publications

@inproceedings{mokhberi2024trust,
  title={Trust, Privacy, and Safety Factors Associated with Decision Making in P2P Markets Based on Social Networks: A Case Study of Facebook Marketplace in USA and Canada},
  author={Mokhberi, Azadeh and Huang, Yue and Humbert, Guillaume and Obada-Obieh, Borke and Mehrabi Koushki, Masoud and Beznosov, Konstantin},
  booktitle={Proceedings of the CHI Conference on Human Factors in Computing Systems},
  pages={1--25},
  url = {https://doi.org/10.1145/3613904.3641966},
  year={2024}
}

@inproceedings{huang2022covid,
author = {Huang, Yue and Obada-Obieh, Borke and Redmiles, Elissa M. and Lokam, Satya and Beznosov, Konstantin},
title = {COVID-19 Information-Tracking Solutions: A Qualitative Investigation of the Factors Influencing People’s Adoption Intention},
year = {2022},
isbn = {9781450391863},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url_Official_Copy = {https://doi.org/10.1145/3498366.3505756},
doi = {10.1145/3498366.3505756},
abstract = {Numerous information-tracking solutions have been implemented worldwide to fight the COVID-19 pandemic. While prior work has heavily explored the factors affecting people’s willingness to adopt contact-tracing solutions, which inform people when they have been exposed to someone positive for COVID-19, numerous countries have implemented other information-tracking solutions that use more data and more sensitive data than these commonly studied contact-tracing apps. In this work, we build on existing work focused on contact-tracing apps to explore adoption and design considerations for six representative information-tracking solutions for COVID-19, which differ in their goals and in the types of information they collect. To do so, we conducted semi-structured interviews with 44 participants to investigate the factors that influence their willingness to adopt these solutions. We find four main categories of influences on participants’ willingness to adopt such solutions: individual benefits of the solution, societal benefits of the solution, functionality concern, and digital safety (e.g., security and privacy) concerns. Further, we enumerate the factors that inform participants’ evaluations of these categories. Based on our findings, we make recommendations for the future design of information-tracking solutions and discuss how different factors may balance against benefits in future crisis situations.},
booktitle = {Proceedings of the 2022 Conference on Human Information Interaction and Retrieval},
pages = {12–24},
numpages = {13},
keywords = {information sharing, data practices, Usable privacy and security},
location = {Regensburg, Germany},
series = {CHIIR '22}
}

Numerous information-tracking solutions have been implemented worldwide to fight the COVID-19 pandemic. While prior work has heavily explored the factors affecting people’s willingness to adopt contact-tracing solutions, which inform people when they have been exposed to someone positive for COVID-19, numerous countries have implemented other information-tracking solutions that use more data and more sensitive data than these commonly studied contact-tracing apps. In this work, we build on existing work focused on contact-tracing apps to explore adoption and design considerations for six representative information-tracking solutions for COVID-19, which differ in their goals and in the types of information they collect. To do so, we conducted semi-structured interviews with 44 participants to investigate the factors that influence their willingness to adopt these solutions. We find four main categories of influences on participants’ willingness to adopt such solutions: individual benefits of the solution, societal benefits of the solution, functionality concern, and digital safety (e.g., security and privacy) concerns. Further, we enumerate the factors that inform participants’ evaluations of these categories. Based on our findings, we make recommendations for the future design of information-tracking solutions and discuss how different factors may balance against benefits in future crisis situations.

@inproceedings{obada2022sok,
  title={SoK: the dual nature of technology in sexual abuse},
  author={Obada-Obieh, Borke and Huang, Yue and Spagnolo, Lucrezia and Beznosov, Konstantin},
  booktitle={2022 IEEE Symposium on Security and Privacy (SP)},
  pages={2320--2343},
  year={2022},
  organization={IEEE}
}

@inproceedings{koushki2022neither,
  title={Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User $\{$Access-Control$\}$ Solutions on Smartphones},
  author={Koushki, Masoud Mehrabi and Huang, Yue and Rubin, Julia and Beznosov, Konstantin},
  booktitle={31st USENIX Security Symposium (USENIX Security 22)},
  pages={917--935},
  year={2022}
}

@inproceedings{huang2022users,
  title={Users' Perceptions of Chrome Compromised Credential Notification},
  author={Huang, Yue and Obada-Obieh, Borke and Beznosov, Konstantin},
  booktitle={Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)},
  pages={155--174},
  year={2022}
}

@article{huang2022users,
  title={Users' Expectations, Experiences, and Concerns With COVID Alert, an Exposure-Notification App},
  author={Huang, Yue and Obada-Obieh, Borke and Lokam, Satya and Beznosov, Konstantin},
  journal={Proceedings of the ACM on Human-Computer Interaction},
  volume={6},
  number={CSCW2},
  pages={1--33},
  year={2022},
  publisher={ACM New York, NY, USA}
}

@inproceedings{tahaei2021security,
  title={Security notifications in static analysis tools: Developers’ attitudes, comprehension, and ability to act on them},
  author={Tahaei, Mohammad and Vaniea, Kami and Beznosov, Konstantin and Wolters, Maria K},
  booktitle={Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems},
  pages={1--17},
  year={2021}
}

@inproceedings{abramova2021bits,
  title={Bits under the mattress: Understanding different risk perceptions and security behaviors of crypto-asset users},
  author={Abramova, Svetlana and Voskobojnikov, Artemij and Beznosov, Konstantin and B{\"o}hme, Rainer},
  booktitle={Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems},
  pages={1--19},
  year={2021}
}

@inproceedings{koushki2021smartphone,
  title={On smartphone users’ difficulty with understanding implicit authentication},
  author={Koushki, Masoud Mehrabi and Obada-Obieh, Borke and Huh, Jun Ho and Beznosov, Konstantin},
  booktitle={Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems},
  pages={1--14},
  year={2021}
}

@inproceedings{voskobojnikov2021u,
  title={The u in crypto stands for usable: An empirical study of user experience with mobile cryptocurrency wallets},
  author={Voskobojnikov, Artemij and Wiese, Oliver and Mehrabi Koushki, Masoud and Roth, Volker and Beznosov, Konstantin},
  booktitle={Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems},
  pages={1--14},
  bibbase_note = {<span style="color: red">Honorable Mention</span>, acceptance rate: 26%,},
  year={2021}
}

@inproceedings{voskobojnikov2021non,
  title={Non-Adoption of Crypto-Assets: Exploring the Role of Trust, Self-Efficacy, and Risk.},
  author={Voskobojnikov, Artemij and Abramova, Svetlana and Beznosov, Konstantin and B{\"o}hme, Rainer},
  booktitle={ECIS},
  year={2021}
}

@inproceedings{obada2021challenges,
  title={Challenges and threats of mass telecommuting: a qualitative study of workers},
  author={Obada-Obieh, Borke and Huang, Yue and Beznosov, Konstantin},
  booktitle={Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021)},
  pages={675--694},
  year={2021}
}

@inproceedings{mokhberi2021makes,
  title={What makes security-related code examples different},
  author={Mokhberi, Azadeh and Quon, Tiffany and Beznosov, Konstantin},
  booktitle={SOUPS Workshop on Security Information Workers (WSIW). USENIX Association},
  year={2021}
}

@inproceedings{mokhberi2021sok,
  title={SoK: human, organizational, and technological dimensions of developers’ challenges in engineering secure software},
  author={Mokhberi, Azadeh and Beznosov, Konstantin},
  booktitle={Proceedings of the 2021 European Symposium on Usable Security},
  pages={59--75},
  year={2021}
}

@inproceedings{huang2020amazon,
  title={Amazon vs. my brother: How users of shared smart speakers perceive and cope with privacy risks},
  author={Huang, Yue and Obada-Obieh, Borke and Beznosov, Konstantin},
  booktitle={Proceedings of the 2020 CHI conference on human factors in computing systems},
  pages={402:1—402:13},
  bibbase_note = {<span style="color: red">Honorable Mention</span>, acceptance rate: 24%,},
  url = {http://dx.doi.org/10.1145/3313831.3376529},
  year={2020}
}

@inproceedings{obada2020burden,
  title={The burden of ending online account sharing},
  author={Obada-Obieh, Borke and Huang, Yue and Beznosov, Konstantin},
  booktitle={Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems},
  pages={1--13},
  year={2020}
}

@inproceedings{voskobojnikov2020surviving,
  title={Surviving the Cryptojungle: Perception and Management of Risk Among North American Cryptocurrency (Non) Users},
  author={Voskobojnikov, Artemij and Obada-Obieh, Borke and Huang, Yue and Beznosov, Konstantin},
  booktitle={International Conference on Financial Cryptography and Data Security (FC)},
  editor = "Bonneau, Joseph and Heninger, Nadia",
  pages = {595--614},
  year = {2020},
  organization = {Springer International Publishing},
  abstract = "With the massive growth of cryptocurrency markets in recent years has come an influx of new users and investors, pushing the overall number of owners into the millions. At the same time, the number of distinct cryptocurrencies has exploded to over 4,900. In this burgeoning and chaotic ``cryptojungle,'' new and unexplored incentives and risks drive the behavior of users and non-users of cryptocurrencies. While previous research has focused almost exclusively on Bitcoin, other cryptocurrencies and utility tokens have been ignored. This paper presents findings from an interview study of cryptocurrency users and non-users (N=20). We specifically focus on their perceptions and management of cryptocurrency risks as well as their reasons for or against involvement with cryptocurrencies. Our results suggest that associated risks and mitigation strategies (among other factors) might be specific to a particular crypto-asset and its application area. Further, we identify misunderstandings of both users and non-users that might lead to skewed risk perceptions or dangerous errors. Lastly, we discuss ways of aiding users with managing risks, as well as design implications for coin management tools.",
isbn="978-3-030-51280-4",
url_Offical_Copy = {https://doi.org/10.1007/978-3-030-51280-4_32},
url_Author_Copy = {https://drive.google.com/file/d/1IbXWx0Dv6vo_AE94VWxgvyZNbnUJxmqz},
url_Presentation_Video = {https://youtu.be/P1wWGsusW70},
url_Video_Summary = {https://youtu.be/ILs9Kfnci1s},
url_Presentation_Slides = {https://drive.google.com/file/d/1J4IfIyTV4zavNLFbkHgM4hQVxgPSjGvQ},
DOI = {10.1007/978-3-030-51280-4_32}
}

With the massive growth of cryptocurrency markets in recent years has come an influx of new users and investors, pushing the overall number of owners into the millions. At the same time, the number of distinct cryptocurrencies has exploded to over 4,900. In this burgeoning and chaotic ``cryptojungle,'' new and unexplored incentives and risks drive the behavior of users and non-users of cryptocurrencies. While previous research has focused almost exclusively on Bitcoin, other cryptocurrencies and utility tokens have been ignored. This paper presents findings from an interview study of cryptocurrency users and non-users (N=20). We specifically focus on their perceptions and management of cryptocurrency risks as well as their reasons for or against involvement with cryptocurrencies. Our results suggest that associated risks and mitigation strategies (among other factors) might be specific to a particular crypto-asset and its application area. Further, we identify misunderstandings of both users and non-users that might lead to skewed risk perceptions or dangerous errors. Lastly, we discuss ways of aiding users with managing risks, as well as design implications for coin management tools.

@inproceedings{obada2020towards,
  title={Towards understanding privacy and trust in online reporting of sexual assault},
  author={Obada-Obieh, Borke and Spagnolo, Lucrezia and Beznosov, Konstantin},
  booktitle={Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020)},
  pages={145--164},
  year={2020}
}

@inproceedings{mehrabi2020implicit,
  title={Is implicit authentication on smartphones really popular? On android users’ perception of “smart lock for android”},
  author={Mehrabi Koushki, Masoud and Obada-Obieh, Borke and Huh, Jun Ho and Beznosov, Konstantin},
  booktitle={22nd International Conference on Human-Computer Interaction with Mobile Devices and Services},
  pages={1--17},
  year={2020}
}

@inproceedings{huang2020end,
  title={End Users’ Information-sharing Behaviours and Preferences within a Multi-user Smart Home},
  author={Huang, Yue and Obada-Obieh, Borke and Beznosov, Konstantin},
  booktitle={USENIX Symposium on Usable Privacy and Security (SOUPS)},
  year={2020}
}

@article{cho2020security,
  title={On the security and usability implications of providing multiple authentication choices on smartphones: The more, the better?},
  author={Cho, Geumhwan and Huh, Jun Ho and Kim, Soolin and Cho, Junsung and Park, Heesung and Lee, Yenah and Beznosov, Konstantin and Kim, Hyoungshick},
  journal={ACM Transactions on Privacy and Security (TOPS)},
  volume={23},
  number={4},
  pages={1--32},
  year={2020},
  publisher={ACM New York, NY, USA}
}

@inproceedings{halawa2019forecasting,
  title={Forecasting suspicious account activity at large-scale online service providers},
  author={Halawa, Hassan and Beznosov, Konstantin and Coskun, Baris and Liu, Meizhu and Ripeanu, Matei},
  booktitle={Financial Cryptography and Data Security: 23rd International Conference, FC 2019, Frigate Bay, St. Kitts and Nevis, February 18--22, 2019, Revised Selected Papers 23},
  pages={569--587},
  year={2019},
  organization={Springer International Publishing}
}

@inproceedings{marques2019vulnerability,
  title={Vulnerability \& blame: Making sense of unauthorized access to smartphones},
  author={Marques, Diogo and Guerreiro, Tiago and Carri{\c{c}}o, Luis and Beschastnikh, Ivan and Beznosov, Konstantin},
  booktitle={Proceedings of the 2019 chi conference on human factors in computing systems},
  pages={1--13},
  year={2019}
}

@inproceedings{qiu2019towards,
  title={Towards understanding the link between age and smartphone authentication},
  author={Qiu, Lina and De Luca, Alexander and Muslukhov, Ildar and Beznosov, Konstantin},
  booktitle={Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems},
  pages={1--10},
  year={2019}
}

@inproceedings{marques2019vulnerability,
  title={Vulnerability \& Blame},
  author={Marques, Diogo and Guerreiro, Tiago and Carri{\c{c}}o, Luis and Beschastnikh, Ivan and Beznosov, Konstantin},
  booktitle={Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems},
  year={2019},
  organization={ACM}
}

@inproceedings{wijesekera2018contextualizing,
  title={Contextualizing privacy decisions for better prediction (and protection)},
  author={Wijesekera, Primal and Reardon, Joel and Reyes, Irwin and Tsai, Lynn and Chen, Jung-Wei and Good, Nathan and Wagner, David and Beznosov, Konstantin and Egelman, Serge},
  booktitle={Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems},
  pages={1--13},
  year={2018}
}

@article{wijesekera2018dynamically,
  title={Dynamically regulating mobile application permissions},
  author={Wijesekera, Primal and Baokar, Arjun and Tsai, Lynn and Reardon, Joel and Egelman, Serge and Wagner, David and Beznosov, Konstantin},
  journal={IEEE Security \& Privacy},
  volume={16},
  number={1},
  pages={64--71},
  year={2018},
  publisher={IEEE}
}

@article{muslukhov2018source,
  title={Source Attribution of Cryptographic API Misuse in Android Applications},
  author={Muslukhov, Ildar and Boshmaf, Yazan and Beznosov, Konstantin},
  year={2018}
}

@article{halawa2018forecasting,
  title={Forecasting Suspicious Account Activity at Large-Scale Online Service Providers},
  author={Halawa, Hassan and Ripeanu, Matei and Beznosov, Konstantin and Coskun, Baris and Liu, Meizhu},
  journal={arXiv preprint arXiv:1801.08629},
  year={2018}
}

@inproceedings{wijesekera2017feasibility,
  title={The feasibility of dynamically granted permissions: Aligning mobile privacy with user preferences},
  author={Wijesekera, Primal and Baokar, Arjun and Tsai, Lynn and Reardon, Joel and Egelman, Serge and Wagner, David and Beznosov, Konstantin},
  booktitle={2017 IEEE Symposium on Security and Privacy (SP)},
  pages={1077--1093},
  year={2017},
  organization={IEEE}
}

@inproceedings{usmani2017characterizing,
  title={Characterizing social insider attacks on Facebook},
  author={Usmani, Wali Ahmed and Marques, Diogo and Beschastnikh, Ivan and Beznosov, Konstantin and Guerreiro, Tiago and Carri{\c{c}}o, Lu{\'\i}s},
  booktitle={Proceedings of the 2017 CHI conference on human factors in computing systems},
  pages={3810--3820},
  year={2017}
}

@inproceedings{huh2017don,
  title={I Don’t Use Apple Pay because it’s less secure...: perception of security and usability in mobile tap-and-pay},
  author={Huh, Jun Ho and Verma, Saurabh and Rayala, Swathi Sri V and Bobba, Rakesh B and Beznosov, Konstantin and Kim, Hyoungshick},
  booktitle={Workshop on Usable Security, San Diego, CA},
  year={2017}
}

@inproceedings{huh2017m,
  title={I'm too busy to reset my LinkedIn password: On the effectiveness of password reset emails},
  author={Huh, Jun Ho and Kim, Hyoungshick and Rayala, Swathi SVP and Bobba, Rakesh B and Beznosov, Konstantin},
  booktitle={Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems},
  pages={387--391},
  year={2017}
}

@inproceedings{halawa2017early,
  title={An early warning system for suspicious accounts},
  author={Halawa, Hassan and Ripeanu, Matei and Beznosov, Konstantin and Coskun, Baris and Liu, Meizhu},
  booktitle={Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security},
  pages={51--52},
  year={2017}
}

@article{arachchilage2016phishing,
  title={Phishing threat avoidance behaviour: An empirical investigation},
  author={Arachchilage, Nalin Asanka Gamagedara and Love, Steve and Beznosov, Konstantin},
  journal={Computers in Human Behavior},
  volume={60},
  pages={185--197},
  year={2016},
  publisher={Pergamon}
}

@article{boshmaf2016integro,
  title={{\'I}ntegro: Leveraging victim prediction for robust fake account detection in large scale OSNs},
  author={Boshmaf, Yazan and Logothetis, Dionysios and Siganos, Georgos and Ler{\'\i}a, Jorge and Lorenzo, Jose and Ripeanu, Matei and Beznosov, Konstantin and Halawa, Hassan},
  journal={Computers \& Security},
  volume={61},
  pages={142--168},
  year={2016},
  publisher={Elsevier Advanced Technology}
}

@inproceedings{marques2016snooping,
  title={Snooping on mobile phones: Prevalence and trends},
  author={Marques, Diogo and Muslukhov, Ildar and Guerreiro, Tiago and Carri{\c{c}}o, Lu{\'\i}s and Beznosov, Konstantin},
  booktitle={Twelfth Symposium on Usable Privacy and Security (SOUPS 2016)},
  pages={159--174},
  bibbase_note = {<span style="color: red">Distinguished Paper Award</span>, acceptance rate: 25%,},
  year={2016}
}

@inproceedings{torabi2016sharing,
  title={Sharing health information on Facebook: Practices, preferences, and risk perceptions of North American users},
  author={Torabi, Sadegh and Beznosov, Konstantin},
  booktitle={Twelfth Symposium on Usable Privacy and Security (SOUPS 2016)},
  pages={301--320},
  year={2016}
}

@inproceedings{halawa2016harvesting,
  title={Harvesting the low-hanging fruits: defending against automated large-scale cyber-intrusions by focusing on the vulnerable population},
  author={Halawa, Hassan and Beznosov, Konstantin and Boshmaf, Yazan and Coskun, Baris and Ripeanu, Matei and Santos-Neto, Elizeu},
  booktitle={Proceedings of the 2016 new security paradigms workshop},
  pages={11--22},
  year={2016}
}

@inproceedings{qiu2016advancing,
  title={Advancing the understanding of android unlocking and usage},
  author={Qiu, Lina and Muslukhov, Ildar and Beznosov, Konstantin},
  booktitle={Twelfth Symposium on Usable Privacy and Security (SOUPS 2016)},
  year={2016}
}

@article{muslukhov2016decoupling,
  title={Decoupling data-at-rest encryption and smartphone locking with wearable devices},
  author={Muslukhov, Ildar and Sun, San-Tsai and Wijesekera, Primal and Boshmaf, Yazan and Beznosov, Konstantin},
  journal={Pervasive and Mobile Computing},
  volume={32},
  pages={26--34},
  year={2016},
  publisher={Elsevier}
}

@article{mahfouz2016android,
  title={Android users in the wild: Their authentication and usage behavior},
  author={Mahfouz, Ahmed and Muslukhov, Ildar and Beznosov, Konstantin},
  journal={Pervasive and Mobile Computing},
  volume={32},
  pages={50--61},
  year={2016},
  publisher={Elsevier}
}

@article{halawa2016estimating,
  title={Estimating Vulnerability Scores To Augment Enterprise Security Systems},
  author={Halawa, Hassan and Ripeanu, Matei and Beznosov, Konstantin and Loffler, Alex},
  year={2016}
}

@inproceedings{huh2015memorability,
  title={On the Memorability of System-generated PINs: Can Chunking Help?},
  author={Huh, Jun Ho and Kim, Hyoungshick and Bobba, Rakesh B and Bashir, Masooda N and Beznosov, Konstantin},
  booktitle={eleventh symposium on usable privacy and security (SOUPS 2015)},
  pages={197--209},
  year={2015}
}

@inproceedings{boshmaf2015integro,
  title={Integro: Leveraging victim prediction for robust fake account detection in OSNs.},
  author={Boshmaf, Yazan and Logothetis, Dionysios and Siganos, Georgos and Ler{\'\i}a, Jorge and Lorenzo, Jose and Ripeanu, Matei and Beznosov, Konstantin},
  booktitle={NDSS},
  volume={15},
  pages={8--11},
  year={2015}
}

@article{kim2015study,
  title={A study on the influential neighbors to maximize information diffusion in online social networks},
  author={Kim, Hyoungshick and Beznosov, Konstantin and Yoneki, Eiko},
  journal={Computational Social Networks},
  volume={2},
  pages={1--15},
  year={2015},
  publisher={Springer International Publishing}
}

@inproceedings{wijesekera2015android,
  title={Android permissions remystified: A field study on contextual integrity},
  author={Wijesekera, Primal and Baokar, Arjun and Hosseini, Ashkan and Egelman, Serge and Wagner, David and Beznosov, Konstantin},
  booktitle={24th USENIX Security Symposium (USENIX Security 15)},
  pages={499--514},
  year={2015}
}

@inproceedings{cherapau2015impact,
  title={On the Impact of Touch ID on iPhone Passcodes},
  author={Cherapau, Ivan and Muslukhov, Ildar and Asanka, Nalin and Beznosov, Konstantin},
  booktitle={Eleventh Symposium On Usable Privacy and Security (SOUPS 2015)},
  pages={257--276},
  year={2015}
}

@inproceedings{boshmaf2015thwarting,
  title={Thwarting fake OSN accounts by predicting their victims},
  author={Boshmaf, Yazan and Ripeanu, Matei and Beznosov, Konstantin and Santos-Neto, Elizeu},
  booktitle={Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security},
  pages={81--89},
  year={2015}
}

@inproceedings{huh2015surpass,
  title={Surpass: System-initiated user-replaceable passwords},
  author={Huh, Jun Ho and Oh, Seongyeol and Kim, Hyoungshick and Beznosov, Konstantin and Mohan, Apurva and Rajagopalan, S Raj},
  booktitle={Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security},
  pages={170--181},
  year={2015}
}

@inproceedings{sun2015android,
  title={Android rooting: Methods, detection, and evasion},
  author={Sun, San-Tsai and Cuadros, Andrea and Beznosov, Konstantin},
  booktitle={Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices},
  pages={3--14},
  year={2015}
}

@inproceedings{jaferian2014poster,
  title={Poster: Helping users review and make sense of access policies in organizations},
  author={Jaferian, Pooya and Beznosov, Konstantin},
  booktitle={SOUPS},
  volume={14},
  pages={301--320},
  year={2014}
}

@inproceedings{kim2014finding,
  title={Finding influential neighbors to maximize information diffusion in twitter},
  author={Kim, Hyoungshick and Beznosov, Konstantin and Yoneki, Eiko},
  booktitle={Proceedings of the 23rd International Conference on World Wide Web},
  pages={701--706},
  year={2014}
}

@incollection{jaferian2014helping,
  title={Helping users review and make sense of access policies in organizations},
  author={Jaferian, Pooya and Rashtian, Hootan and Beznosov, Konstantin},
  booktitle={CHI'14 Extended Abstracts on Human Factors in Computing Systems},
  pages={2017--2022},
  year={2014}
}

@inproceedings{rashtian2014befriend,
  title={To befriend or not? A model of friend request acceptance on Facebook},
  author={Rashtian, Hootan and Boshmaf, Yazan and Jaferian, Pooya and Beznosov, Konstantin},
  booktitle={10th Symposium On Usable Privacy and Security (SOUPS 2014)},
  pages={285--300},
  year={2014}
}

@inproceedings{jaferian2014authorize,
  title={To authorize or not authorize: helping users review access policies in organizations},
  author={Jaferian, Pooya and Rashtian, Hootan and Beznosov, Konstantin},
  booktitle={10th Symposium On Usable Privacy and Security (SOUPS 2014)},
  pages={301--320},
  year={2014}
}

@inproceedings{arachchilage2014game,
  title={A game storyboard design for avoiding phishing attacks},
  author={Arachchilage, Nalin AG and Flechais, Ivan and Beznosov, Konstantin},
  booktitle={Proceedings of the 11th Symposium On Usable Privacy and Security (SOUPS)},
  year={2014}
}

@article{wijesekera2014cued,
  title={Cued Mnemonics for Better Security and Memorability},
  author={Wijesekera, Primal and Cherapau, Ivan and Samarakoon, Ayumi and Beznosov, Konstantin},
  journal={Who are you},
  pages={1--3},
  year={2014}
}

@inproceedings{beznosov2014towards,
  title={Towards Understanding and Improving IT Security Management},
  author={Beznosov, Kosta},
  booktitle={Symposium on Usable Privacy and Security (SOUPS)},
  pages={301--320},
  year={2014}
}

@incollection{darwish2013analysis,
  title={Analysis of ANSI RBAC support in EJB},
  author={Darwish, Wesam and Beznosov, Konstantin},
  booktitle={Developing and Evaluating Security-Aware Software Systems},
  pages={177--204},
  year={2013},
  publisher={IGI Global}
}

@article{boshmaf2013design,
  title={Design and analysis of a social botnet},
  author={Boshmaf, Yazan and Muslukhov, Ildar and Beznosov, Konstantin and Ripeanu, Matei},
  journal={Computer Networks},
  volume={57},
  number={2},
  pages={556--578},
  year={2013},
  publisher={Elsevier}
}

@inproceedings{egelman2013does,
  title={Does my password go up to eleven? The impact of password meters on password selection},
  author={Egelman, Serge and Sotirakopoulos, Andreas and Muslukhov, Ildar and Beznosov, Konstantin and Herley, Cormac},
  booktitle={Proceedings of the SIGCHI Conference on Human Factors in Computing Systems},
  pages={2379--2388},
  year={2013}
}

@inproceedings{boshmaf2013graph,
  title={Graph-based sybil detection in social and information systems},
  author={Boshmaf, Yazan and Beznosov, Konstantin and Ripeanu, Matei},
  booktitle={Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining},
  pages={466--473},
  bibbase_note = {<span style="color: red">Best Paper Award</span>, acceptance rate: 13%,},
  year={2013}
}

@inproceedings{muslukhov2013know,
  title={Know your enemy: the risk of unauthorized access in smartphones by insiders},
  author={Muslukhov, Ildar and Boshmaf, Yazan and Kuo, Cynthia and Lester, Jonathan and Beznosov, Konstantin},
  booktitle={Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services},
  pages={271--280},
  year={2013}
}

@inproceedings{torabi2013privacy,
  title={Privacy aspects of health related information sharing in online social networks},
  author={Torabi, Sadegh and Beznosov, Konstantin},
  booktitle={2013 USENIX Workshop on Health Information Technologies (HealthTech 13)},
  year={2013}
}

@article{sun2013investigating,
  title={Investigating users’ perspectives of web single sign-on: Conceptual gaps and acceptance model},
  author={Sun, San-Tsai and Pospisil, Eric and Muslukhov, Ildar and Dindar, Nuray and Hawkey, Kirstie and Beznosov, Konstantin},
  journal={ACM Transactions on Internet Technology (TOIT)},
  volume={13},
  number={1},
  pages={1--35},
  year={2013},
  publisher={ACM New York, NY, USA}
}

@article{nicanfar2013efficient,
  title={Efficient authentication and key management mechanisms for smart grid communications},
  author={Nicanfar, Hasen and Jokar, Paria and Beznosov, Konstantin and Leung, Victor CM},
  journal={IEEE systems journal},
  volume={8},
  number={2},
  pages={629--640},
  year={2013},
  publisher={IEEE}
}

@incollection{sun2012retrofitting,
  title={Retrofitting existing web applications with effective dynamic protection against sql injection attacks},
  author={Sun, San-Tsai and Beznosov, Konstantin},
  booktitle={Security-Aware Systems Applications and Software Development Methods},
  pages={169--189},
  year={2012},
  publisher={IGI Global}
}

@article{kini2012speculative,
  title={Speculative authorization},
  author={Kini, Pranab and Beznosov, Konstantin},
  journal={IEEE Transactions on Parallel and Distributed Systems},
  volume={24},
  number={4},
  pages={814--824},
  year={2012},
  publisher={IEEE}
}

@inproceedings{muslukhov2012understanding,
  title={Understanding users' requirements for data protection in smartphones},
  author={Muslukhov, Ildar and Boshmaf, Yazan and Kuo, Cynthia and Lester, Jonathan and Beznosov, Konstantin},
  booktitle={2012 IEEE 28th international conference on data engineering workshops},
  pages={228--235},
  year={2012},
  organization={IEEE}
}

@article{sun2012systematically,
  title={Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures},
  author={Sun, San-Tsai and Hawkey, Kirstie and Beznosov, Konstantin},
  journal={Computers \& Security},
  volume={31},
  number={4},
  pages={465--483},
  year={2012},
  publisher={Elsevier Advanced Technology}
}

@inproceedings{boshmaf2012key,
  title={Key challenges in defending against malicious socialbots},
  author={Boshmaf, Yazan and Muslukhov, Ildar and Beznosov, Konstantin and Ripeanu, Matei},
  booktitle={5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 12)},
  year={2012}
}

@inproceedings{sun2012devil,
  title={The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems},
  author={Sun, San-Tsai and Beznosov, Konstantin},
  booktitle={Proceedings of the 2012 ACM conference on Computer and communications security},
  pages={378--390},
  year={2012}
}

@inproceedings{boshmaf2012augur,
  title={Augur: Aiding malware detection using large-scale machine learning},
  author={Boshmaf, Yazan and Ripeanu, Matei and Beznosov, Konstantin and Zeeuwen, Kyle and Cornell, David and Samosseiko, Dmitry},
  booktitle={Proceedings of the 21st Usenix Security Symposium (Poster session)(August 2012)},
  year={2012}
}

@article{chiasson2012symposium,
  title={Symposium On Usable Privacy and Security SOUPS 2012},
  author={Chiasson, Sonia and Hawkey, Kirstie and Beznosov, Konstantin and Acquisti, Alessandro and Bauer, Lujo and Biddle, Robert and Camp, L Jean and Coventry, Lynne and De Luca, Alexander and Garfinkel, Simson L and others},
  year={2012}
}

@article{botta2011toward,
  title={Toward understanding distributed cognition in IT security management: the role of cues and norms},
  author={Botta, David and Muldner, Kasia and Hawkey, Kirstie and Beznosov, Konstantin},
  journal={Cognition, Technology \& Work},
  volume={13},
  pages={121--134},
  year={2011},
  publisher={Springer-Verlag}
}

@inproceedings{jaferian2011heuristics,
  title={Heuristics for evaluating IT security management tools},
  author={Jaferian, Pooya and Hawkey, Kirstie and Sotirakopoulos, Andreas and Velez-Rojas, Maria and Beznosov, Konstantin},
  booktitle={Proceedings of the Seventh Symposium on Usable Privacy and Security},
  pages={1--20},
  bibbase_note = {<span style="color: red">Best Paper Award</span>, acceptance rate: 33%,},
  year={2011}
}

@incollection{raja2011promoting,
  title={Promoting a physical security mental model for personal firewall warnings},
  author={Raja, Fahimeh and Hawkey, Kirstie and Hsu, Steven and Wang, Kai-Le and Beznosov, Konstantin},
  booktitle={CHI'11 Extended Abstracts on Human Factors in Computing Systems},
  pages={1585--1590},
  year={2011}
}

@inproceedings{boshmaf2011socialbot,
  title={The socialbot network: when bots socialize for fame and money},
  author={Boshmaf, Yazan and Muslukhov, Ildar and Beznosov, Konstantin and Ripeanu, Matei},
  booktitle={Proceedings of the 27th annual computer security applications conference (ACSAC)},
  pages={93--102},
  bibbase_note = {<span style="color: red">Best Paper Award</span>, acceptance rate: 25%,},
  doi = {10.1145/2076732.2076746},
  year={2011}
}

@inproceedings{sotirakopoulos2011challenges,
  title={On the challenges in usable security lab studies: Lessons learned from replicating a study on SSL warnings},
  author={Sotirakopoulos, Andreas and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={Proceedings of the Seventh Symposium on Usable Privacy and Security},
  pages={1--18},
  year={2011}
}

@article{komili2011stragegies,
  title={Stragegies for Monitoring Fake AV Distribution Networks},
  author={Komili, Onur and Zeeuwen, Kyle and Ripeanu, Matei and Beznosov, Konstantin},
  journal={Virus Bulletin},
  year={2011}
}

@incollection{sun2011openid,
  title={OpenID-enabled browser: towards usable and secure web single sign-on},
  author={Sun, San-Tsai and Pospisil, Eric and Muslukhov, Ildar and Dindar, Nuray and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={CHI'11 Extended Abstracts on Human Factors in Computing Systems},
  pages={1291--1296},
  year={2011}
}

@inproceedings{raja2011brick,
  title={A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings},
  author={Raja, Fahimeh and Hawkey, Kirstie and Hsu, Steven and Wang, Kai-Le Clement and Beznosov, Konstantin},
  booktitle={Proceedings of the seventh symposium on usable privacy and security},
  pages={1--20},
  year={2011}
}

@article{wei2011authorization,
  title={Authorization recycling in hierarchical RBAC systems},
  author={Wei, Qiang and Crampton, Jason and Beznosov, Konstantin and Ripeanu, Matei},
  journal={ACM Transactions on Information and System Security (TISSEC)},
  volume={14},
  number={1},
  pages={1--29},
  year={2011},
  publisher={ACM New York, NY, USA}
}

@inproceedings{sun2011makes,
  title={What makes users refuse web single sign-on? An empirical investigation of OpenID},
  author={Sun, San-Tsai and Pospisil, Eric and Muslukhov, Ildar and Dindar, Nuray and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={Proceedings of the seventh symposium on usable privacy and security},
  pages={1--20},
  year={2011}
}

@article{sotirakopoulos2011poster,
  title={Poster: Motivating users to choose better passwords through peer pressure},
  author={Sotirakopoulos, Andreas and Muslukov, Ildar and Beznosov, Konstantin and Herley, Cormac and Egelman, Serge},
  journal={Proc. SOUPS 2011},
  year={2011}
}

@inproceedings{Zeeuwen2011,
author = {Zeeuwen, Kyle and Ripeanu, Matei and Beznosov, Konstantin},
title = {Improving malicious URL re-evaluation scheduling through an empirical study of malware download centers},
year = {2011},
isbn = {9781450307062},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/1964114.1964123},
doi = {10.1145/1964114.1964123},
abstract = {The retrieval and analysis of malicious content is an essential task for security researchers. At the same time, the distributors of malicious files deploy countermeasures to evade the scrutiny of security researchers. This paper investigates two techniques used by malware download centers: frequently updating the malicious payload, and blacklisting (i.e., refusing HTTP requests from researchers based on their IP). To this end, we sent HTTP requests to malware download centers over a period of four months. The requests are distributed across two pools of IPs, one exhibiting high volume research behaviour and another exhibiting semi-random, low volume behaviour. We identify several distinct update patterns, including sites that do not update the binary at all, sites that update the binary for each new client but then repeatedly serve a specific binary to the same client, sites that periodically update the binary with periods ranging from one hour to 84 days, and server-side polymorphic sites, that deliver new binaries for each HTTP request. From this classification we identify several guidelines for crawlers that re-query malware download centers looking for binary updates. We propose a scheduling algorithm that incorporates these guidelines, and perform a limited evaluation of the algorithm using the data we collected. We analyze our data for evidence of blacklisting and find strong evidence that a small minority of URLs blacklisted our high volume IPs, but for the majority of malicious URLs studied, there was no observable blacklisting response, despite issuing over over 1.5 million requests to 5001 different malware download centers.},
booktitle = {Proceedings of the 2011 Joint WICOW/AIRWeb Workshop on Web Quality},
pages = {42–49},
numpages = {8},
keywords = {server side polymorphism, sample collection, malware download centers, low interaction honeyclient, IP blacklisting},
location = {Hyderabad, India},
series = {WebQuality '11}
}

The retrieval and analysis of malicious content is an essential task for security researchers. At the same time, the distributors of malicious files deploy countermeasures to evade the scrutiny of security researchers. This paper investigates two techniques used by malware download centers: frequently updating the malicious payload, and blacklisting (i.e., refusing HTTP requests from researchers based on their IP). To this end, we sent HTTP requests to malware download centers over a period of four months. The requests are distributed across two pools of IPs, one exhibiting high volume research behaviour and another exhibiting semi-random, low volume behaviour. We identify several distinct update patterns, including sites that do not update the binary at all, sites that update the binary for each new client but then repeatedly serve a specific binary to the same client, sites that periodically update the binary with periods ranging from one hour to 84 days, and server-side polymorphic sites, that deliver new binaries for each HTTP request. From this classification we identify several guidelines for crawlers that re-query malware download centers looking for binary updates. We propose a scheduling algorithm that incorporates these guidelines, and perform a limited evaluation of the algorithm using the data we collected. We analyze our data for evidence of blacklisting and find strong evidence that a small minority of URLs blacklisted our high volume IPs, but for the majority of malicious URLs studied, there was no observable blacklisting response, despite issuing over over 1.5 million requests to 5001 different malware download centers.

@inproceedings{raja2011brick,
  title={A brick wall, a locked door, and a bandit},
  author={Raja, Fahimeh and Hawkey, Kirstie and Hsu, Steven and Wang, Kai-Le Clement and Beznosov, Konstantin},
  booktitle={Proceedings of the Seventh Symposium on Usable Privacy and Security},
  year={2011},
  organization={ACM}
}

@inproceedings{motiee2010windows,
  title={Do Windows users follow the principle of least privilege? Investigating user account control practices},
  author={Motiee, Sara and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={Proceedings of the Sixth Symposium on Usable Privacy and Security},
  pages={1--13},
  year={2010}
}

@inproceedings{sotirakopoulos2010did,
  title={I did it because I trusted you”: Challenges with the study environment biasing participant behaviours},
  author={Sotirakopoulos, Andreas and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={SOUPS Usable Security Experiment Reports (USER) Workshop},
  year={2010}
}

@article{werlinger2010preparation,
  title={Preparation, detection, and analysis: the diagnostic work of IT security incident response},
  author={Werlinger, Rodrigo and Muldner, Kasia and Hawkey, Kirstie and Beznosov, Konstantin},
  journal={Information Management \& Computer Security},
  year={2010},
  publisher={Emerald Group Publishing Limited}
}

@inproceedings{sun2010openidemail,
  title={OpenIDemail enabled browser: towards fixing the broken web single sign-on triangle},
  author={Sun, San-Tsai and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={Proceedings of the 6th ACM workshop on Digital identity management},
  pages={49--58},
  year={2010}
}

@inproceedings{sun2010billion,
  title={A billion keys, but few locks: the crisis of web single sign-on},
  author={Sun, San-Tsai and Boshmaf, Yazan and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={Proceedings of the 2010 new security paradigms workshop},
  pages={61--72},
  year={2010}
}

@inproceedings{xiong2010efficient,
  title={Efficient and spontaneous privacy-preserving protocol for secure vehicular communication},
  author={Xiong, Hu and Beznosov, Konstantin and Qin, Zhiguang and Ripeanu, Matei},
  booktitle={2010 IEEE International Conference on Communications},
  pages={1--6},
  year={2010},
  organization={IEEE}
}

@inproceedings{raja2010s,
  title={It's too complicated, so i turned it off! expectations, perceptions, and misconceptions of personal firewalls},
  author={Raja, Fahimeh and Hawkey, Kirstie and Jaferian, Pooya and Beznosov, Konstantin and Booth, Kellogg S},
  booktitle={Proceedings of the 3rd ACM workshop on Assurable and usable security configuration},
  pages={53--62},
  year={2010}
}

@incollection{raja2010investigating,
  title={Investigating an appropriate design for personal firewalls},
  author={Raja, Fahimeh and Hawkey, Kirstie and Beznosov, Konstantin and Booth, Kellogg S},
  booktitle={CHI'10 Extended Abstracts on Human Factors in Computing Systems},
  pages={4123--4128},
  year={2010}
}

@inproceedings{sotirakopoulos2010poster,
  title={Poster: Validating and extending a study on the effectiveness of ssl warnings},
  author={Sotirakopoulos, Andreas and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={Poster at Symposium on Usable Privacy and Security},
  year={2010}
}

@incollection{motiee2010investigating,
  title={Investigating user account control practices},
  author={Motiee, Sara and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={CHI'10 Extended Abstracts on Human Factors in Computing Systems},
  pages={4129--4134},
  year={2010}
}

@article{darwish2010analysis,
  title={Analysis of ANSI RBAC support in COM+},
  author={Darwish, Wesam and Beznosov, Konstantin},
  journal={Computer Standards \& Interfaces},
  volume={32},
  number={4},
  pages={197--214},
  year={2010},
  publisher={North-Holland}
}

@inproceedings{motiee2010challenges,
  title={The challenges of understanding users’ security-related knowledge, behaviour, and motivations},
  author={Motiee, Sara and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={Symposium on Usable Privacy and Security (SOUPS)},
  year={2010}
}

@inproceedings{jaferian2010challenges,
  title={Challenges in evaluating complex IT security management systems},
  author={Jaferian, Pooya and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={Symposium on Usable Privacy and Security (SOUPS)},
  year={2010}
}

@article{rahman2009identification,
  title={Identification of sources of failures and their propagation in critical infrastructures from 12 years of public failure reports},
  author={Rahman, Hafiz Abdur and Beznosov, Konstantin and Mart{\'\i}, Jos{\'e} R},
  journal={International Journal of Critical Infrastructures},
  volume={5},
  number={3},
  pages={220--244},
  year={2009},
  publisher={Inderscience Publishers}
}

@article{werlinger2009integrated,
  title={An integrated view of human, organizational, and technological challenges of IT security management},
  author={Werlinger, Rodrigo and Hawkey, Kirstie and Beznosov, Konstantin},
  journal={Information Management \& Computer Security},
  year={2009},
  publisher={Emerald Group Publishing Limited}
}

@inproceedings{raja2009revealing,
  title={Revealing hidden context: improving mental models of personal firewall users},
  author={Raja, Fahimeh and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={Proceedings of the 5th Symposium on Usable Privacy and Security},
  pages={1--12},
  year={2009}
}

@inproceedings{sun2009secure,
  title={Secure web 2.0 content sharing beyond walled gardens},
  author={Sun, San-Tsai and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={2009 Annual Computer Security Applications Conference},
  pages={409--418},
  year={2009},
  organization={IEEE}
}

@article{werlinger2009security,
  title={Security practitioners in context: Their activities and interactions with other stakeholders within organizations},
  author={Werlinger, Rodrigo and Hawkey, Kirstie and Botta, David and Beznosov, Konstantin},
  journal={International Journal of Human-Computer Studies},
  volume={67},
  number={7},
  pages={584--606},
  year={2009},
  publisher={Academic Press}
}

@incollection{raja2009towards,
  title={Towards improving mental models of personal firewall users},
  author={Raja, Fahimeh and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={CHI'09 Extended Abstracts on Human Factors in Computing Systems},
  pages={4633--4638},
  year={2009}
}

@inproceedings{beznosov2009usability,
  title={Usability meets access control: challenges and research opportunities},
  author={Beznosov, Konstantin and Inglesant, Philip and Lobo, Jorge and Reeder, Rob and Zurko, Mary Ellen},
  booktitle={Proceedings of the 14th ACM symposium on Access control models and technologies},
  pages={73--74},
  year={2009}
}

@inproceedings{jaferian2009case,
  title={A case study of enterprise identity management system adoption in an insurance organization},
  author={Jaferian, Pooya and Botta, David and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={Proceedings of the Symposium on Computer Human interaction for the Management of information Technology},
  pages={46--55},
  year={2009}
}

@inproceedings{sun2009open,
  title={Open problems in web 2.0 user content sharing},
  author={Sun, San-Tsai and Beznosov, Konstantin},
  booktitle={iNetSec 2009--Open Research Problems in Network Security: IFIP WG 11.4 International Workshop, Zurich, Switzerland, April 23-24, 2009, Revised Selected Papers},
  pages={37--51},
  year={2009},
  organization={Springer Berlin Heidelberg}
}

@inproceedings{zheng2009application,
  title={Application-based TCP hijacking},
  author={Zheng, Oliver and Poon, Jason and Beznosov, Konstantin},
  booktitle={Proceedings of the Second European Workshop on System Security},
  pages={9--15},
  year={2009}
}

@inproceedings{sun2009towards,
  title={Towards Enabling Web 2.0 Content Sharing beyond Walled Gardens},
  author={Sun, San-Tsai and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={2009 International Conference on Computational Science and Engineering},
  volume={4},
  pages={979--984},
  year={2009},
  organization={IEEE}
}

@inproceedings{jaferian2009multi,
  title={A multi-method approach for user-centered design of identity management systems.},
  author={Jaferian, Pooya and Botta, David and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={SOUPS},
  year={2009}
}

@inproceedings{werlinger2009towards,
  title={Towards Understanding Diagnostic Work During the Detection and Investigation of Security Incidents.},
  author={Werlinger, Rodrigo and Muldner, Kasia and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={HAISA},
  pages={119--134},
  year={2009}
}

@techreport{sun2009sqlprevent,
  title={SQLPrevent: Effective dynamic detection and prevention of SQL injection},
  author={Sun, San-Tsai and Beznosov, Konstantin},
  year={2009},
  institution={Technical report, March}
}

@techreport{werlinger2009auxiliary,
  title={Auxiliary material for the study of security practitioners in context: their activities and interactions with other stakeholders within organizations},
  author={Werlinger, Rodrigo and Hawkey, Kirstie and Beznosov, Konstantin},
  year={2009},
  institution={Technical Report LERSSE-TR-2009-01, Laboratory for Education and Research in~…}
}

@misc{sun2009poster,
  title={Poster: Towards Secure Web 2.0 User Content Sharing Beyond Walled Gardens},
  author={Sun, San-Tsai and Beznosov, Konstantin},
  year={2009}
}

@inproceedings{wei2008authorization,
  title={Authorization recycling in RBAC systems},
  author={Wei, Qiang and Crampton, Jason and Beznosov, Konstantin and Ripeanu, Matei},
  booktitle={Proceedings of the 13th ACM symposium on Access control models and technologies},
  pages={63--72},
  year={2008}
}

@inproceedings{werlinger2008challenges,
  title={The challenges of using an intrusion detection system: is it worth the effort?},
  author={Werlinger, Rodrigo and Hawkey, Kirstie and Muldner, Kasia and Jaferian, Pooya and Beznosov, Konstantin},
  booktitle={Proceedings of the 4th symposium on Usable privacy and security},
  pages={107--118},
  year={2008}
}

@inproceedings{jaferian2008guidelines,
  title={Guidelines for designing it security management tools},
  author={Jaferian, Pooya and Botta, David and Raja, Fahimeh and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={Proceedings of the 2nd ACM Symposium on Computer Human interaction For Management of information Technology},
  pages={1--10},
  year={2008}
}

@incollection{hawkey2008human,
  title={Human, organizational, and technological factors of IT security},
  author={Hawkey, Kirstie and Botta, David and Werlinger, Rodrigo and Muldner, Kasia and Gagne, Andre and Beznosov, Konstantin},
  booktitle={CHI'08 extended abstracts on Human factors in computing systems},
  pages={3639--3644},
  year={2008}
}

@article{hawkey2008searching,
  title={Searching for the right fit: balancing IT security management model trade-offs},
  author={Hawkey, Kirstie and Muldner, Kasia and Beznosov, Konstantin},
  journal={IEEE Internet Computing},
  volume={12},
  number={3},
  pages={22--30},
  year={2008},
  publisher={IEEE}
}

@article{gagne2008identifying,
  title={Identifying Differences between Security and other IT Professionals: a Qualitative Analysis.},
  author={Gagn{\'e}, Andr{\'e} and Muldner, Kasia and Beznosov, Konstantin},
  journal={HAISA},
  volume={8},
  pages={69--80},
  year={2008}
}

@inproceedings{werlinger2008human,
  title={Human, Organizational and Technological Challenges of Implementing Information Security in Organizations},
  author={Werlinger, R and Hawkey, K and Beznosov, K},
  booktitle={Proceedings of the Second International Symposium on Human Aspects of Information Security \& Assurance (HAISA 2008)},
  pages={35--147},
  year={2008},
  organization={Lulu. com}
}

@incollection{werlinger2008security,
  title={Security practitioners in context: their activities and interactions},
  author={Werlinger, Rodrigo and Hawkey, Kirstie and Beznosov, Konstantin},
  booktitle={CHI'08 extended abstracts on Human factors in computing systems},
  pages={3789--3794},
  year={2008}
}

@article{beznosov2008security,
  title={Security for the rest of us: An industry perspective on the secure-software challenge},
  author={Beznosov, Konstantin and Chess, Brian},
  journal={IEEE Software},
  volume={25},
  number={1},
  pages={10--12},
  year={2008},
  publisher={IEEE}
}

@inproceedings{wei2008authorization,
  title={Authorization using the publish-subscribe model},
  author={Wei, Qiang and Ripeanu, Matei and Beznosov, Konstantin},
  booktitle={2008 IEEE International Symposium on Parallel and Distributed Processing with Applications},
  pages={53--62},
  year={2008},
  organization={IEEE}
}

@incollection{beznosov2008protecting,
  title={Protecting ASP. NET Web Services},
  author={Beznosov, Konstantin},
  booktitle={Securing Web Services: Practical Usage of Standards and Specifications},
  pages={206--227},
  year={2008},
  publisher={IGI Global}
}

@techreport{sun2008sqlprevent,
  title={Sqlprevent: Effective dynamic detection and prevention of sql injection attacks without access to the application source code},
  author={Sun, San-Tsai and Beznosov, Konstantin},
  year={2008},
  institution={Technical Report}
}

@article{werlinger2008human,
  title={Human, Organizational and Technological Challenges of Implementing IT Security in Organizations.},
  author={Werlinger, Rodrigo and Hawkey, Kirstie and Beznosov, Konstantin},
  journal={HAISA},
  volume={8},
  pages={35--48},
  bibbase_note = {<span style="color: red">Best Paper Award</span>,},
  year={2008}
}

@inproceedings{botta2007towards,
  title={Towards understanding IT security professionals and their tools},
  author={Botta, David and Werlinger, Rodrigo and Gagn{\'e}, Andr{\'e} and Beznosov, Konstantin and Iverson, Lee and Fels, Sidney and Fisher, Brian},
  booktitle={Proceedings of the 3rd symposium on Usable privacy and security},
  pages={100--111},
  year={2007}
}

@article{beznosov2007imbalance,
  title={On the imbalance of the security problem space and its expected consequences},
  author={Beznosov, Konstantin and Beznosova, Olga},
  journal={Information Management \& Computer Security},
  volume={15},
  number={5},
  pages={420--431},
  year={2007},
  publisher={Emerald Group Publishing Limited}
}

@inproceedings{wei2007cooperative,
  title={Cooperative secondary authorization recycling},
  author={Wei, Qiang and Ripeanu, Matei and Beznosov, Konstantin},
  booktitle={Proceedings of the 16th international symposium on High performance distributed computing},
  pages={65--74},
  year={2007}
}

@inproceedings{werlinger2007detecting,
  title={Detecting, analyzing and responding to security incidents: a qualitative analysis},
  author={Werlinger, Rodrigo and Botta, David and Beznosov, Konstantin},
  booktitle={Proceedings of the 3rd symposium on Usable privacy and security},
  pages={149--150},
  year={2007}
}

@incollection{beznosov2007support,
  title={Support for ANSI RBAC in CORBA},
  author={Beznosov, Konstantin and Darwish, Wesam},
  booktitle={Technical Report LERSSE-TR-2007-01, accessible from http://lersse-dl. ece. ubc. ca/search. py? recid= 129},
  year={2007},
  publisher={Laboratory for Education and Research in Secure Systems Engineering~…}
}

@techreport{hawkey2007searching,
  title={Searching for the Right Fit: A Case Study of IT Security Management Model Tradeoffs},
  author={Hawkey, Kirstie and Muldner, Kasia and Beznosov, Konstantin},
  year={2007},
  institution={tech. report LERSSE-TR-2007-03, Laboratory for Education and Research in~…}
}

@inproceedings{botta2007studying,
  title={Studying IT security professionals: research design and lessons learned},
  author={Botta, David and Werlinger, Rodrigo and Gagn{\'e}, Andr{\'e} and Beznosov, Konstantin and Iverson, Lee and Fels, Sidney and Fisher, Brian},
  booktitle={Workshop on security user studies: methodologies and best practices},
  year={2007}
}

@inproceedings{bostrom2006extending,
  title={Extending XP practices to support security requirements engineering},
  author={Bostr{\"o}m, Gustav and W{\"a}yrynen, Jaana and Bod{\'e}n, Marine and Beznosov, Konstantin and Kruchten, Philippe},
  booktitle={Proceedings of the 2006 international workshop on Software engineering for secure systems},
  pages={11--18},
  year={2006}
}

@inproceedings{crampton2006secondary,
  title={The secondary and approximate authorization model and its application to Bell-LaPadula policies},
  author={Crampton, Jason and Leung, Wing and Beznosov, Konstantin},
  booktitle={Proceedings of the eleventh ACM symposium on Access control models and technologies},
  pages={111--120},
  year={2006}
}

@article{song2006multiple,
  title={Multiple-channel security architecture and its implementation over SSL},
  author={Song, Yong and Beznosov, Konstantin and Leung, Victor CM},
  journal={EURASIP Journal on Wireless Communications and Networking},
  volume={2006},
  pages={1--14},
  year={2006},
  publisher={Springer International Publishing}
}

@inproceedings{tsang2006security,
  title={A security analysis of the precise time protocol (short paper)},
  author={Tsang, Jeanette and Beznosov, Konstantin},
  booktitle={Information and Communications Security: 8th International Conference, ICICS 2006, Raleigh, NC, USA, December 4-7, 2006. Proceedings 8},
  pages={50--59},
  year={2006},
  organization={Springer Berlin Heidelberg}
}

@article{wei2006cooperative,
  title={Cooperative Approximate Authorization Recycling},
  author={Wei, Qiang and Beznosov, Konstantin and Ripeanu, Matei},
  year={2006}
}

@article{rahman2006assessment,
  title={Assessment of Interdependencies between Communication and Information Technology Infrastructure and other Critical Infrastructures from Public Failure Reports},
  author={Rahman, Hafiz Abdur and Beznosov, Konstantin},
  year={2006}
}

@inproceedings{botta2006hot,
  title={HOT Admin: Human, Organization, and Technology Centred Improvement of IT Security Administration},
  author={Botta, David and Werlinger, Rodrigo and Gagne, Andre and Beznosov, Konstantin and Iverson, Lee and Fisher, Brian and Fels, Sidney},
  booktitle={Proceedings of the Annual Computer Security Applications Conference},
  year={2006}
}

@inproceedings{balfanz2006usable,
  title={Usable Security: Quo Vadis?},
  author={Balfanz, Dirk and Beznosov, Konstantin and Van Oorschot, Paul and Yee, Ka-Ping},
  booktitle={15th USENIX Security Symposium (USENIX Security 06)},
  year={2006}
}

@article{beznosov2005introduction,
  title={Introduction to Web services and their security},
  author={Beznosov, Konstantin and Flinn, Donald J and Kawamoto, Shirley and Hartman, Bret},
  journal={Information Security Technical Report},
  volume={10},
  number={1},
  pages={2--14},
  year={2005},
  publisher={Elsevier Advanced Technology}
}

@inproceedings{beznosov2005flooding,
  title={Flooding and recycling authorizations},
  author={Beznosov, Konstantin},
  booktitle={Proceedings of the 2005 workshop on New security paradigms},
  pages={67--72},
  year={2005}
}

@inproceedings{beznosov2005experience,
  title={Experience report: Design and implementation of a component-based protection architecture for ASP. NET web services},
  author={Beznosov, Konstantin},
  booktitle={International Symposium on Component-Based Software Engineering},
  pages={337--352},
  year={2005},
  organization={Springer Berlin Heidelberg Berlin, Heidelberg}
}

@article{beznosov2005recycling,
  title={Recycling Authorizations: Toward Secondary and Approximate Authorizations Model (SAAM)},
  author={Beznosov, Konstantin},
  journal={University of British Columbia},
  year={2005}
}

@incollection{lee2005analysis,
  title={Analysis of scalable security--MC-SSL savings},
  author={Lee, Johnson and Leung, Victor CM and Beznosov, Konstantin},
  booktitle={Tech. Rep. LERSSE-TR-2005-02},
  year={2005},
  publisher={Laboratory for Education and Research in Secure Systems Engineering (LERSSE~…}
}

@inproceedings{beznosov2005future,
  title={Future direction of access control models, architectures, and technologies},
  author={Beznosov, Konstantin},
  booktitle={Proceedings of the tenth ACM symposium on Access control models and technologies},
  pages={48--48},
  year={2005}
}

@article{beznosov2005method,
  title={A Method for Assessing the Trustworthiness of an Entity by Cooperating Authorities},
  author={Beznosov, Konstantin and Fischer, Ing Daniel},
  year={2005}
}

@inproceedings{rahman2005spapi,
  title={SPAPI: A security and protection architecture for physical infrastructures and its deployment strategy using wireless sensor networks},
  author={Rahman, Hafiz Abdur and Beznosov, Konstantin},
  booktitle={2005 IEEE Conference on Emerging Technologies and Factory Automation},
  volume={2},
  pages={8--pp},
  year={2005},
  organization={IEEE}
}

@article{rahman2005citi,
  title={CITI Fault Report Classification and Encoding for Vulnerability and Risk Assessment of Interconnected Infrastructures},
  author={Rahman, Hafiz Abdur and Beznosov, Konstantin},
  year={2005}
}

@article{rahman2005analysis,
  title={Analysis of Interdependencies between CITI and other Critical Infrastructures using RISKS Forum data},
  author={Rahman, Hafiz Abdur and Beznosov, Konstantin},
  year={2005}
}

@inproceedings{beznosov2004towards,
  title={Towards agile security assurance},
  author={Beznosov, Konstantin and Kruchten, Philippe},
  booktitle={Proceedings of the 2004 workshop on New security paradigms},
  pages={47--54},
  year={2004}
}

@inproceedings{gao2004applying,
  title={Applying Aspect-Orientation in Designing Security Systems: A Case Study.},
  author={Gao, Shu and Deng, Yi and Yu, Huiqun and He, Xudong and Beznosov, Konstantin and Cooper, Kendra ML},
  booktitle={SEKE},
  pages={360--365},
  year={2004}
}

@inproceedings{song2004supporting,
  title={Supporting End-To-End Security Across Proxies with Multiplechannel SSL},
  author={Song, Yong and Leung, Victor CM and Beznosov, Konstantin},
  booktitle={Security and Protection in Information Processing Systems: IFIP 18 th World Computer Congress TC11 19 th International Information Security Conference 22--27 August 2004 Toulouse, France},
  pages={323--337},
  year={2004},
  organization={Springer US}
}

@inproceedings{beznosov2004benefits,
  title={On the benefits of decomposing policy engines into components},
  author={Beznosov, Konstantin},
  booktitle={Proceedings of the 3rd workshop on Adaptive and reflective middleware},
  pages={183--188},
  year={2004}
}

@inproceedings{song2004implementing,
  title={Implementing Multiple Channels over SSL.},
  author={Song, Yong and Leung, Victor CM and Beznosov, Konstantin},
  booktitle={ICETE (2)},
  pages={246--256},
  year={2004}
}

@inproceedings{beznosov2004here,
  title={Here’s Your LegoTM Security Kit: How to Give Developers All Protection Mechanisms They Will Ever Need},
  author={Beznosov, Konstantin},
  booktitle={International Workshop on Software Engineering and Middleware},
  pages={3--18},
  year={2004},
  organization={Springer Berlin Heidelberg Berlin, Heidelberg}
}

@inproceedings{beznosov2004constraints,
  title={Constraints},
  author={Beznosov, Konstantin},
  booktitle={Symposium on Access Control Models and Technologies: Proceedings of the ninth ACM symposium on Access control models and technologies},
  volume={2004},
  year={2004}
}

@misc{hartman2003mastering,
  title={Mastering web services security},
  author={Hartman, Bret and Flinn, Donald J and Beznosov, Konstantin and Kawamoto, Shirley},
  year={2003},
  publisher={John Wiley \& Sons}
}

@article{deng2003approach,
  title={An approach for modeling and analysis of security system architectures},
  author={Deng, Yi and Wang, Jiacun and Tsai, Jeffrey JP and Beznosov, Konstantin},
  journal={IEEE Transactions on knowledge and data engineering},
  volume={15},
  number={5},
  pages={1099--1119},
  year={2003},
  publisher={IEEE}
}

@inproceedings{beznosov2003extreme,
  title={Extreme security engineering: On employing XP practices to achieve'good enough security'without defining it},
  author={Beznosov, Konstantin},
  booktitle={First ACM Workshop on Business Driven Security Engineering (BizSec), Fairfax, VA},
  volume={31},
  year={2003}
}

@article{kaviani2003two,
  title={A Two-factor Authentication Mechanism Using Mobile Phones},
  author={Kaviani, Nima and Hawkey, Kirstie and Beznosov, Konstantin},
  journal={available at, Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, Technical report LERSSE-TR-2008-03,(Aug. 20, 2008)},
  year={2003}
}

@article{hartman2003securing,
  title={Securing Web services},
  author={Hartman, B and Flinn, DJ and Beznosov, K and Kawamoto, S},
  journal={APPLICATION DEVELOPMENT TRENDS},
  volume={10},
  number={2},
  pages={39--46},
  year={2003},
  publisher={MICROSOFT CORPORATION}
}

@article{anderson2003extensible,
  title={eXtensible Access Control Markup},
  author={Anderson, Anne and Parducci, Bill and Carlisle Adams, Entrust and Flinn, Don and Brose, Gerald and Lockhart, Hal and Beznosov, Konstantin and Michiharu Kudo, IBM and Humenn, Polar and Godik, Simon and others},
  journal={language},
  volume={28},
  pages={29},
  year={2003}
}

@article{beznosov2003attribute,
  title={Attribute Function: an enabler for effective inexpensive application-specific security decisions},
  author={Beznosov, Konstantin},
  year={2003}
}

@misc{hartman2002enterprise,
  title={Enterprise Security with EJB and CORBA},
  author={Hartman, Bret and Flinn, Donald J and Beznosov, Konstantin},
  year={2002},
  publisher={John Wiley \& Sons}
}

@inproceedings{beznosov2002object,
  title={Object security attributes: Enabling application-specific access control in middleware},
  author={Beznosov, Konstantin},
  booktitle={OTM Confederated International Conferences" On the Move to Meaningful Internet Systems"},
  pages={693--710},
  year={2002},
  organization={Springer Berlin Heidelberg Berlin, Heidelberg}
}

@misc{beznosov2002mastering,
  title={Mastering Web Services Security},
  author={Beznosov, Konstantin and Hartman, B and Flinn, DJ and Kawamoto, S},
  year={2002},
  publisher={Wiley}
}

@article{beznosov2002security,
  title={Security Engineering for Large Scale Distributed Applications},
  author={Beznosov, Konstantin},
  year={2002}
}

@incollection{beznosov2001engineering,
  title={Engineering access control in distributed applications},
  author={Beznosov, Konstantin and Deng, Yi},
  booktitle={Handbook of Software Engineering and Knowledge Engineering: Volume I: Fundamentals},
  pages={69--90},
  year={2001}
}

@phdthesis{beznosov2000engineering,
  title={Engineering access control for distributed enterprise applications},
  author={Beznosov, Konstantin},
  year={2000},
  school={Florida International University}
}

@inproceedings{beznosov2000information,
  title={Information enterprise architectures: problems and perspectives},
  author={Beznosov, Konstantin},
  booktitle={Written for the Advanced Topics in Software Engineering seminar given by Dr. Michael Evangelist at the School of Computer Science, Florida International University},
  year={2000}
}

@article{espinal2000design,
  title={Design and Implementation of Resource Access Decision Server},
  author={Espinal, Luis and Beznosov, Konstantin and Deng, Yi},
  journal={Center for Advanced Distributed Systems Engineering (CADSE)-Florida International University, Miami technical report},
  volume={1},
  year={2000}
}

@inproceedings{beznosov2000performance,
  title={Performance considerations for CORBA-based application authorization service},
  author={Beznosov, Konstantin and Espinal, Luis and Deng, Yi},
  booktitle={Proceedings of the Fourth IASTED International Conference Software Engineering and Applications,(Las Vegas, Nevada, USA, 2000)},
  year={2000}
}

@inproceedings{barkley1999supporting,
  title={Supporting relationships in access control using role based access control},
  author={Barkley, John and Beznosov, Konstantin and Uppal, Jinny},
  booktitle={Proceedings of the fourth ACM workshop on Role-based access control},
  pages={55--65},
  year={1999}
}

@inproceedings{beznosov1999resource,
  title={A resource access decision service for CORBA-based distributed systems},
  author={Beznosov, Konstantin and Deng, Yi and Blakley, Bob and Burt, Carol and Barkley, John},
  booktitle={Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99)},
  pages={310--319},
  year={1999},
  organization={IEEE}
}

@inproceedings{beznosov1999framework,
  title={A framework for implementing role-based access control using CORBA security service},
  author={Beznosov, Konstantin and Deng, Yi},
  booktitle={Proceedings of the fourth ACM workshop on Role-based access control},
  pages={19--30},
  year={1999}
}

@inproceedings{beznosov1998requirements,
  title={Requirements for access control: US healthcare domain},
  author={Beznosov, Konstantin},
  booktitle={Proceedings of the third ACM workshop on Role-based access control},
  pages={43},
  year={1998}
}

@misc{beznosov1998architecture,
  title={Architecture of information enterprises: Problems and perspectives. written for the “Advanced topics in software engineering” seminar given by dr. michael evangelist during spring of 1998 at school of computer science, florida international university},
  author={Beznosov, K},
  year={1998}
}

@article{beznosov1998computer,
  title={Computer and Distributed Security: Introductory Overview for Researchers},
  author={Beznosov, Konstantin},
  year={1998}
}

@article{beznosov1998decoupling,
  title={Decoupling Authorization Logic From Application Logic in CORBA Security-Aware Applications},
  author={Beznosov, Konstantin and Dengy, Yi and Blakleyz, Bob and Burtx, Carol and Barkley, John},
  year={1998},
  publisher={Citeseer}
}

@article{wilson1997corbamed,
  title={CORBAmed security white paper},
  author={Wilson, Wayne and Beznosov, Konstantin},
  journal={Object Management Group corbamed/97-11-03},
  year={1997}
}

@article{beznosovrealizing,
  title={Realizing Service-Centric Software Systems},
  author={Beznosov, Konstantin and Chess, Brian}
}

@article{samaratichristoph,
  title={Christoph Schuba, Sun Microsystems, Inc.(Program Chair) Charles Payne, Adventium Labs (Program Co-Chair)},
  author={Samarati, Pierangela and Benzel, Terry and Beznosov, Konstantin and Caronni, Germano and Chandramouli, Ramaswamy and Dacier, Marc and Damianti, Ernesto and Ellison, Gary and Gollmann, Dieter and Greenwald, Steven J and others}
}

@article{sunrt,
  title={An RT-based Policy Model for Converged Networks},
  author={Sun, San-Tsai and Beznosov, Konstantin}
}

@article{rajaeffectiveness,
  title={Effectiveness of IT Security Tools in Practice},
  author={Raja, Fahimeh and Muldner, Kasia and Beznosov, Konstantin}
}

@article{andersonoasis,
  title={OASIS eXtensible Access Control Markup Language (XACML) Committee Specification 1.0, 7 November 2002},
  author={Anderson, Anne and Flinn, Don and Damiani, Quadrasis Ernesto and Beznosov, Konstantin and Kudo, Quadrasis Michiharu and Samarati, Pierangela and Thiyagarajan, Pirasenna Velandai and Humenn, Polar and Vajjhala, Sekhar and Proctor, Seth and others}
}

@article{zeeuwenevaluation,
  title={Evaluation of SAAMBLP},
  author={Zeeuwen, Kyle and Beznosov, Konstantin}
}

@article{alian,
  title={Ian Marshall},
  author={Al-Shaer, Ehab and Ao, Xuhui and Bandara, Arosha and Bacon, Jean and Becker, Moritz and Bertino, Elisa and Beznosov, Konstantin and Bobba, Rakesh and Brunner, Marcus and Burgess, Mark and others}
}

@article{bottaunderstanding,
  title={Understanding IT Security Administration through a Field Study},
  author={Botta, David and Werlinger, Rodrigo and Gagn{\'e}, Andr{\'e} and Beznosov, Konstantin and Iverson, Lee and Fels, Sidney and Fisher, Brian}
}

@article{payneuseful,
  title={UsefUl CompUTer seCUrITy},
  author={Payne, Bryan D and Edwards, W Keith and Hawkey, Kirstie and Muldner, Kasia and Beznosov, Konstantin and Bechhofer, Sean and Yesilada, Yeliz and Stevens, Robert and Jupp, Simon and Horan, Bernard}
}

@article{sunposter,
  title={Poster: OpenIDemail Enabled Browser, Towards Fixing the Broken Web Single Sign-On Triangle},
  author={Sun, San-Tsai and Hawkey, Kirstie and Beznosov, Konstantin}
}

@article{rajaposter,
  title={Poster: Expectations, Perceptions, and Misconceptions of Personal Firewalls},
  author={Raja, Fahimeh and Hawkey, Kirstie and Jaferian, Pooya and Beznosov, Konstantin and Booth, Kellogg S}
}

@article{sunposter,
  title={Poster: OpenIDemail Enabled Browser},
  author={Sun, San-Tsai and Beznosov, Konstantin}
}

@article{auracharles,
  title={Charles Payne (PC Co-Chair), Adventium Labs},
  author={Aura, Tuomas and Bauer, Lujo and Bell, David Elliott and Benzel, Terry and Beznosov, Konstantin and Bhatti, Rafae and di Vimercati, Sabrina De Capitani and Dacier, Marc and Denz, Mary and Eloff, Jan and others}
}

@article{sunposter,
  title={Poster: Toward Enabling Secure Web 2.0 Content Sharing Beyond Walled Gardens},
  author={Sun, San-Tsai and Beznosov, Konstantin}
}

@article{muslukhovposter,
  title={Poster: Fine-Grained Locking System for Data and Applications in Smartphones},
  author={Muslukhov, Ildar and Boshmaf, Yazan and Beznosov, Konstantin and Kuo, Cynthia and Lester, Jonathan}
}

@article{jaferianposter,
  title={Poster: Towards Improving Usability of Access Certification Interfaces},
  author={Jaferian, Pooya and Rashtian, Hootan and Beznosov, Konstantin}
}

@article{boshmafposter,
  title={POSTER: How Many Attackers Did You Befriend Today? An Automated Social Engineering Attack in Social Networking Sites},
  author={Boshmaf, Yazan and Beznosov, Konstantin and Ripeanu, Matei}
}

@article{torabiposter,
  title={Poster: Privacy Aspects of Health Related Information Sharing in Online Social Networks},
  author={Torabi, Sadegh and Beznosov, Konstantin}
}

@article{hawkeysearching,
  title={Searching for the Right Fit},
  author={Hawkey, Kirstie and Muldner, Kasia and Beznosov, Konstantin}
}

@article{boshmafsocialbot,
  title={The Socialbot Network: Are Social Botnets Possible?},
  author={Boshmaf, Yazan and Muslukhov, Ildar and Beznosov, Konstantin and Ripeanu, Matei}
}

@article{kiniposter,
  title={Poster: Speculative Authorizations},
  author={Kini, Pranab and Beznosov, Konstantin}
}

@article{beznosovresource,
  title={Resource Access Decision Facility: Overview},
  author={Beznosov, Konstantin}
}

@inproceedings{raja9revealing,
  title={Revealing hidden context},
  author={Raja, Fahimeh and Hawkey, K and Beznosov, K},
  booktitle={Proc. 5th Symp. Usable Priv. Secur.-SOUPS},
  volume={9},
  pages={1}
}

@article{boshmafimportant,
  title={Why is it important to detect fakes?},
  author={Boshmaf, Yazan and Ripeanu, Matei and Beznosov, Konstantin and Logothetis, Dionysios and Siganos, Georgios and Laria, Jorge and Lorenzo, Jose}
}

@article{andersonoasis,
  title={OASIS eXtensible Access Control Markup Language (XACML) Working Draft 17, 27 September 2002},
  author={Anderson, Anne and Flinn, Don and Damiani, Quadrasis Ernesto and Beznosov, Konstantin and Kudoh, Quadrasis Michiharu and Samarati, Pierangela and Thiyatarajan, Pirs Vilandai and Humenn, Polar and Vajjhala, Sekhar and Anderson, Steve and others}
}

@article{mokhberisystematization,
  title={Systematization of Knowledge: Human, Organizational, and Technological Dimensions of Developers’ Challenges in Engineering Secure Software},
  author={Mokhberi, Azadeh and Beznosov, Konstantin}
}

@article{andersonoasis,
  title={OASIS eXtensible Access Control Markup Language (XACML) Committee Specification 1.0, 8 October 2002},
  author={Anderson, Anne and Flinn, Don and Damiani, Quadrasis Ernesto and Beznosov, Konstantin and Kudo, Quadrasis Michiharu and Samarati, Pierangela and Thiyatarajan, Piras Vilandai and Humenn, Polar and Vajjhala, Sekhar and Anderson, Steve and others}
}