NSPW

When organizations deploy file systems with access control mechanisms that prevent users from reliably sharing files with others, these users will inevitably find alternative means to share. Alas, these alternatives rarely provide the same level of ...

We review the intertwined problems of malware and online fraud, and argue that the fact that service providers often are nancially responsible for fraud causes a relative lack of incentives for clients to manage their own security well. This suggests ...

This new paradigm defines security policies on cause-effect relations and models security mechanisms in analogy with pattern recognition classifiers. It augments the arsenal of formal computer security evaluation tools with new techniques. A causality ...

This paper critically surveys previous work on quantitative representation and analysis of security. Such quantified security has been presented as a general approach to precisely assess and control security. We classify a significant part of the work ...

In this position paper we consider the ways in which users can be given control over technology and information, considering the spectrum of design possibilities from 'generative component' solutions, to 'appliance' solutions. We show how security ...

From a cyber-security perspective, attribution is considered to be the ability to determine the originating location for an attack. However, should such an attribution system be developed and deployed, it would provide attribution for all traffic, not ...

Do you believe that more than one single security paradigm exists? We do.

We also believe that we have a major problem because of all these security paradigms: until we find a way to identify and understand how these paradigms restrict our analyses we ...

The modern world increasingly requires us to prove our identity. When this has to be done remotely, as is the case when people make use of web sites, the most popular technique is the password. Unfortunately the profusion of web sites and the associated ...

This paper presents a principled approach to one of the many little studied aspects of computer security which relate to human behavior. Advantages of involving users who usually have strong analytic ability to detect violations and threats but not ...

As threats on the Internet become increasingly sophisticated, we now recognize the value in controlling the routing of data in a manner that ensures security. However, few technical means for achieving this goal exist. In this paper we propose and ...

Networked communication systems and the data they make available have, over the last decades, made their way to the very core of both society and business. Not only do they support everyday life and day-to-day operations, in many cases they enable them ...

It is often suggested that users are hopelessly lazy and unmotivated on security questions. They chose weak passwords, ignore security warnings, and are oblivious to certificates errors. We argue that users' rejection of the security advice they receive ...