Quantcast
Channel: Publications of the Laboratory for Education and Research in Secure Systems Engineering (LERSSE)
Browsing all 95 articles
Browse latest View live

Poster: Toward Enabling Secure Web 2.0 Content Sharing Beyond Walled Gardens

Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). In this paper, we...

View Article



Towards Web 2.0 Content Sharing Beyond Walled Gardens

Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). In this presentation,...

View Article

Open Problems in Web 2.0 User Content Sharing

Users need useful mechanisms for sharing their Web 2.0 content with each other in a controlled manner across boundaries of content-hosting and service providers (CSPs). In this paper, we discuss open...

View Article

Revealing Hidden Context: Improving Mental Models of Personal Firewall Users

The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. However, concealing the impact of network context on the security state of the...

View Article

User Centered Design of ITSM Tools

IT Security Management (ITSM) requires collaboration between diverse stakeholders, has an environment of numerous technological and business specializations (is complex), has many issues that need to...

View Article


Towards Enabling Web 2.0 Content Sharing Beyond Walled Gardens

Web 2.0 users have many choices of content-hosting or application-service providers (CSPs). It can be difficult for a user to share content with a set of real-life friends and associates; intended...

View Article

Retrofitting Existing Web Applications with Effective Dynamic Protection...

This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs) without the involvement of application...

View Article

Effectiveness of IT Security Tools in Practice

In today's world, IT security plays a critical role in different organizations, yet little is known about IT security in the context of organizations. This paper addresses this issue based on...

View Article


Revealing Hidden Context: Improving Users' Mental Models of Personal Firewalls

Windows Vista’s personal firewall provides its diverse users with a basic interface that hides many operational details. However, our study of this interface revealed that concealing the impact of...

View Article


Towards Understanding Diagnostic Work During the Detection and Investigation...

This study investigates how security practitioners perform diagnostic work during the identification of security incidents. Based on empirical data from 16 interviews with security practitioners, we...

View Article

A Multi-method Approach for User-centered Design of Identity Management Systems

Identity management (IdM) comprises the processes and infrastructure for the creation, maintenance, and use of digital identities. This includes designating who has access to resources, who grants that...

View Article

Authorization Recycling in RBAC Systems

As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents...

View Article

Authorization Using the Publish-Subscribe Model

Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. As distributed...

View Article


Support for ANSI RBAC in EJB

We analyze access control mechanisms of the Enterprise Java Beans (EJB)architecture and define a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB...

View Article

Secure Web 2.0 Content Sharing Beyond Walled Gardens

Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). In this paper, we...

View Article


Towards Investigating User Account Control Practices in Windows Vista

This poster presents the research plan for investigating user account control practices in Windows Vista. The research will explore end users' behaviours in using user account types acrossWindows Vista...

View Article

Towards Improving the Availability and Performance of Enterprise...

Authorization protects application resources by allowing only authorized entities to access them. Existing authorization solutions are widely based on the request-response model, where a policy...

View Article


A Case Study of Enterprise Identity Management System Adoption in an...

This case study describes the adoption of an enterprise identity management(IdM) system in an insurance organization. We describe the state of the organization before deploying the IdM system, and...

View Article

Towards Developing Usability Heuristics for Evaluation of IT Security...

Evaluating the usability of specific information technology (IT) security tools is challenging. For example, laboratory experiments can have little validity due to the complexity of real-world security...

View Article

Preparation, detection, and analysis: the diagnostic work of IT security...

Purpose — The purpose of this study is to examine security incident response practices of IT security practitioners as a diagnostic work process, including the preparation phase, detection, and...

View Article
Browsing all 95 articles
Browse latest View live




Latest Images