Selected Papers By Topic

Systems Security

S. Ruoti, K. Seamons, D. Zappala. Layering Security at Global Control Points to Secure Unmodified Software, IEEE Secure Development Conference (IEEE SecDev 2017), Boston, Massachusetts, September 2017. Best Paper Award.

M. O’Neill, S. Heidbrink, S. Ruoti, J. Whitehead, D. Bunker, L. Dickinson, T. Hendershot, J. Reynolds, K. Seamons, D. Zappala. TrustBase: An Architecture to Repair and Strengthen Certificate-Based Authentication, 27th USENIX Security Symposium, August 2017.

TLS Security

M. O’Neill, S. Heidbrink, S. Ruoti, J. Whitehead, D. Bunker, L. Dickinson, T. Hendershot, J. Reynolds, K. Seamons, D. Zappala. TrustBase: An Architecture to Repair and Strengthen Certificate-Based Authentication, 27th USENIX Security Symposium, August 2017.

M. O’Neill, S. Ruoti, K. Seamons, D. Zappala. TLS Inspection: How Often and Who Cares? IEEE Internet Computing, May/June 2017.

M. O’Neill, S. Ruoti, K. Seamons, D. Zappala. TLS Proxies: Friend or Foe?, ACM Internet Measurement Conference (IMC 2016). ACM, 2016.

S. Ruoti, M. O’Neill, D. Zappala, K. Seamons. User Attitudes Toward the Inspection of Encrypted Traffic, 12th Annual Symposium on Usable Privacy and Security (SOUPS 2016). USENIX, 2016. [Presentation]

A. Hess, J. Jacobson, H. Mills, R. Wamsley, K. E. Seamons, and B. Smith. Advanced Client/Server Authentication in TLS. Network and Distributed System Security Symposium, San Diego, CA, February 2002. Slides

Usable Security

J. Reynolds, T. Smith, K. Reese, L. Dickinson, S. Ruoti, and K. Seamons. A Tale of Two Studies: The Best and Worst of YubiKey Usability, 39th IEEE Symposium on Security and Privacy (S&P 2018), May 2018.

T. Monson, J. Reynolds, T. Smith, S. Ruoti, D. Zappala, and K. Seamons. A Usability Study of Secure Email Deletion, European Workshop on Usable Security (EuroUSEC), April 2018.

S. Ruoti, T. Monson, J. Wu, D. Zappala, K. Seamons. Weighing Context and Trade-offs: How Suburban Adults Selected Their Online Security Posture, 13th Annual Symposium on Usable Privacy and Security (SOUPS 2017), Santa Clara, California, July 2017. [Presentation]

E. Vaziripour, R. Clinton, J. Wu, M. O’Neill, J. Whitehead, S. Heidbrink, K. Seamons, and D. Zappala. Is that you, Alice? A Usability Study of the Authentication Ceremony of Secure Messaging Applications, 13th Annual Symposium on Usable Privacy and Security (SOUPS 2017), Santa Clara, California, July 2017.

S. Ruoti, J. Andersen, T. Hendershot, D. Zappala, K. Seamons. Private Webmail 2.0: Simple and Easy-to-Use Secure Email, 29th ACM Symposium on User Interface Software and Technology (UIST 2016). ACM, 2016.

S. Ruoti, M. O’Neill, D. Zappala, K. Seamons. User Attitudes Toward the Inspection of Encrypted Traffic, 12th Annual Symposium on Usable Privacy and Security (SOUPS 2016). USENIX, 2016. [Presentation]

S. Ruoti, J. Andersen, S. Heidbrink, M. O’Neill, E. Vaziripour, J. Wu, D. Zappala, K. Seamons. “We’re on the Same Page”: A Usability Study of Secure Email Using Pairs of Novice Users, Proceedings of the 34th Annual ACM Conference on Human Factors in Computing Systems (CHI 2016). ACM, 2016. Honorable Mention Award. [Presentation]

S. Ruoti, N. Kim, B. Burgon, T.W. van der Horst, and K. Seamons. Confused Johnny: When Automatic Encryption Leads to Confusion and Mistakes 9th Annual Symposium on Usable Privacy and Security (SOUPS 2013). ACM, 2013. [Presentation]

C. Robison, S. Ruoti, T. W. van der Horst, and K. E. Seamons. Private Facebook Chat 2012 International Conference on Privacy, Security, Risk, and Trust (PASSAT 2012) and 2012 International Conference on Social Computing (SocialCom 2012). IEEE, 2013. [Presentation]

End-to-End Encryption

A. Afanasyev, J. Halderman, S. Ruoti, K. Seamons, Y. Yu, D. Zappala, L. Zhang. Content-based Security for the Web, New Security Paradigms Workshop (NSPW 2016). ACM, 2016.

S. Ruoti, T. Monson, J. Wu, D. Zappala, K. Seamons. Weighing Context and Trade-offs: How Suburban Adults Selected Their Online Security Posture, 13th Annual Symposium on Usable Privacy and Security (SOUPS 2017), Santa Clara, California, July 2017. [Presentation]

R. C. Jammalamadaka, R. Gamboni, S. Mehrotra, K. Seamons, N. Venkatasubramanian. gVault: A Gmail Based Cryptographic Network File System. 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Redondo Beach, CA, July 2007.

R. C. Jammalamadaka, T. W. van der Horst, S. Mehrotra, K. E. Seamons, and N. Venkasubramanian. Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine. 22nd Annual Computer Security Applications Conference (ACSAC), Miami, FL, December 2006.

Authentication

S. Ruoti, K. Seamons. End-to-End Passwords, New Security Paradigms Workshop (NSPW 2017), Islamorada, Florida, October 2017.

S. Ruoti, J. Andersen, K. Seamons. Strengthening Passwords-based Authentication, 2nd Workshop on “Who Are You?! Adventures in Authentication” at the Symposium on Usable Privacy and Security (WAY 2016). USENIX, 2016. [Presentation]

E. Vaziripour, M. O’Neill, J. Wu, S. Heidbrink, K. Seamons, and D. Zappala. Social Authentication for End-to-End Encryption, 2nd Workshop on “Who Are You?! Adventures in Authentication” at the Symposium on Usable Privacy and Security (WAY 2016). USENIX, 2016. [Presentation]

S. Ruoti, K. Seamons. Standard Metrics and Scenarios for Usable Authentication, 2nd Workshop on “Who Are You?! Adventures in Authentication” at the Symposium on Usable Privacy and Security (WAY 2016). USENIX, 2016. [Presentation]

S. Ruoti, B. Roberts, K. Seamons. Authentication Melee: A Usability Analysis of Seven Web Authentication Systems, 24th Annual International Conference on World Wide Web (WWW 2015). ACM, 2015. [Presentation]

T. W. van der Horst and K. E. Seamons. pwdArmor: Protecting Conventional Password-based Authentications. 24th Annual Computer Security Applications Conference (ACSAC 2008). ACM, 2008. [Presentation]

A. Harding, T. W. van der Horst, and K. E. Seamons. Wireless Authentication using Remote Passwords. 1st ACM Conference on Wireless Network Security (WiSec), Alexandria, VA, March 2008.

P. L. Hellewell, T. W. van der Horst, and K. E. Seamons. Extensible Pre-Authentication in Kerberos. 23rd Annual Computer Security Applications Conference (ACSAC), Miami, FL, December 2007.

T. W. van der Horst, and K. E. Seamons. Simple Authentication for the Web. 3rd International Conference on Security and Privacy in Communication Networks, Nice, France, September, 2007. [Presentation]

T. W. van der Horst and K. E. Seamons. Short Paper: Thor — The Hybrid Online Repository. First IEEE International Conference on Security and Privacy for Emerging Areas in Communications Networks, Athens, Greece, September 2005. slides

Privacy

R. S. Abbott, T. W. van der Horst, and K. E. Seamons. CPG: Closed Pseudonymous Groups. Workshop on Privacy in the Electronic Society (WPES 2008), Alexandria, VA, October 2008.

D. D. Walker, E. G. Mercer, and K. E. Seamons. Or Best Offer: A Privacy Policy Negotiation Protocol. IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2008), Palisades, NY, June 2008.

R. Bradshaw, J. Holt, and K. E. Seamons. Concealing Complex Policies with Hidden Credentials. Eleventh ACM Conference on Computer and Communications Security, Washington, DC, October 2004.

J. Holt, R. Bradshaw, K. E. Seamons, and H. Orman. Hidden Credentials. 2nd ACM Workshop on Privacy in the Electronic Society, Washington, DC, October 2003. Slides

K. E. Seamons, M. Winslett, T. Yu, L. Yu, and R. Jarvis. Protecting Privacy during On-line Trust Negotiation. 2nd Workshop on Privacy Enhancing Technologies, San Francisco, CA, April 2002. Slides

J. Holt and K. E. Seamons. Selective Disclosure Credential Sets. Cryptology ePrint Archive, Report 2002/151

K. E. Seamons, M. Winslett, and T. Yu. Limiting the Disclosure of Access Control Policies During Automated Trust Negotiation. Network and Distributed System Security Symposium, San Diego, CA, February 2001. Slides

Trust Negotiation

A. J. Lee, K. E. Seamons, M. Winslett and T. Yu. Automated Trust Negotiation in Open Systems. In Secure Data Management in Decentralized Systems, edited by Ting Yu and Sushil Jajodia, Springer, December 2006.

T. Ryutov, L. Zhou, C. Neuman, N. Foukia, T. Leithead, and K. E. Seamons. Adaptive Trust Negotiation and Access Control for Grids. 6th IEEE/ACM International Workshop on Grid Computing, Seattle, WA, November 2005.

T. Ryutov, L. Zhou, C. Neuman, T. Leithead, and K. E. Seamons. Adaptive Trust Negotiation and Access Control. 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, June 2005.

T. Leithead, W. Nejdl, D. Olmedilla, K. Seamons, M. Winslett, T. Yu, and C. Zhang. How to Exploit Ontologies in Trust Negotiation. Workshop on Trust, Security, and Reputation on the Semantic Web, part of the Third International Semantic Web Conference, Hiroshima, Japan, November 2004.

T. W. van der Horst, T. Sundelin, K. E. Seamons, and C. D. Knutson. Mobile Trust Negotiation: Authentication and Authorization in Dynamic Mobile Networks. Eighth IFIP Conference on Communications and Multimedia Security, Lake Windermere, England, September 2004. Slides

A. Hess, J. Holt, J. Jacobson, and K. E. Seamons. Content-Triggered Trust Negotiation. ACM Transaction on Information System Security, Vol. 7, No. 3, August 2004.

B. Smith, K. E. Seamons, and M. D. Jones. Responding to Policies at Runtime in TrustBuilder 5th International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), Yorktown Heights, New York, June 2004.

T. Yu, M. Winslett, and K. E. Seamons. Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation. ACM Transactions on Information and System Security,vol. 6, no. 1, February 2003.

M. Winslett. An Introduction to Automated Trust Establishment. 1st International Conference on Trust Management, Crete, Greece, May 2003.

M. Winslett, T. Yu, K. E. Seamons, A. Hess, J. Jacobson, R. Jarvis, B. Smith, and L. Yu. Negotiating Trust on the Web. IEEE Internet Computing, vol. 6, no. 6, November/December 2002.

T. Yu, M.Winslett, and K.E. Seamons. Automated Trust Negotiation over the Internet. 6th World Multiconference on Systemics, Cybernetics and Informatics, Orlando, FL, July 14-18, 2002.

K. E. Seamons, M. Winslett, T. Yu, B. Smith, E. Child, J. Jacobson, H. Mills, and L. Yu. Requirements for Policy Languages for Trust Negotiation. 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Monterey, CA, June 2002. Slides

T. Yu, M. Winslett, and K. E. Seamons. Interoperable Strategies in Automated Trust Negotiation. 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, November 2001.

T. Barlow, A. Hess, and K. E. Seamons. Trust Negotiation in Electronic Markets. Eighth Research Symposium in Emerging Electronic Markets, Maastricht, Netherlands, September 2001.

T. Yu, X. Ma, and M. Winslett. PRUNES: An Efficient and Complete Strategy for Trust Negotiation over the Internet. ACM Conference on Computer and Communications Security, Athens, November 2000.

W. H. Winsborough, K. E. Seamons, and V. E. Jones. Automated Trust Negotiation. DARPA Information Survivability Conference and Exposition, Hilton Head, SC, January 2000.

W. H. Winsborough, K. E. Seamons, and V. E. Jones. Negotiating Disclosure of Sensitive Credentials. Second Conference on Security in Communication Networks, Amalfi, Italy, September 1999.

K. E. Seamons, W. Winsborough, and M. Winslett. Internet Credential Acceptance Policies. Proceedings of the Workshop on Logic Programming for Internet Applications, Leuven, Belgium, July 1997.

Access Control

L. Olson, M. Winslett, G. Tonti, N. Seeley, A. Uszok, and J. Bradshaw. TrustBuilder as an Authorization Service for Web Services. International Workshop on Security and Trust in Decentralized/Distributed Data Structures (STD3S) in conjunction with the 22nd International Conference on Data Engineering (ICDE’06), Atlanta, Georgia, April 2006.

R. Gavriloaie, W. Nejdl, D. Olmedilla, K. E. Seamons, and M. Winslett. No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web. 1st European Semantic Web Symposium, Heraklion, Greece, May 2004.

D. Vawdrey, T. Sundelin, K. E. Seamons, and C. Knutson. Trust Negotiation for Authentication and Authorization in Healthcare Information Systems. 25th Annual International Conference of the IEEE Engineering In Medicine And Biology Society, Cancun, Mexico, September 2003.

A. Hess and K. E. Seamons. An Access Control Model for Dynamic Client Content. 8th ACM Symposium on Access Control Models and Technologies, Como, Italy, June 2003. Slides