Publications

Select by Category

All Papers

Selected Papers by Topic

Posters

Preprints

Presentations

Technical Reports

Theses

2023

T. Yadav, D. Gosain, and K. Seamons. Cryptographic Deniability: A Multi-perspective Study of User Perceptions and Expectations. USENIX Security Symposium, Anaheim, California, 2023.

G. Smith, T. Yadav, J. Dutson, S. Ruoti, and K. Seamons. "If I Could Do This, I Feel Anyone Could:" The Design and Evaluation of a Secondary Authentication Factor Manager. USENIX Security Symposium, Anaheim, California, 2023.

2022

T. Yadav, D. Gosain, A. Herzberg, D. Zappala, and K. Seamons. Automatic Detection of Fake Key Attacks in Secure Messaging. ACM Conference on Computer and Communications Security (CCS 2022), Los Angeles, California, 2022. ACM Presas.

M. Clark and K. Seamons. Passwords and Cryptwords: The Final Limits on Length. New Security Paradigms Workshop, (NSPW 2022), North Conway, New Hampshire, October 2022.

2021

J. Clark, P.C. van Oorschot, S. Ruoti, K. Seamons, and D. Zappala. SoK: Securing Email-A Stakeholder-Based Analysis. Financial Cryptography (FC 2021), 2021. [Extended].

A. Herzberg, H. Leibowitz, K. Seamons, E. Vaziripour, J. Wu, and D. Zappala, Secure Messaging Authentication Ceremonies Are Broken, IEEE Security & Privacy 19.2 (2021).

2020

T. Smith, L. Dickinson, and K. Seamons. Let’s Revoke: Scalable Global Certificate Revocation. Network and Distributed Systems Security Symposium (NDSS), 2020.

2019

L. Dickinson, T. Smith, and K. Seamons. Leveraging Locality of Reference for Certificate Revocation. Annual Computer Security Applications Conference (ACSAC), 2019.

S. Ruoti and K. Seamons. Johnny’s Journey Toward Usable Secure Email. IEEE Security and Privacy, Vol. 17. No. 6, November/December 2019.

K. Reese, T. Smith, J. Dutson, J. Armknecht, J. Cameron, and K. Seamons. A Usability Study of Five Two-Factor Authentication Methods. Symposium on Usable Privacy and Security (SOUPS), 2019.

J.Wu, C. Gattrell, D. Howard, J. Tyler, E. Vaziripour, K. Seamons, and D. Zappala. “Something Isn’t Secure, But I’m Not Sure How That Translates Into a Problem”: Promoting Autonomy by Designing for Understanding in Signal. Symposium on Usable Privacy and Security (SOUPS), August 2019.

J. Dutson, D. Allen, D. Eggett, and K. Seamons. “Don’t Punish All of Us”: Measuring User Attitudes About Two-Factor Authentication. In Fifth European Workshop on Usable Security (EuroUSEC), 2019.

E. Vaziripour, D. Howard, J. Tyler, M. O’Neill, J. Wu, K. Seamons, and D. Zappala. I Don’t Even Have to Bother Them! Action Needed! Using Social Media to Automate the Authentication Ceremony in Secure Messaging. CHI Conference on Human Factors in Computing Systems (CHI 2019), May 2019.

S. Ruoti, J. Andersen, L. Dickinson, S. Heidbrink, T. Monson, M. O’Neill, K. Reese, B. Spendlove, E. Vaziripour, J. Wu, D. Zappala, and K. Seamons. A Usability Study of Four Secure Email Tools Using Paired Participants. ACM Transactions on Privacy and Security, Vol 22, No 2, Article 13 (April 2019).

2018

M. O’Neill, K. Seamons, and D. Zappala. The Secure Socket API: TLS as an Operating System Service. ;login:, The USENIX Magazine, vol. 43 no. 4, Winter 2018.

M. O’Neill, S. Heidbrink, J. Whitehead, T. Perdue, L. Dickinson, T. Collett, N. Bonner, K. Seamons, and D. Zappala. The Secure Socket API: TLS as an Operating System Service. 28th USENIX Security Symposium, August 2018. Internet Defense Prize Second Place, sponsored by Facebook.

S. Ruoti, J. Andersen, T. Monson, D. Zappala, and K. Seamons. A Comparative Usability Study of Key Management in Secure Email. USENIX Symposium on Usable Privacy and Security (SOUPS 2018), August 2018.

E. Vaziripour, J. Wu, M. O’Neill, D. Metro, J. Cockrell, T. Moffett, J. Whitehead, N. Bonner, K. Seamons, and D. Zappala. Action Needed! Helping Users Find and Complete the Authentication Ceremony in Signal, USENIX Symposium on Usable Privacy and Security (SOUPS 2018), August 2018.

J. Reynolds, T. Smith, K. Reese, L. Dickinson, S. Ruoti, and K. Seamons. A Tale of Two Studies: The Best and Worst of YubiKey Usability, 39th IEEE Symposium on Security and Privacy (S&P 2018), May 2018.

T. Monson, J. Reynolds, T. Smith, S. Ruoti, D. Zappala, and K. Seamons. A Usability Study of Secure Email Deletion, European Workshop on Usable Security (EuroUSEC), April 2018.

E. Vaziripour, R. Farahbakhsh, M. O’Neill, J. Wu, K. Seamons, and D. Zappala, Private But Not Secure: A Survey Of the Privacy Preferences and Practices of Iranian Users of Telegram, Workshop on Usable Security (USEC), February 2018.

2017

S. Ruoti, K. Seamons. End-to-End Passwords, New Security Paradigms Workshop (NSPW 2017), Islamorada, Florida, October 2017.

S. Ruoti, K. Seamons, D. Zappala. Layering Security at Global Control Points to Secure Unmodified Software, IEEE Secure Development Conference (IEEE SecDev 2017), Boston, Massachusetts, September 2017. Best Paper Award.

M. O’Neill, S. Heidbrink, S. Ruoti, J. Whitehead, D. Bunker, L. Dickinson, T. Hendershot, J. Reynolds, K. Seamons, D. Zappala. TrustBase: An Architecture to Repair and Strengthen Certificate-Based Authentication, 27th USENIX Security Symposium, August 2017.

E. Vaziripour, R. Clinton, J. Wu, M. O’Neill, J. Whitehead, S. Heidbrink, K. Seamons, and D. Zappala. Is That You, Alice? A Usability Study of the Authentication Ceremony of Secure Messaging Applications, 13th Annual Symposium on Usable Privacy and Security (SOUPS 2017), Santa Clara, California, July 2017.

S. Ruoti, T. Monson, J. Wu, D. Zappala, K. Seamons. Weighing Context and Trade-offs: How Suburban Adults Selected Their Online Security Posture, 13th Annual Symposium on Usable Privacy and Security (SOUPS 2017), Santa Clara, California, July 2017. [Presentation]

M. O’Neill, S. Ruoti, K. Seamons, D. Zappala. TLS Inspection: How Often and Who Cares? IEEE Internet Computing, May/June 2017.

2016

M. O’Neill, S. Ruoti, K. Seamons, D. Zappala. TLS Proxies: Friend or Foe?, ACM Internet Measurement Conference (IMC 2016). ACM, 2016.

S. Ruoti, J. Andersen, T. Hendershot, D. Zappala, K. Seamons. Private Webmail 2.0: Simple and Easy-to-Use Secure Email, 29th ACM Symposium on User Interface Software and Technology (UIST 2016). ACM, 2016.

A. Afanasyev, J. Halderman, S. Ruoti, K. Seamons, Y. Yu, D. Zappala, L. Zhang. Content-based Security for the Web, New Security Paradigms Workshop (NSPW 2016). ACM, 2016.

S. Ruoti, M. O’Neill, D. Zappala, K. Seamons. User Attitudes Toward the Inspection of Encrypted Traffic, 12th Annual Symposium on Usable Privacy and Security (SOUPS 2016). USENIX, 2016. [Presentation]

S. Ruoti, K. Seamons. Standard Metrics and Scenarios for Usable Authentication, 2nd Workshop on “Who Are You?! Adventures in Authentication” at the Symposium on Usable Privacy and Security (WAY 2016). USENIX, 2016. [Presentation]

S. Ruoti, J. Andersen, K. Seamons. Strengthening Password-based Authentication, 2nd Workshop on “Who Are You?! Adventures in Authentication” at the Symposium on Usable Privacy and Security (WAY 2016). USENIX, 2016. [Presentation]

E. Vaziripour, M. O’Neill, J. Wu, S. Heidbrink, K. Seamons, and D. Zappala. Social Authentication for End-to-End Encryption, 2nd Workshop on “Who Are You?! Adventures in Authentication” at the Symposium on Usable Privacy and Security (WAY 2016). USENIX, 2016. [Presentation]

S. Ruoti, J. Andersen, S. Heidbrink, M. O’Neill, E. Vaziripour, J. Wu, D. Zappala, K. Seamons. “We’re on the Same Page”: A Usability Study of Secure Email Using Pairs of Novice Users, Proceedings of the 34th Annual ACM Conference on Human Factors in Computing Systems (CHI 2016). ACM, 2016. Honorable Mention Award. [Presentation]

2015

S. Ruoti, B. Roberts, K. Seamons. Authentication Melee: A Usability Analysis of Seven Web Authentication Systems, 24th Annual International Conference on World Wide Web (WWW 2015). ACM, 2015. [Presentation]

2013

S. Ruoti, N. Kim, B. Burgon, T.W. van der Horst, and K. Seamons. Confused Johnny: When Automatic Encryption Leads to Confusion and Mistakes 9th Annual Symposium on Usable Privacy and Security (SOUPS 2013). ACM, 2013. [Presentation]

C. Robison, S. Ruoti, T. W. van der Horst, and K. E. Seamons. Private Facebook Chat 2012 International Conference on Privacy, Security, Risk, and Trust (PASSAT 2012) and 2012 International Conference on Social Computing (SocialCom 2012). IEEE, 2013. [Presentation]

2008

R. Jammalamadaka, R. Gamboni, S. Mehrotra, K. Seamons, and N. Venkatasubramanian. iDataGuard: An Interoperable Security Middleware for Untrusted Internet Data Storage. In Proceedings of the ACM/IFIP/USENIX Middleware '08 Conference Companion (Companion '08). Association for Computing Machinery, New York, NY, USA, December 2008.

T. W. van der Horst and K. E. Seamons. pwdArmor: Protecting Conventional Password-based Authentications. 24th Annual Computer Security Applications Conference (ACSAC 2008). ACM, 2008. [Presentation]

R. S. Abbott, T. W. van der Horst, and K. E. Seamons. CPG: Closed Pseudonymous Groups. Workshop on Privacy in the Electronic Society (WPES 2008), Alexandria, VA, October 2008.

D. D. Walker, E. G. Mercer, and K. E. Seamons. Or Best Offer: A Privacy Policy Negotiation Protocol. IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2008), Palisades, NY, June 2008.

A. Harding, T. W. van der Horst, and K. E. Seamons. Wireless Authentication using Remote Passwords. 1st ACM Conference on Wireless Network Security (WiSec), Alexandria, VA, March 2008.

2007

P. L. Hellewell, T. W. van der Horst, and K. E. Seamons. Extensible Pre-Authentication in Kerberos. 23rd Annual Computer Security Applications Conference (ACSAC), Miami, FL, December 2007.

T. W. van der Horst, and K. E. Seamons. Simple Authentication for the Web. 3rd International Conference on Security and Privacy in Communication Networks, Nice, France, September, 2007. [Presentation]

R. C. Jammalamadaka, R. Gamboni, S. Mehrotra, K. Seamons, N. Venkatasubramanian. gVault: A Gmail Based Cryptographic Network File System. 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Redondo Beach, CA, July 2007.

2006

A. J. Lee, K. E. Seamons, M. Winslett and T. Yu. Automated Trust Negotiation in Open Systems. In Secure Data Management in Decentralized Systems, edited by Ting Yu and Sushil Jajodia, Springer, December 2006.

R. C. Jammalamadaka, T. W. van der Horst, S. Mehrotra, K. E. Seamons, and N. Venkasubramanian. Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine. 22nd Annual Computer Security Applications Conference (ACSAC), Miami, FL, December 2006.

L. Olson, M. Winslett, G. Tonti, N. Seeley, A. Uszok, and J. Bradshaw. TrustBuilder as an Authorization Service for Web Services. International Workshop on Security and Trust in Decentralized/Distributed Data Structures (STD3S) in conjuction with the 22nd International Conference on Data Engineering (ICDE’06), Atlanta, Georgia, April 2006.

J. Holt. Logcrypt: Forward Security and Public Verification for Secure Audit Logs. Australasian Information Security Workshop 2006, Hobart, Tasmania, January 2006.

2005

T. Ryutov, L. Zhou, C. Neuman, N. Foukia, T. Leithead, and K. E. Seamons. Adaptive Trust Negotiation and Access Control for Grids. 6th IEEE/ACM International Workshop on Grid Computing, Seattle, WA, November 2005.

T. W. van der Horst and K. E. Seamons. Short Paper: Thor — The Hybrid Online Repository. First IEEE International Conference on Security and Privacy for Emerging Areas in Communications Networks, Athens, Greece, September 2005. Slides

T. Ryutov, L. Zhou, C. Neuman, T. Leithead, and K. E. Seamons. Adaptive Trust Negotiation and Access Control. 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, June 2005.

2004

T. Leithead, W. Nejdl, D. Olmedilla, K. Seamons, M. Winslett, T. Yu, and C. Zhang. How to Exploit Ontologies in Trust Negotiation. Workshop on Trust, Security, and Reputation on the Semantic Web, part of the Third International Semantic Web Conference, Hiroshima, Japan, November 2004.

R. Bradshaw, J. Holt, and K. E. Seamons. Concealing Complex Policies with Hidden Credentials. Eleventh ACM Conference on Computer and Communications Security, Washington, DC, October 2004.

T. W. van der Horst, T. Sundelin, K. E. Seamons, and C. D. Knutson. Mobile Trust Negotiation: Authentication and Authorization in Dynamic Mobile Networks. Eighth IFIP Conference on Communications and Multimedia Security, Lake Windermere, England, September 2004. Slides

A. Hess, J. Holt, J. Jacobson, and K. E. Seamons. Content-Triggered Trust Negotiation. ACM Transaction on Information System Security, Vol. 7, No. 3, August 2004.

B. Smith, K. E. Seamons, and M. D. Jones. Responding to Policies at Runtime in TrustBuilder 5th International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), Yorktown Heights, New York, June 2004.

R. Gavriloaie, W. Nejdl, D. Olmedilla, K. E. Seamons, and M. Winslett. No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web. 1st European Semantic Web Symposium, Heraklion, Greece, May 2004.

2003

J. Holt, R. Bradshaw, K. E. Seamons, and H. Orman. Hidden Credentials. 2nd ACM Workshop on Privacy in the Electronic Society, Washington, DC, October 2003. Slides

D. Vawdrey, T. Sundelin, K. E. Seamons, and C. Knutson. Trust Negotiation for Authentication and Authorization in Healthcare Information Systems. 25th Annual International Conference of the IEEE Engineering In Medicine And Biology Society, Cancun, Mexico, September 2003.

A. Hess and K. E. Seamons. An Access Control Model for Dynamic Client-Side Content. 8th ACM Symposium on Access Control Models and Technologies, Como, Italy, June 2003. Slides

M. Winslett. An Introduction to Automated Trust Establishment. 1st International Conference on Trust Management, Crete, Greece, May 2003.

T. Yu and M. Winslett. A Unified Scheme for Resource Protection in Automated Trust Negotiation.IEEE Symposium on Security and Privacy, Berkeley, California, May 2003.

T. Yu, M. Winslett, and K. E. Seamons. Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation. ACM Transactions on Information and System Security, vol. 6, no. 1, February 2003.

2002

M. Winslett, T. Yu, K. E. Seamons, A. Hess, J. Jacobson, R. Jarvis, B. Smith, and L. Yu. Negotiating Trust on the Web. IEEE Internet Computing, vol. 6, no. 6, November/December 2002.

T. Yu, M.Winslett, and K.E. Seamons. Automated Trust Negotiation over the Internet. 6th World Multiconference on Systemics, Cybernetics and Informatics, Orlando, FL, July 14-18, 2002.

K. E. Seamons, M. Winslett, T. Yu, B. Smith, E. Child, J. Jacobson, H. Mills, and L. Yu. Requirements for Policy Languages for Trust Negotiation. 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Monterey, CA, June 2002. Slides

K. E. Seamons, M. Winslett, T. Yu, L. Yu, and R. Jarvis. Protecting Privacy During On-line Trust Negotiation. 2nd Workshop on Privacy Enhancing Technologies, San Francisco, CA, April 2002. Slides

A. Hess, J. Jacobson, H. Mills, R. Wamsley, K. E. Seamons, and B. Smith. Advanced Client/Server Authentication in TLS. Network and Distributed System Security Symposium, San Diego, CA, February 2002. Slides

J. Holt and K. E. Seamons. Selective Disclosure Credential Sets. Cryptology ePrint Archive, Report 2002/151

2001

T. Yu, M. Winslett, and K. E. Seamons. Interoperable Strategies in Automated Trust Negotiation. 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, November 2001.

T. Barlow, A. Hess, and K. E. Seamons. Trust Negotiation in Electronic Markets. Eighth Research Symposium in Emerging Electronic Markets, Maastricht, Netherlands, September 2001.

K. E. Seamons, M. Winslett, and T. Yu. Limiting the Disclosure of Access Control Policies During Automated Trust Negotiation. Network and Distributed System Security Symposium, San Diego, CA, February 2001. Slides

2000

T. Yu, X. Ma, and M. Winslett. PRUNES: An Efficient and Complete Strategy for Trust Negotiation over the Internet. ACM Conference on Computer and Communications Security, Athens, November 2000.

W. H. Winsborough, K. E. Seamons, and V. E. Jones. Automated Trust Negotiation. DARPA Information Survivability Conference and Exposition, Hilton Head, SC, January 2000.

1999

W. H. Winsborough, K. E. Seamons, and V. E. Jones. Negotiating Disclosure of Sensitive Credentials. Second Conference on Security in Communication Networks, Amalfi, Italy, September 1999.

1997

Y. Cho, M. Winslett, M. Subramaniam, Y. Chen, S. Kuo, and K. E. Seamons. Exploiting Local Data in Parallel Array I/O on a Practical Network of Workstations. In Proceedings of the fifth workshop on I/O in parallel and distributed systems (IOPADS '97). Association for Computing Machinery, New York, NY, USA, November 1997.

K. E. Seamons, W. Winsborough, and M. Winslett. Internet Credential Acceptance Policies. Proceedings of the Workshop on Logic Programming for Internet Applications, Leuven, Belgium, July 1997.

1996

Y. Chen, M. Winslett, K. E. Seamons, S. Kuo, Y. Cho, and M. Subramaniam. Scalable Message Passing in Panda. In Proceedings of the fourth workshop on I/O in parallel and distributed systems: part of the federated computing research conference (IOPADS '96). Association for Computing Machinery, New York, NY, USA, May 1996.

1995

K. E. Seamons, Y. Chen, P. Jones, J. Jozwiak, and M. Winslett. Server-Directed Collective I/O in Panda. In Proceedings of the 1995 ACM/IEEE conference on Supercomputing (Supercomputing '95). Association for Computing Machinery, New York, NY, USA, December 1995.

Systems Security

M. O’Neill, S. 2.Heidbrink, S. Ruoti, J. Whitehead, D. Bunker, L. Dickinson, T. Hendershot, J. Reynolds, K. Seamons, D. Zappala. TrustBase: An Architecture to Repair and Strengthen Certificate-Based Authentication, 27th USENIX Security Symposium, August 2017.

TLS Security

M. O’Neill, S. Ruoti, K. Seamons, D. Zappala. TLS Inspection: How Often and Who Cares? IEEE Internet Computing, May/June 2017.

M. O’Neill, S. Ruoti, K. Seamons, D. Zappala. TLS Proxies: Friend or Foe?, ACM Internet Measurement Conference (IMC 2016). ACM, 2016.

Usable Security

T. Monson, J. Reynolds, T. Smith, S. Ruoti, D. Zappala, and K. Seamons. A Usability Study of Secure Email Deletion, European Workshop on Usable Security (EuroUSEC), April 2018.

E. Vaziripour, R. Clinton, J. Wu, M. O’Neill, J. Whitehead, S. Heidbrink, K. Seamons, and D. Zappala. Is that you, Alice? A Usability Study of the Authentication Ceremony of Secure Messaging Applications, 13th Annual Symposium on Usable Privacy and Security (SOUPS 2017), Santa Clara, California, July 2017.

End-to-End Encryption

A. Afanasyev, J. Halderman, S. Ruoti, K. Seamons, Y. Yu, D. Zappala, L. Zhang. Content-based Security for the Web, New Security Paradigms Workshop (NSPW 2016). ACM, 2016.

Authentication

S. Ruoti, K. Seamons. End-to-End Passwords, New Security Paradigms Workshop (NSPW 2017), Islamorada, Florida, October 2017.

S. Ruoti, J. Andersen, K. Seamons. Strengthening Passwords-based Authentication, 2nd Workshop on “Who Are You?! Adventures in Authentication” at the Symposium on Usable Privacy and Security (WAY 2016). USENIX, 2016. [Presentation]

A. Harding, T. W. van der Horst, and K. E. Seamons. Wireless Authentication using Remote Passwords. 1st ACM Conference on Wireless Network Security (WiSec), Alexandria, VA, March 2008.

P. L. Hellewell, T. W. van der Horst, and K. E. Seamons. Extensible Pre-Authentication in Kerberos. 23rd Annual Computer Security Applications Conference (ACSAC), Miami, FL, December 2007.

Privacy

R. S. Abbott, T. W. van der Horst, and K. E. Seamons. CPG: Closed Pseudonymous Groups. Workshop on Privacy in the Electronic Society (WPES 2008), Alexandria, VA, October 2008.

R. Bradshaw, J. Holt, and K. E. Seamons. Concealing Complex Policies with Hidden Credentials. Eleventh ACM Conference on Computer and Communications Security, Washington, DC, October 2004.

J. Holt, R. Bradshaw, K. E. Seamons, and H. Orman. Hidden Credentials. 2nd ACM Workshop on Privacy in the Electronic Society, Washington, DC, October 2003. Slides

K. E. Seamons, M. Winslett, T. Yu, L. Yu, and R. Jarvis. Protecting Privacy during On-line Trust Negotiation. 2nd Workshop on Privacy Enhancing Technologies, San Francisco, CA, April 2002. Slides

J. Holt and K. E. Seamons. Selective Disclosure Credential Sets. Cryptology ePrint Archive, Report 2002/151

Trust Negotiation

A. Hess, J. Holt, J. Jacobson, and K. E. Seamons. Content-Triggered Trust Negotiation. ACM Transaction on Information System Security, Vol. 7, No. 3, August 2004.

M. Winslett. An Introduction to Automated Trust Establishment. 1st International Conference on Trust Management, Crete, Greece, May 2003.

M. Winslett, T. Yu, K. E. Seamons, A. Hess, J. Jacobson, R. Jarvis, B. Smith, and L. Yu. Negotiating Trust on the Web. IEEE Internet Computing, vol. 6, no. 6, November/December 2002.

T. Yu, M.Winslett, and K.E. Seamons. Automated Trust Negotiation over the Internet. 6th World Multiconference on Systemics, Cybernetics and Informatics, Orlando, FL, July 14-18, 2002.

T. Yu, M. Winslett, and K. E. Seamons. Interoperable Strategies in Automated Trust Negotiation. 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, November 2001.

T. Barlow, A. Hess, and K. E. Seamons. Trust Negotiation in Electronic Markets. Eighth Research Symposium in Emerging Electronic Markets, Maastricht, Netherlands, September 2001.

T. Yu, X. Ma, and M. Winslett. PRUNES: An Efficient and Complete Strategy for Trust Negotiation over the Internet. ACM Conference on Computer and Communications Security, Athens, November 2000.

W. H. Winsborough, K. E. Seamons, and V. E. Jones. Automated Trust Negotiation. DARPA Information Survivability Conference and Exposition, Hilton Head, SC, January 2000.

W. H. Winsborough, K. E. Seamons, and V. E. Jones. Negotiating Disclosure of Sensitive Credentials. Second Conference on Security in Communication Networks, Amalfi, Italy, September 1999.

K. E. Seamons, W. Winsborough, and M. Winslett. Internet Credential Acceptance Policies. Proceedings of the Workshop on Logic Programming for Internet Applications, Leuven, Belgium, July 1997.

Access Control

L. Olson, M. Winslett, G. Tonti, N. Seeley, A. Uszok, and J. Bradshaw. TrustBuilder as an Authorization Service for Web Services. International Workshop on Security and Trust in Decentralized/Distributed Data Structures (STD3S) in conjunction with the 22nd International Conference on Data Engineering (ICDE’06), Atlanta, Georgia, April 2006.

A. Hess and K. E. Seamons. An Access Control Model for Dynamic Client-Side Content. 8th ACM Symposium on Access Control Models and Technologies, Como, Italy, June 2003. Slides

S. Ruoti and K. Seamons. Usable Security for Webmail and Single Sign-on, Symantec, Culver City, October 2013. [Presentation]

PhD Dissertations

Scott Ruoti. Usable, Secure Content-Based Encryption on the Web. July 2017.
Tim van der Horst. Convenient Decentralized Authentication using Passwords. April 2010. [Presentation]

Master’s Theses

Brad Spendlove. Security Analysis and Recommendations for CONIKS as a PKI Solution for Mobile Applications. December 2018.
Luke Dickinson. Certificate Revocation Table: Leveraging Locality of Reference in Web Requests to Improve TLS Certificate Revocation. October 2018.
Ken Reese. Evaluating the Usability of Two-Factor Authentication. May 2018.
Tyler Monson. Usable Secure Email Through Short-Lived Keys. October 2016.
Travis Hendershot. Towards Using Certificate-Based Authentication as a Defense Against Evil Twins in 802.11 Networks. November 2016.
Jeff Andersen. The Quest to Secure Email: A Usability Analysis of Key Management Alternatives. July 2016.
Scott Ruoti. Authentication Melee: A Usability Analysis of Seven Web Authentication Systems. December 2014.
Song Yuanzheng. Browser-Based Manual Encryption. August 2014.
Ben Burgon. Pwm: A Secure Webmail System Designed for Easy Adoption. March 2014.
Nathan Kim. Message Protector: Demonstrating that Manual Encryption Improves Usability. May 2013.
Chris Robison. Secure Browser-Based Instant Messaging. December 2012.
Pavan Vankamamidi. Proofs of Correctness for Three Decentralized Authentication Protocols Using Strand Spaces. June 2011.
Scott Robertson. Trusted Mobile Overlays. April 2011.
Trevor Florence. KiwiVault: Encryption Software for Portable Storage Devices. December 2009.
Ryan Segeberg. EASEmail: Easy Accessible Secure Email. August 2009.
Reed Abbott. CPG: Closed Pseudonymous Groups. March 2008.
Andrew Harding. Wireless Authentication using Remote Passwords (WARP). January 2008.
Phillip Hellewell Extensible Pre-Authentication in Kerberos (EPAK). August 2007.
Dan Walker Or Best Offer: Privacy Policy Negotiation Protocol. June 2007.
Nathan Seeley. Digital Receipts. November 2006.
Paul Porter. Trust Negotiation for Open Database Access Control. May 2006.
Cameron Morris. Browser Based Trust Negotiation. March 2006.
Michael Edvalson. TrustBroker: A Defense Against identify Theft From Online Transactions. December 2005.
Travis Leithead. Challenging Policies That Do Not Play Fair: A Credential Relevancy Framework Using Trust Negotiation Ontologies. August 2005.
Jim Henshaw. Phishing Warden: Enhancing Content-Triggered Trust Negotiation to Prevent Phishing Attacks. May 2005.
Tim van der Horst. Thor: The Hybrid Online Repository. February 2005.
Jason Holt. Logcrypt: Forward Security and Public Verification for Secure Audit Logs. February 2005.
Evan Child. Trust Negotiation Using Hidden Credentials. July 2004.
Robert Bradshaw. Concealing Complex Policies with Hidden Credentials. June 2004.
Thomas Chan. Preserving Trust Across Multiple Sessions in Open Systems. June 2004.
Bryan Smith. Responding to Policies at Runtime in TrustBuilder. March 2004.
Tore Sundelin. Surrogate Trust Negotiation. July 2003.
Jared Jacobson. Trust Negotiation In Session Level Protocols. July 2003.
Ryan Jarvis. Protecting Sensitive Credential Content During Trust Negotiation. April 2003.
Adam Hess. Content Triggered Trust Negotiation. February 2003.