Titlebook: Research in Attacks, Intrusions and Defenses; 17th International S Angelos Stavrou,Herbert Bos,Georgios Portokalidis Conference proceedings

忧伤

A Lightweight Formal Approach for Analyzing Security of Web Protocolsat honest participants to simplify the protocol model. Despite its simplicity, we demonstrate effectiveness of our approach through a case-study of SAML, where we identify a previously unknown vulnerability in its identity federation workflow.

indices

Why Is CSP Failing? Trends and Challenges in CSP Adoptionwe evaluate the feasibility of deploying CSP from the perspective of a security-conscious website operator. We used an incremental deployment approach through CSP’s report-only mode on four websites, collecting over 10M reports. Furthermore, we used semi-automated policy generation through web appli

burnish

Synthetic Data Generation and Defense in Depth Measurement of Web Applicationsntrols spanning all four layers to determine their sensitivity to dataset changes, compare performance even across layers, compare synthetic data to real production data, and calculate combined defense in depth performance of sets of controls.

maverick

A Comparative Evaluation of Implicit Authentication Schemesms of: accuracy; training time and delay on real-world datasets; detection delay; processing and memory complexity for feature extraction, training and classification operations; vulnerability to mimicry attacks; and deployment issues on mobile platforms. We also leverage our real-world device usage