As of January 2014, I’m serving on the editorial board of Elsevier’s Computers & Security journal. Apparently, it is the official journal of Technical Committee 11 (computer security) of the International Federation for Information Processing (IFIP). The journal is in its 29th year, which makes it one of the oldest archival publications in the field of computer security. One of the main goals of the editorial board nowadays is to arrange quality reviews with quick turn-around.
After about 18 months of work, the Internet Voting Panel I served on has released its final report on February 12 and
submitted it to the Legislative Assembly of British Columbia. The report contains the panel’s conclusions and recommendations, and summarizes the benefits and challenges of implementing Internet voting for provincial or local government elections in B.C. On October 23, 2013 the panel published a Preliminary Report for a six-week public comment period, ending on December 4, 2013. The panel reviewed the commentary, including additional submissions from experts, academics and vendors in the Internet voting community. The report can be found on the panel’s web site.
There are two Ph.D. student positions available at my research group LERSSE. Ph.D. students are accepted with full support in the form of research assistantships and positions are available for starting in September 2014.
The Internet Voting Panel I’m serving on has released its preliminary report on October 23rd and is soliciting comments from the public. The report can be found on the panel’s web site. The comments are due before December 4.
My department has made a short introductory video-clip about my research group LERSSE. For those who won’t read papers but still want to get an idea about what kind of research my graduate students do, just sit back and enjoy this 3-minute long summary.
Password meters tell users whether their passwords are “weak” or “strong.” In this paper, we report on a laboratory experiment to examine whether these meters influenced users’ password selections when they were forced to change their real passwords, and when they were not told that their passwords were the subject of a study. We observed that the presence of meters yielded significantly stronger passwords. We then performed a followup field experiment to test a different scenario: creating a password for an unimportant account. In this scenario, we found that the meters made no observable difference: participants simply reused weak passwords that they used to protect similar low-risk accounts. We conclude that meters result in stronger passwords when users are forced to change existing passwords on “important” accounts and that individual meter design decisions likely have a marginal impact.
More details are in the paper, which will be presented at CHI ’13 held April 27-May 3.
This term, I’m teaching a graduate seminar-based course on security and privacy in online social networks. Students in the course are reading, presenting, critiquing, and discussing most significant and most recent papers from top venues on the subject. They also do a project related to security and write a term paper based on it. More information about can be found at the course web site.
This work addresses the problem of reviewing complex access policies in an organizational context using two studies. In the first study, we used semi-structured interviews to explore the access review... Read more »
Accepting friend requests from strangers in Facebook-like online social networks is known to be a risky behavior. Still, empirical evidence suggests that Facebook users often accept such requests with high... Read more »
The problem of spreading information is a topic of considerable recent interest, but the traditional influence maximization problem is inadequate for a typical viral marketer who cannot access the entire... Read more »
Online social networks (OSNs) have formed virtual social networks where people meet and share information. Among all shared information, health related information (HRI) has received considerable attention from researchers and... Read more »
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. In this paper, we explore how domain specific heuristics are created... Read more »
Smartphones store large amounts of sensitive data, such as SMS messages, photos, or email. In this paper, we report the results of a study investigating users’ concerns about unauthorized data... Read more »
OpenID and OAuth are open and simple web single sign-on (SSO) protocols that have been adopted by major service providers, and millions of supporting websites. However, the average user's... Read more »
Sybil attacks in social and information systems have serious security implications. Out of many defence schemes, Graph-based Sybil Detection (GSD) had the greatest attention by both academia and industry. Even... Read more »
Password meters tell users whether their passwords are "weak" or "strong." We performed a laboratory experiment to examine whether these meters influenced users' password selections when they were forced to... Read more »
We present Speculative Authorization (SPAN), a prediction technique that reduces authorization latency in enterprise systems. SPAN predicts requests that a system client might make in the near future, based on... Read more »