http://konstantin.beznosov.net/professional/news/news.html iWeb 3.0.1 http://konstantin.beznosov.net/professional/news/Entries/2009/11/30_Security_Research_Advances_in_2009.html dcf697c3-bb9d-4b1f-a1e2-e31219bd40c5 Mon, 30 Nov 2009 12:45:11 -0800 <a href="http://konstantin.beznosov.net/professional/news/Entries/2009/11/30_Security_Research_Advances_in_2009_files/droppedImage.jpg"><img src="http://konstantin.beznosov.net/professional/news/Media/object002_1.jpg" style="float:left; padding-right:10px; padding-bottom:10px; width:133px; height:15px;"/></a>I presented a 2009 review of academic research in computer security at <a href="http://www.rebootconference.com/security2009/">Vancouver International Security Conference</a>. This <a href="http://lersse-dl.ece.ubc.ca/record/223">presentation</a> reviewed latest scientific conference reports on the cutting edge research in computer security. It presented and explained 2009 highlights from IEEE Symposium in Security and Privacy, ACM Conference in Computer and Communications Security (CCS), Symposium on Network and Distributed Systems Security (NDSS), and Symposium on Usable Privacy and Security (SOUPS). http://konstantin.beznosov.net/professional/news/Entries/2009/11/12_Secure_Web_2.0_Content_Sharing_Beyond_Walled_Gardens.html 0bb23c06-39da-432c-a5a9-ec0512e89d54 Thu, 12 Nov 2009 06:48:52 -0800 <a href="http://konstantin.beznosov.net/professional/news/Entries/2009/11/12_Secure_Web_2.0_Content_Sharing_Beyond_Walled_Gardens_files/system_architecture.jpg"><img src="http://konstantin.beznosov.net/professional/news/Media/object003_1.jpg" style="float:left; padding-right:10px; padding-bottom:10px; width:129px; height:45px;"/></a>My Ph.D. student <a href="http://www.ece.ubc.ca/~santsais/">San-Tsai Sun</a> will be presenting at <a href="http://www.acsac.org/">ACSAC</a> an architecture, design, and implementation of a proposed system for Web 2.0 content sharing across content service providers (CSPs). With our approach, users use their existing email account to login to CSPs, and content owners use their email-based contact-lists to specify access policies. Users are assumed to be equipped only with a Web browser and CSPs do not need to change their existing access-control mechanisms. In addition, policy statements are URI-addressable, and the same access policies can be reused and enforced across CSPs. <br/><br/><a href="http://lersse-dl.ece.ubc.ca/record/215">Full text of the paper is available.</a><br/>More information can be found on <a href="https://lersse.ece.ubc.ca/tiki-index.php?page=Project_MyShares">the project page</a>. http://konstantin.beznosov.net/professional/news/Entries/2009/11/9_A_Case_Study_of_Enterprise_Identity_Management_System_Adoption_in_an_Insurance_Organization.html f35e755c-0cdb-4a63-8ddf-894febe9123a Mon, 9 Nov 2009 07:08:23 -0800 <a href="http://konstantin.beznosov.net/professional/news/Entries/2009/11/9_A_Case_Study_of_Enterprise_Identity_Management_System_Adoption_in_an_Insurance_Organization_files/droppedImage.png"><img src="http://konstantin.beznosov.net/professional/news/Media/object001_1.png" style="float:left; padding-right:10px; padding-bottom:10px; width:186px; height:96px;"/></a>LERSSE postdoc <a href="http://ece.ubc.ca/~hawkey/">Kirstie Hawkey</a> presented at CHIMIT <a href="http://lersse-dl.ece.ubc.ca/record/220">a case study on the adoption of an enterprise identity management (IdM) system in an insurance organization</a>. The paper describes the state of the organization before deploying the IdM system, and point out the challenges in its IdM practices. It describes the organization's requirements for an IdM system, why a particular solution was chosen, issues in the deployment and configuration of the solution, the expected benefits, and the new challenges that arose from using the solution. Throughout, the case study identifies practical problems that can be the focus of future research and development efforts. Our results confirm and elaborate upon the findings of previous research, contributing to an as-yet immature body of cases about IdM. Furthermore, our findings serve as a validation of our previously identified guidelines for IT security tools in general.. The work has been led by my Ph.D. student <a href="http://www.ece.ubc.ca/~pooya/">Pooya Jaferian</a>.<br/><br/><a href="http://lersse-dl.ece.ubc.ca/record/220">Full text of the paper is available</a>. http://konstantin.beznosov.net/professional/news/Entries/2009/7/16_Understanding_Mental_Models_of_Personal_Firewall_Users.html 22eaec13-c833-4879-a0eb-465b30d60d9b Thu, 16 Jul 2009 18:14:15 -0700 <a href="http://konstantin.beznosov.net/professional/news/Entries/2009/7/16_Understanding_Mental_Models_of_Personal_Firewall_Users_files/prototype_tagged.jpg"><img src="http://konstantin.beznosov.net/professional/news/Media/object000_1.jpg" style="float:left; padding-right:10px; padding-bottom:10px; width:128px; height:96px;"/></a>My Ph.D. student <a href="http://www.ece.ubc.ca/~fahimehr/">Fahimeh Raja</a> presented a <a href="http://cups.cs.cmu.edu/soups/2009/proceedings/a1-raja.pdf">paper</a> at <a href="http://cups.cs.cmu.edu/soups/2009/">SOUPS</a> on her study of mental models user develop when they use Vista personal firewall. <br/><br/><a href="http://cups.cs.cmu.edu/soups/2009/proceedings/a1-raja.pdf">paper</a> abstract: 
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. However, concealing the impact of network context on the security state of the firewall may result in users developing an incorrect mental model of the protection provided by the firewall. We present a study of participants' mental models of Vista Firewall (VF). We investigated changes to those mental models and their understanding of the firewall's settings after working with both the VF basic interface and our prototype. Our prototype was designed to support development of a more contextually complete mental model through inclusion of network location and connection information. We found that participants produced richer mental models after using the prototype than when working with the VF basic interface; they were also significantly more accurate in their understanding of the configuration of the firewall. Based on our results, we discuss methods of improving user understanding of underlying system states by revealing hidden context, while considering the tension between complexity of the interface and security of the system.<br/><br/>More details can be found in the <a href="http://cups.cs.cmu.edu/soups/2009/proceedings/a1-raja.pdf">paper</a>. http://konstantin.beznosov.net/professional/news/Entries/2009/6/26_Diagnostic_Work_During_the_Detection_and_Investigation_of_Security_Incidents.html 10ce2d50-c3fd-4688-9052-6b0fcc298077 Fri, 26 Jun 2009 16:25:58 -0700 <a href="http://konstantin.beznosov.net/professional/news/Entries/2009/6/26_Diagnostic_Work_During_the_Detection_and_Investigation_of_Security_Incidents_files/interactions_adapted.jpg"><img src="http://konstantin.beznosov.net/professional/news/Media/object058_1.jpg" style="float:left; padding-right:10px; padding-bottom:10px; width:128px; height:105px;"/></a>A study by the <a href="https://lersse.ece.ubc.ca/tiki-index.php?page=Project_HOT-Admin">HOT Admin</a> project team has been presented at <a href="http://haisa.org/">HAISA</a>. This study investigates how security practitioners perform diagnostic work during the identification of security incidents. Based on empirical data from 16 interviews with security practitioners, we identify the tasks, skills, strategies and tools that security practitioners use to diagnose security incidents. Our analysis shows that diagnosis is a highly collaborative activity, which may involve practitioners developing their own tools to perform specific tasks. Our results also show that diagnosis during incident response is complicated by practitioners’ need to rely on tacit knowledge, as well as usability issues with security tools. We offer recommendations to improve technology that supports the diagnosis of security incidents.