The Challenges of Using an Intrusion Detection System: Is It Worth the Effort?
An intrusion detection system (IDS) can be a key component of security incident response within organizations. Traditionally, intrusion detection research has focused on improving the accuracy of IDSs,...
View ArticleGuidelines for Designing IT Security Management Tools
An important factor that impacts the effectiveness of security systems within an organization is the usability of security management tools. In this paper, we present a survey of design guidelines for...
View ArticleUsability Study of Windows Vista’s Firewall
Windows Vista is shipped with a built-in personal firewall. The firewall has lots of new features over its predecessor, XP’s firewall. But, previous studies showed that Vista’s firewall have a set of...
View ArticleA Usability Analysis of Microsoft Windows Vista’s Firewall
The usability of personal firewalls has not received a significant amount of attention in the literature. However, it is essential that these firewalls - which are used by the lay end-user to protect...
View ArticleRevealing Hidden Context: Improving Mental Models of Personal Firewall Users
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. However, concealing the impact of network context on the security state of...
View ArticleTowards Web 2.0 Content Sharing Beyond Walled Gardens
Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). In this presentation,...
View ArticleOpen Problems in Web 2.0 User Content Sharing
Users need useful mechanisms for sharing their Web 2.0 content with each other in a controlled manner across boundaries of content-hosting and service providers (CSPs). In this paper, we discuss open...
View ArticleRevealing Hidden Context: Improving Mental Models of Personal Firewall Users
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. However, concealing the impact of network context on the security state of the...
View ArticleUser Centered Design of ITSM Tools
IT Security Management (ITSM) requires collaboration between diverse stakeholders, has an environment of numerous technological and business specializations (is complex), has many issues that need to...
View ArticleRevealing Hidden Context: Improving Users' Mental Models of Personal Firewalls
Windows Vista’s personal firewall provides its diverse users with a basic interface that hides many operational details. However, our study of this interface revealed that concealing the impact of...
View ArticleA Multi-method Approach for User-centered Design of Identity Management Systems
Identity management (IdM) comprises the processes and infrastructure for the creation, maintenance, and use of digital identities. This includes designating who has access to resources, who grants that...
View ArticleSecure Web 2.0 Content Sharing Beyond Walled Gardens
Web 2.0 users need usable mechanisms for sharing their content with each other in a controlled manner across boundaries of content-hosting or application-service providers (CSPs). In this paper, we...
View ArticleTowards Investigating User Account Control Practices in Windows Vista
This poster presents the research plan for investigating user account control practices in Windows Vista. The research will explore end users' behaviours in using user account types acrossWindows Vista...
View ArticleA Case Study of Enterprise Identity Management System Adoption in an...
This case study describes the adoption of an enterprise identity management(IdM) system in an insurance organization. We describe the state of the organization before deploying the IdM system, and...
View ArticleTowards Developing Usability Heuristics for Evaluation of IT Security...
Evaluating the usability of specific information technology (IT) security tools is challenging. For example, laboratory experiments can have little validity due to the complexity of real-world security...
View ArticleOpen problems in Web 2.0 user content sharing
Users need useful mechanisms for sharing their Web 2.0 content with each other in a controlled manner across boundaries of content-hosting and service providers (CSPs). In this paper, we discuss open...
View ArticleDo Windows Users Follow the Principle of Least Privilege? Investigating User...
The principle of least privilege requires that users and their programs be granted the most restrictive set of privileges possible to perform required tasks in order to limit the damages caused by...
View ArticlePoster: OpenIDemail Enabled Browser, Towards Fixing the Broken Web Single...
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties...
View ArticleA Billion Keys, but Few Locks: The Crisis of Web Single Sign-On
OpenID and InfoCard are two mainstream Web single sign-on (SSO) solutions intended for Internet-scale adoption. While they are technically sound, the business model of these solutions does not provide...
View ArticleOpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On...
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties...
View ArticleOpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On
OpenID is an open and promising Web single sign-on solution; however, the interaction flows provided by OpenID are inconsistent and counter-intuitive, and vulnerable to phishing attacks. In this work,...
View ArticleIs OpenID too Open? Technical, Business, and Human Issues That Get in the Way...
The web is essential for business and personal activities well beyond information retrieval, such online banking, financial transactions, and payment authorization, but reliable user authentication...
View Article
