Analyzing websites for user-visible security design flaws

SOUPS 2008 - Proceedings of the 4th Symposium on Usable Privacy and Security

Volumn , Issue , 2008, Pages 117-126

  Falk, Laura ^a   Prakash, Atul ^a   Borders, Kevin ^a  

^a UNIVERSITY OF MICHIGAN   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

DESIGN FLAWS; FINANCIAL INSTITUTIONS; INTERNET USERS; LEAD USERS; SECURE TRANSACTIONS; SECURITY DESIGNS; SECURITY FLAWS; SECURITY POLICIES; SECURITY REQUIREMENTS; WEB SECURITIES;

INTERNET; SURVEYS; WORLD WIDE WEB;

DESIGN;

EID: 65449175738     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1408664.1408680     Document Type: Conference Paper

References (20)

1. Banking study: list of financial institutions. http://www.eecs.umich.edu/ ̃laura/webusability/websites.html.
2. L. Cranor, P. Guduru, and M. Arjula. User interfaces for privacy agents. ACM Transactions on Computer Human Interaction, 12(2):135-178, 2006.
3. R. de Paula and et. al. Two experiences designing for effective security. In SOUPS '05: Proceedings of the second symposium on Usable privacy and security, New York, NY, USA, 2005. ACM.
4. R. Dhamija, J. Tygar, and M. Hearst. Why phishing works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 2006.
5. J. S. Downs, M. B. Holbrook, and L. F. Cranor. Decision strategies and susceptibility to phishing. In SOUPS '06: Proceedings of the second symposium on Usable privacy and security, New York, NY, USA, 2006. ACM.
6. D. Florencio and B. C. Cormac Herley. Do strong web passwords accomplish anything? In Proceedings of the USENIX Workshop on Hot Topics in Security (HotSec), 2007.
7. L. Freed. State of customer satisfaction with online banking, forsee results/forbes.com, April 2007.
8. K. Fu, E. Sit, K. Smith, and N. Feamster. Dos and don'ts of client authentication on the web. In Proceedings of the 10th USENIX Security Symposium, Washington, D.C., August 2001. An extended version is available as MIT-LCS-TR-818 (Best Student Paper Award).
9. Banking on the www - banks of the usa. http://www.quazell.eom/bank/bank- usa.html.
10. P. McDaniel. On context in authorization policy. In Proc. of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT), pages 80-89, June 2003.
11. Nessus Vulnerability Scanner. http://www.nessus.org.
12. B. Pinkas and T. Sanders. Securing passwords against dictionary attacks. In ACM CCS, 2002.
13. N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu. The ghost in the browser analysis of web-based malware. In Proceedings of the USENIX Workshop on Hot topics in Understand Botnets (HotBots), 2007.
14. S. Schechter, R. Dhamija, A. Ozment, and I. Fischer. The emperor's new security indicators: An evaluation of website authentication and the effect of role playing on usability studies. In IEEE Symposium on Security and Privacy, 2007.
15. S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer. The emperor's new security indicators. In SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pages 51-65, Washington, DC, USA, 2007. IEEE Computer Society.
16. D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proc. of The 2nd Usenix Workshop on Electronic Commerce, Nov. 1996. Revised April, 2007.
17. WatchFire's AppScan Product.
18. A. Whitten and J. D. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In 8th USENIX Security Symposium, 1999.
19. M. Wu, R. C. Miller, and S. L. Garfinkel. Do security toolbars actually prevent phishing attacks? In CHI '06: Proceedings of the SIGCHI conference on Human Factors in computing systems, pages 601-610, New York, NY, USA, 2006. ACM.
20. Why Use YURLs?, 2003. http://www.waterken.com/dev/YURL/Why/.