Mashups have emerged as a Web 2.0 phenomenon, connecting disjoint applications together to provide unified services. However, scalable access control for mashups is difficult. T...
Ragib Hasan, Marianne Winslett, Richard M. Conlan,...
Mashups are new Web 2.0 applications that seamlessly combine contents from multiple heterogeneous data sources into one integrated browser environment. The hallmark of these appli...
Cross-site Scripting (XSS) has emerged to one of the most prevalent type of security vulnerabilities. While the reason for the vulnerability primarily lies on the serverside, the ...
A large number of papers have proposed cryptographic protocols for establishing secure group communication. These protocols allow group members to exchange or establish keys to en...
Ahren Studer, Christina Johns, Jaanus Kase, Kyle O...
We present and evaluate various methods for purely automated attacks against click-based graphical passwords. Our purely automated methods combine click-order heuristics with focu...
Amirali Salehi-Abari, Julie Thorpe, Paul C. van Oo...
In February 2002, more than 50 leaders in the information assurance field warned the President of the United States of a national strategic vulnerability in the country’s inform...
A new class of stealthy kernel-level malware, called transient kernel control flow attacks, uses dynamic soft timers to achieve significant work while avoiding any persistent ch...
Jinpeng Wei, Bryan D. Payne, Jonathon Giffin, Calt...
Most intrusion detection systems apply the misuse detection approach. Misuse detection compares recorded audit data with predefined patterns denoted as signatures. A signature is ...