The Socialbot Network: Are Social Botnets Possible?
In this invited piece at the ACM Interactions Magazine, we briefly describe our research into the use, impact, and implications of socialbots on Facebook.
View ArticleSystematically breaking and fixing OpenID security: Formal analysis,...
OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. While the security of the protocol is clearly...
View ArticleKey Challenges in Defending Against Malicious Socialbots
The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. Advances in artificial intelligence make it feasible to design bots...
View ArticleKey Challenges in Defending Against Malicious Socialbots
The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. Advances in artificial intelligence make it feasible to design bots...
View ArticleDesign and Analysis of a Social Botnet
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private...
View ArticleAugur: Aiding Malware Detection Using Large-Scale Machine Learning
We present Augur: a large-scale machine learning system that uses malware static and dynamic analyses to predict the maliciousness of new files. Unlike other machine learning-based malware detection...
View ArticleThe Devil is in the (Implementation) Details: An Empirical Analysis of OAuth...
Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. This web-based single sign-on (SSO) scheme is enabled by OAuth 2.0, a web...
View ArticleSpeculative Authorization
We present Speculative Authorization (SPAN), a prediction technique that reduces authorization latency in enterprise systems. SPAN predicts requests that a system client might make in the near future,...
View ArticleDoes My Password Go up to Eleven? The Impact of Password Meters on Password...
Password meters tell users whether their passwords are "weak" or "strong." We performed a laboratory experiment to examine whether these meters influenced users' password selections when they were...
View ArticleGraph-based Sybil Detection in Social and Information Systems
Sybil attacks in social and information systems have serious security implications. Out of many defence schemes, Graph-based Sybil Detection (GSD) had the greatest attention by both academia and...
View ArticleInvestigating Users' Perspectives of Web Single Sign-On: Conceptual Gaps and...
OpenID and OAuth are open and simple web single sign-on (SSO) protocols that have been adopted by major service providers, and millions of supporting websites. However, the average user's perception of...
View ArticleKnow Your Enemy: The Risk of Unauthorized Access in Smartphones by Insiders
Smartphones store large amounts of sensitive data, such as SMS messages, photos, or email. In this paper, we report the results of a study investigating users’ concerns about unauthorized data access...
View ArticleHeuristics for Evaluating IT Security Management Tools
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. In this paper, we explore how domain specific heuristics are created...
View ArticlePrivacy Aspects of Health Related Information Sharing in Online Social Networks
Online social networks (OSNs) have formed virtual social networks where people meet and share information. Among all shared information, health related information (HRI) has received considerable...
View ArticleSecurity and Privacy in Online Social Networks
Facebook has more monthly active users than almost any nation in the world. Whether one likes it or not, these users spend about 30 minutes daily browsing, posting, messaging, and otherwise socializing...
View ArticleTowards Improving the Usability and Security of Web Single Sign-On Systems
OpenID and OAuth are open and lightweight web single sign-on (SSO) protocols that have been adopted by high-profile identity providers (IdPs), such as Facebook, Google, Microsoft, and Yahoo, and...
View ArticleFinding Influential Neighbors to Maximize Information Diffusion in Twitter
The problem of spreading information is a topic of considerable recent interest, but the traditional influence maximization problem is inadequate for a typical viral marketer who cannot access the...
View ArticleThwarting fake accounts by predicting their victims
Traditional fake account detection systems employed by today's online social networks rely on either features extracted from user activities, or ranks computed from the underlying social graph. We...
View ArticleAccess Review Survey Report
To further understand the state of the practice in access review, and collect quantitative results on how companies perform access review, we conducted a survey of security practitioners. This report...
View ArticleTo Befriend Or Not? A Model of Friend Request Acceptance on Facebook
Accepting friend requests from strangers in Facebook-like online social networks is known to be a risky behavior. Still, empirical evidence suggests that Facebook users often accept such requests with...
View ArticleTo authorize or not authorize: helping users review access policies in...
This work addresses the problem of reviewing complex access policies in an organizational context using two studies. In the first study, we used semi-structured interviews to explore the access review...
View ArticleIntegro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs
Detecting fake accounts in online social networks (OSNs) protects OSN operators and their users from various malicious activities. Most detection mechanisms attempt to predict and classify user...
View ArticleUser-centered design of identity and access management systems
IT security management (ITSM) technologies are important components of IT security in organizations. But there has been little research on how ITSM technologies should incorporate human and social...
View ArticleTowards understanding how users decide about friendship requests in Online...
Accepting friend requests from strangers in Facebook-like online social networks is known to be a risky behavior. Still, empirical evidence suggests that Facebook users often accept such requests with...
View ArticleEngineering Access Control For Distributed Enterprise Systems
Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains...
View Article
