Articles
A User Study of Policy Creation in a Flexible Access-Control System (with Lujo Bauer, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea), Institute for Software Research (2008)
Significant effort has been invested in developing expressive and flexible access-control languages and systems. However,...
Expandable Grids for Visualizing and Authoring Computer Security Policies (with Robert W. Reeder, Lujo Bauer, Michael K. Reiter, Kelli Bacon, Keisha How, and Heather Strong), Institute for Software Research (2008)
We introduce the Expandable Grid, a novel interaction technique for creating, editing, and viewing many...
You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings (with Jason Hong and Serge Egelman), Human-Computer Interaction Institute (2008)
Many popular web browsers now include active phishing warnings since research has shown that passive...
You’ve Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings (with Serge Egelman and Jason Hong), Institute for Software Research (2008)
Many popular web browsers now include active phishing warnings since research has shown that passive...
The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study (with Serge Egelman, Janice Tsai, and Alessandro Acquisti), ICIS 2007 Proceedings (2007)
Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish (with Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru, Alessandro Acquisti, Jason Hong, and Elizabeth Nunge), Institute for Software Research (2007)
In this paper we describe the design and evaluation of Anti- Phishing Phil, an online...
Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System (with Jason Hong, Ponnurangam Kumaraguru, Yong Rhee, Alessandro Acquisti, and Elizabeth Nunge), Human-Computer Interaction Institute (2007)
Phishing attacks, in which criminals lure Internet users to websites that impersonate legitimate sites, are...
Understanding and Capturing People's Privacy Policies in a Mobile Social Networking Application (with Jason Hong, Norman Sadeh, Ian Fette, Madhu Prabaker, and Jinghai Rao), Human-Computer Interaction Institute (2007)
A number of mobile applications have emerged that allow users to locate one another. However,...
User-Controllable Security and Privacy for Pervasive Computing (with Bruce McLaren, Jason Cornwall, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Lujo Bauer, Kami Vaniea, Jason Hong, Mike Reiter, and Norman Sadeh), Human-Computer Interaction Institute (2007)
We describe our current work in developing novel mechanisms for managing security and privacy in...
Decision Strategies and Susceptibility to Phishing (with Julie S. Downs and Mandy B. Holbrook), Institute for Software Research (2006)
Phishing emails are semantic attacks that con people into divulging sensitive information using techniques to...
Phinding Phish: Evaluating Anti-Phishing Tools (with Jason Hong, Yue Zhang, and Serge Egelman), Human-Computer Interaction Institute (2006)
There are currently dozens of freely available tools to combat phishing and other web-based scams,...
Power Strips, Prophylactics, and Privacy, Oh My! (with Julia Gideon, Serge Egelman, and Alessandro Acquisti), Institute for Software Research (2006)
While Internet users claim to be concerned about online privacy, their behavior rarely reflects those...
Privacy Patterns for Online Interactions (with Jason Hong, Sasha Romanowsky, Alessandro Acquisti, and Batya Friedman), Human-Computer Interaction Institute (2006)
A proper security architecture is an essential part of implementing robust and reliable networked applications....