Two CHI notes: (1) A Diary Study of Password Usage in Daily Life by Hayashi et al. and (2) Exploring Implicit Memory for Painless Password Recovery by Denning et al. | CHI 2011 | Julie Thorpe |
| June 23 | Toward Automated Detection of Logic Vulnerabilites in Web Applications by Felmetsger et al. | USENIX Security 2010 | Xiaodong Lin |
| June 30 | Mobile Security Catching Up? - Revealing the nuts and bolts of the security of mobile devices by Becher et al. | IEEE Oakland 2011 | TBD |
| July 7 | MARASIM: A Novel Jigsaw Based Authentication Scheme Using Tagging by Khot et al. | CHI 2011 | Zahid Dhanani |
| July 14 | Automated Analysis of Security-Critical JavaScript APIs by Taly et al. | IEEE Oakland 2011 | Ricardo Rodriguez Garcia |
| July 21 | I Still Know What You Visited Last Summer: User interaction and Side-channel Attacks on Browsing History by Weinberg et al. | IEEE Oakland 2011 | Julie Thorpe |
| July 28 | Security through a different kind of obscurity: Evaluating Distortion in Graphical Authentication Schemes by Hayashi et al. | CHI 2011 | Robert Burden |
| August 4 | Using Fingerprint Authentication to Reduce System Security: An Empirical Study by Wimberly et al. | IEEE Oakland 2011 | Julie Thorpe |
| Date | Paper | Conference | Discussion Lead |
|---|---|---|---|
| Jan. 24 | Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords by Weir et al. | ACM CCS 2010 | Julie Thorpe |
| Jan. 31 | All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution by Schwartz et al. | IEEE Oakland 2010 | Ricardo Rodriguez Garcia |
| Feb. 7 | The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis by Zhang et al. | ACM CCS 2010 | Julie Thorpe |
| Feb. 14 | SCiFI - A System for Secure Face Identification by Osadchy et al. | IEEE Oakland 2010 | Khalil El-Khatib |
| Feb. 28 | VEX: Vetting Browser Extensions for Security Vulnerabilities by Bandhakavi et al. | USENIX Security 2010 | Julie Thorpe |
| Mar. 7 | State of the Art: Automated Black-Box Web Application Vulnerability Testing by Bau et al. | IEEE Oakland 2010 | Daniel Da Silva |
| Mar. 14 | TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection by Wang et al. | IEEE Oakland 2010 | Ricardo Rodriguez Garcia |
| Mar. 21 | Outside the Closed World: On Using Machine Learning For Network Intrusion Detection by Sommer et al. | IEEE Oakland 2010 | Miguel Vargas Martin |
| Mar. 28 | An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications by Jang et al. | ACM CCS 2010 | Kyle Ferreira |
| Apr. 4 | On the Incoherencies in Web Browser Access Control Policies by Singh et al. | IEEE Oakland 2010 | Miguel Vargas Martin |
| Apr. 11 | Toward Automated Detection of Logic Vulnerabilites in Web Applicaitons by Felmetsger et al. | USENIX Security 2010 | Xiaodong Lin |