Security Reading Group

DatePaperVenueDiscussion Lead
Feb. 5"Are You Ready to Lock? Understanding User Motivations for Smartphone Locking Behaviors" by Egelman et al.ACM CCS 2014Zeinab Joudaki
Feb. 12“Security implications of password discretization for click-based graphical passwords" by Zhu et al.WWW 2013Brent MacRae
Feb. 19Midterm break (no discussion)--
Feb. 26"Leveraging Variations in Event Sequences in Keystroke-dynamics Authentication Systems" by Syed et al.IEEE HASE 2014TBD
Mar. 5"Security Analyses of Click-based Graphical Passwords via Image Point Memorability" by Zhu et al.2014 ACM SIGSACTBD
Mar. 12"The Password Life Cycle: User Behaviour in Managing Passwords" by Stobert et al.SOUPS 2014Ahmed Dauda
Mar. 19"Does my password go up to eleven?: the impact of password meters on password selection" by Egelman et al.CHI 2103TBD
Mar. 26"Preventing Lunchtime Attacks: Fighting Insider Threats With Eye Movement Biometrics" by Eberz et al.NDSS 2015TBD
Nov. 22"Optimizing Password Composition Policies" by Blocki et al.EC 2013Michael Bourque
Nov. 29"Control-Alt-Hack: The Design and Evaluation of a Card Game for Computer Security Awareness and Education" by Denning et al.ACM CCS 2013Julie Thorpe
DatePaperVenueDiscussion Lead
June 3"Chip and Skim: cloning EMV cards with the pre-play attack" by Bond et al.IEEE S&P 2014Julie Thorpe
June 10“An Implicit Author Verification System for Text Messages Based on Gesture Typing Biometrics" by Burgbacher et al.CHI 2014Zeinab Joudaki
June 17"Analyzing Forged SSL Certificates in the Wild" by Huang et al.IEEE S&P 2014TBD
June 24“Exploring the Design Space of Graphical Passwords on Smartphones” by Schaub et al.SOUPS 2013Igor Leonardo
July 1Canada Day (no discussion)------
July 8"Pitfalls in the Automated Strengthening of Passwords" by Schmidt et al.ACSAC 2013Alex Keller
July 15“Can Long Passwords Be Secure and Usable?” by Shay et al.CHI 2014Chris Bonk
July 22"Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS" by Bhargavan et al.IEEE S&P 2014Brent MacRae
July 29"A Study of Graphical Password for Mobile Devices" by Suo et al.MobiCASE 2013Ahmed Dauda
Aug. 5“A Study of Probabilistic Password Models” by Ma et al.IEEE S&P 2014Julie Thorpe
DatePaperVenueDiscussion Lead
Nov. 16"Leveraging Real-Life Facts to Make Random Passwords More Memorable" by Al-Ameen et al.ESORICS 2015Zeinab Joudaki
Nov. 23"How to Memorize a Random 60-Bit String” by Ghazvininejad et al.HLT-NAACL 2015TBD
Nov. 30"Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google" by Bonneau et al.WWW 2015TBD
Dec. 7"Passwords and the Evolution of Imperfect Authentication" by Bonneau et al.ACM, 2015Julie Thorpe
DatePaperVenueDiscussion Lead
Sept. 27"Looking inside the (Drop) box” by Kholia et al.WOOT 2013Julie Thorpe
Oct. 4"CASA: Context-Aware Scalable Authentication" by Hayashi et al.SOUPS 2013Zeinab Joudaki
Oct. 11"Understanding Scam Victims: Seven Principles for Systems Security" by Stajano et al.Comm. of the ACM 2011Alex Keller
Oct. 18"On The Ecological Validity of a Password Study" by Fahl et al.SOUPS 2013Robert Burden
Oct. 25"Confused Johnny: When Automatic Encryption Leads to Confusion and Mistakes" by Ruoti et al.SOUPS 2013Frank Ong
Nov. 1"On the Security of Picture Gesture Authentication" by Zhao et al.USENIX Security 2013Brent MacRae
Nov. 8“A Historical Examination of Open Source Releases and Their Vulnerabilities” by Edwards et al.ACM CCS 2012Ryan Mohanta
Nov. 15"Studying the Effect of Human Cognition on User Authentication Tasks" by Belk et al.UMAP 2013Chris Bonk
Nov. 22"Optimizing Password Composition Policies" by Blocki et al.EC 2013Michael Bourque
Nov. 29"Control-Alt-Hack: The Design and Evaluation of a Card Game for Computer Security Awareness and Education" by Denning et al.ACM CCS 2013Julie Thorpe
DatePaperVenueDiscussion Lead
June 13“Honeywords: Making Password-Cracking Detectable” by Juels et al.Unpublished draft 2013Julie Thorpe
June 20"A Survey of Game Theory as Applied to Network Security," by Roy et al.,HICSS 2010Alex Keller
June 27"Cracking Associative Passwords" by Helkala et al.NordSec 2012Christopher Bonk
Dec. 7"Passwords and the Evolution of Imperfect Authentication" by Bonneau et al.ACM, 2015Julie Thorpe
DatePaperVenueDiscussion Lead
Jan. 31“Increasing the Security of Gaze-Based Cued-Recall Graphical Passwords Using Saliency Masks” by Bulling et al.CHI 2012Abel Bacchus
Feb. 7“Building Better Passwords using Probabilistic Techniques” by Houshmand et al.ACSAC 2012Christopher Bonk
Feb. 14"The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems” by Sun et al.ACM CCS 2012Cate Dillon
Feb. 21------
Feb. 28"Computing Arbitrary Functions of Encrypted Data" by Gentry et al.Communications of the ACM 2010Alexander Keller
Mar. 7"Authentication at Scale" by Grosse et al.IEEE Security & Privacy 2013Zeinab Joudaki
Mar. 14“User Study, Analysis, and Usable Security of Passwords Based on Digital Objects” by Biddle et al.IEEE TIFS 2011Julie Thorpe
Mar. 21"User-driven access control: Rethinking permission granting in modern operating systems" by Roesner et al.IEEE Symposium on Security and Privacy 2012Akisanmi Oluwatoyosi
Mar. 28“The Socialbot Network: When Bots Socialize for Fame and Money.” by Boshmaf et al.ACSAC 2011Milad Ghaznavi
April. 4“Tapas: Design, Implementation, and Usability Evaluation of a Password Manager” by McCarney et al.ACSAC 2012Frank Ong
DatePaperVenueDiscussion Lead
Oct. 4"How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation" by Ur et al.USENIX Security 2012Julie Thorpe
Oct. 11"Correct horse battery staple: Exploring the usability of system-assigned passphrases" by Shay et al.SOUPS 2012Christopher Bonk
Oct. 18“Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks” by Bojinov et al.USENIX Security 2012Zeinab Joudaki
Oct. 25"On the Feasibility of Side-Channel Attacks with Brain-Computer Interfaces” by Martinovic et al.USENIX Security 2012Geoff Vaughan
Nov. 1---------
Nov. 8"Computing machinery and intelligence” by TuringMIND 1950Alexander Keller
Nov. 15"Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion" by Xu et al.USENIX Security 2012TBD
Nov. 22“Balancing Usability and Security in a Video Captcha” by Kluever et al.SOUPS 2009TBD
Nov. 29"Point-and-Shoot Security Design: Can We Build Better Tools for Developers?" by TürpeNSPW 2012Abel Bacchus
Dec. 6"Before We Knew It. An Empirical Study of Zero-Day Exploits in the Real World” by Bilge et al.ACM CCS 2012Miguel Vargas Martin
DatePaperVenueDiscussion Lead
May 24"The science of guessing: analyzing an anonymized corpus of 70 million passwords" by BonneauIEEE Symposium on Security and Privacy 2012Julie Thorpe
May 31"A birthday present every eleven wallets? The security of customer-chosen banking PINs" by Bonneau et al.Financial Cryptography 2012Rafael Veras Guimaraes
June 7"Why do programmers make security errors?" by Xie et al.Visual Languages and Human-Centric Computing 2011Geoff Vaughan
June 14"The quest to replace passwords: A framework for comparative evaluation of web authentication schemes" by Bonneau et al.IEEE Symposium on Security and Privacy 2012Chris Bonk
June 21"Multi-vendor penetration testing in the advanced metering infrastructure" by McLaughlin et al.ACSAC 2010Alexander Keller
June 28"Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms" by Kelley et al.IEEE Symposium on Security and Privacy 2012Brent MacRae
July 5"Evaluating interactive support for secure programming" by Xie et al.CHI 2012Ricardo Rodriguez Garcia
July 12"Signing me onto your accounts through Facebook and Google: a traffic-guided security study of commercially deployed single-sign-on web services" by Wang et al.IEEE Symposium on Security and Privacy 2012Cate Dillon
July 19---------
July 26"Protecting consumer privacy from electric load monitoring" by McLaughlin et al.ACM CCS 2011TBD
August 2"Prudent practices for designing malware experiments: status quo and outlook" by Rossow et al.IEEE Symposium on Security and Privacy 2012TBD
DatePaperVenueDiscussion Lead
Jan. 26A Study of Android Application Security by Enck et al.USENIX Security 2011Julie Thorpe
Feb. 2On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings by Sotirakopoulos et al.SOUPS 2011Ricardo Rodriguez Garcia
Feb. 9Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism by Chiasson et al.TDSC 2012 (to appear)Christopher Bonk
Feb. 16GuardRails: A Data-Centric Web Application Security Framework by Burket et al.USENIX WebApps 2011Ricardo Rodriguez Garcia
Feb. 23------
Mar. 1Battling the Internet Water Army: Detection of Hidden Paid Posters by Chen et al., (not yet refereed)Daniel Snider
Mar. 8The True Cost of Unusable Password Policies: Password Use in the Wild by Inglesant et al.CHI 2010Arie Frohlich
Mar. 15Exploring the Relationship Between Web Application Development Tools and Security by Finifter et al.USENIX WebApps 2011Ricardo Rodriguez Garcia
Mar. 22Televisions, Video Privacy, and Powerline Electromagnetic Interference by Enev et al.ACM CCS 2011--
Mar. 29What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID by Sun et al.SOUPS 2011Robert Burden
Apr. 5iSpy: Automatic Reconstruction of Typed Input from Compromising Reflections by Raguram et al.ACM CCS 2011Jeff Hickson
Oct. 6A Research Agenda Acknowledging the Persistence of Passwords by Herley et al.IEEE Security & Privacy Magazine (to appear)Julie Thorpe
Oct. 13Idea: Interactive Support for Secure Software Development by Xie et al.Engineering Secure Software and Systems (ESSoS) 2011Ricardo Rodriguez Garcia
Oct. 20Measuring Pay-per-Install: The Commoditization of Malware Distribution by Caballero et al.USENIX Security 2011TBA
Oct. 27Forensic Triage for Mobile Phones with DEC0DE by Walls et al.USENIX Security 2011TBA
Nov. 3Fortifying Web-Based Applications Automatically by Tang et al.ACM CCS 2011Ricardo Rodriguez Garcia
Nov. 10What's in a name? Evaluating Statistical Attacks on Personal Knowledge Questions by Bonneau et al.Financial Cryptography 2010TBA
Nov. 17deSEO: Combating Search-Result Poisoning by John et al.USENIX Security 2011TBA
Nov. 24Static Detection of Access Control Vulnerabilities in Web Applications by Sun et al.USENIX Security 2011TBA
Dec. 1A Framework for Reasoning About the Human in the Loop by CranorUSENIX UPSEC 2008TBA
DatePaperConferenceDiscussion Lead
May 26Of Passwords and People: Measuring the Effect of Password-Composition Policies by Komanduri et al.CHI 2011Jeff Hickson
June 2APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services by Zhu et al.INFOCOM 2011Xiaodong Lin
June 9No discussion to be held.----
June 16Two CHI notes: (1) A Diary Study of Password Usage in Daily Life by Hayashi et al. and (2) Exploring Implicit Memory for Painless Password Recovery by Denning et al.CHI 2011Julie Thorpe
June 23Toward Automated Detection of Logic Vulnerabilites in Web Applications by Felmetsger et al.USENIX Security 2010Xiaodong Lin
June 30Mobile Security Catching Up? - Revealing the nuts and bolts of the security of mobile devices by Becher et al.IEEE Oakland 2011TBD
July 7MARASIM: A Novel Jigsaw Based Authentication Scheme Using Tagging by Khot et al.CHI 2011Zahid Dhanani
July 14Automated Analysis of Security-Critical JavaScript APIs by Taly et al.IEEE Oakland 2011Ricardo Rodriguez Garcia
July 21I Still Know What You Visited Last Summer: User interaction and Side-channel Attacks on Browsing History by Weinberg et al.IEEE Oakland 2011Julie Thorpe
July 28Security through a different kind of obscurity: Evaluating Distortion in Graphical Authentication Schemes by Hayashi et al.CHI 2011Robert Burden
August 4Using Fingerprint Authentication to Reduce System Security: An Empirical Study by Wimberly et al.IEEE Oakland 2011Julie Thorpe
DatePaperConferenceDiscussion Lead
Jan. 24Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords by Weir et al.ACM CCS 2010Julie Thorpe
Jan. 31All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution by Schwartz et al.IEEE Oakland 2010Ricardo Rodriguez Garcia
Feb. 7The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis by Zhang et al.ACM CCS 2010Julie Thorpe
Feb. 14SCiFI - A System for Secure Face Identification by Osadchy et al.IEEE Oakland 2010Khalil El-Khatib
Feb. 28VEX: Vetting Browser Extensions for Security Vulnerabilities by Bandhakavi et al.USENIX Security 2010Julie Thorpe
Mar. 7State of the Art: Automated Black-Box Web Application Vulnerability Testing by Bau et al.IEEE Oakland 2010Daniel Da Silva
Mar. 14TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection by Wang et al.IEEE Oakland 2010Ricardo Rodriguez Garcia
Mar. 21Outside the Closed World: On Using Machine Learning For Network Intrusion Detection by Sommer et al.IEEE Oakland 2010Miguel Vargas Martin
Mar. 28An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications by Jang et al.ACM CCS 2010Kyle Ferreira
Apr. 4On the Incoherencies in Web Browser Access Control Policies by Singh et al.IEEE Oakland 2010Miguel Vargas Martin
Apr. 11Toward Automated Detection of Logic Vulnerabilites in Web Applicaitons by Felmetsger et al.USENIX Security 2010Xiaodong Lin