Published Research

Browse the Database

To browse our database, click below to expand the theme you are interested in or toggle all themes .

Theme 1: Network-Oriented Security

Project 1.1 Network Traffic Classification and Analysis

Conference, Symposium or Workshop

•	P. Burrows LaRoche, Nur Zincir-Heywood. How far an Evolutionary Approach can go for Protocol State Analysis and Discovery , In IEEE Conference on Evolutionary Computing , 2013.
•	Riyad Alshammari, Nur Zincir-Heywood. The Impact of Evasion on the Generalization of Machine Learning Algorithms to Classify VoIP Traffic , In IEEE Conference on Computer Communications and Networks , 2012.
•	Stephen E. McLaughlin, Patrick McDaniel, William Aiello. Protecting consumer privacy from electric load monitoring , In ACM Conference on Computer and Communications Security , 2011.
•	Carlos Bacquet, Nur Zincir-Heywood. Genetic Optimization and Hierarchical Clustering applied to Encrypted Traffic Identification , In IEEE Symposium on Computational Intelligence on Cyber Security , 2011.
•	Riyad Alshammari, Nur Zincir-Heywood. Is Machine Learning losing the battle to produce transportable signatures against VoIP traffic? , In IEEE Congress on Evolutionary Computation , 2011.
•	Tuan Manh Vu, R. Safavi-Naini, Carey Williamson. On Applicability of Random Graphs for Modeling Random Key Predistribution for Wireless Sensor Networks , In Symposium on Stabilization, Safety and Security of Distributed Systems (SSS) , 2010.
•	Tuan Manh Vu, R. Safavi-Naini, Carey Williamson. Securing Wireless Sensor Networks Against Large-scale Node Capture Attacks , In ACM Symposium on Information and Computer Communication Security (ASIACCS) , 2010.
•	Islam Hegazy, R. Safavi-Naini, Carey Williamson. Towards Securing MintRoute in Wireless Sensor Networks , In Data Security and Privacy in Wireless Networks (D-SPAN) Workshop , 2010.
•	Alexander Cowperthwaite, Anil Somayaji. The Futility of DNSSec , In 5th Annual Symposium on Information Assurance (ASIA) , 2010.
•	Carlos Bacquet, Nur Zincir-Heywood, M.I. Heywood. An Analysis of Clustering Objectives for Feature Selection Applied to Encrypted Traffic Identification , In IEEE World Congress on Computational Intelligence , 2010.
•	Riyad Alshammari, Nur Zincir-Heywood. Unveiling Skype Encrypted Tunnels using GP , In IEEE World Congress on Computational Intelligence , 2010.
•	Tuan Manh Vu, Carey Williamson, R. Safavi-Naini. Simulation Modeling of Secure Wireless Sensor Networks , In International Conference on Performance Evaluation Methodologies and Tools (Value Tools) , 2009.
•	R. DeGraaf, Islam Hegazy, J. Horton, R. Safavi-Naini. Distributed Detection of Wormhole Attacks in Wireless Sensor Networks , In 1st International Conference on Ad Hoc Networks , 2009.
•	Carson Brown, Alexander Cowperthwaite, A. Hijazi, Anil Somayaji. Analysis of the 1999 DARPA/Lincoln Laboratory IDS Evaluation Data with NetADHICT , In IEEE Symposium: Computational Intelligence for Security and Defence Applications (CISDA) , 2009.
•	Carlos Bacquet, Nur Zincir-Heywood, M.I. Heywood. An Investigation of Multi-Objective Genetic Algorithms for Encrypted Traffic Identification , In 2nd International Workshop on Computational Intelligence in Security for Information Systems , 2009.
•	Riyad Alshammari, Nur Zincir-Heywood. Machine Learning Based Encrypted Traffic Classification: Identifying SSH and Skype , In IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA) , 2009.
•	Riyad Alshammari, Nur Zincir-Heywood. Generalization of Signatures for SSH Encrypted Traffic Identification , In IEEE Symposium on Computational Intelligence on Cyber Security , 2009.
•	A. Hijazi, H. Inoue, Ashraf Matrawy, Paul C. van Oorschot, Anil Somayaji. Discovering Packet Structure through Lightweight Hierarchical Clustering , In International Conference on Communications (ICC) , 2008.

Journal or Periodical

•	Riyad Alshammari, Nur Zincir-Heywood. Can Encrypted Traffic be Identified without Port Numbers, IP Addresses and Payload Inspection , In Computer Networks , 2011.
•	Carlos Bacquet, K. Gumus, D. Tizer, Nur Zincir-Heywood, M.I. Heywood. A Comparison of Unsupervised Learning Techniques for Encrypted Traffic Identification , In Journal of Information Assurance and Security , volume 5(5), 2010.

Thesis

•	Aniket Mahanti. Measurement, Modeling and Analysis of the File Hosting Ecosystem , PhD thesis, University of Calgary , 2012.
•	Riyad Alshammari. Automatically Generating Robust Signatures Using a Machine Learning Approach to Unveil Encrypted VOIP Traffic Without Using Port Numbers, IP Addresses and Payload Inspection , PhD thesis, Dalhousie University , 2012.
•	Islam Hegazy. Defending against Link Quality Routing Attacks in Wireless Sensor Networks , PhD thesis, University of Calgary , 2011.

•	Trevor Semeniuk. A Systematic Approach to Feature Selection for Encrypted Network Traffic Classification , Master's thesis, Royal Military College of Canada , 2013.
•	Long Zhang. Attribute Based Encryption Made Practical , Master's thesis, University of British Columbia , 2012.
•	Faisal Iqbal. Anomaly Detection in Edge Networks , Master's thesis, Calgary , 2012.
•	Daniel Arndt. An Investigation of Using Machine Learning with Distribution Based Flow Features for Classifying SSL Encrypted Network Traffic , Master's thesis, Dalhousie University , 2012.
•	Ibrahim Ismail. Analysis and Evaluation of Anonymity Protocols , Master's thesis, University of Calgary , 2011.
•	Alexander Cowperthwaite. Trust Models for Remote Hosts , Master's thesis, Carleton University , 2011.
•	Curtis S. McCarthy. An Investigaton on Detecting Applications Hidden in SSL Streams Using Machine Learning Techniques , Master's thesis, Dalhousie University , 2010.
•	Carlos Bacquet. An Investigation of a Multi-Objective Genetic Algorithm Applied to Encrypted Traffic Identification , Master's thesis, Dalhousie University , 2010.
•	Tuan Manh Vu. Modeling, Analysis, and Simulation of Secure Connectivity in Wireless Sensor Networks , Master's thesis, University of Calgary , 2009.

Project 1.2 Enterprise Defences and Network Hardening

Conference, Symposium or Workshop

•	Alireza Sadighian, Saman T. Zargar, Jose M. Fernandez, Antoine Lemay, J. Joshi. Semantic-based Context-aware Alert Fusion for Distributed Intrusion Detection Systems , In International Conference on Risks and Security of Internet and Systems (CRISIS) , 2013.
•	Antoine Lemay, Jose M. Fernandez, Scott Knight. An isolated virtual cluster for SCADA network security research , In 1st International Symposium for ICS & SCADA Cyber Security Research , 2013.
•	Gabriel Cartier, Jean-Francois Cartier, Jose M. Fernandez. Next-generation DoS at the higher layers: A Study of SMTP Flooding , In Network and System Security Conference (NSS) , 2013.
•	D. Arora, Teghan Godkin, A Verigin, Stephen W. Neville. Empirical Evidence for Non-equilibrium Behaviors within Peer-to-Peer Structured Botnets , In 8th International Conference on Broadband and Wireless Computing, Communications, and Applications (BWCCA 2013) , 2013.
•	San-Tsai Sun, Konstantin Beznosov. The devil is in the (implementation) details: An empirical security analysis of OAuth SSO systems , In 19th ACM Conference on Computer and Communications Security (CCS) , 2012. [doi]
•	Saran Neti, Anil Somayaji, M. E. Locasto. Software diversity: Security, Entropy and Game Theory , In 7th USENIX Workshop on Hot Topics in Security, HotSec '12 , 2012.
•	Masoud Ghoreishi Madiseh, M. L. McGuire, Stephen W. Neville. Secret Key Generation within Peer-to-Peer Network Overlay , In 7th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC-2012) , 2012.
•	D. Arora, Teghan Godkin, A Verigin, Stephen W. Neville. Assessing Trade-offs between Stealthiness and Node Recruitment Rates in Peer-to-Peer Botnets , In 7th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC-2012) , 2012.
•	D. Arora, Eamon Millman, Stephen W. Neville. On Assessing the Impact of Jamming Strategies on the Behavior of DYMO-based MANets , In 7th International Conference on Broadband and Wireless Computing, Communications and Applications (BWCCA) , 2012.
•	Preeti Raman, H.G. Kayacik, Anil Somayaji. Understanding Data Leak Prevention , In 6th Annual Symposium on Information Assurance (ASIA '11) , 2011.
•	Stephen W. Neville, M. Horie. Enforcing Spam Constraints by Combining Peered QoS Agreements with a Novel Non-repudiation Protocol , In IEEE eCrime Researchers Summit , 2011.
•	Stephen W. Neville, M. Horie. A Novel Protocol for Consumer-level Financial Transactions with Full Non-repudiation Support , In 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-11) , 2011.
•	Mihir Nanavati, Nathan Taylor, William Aiello, Andrew Warfield. Herbert West -- Deanonymizer , In 6th USENIX Workshop on Hot Topics in Security (HotSec '11) , 2011.
•	Eamon Millman, D. Arora, Stephen W. Neville. Quantifying the Impact of Simple Jamming Strategies on the Statistical Behaviors of DYMO Routing Protocol-based MANETs , In Conference on Broadband and Wireless Computing, Communication and Applications , 2011.
•	J. Clark, S. Leblanc, Scott Knight. Risks Associated with USB Hardware Trojan Devices Used by Insiders , In SysCon 2011: IEEE International Systems Conference , 2011.
•	Mansour Alsaleh, Paul C. van Oorschot. Network Scan Detection with LQS: A Lightweight, Quick and Stateful Algorithm , In ACM Symposium on Information, Computer and Communications Security (ASIACCS) , 2011.
•	Antoine Lemay, Jose M. Fernandez, Scott Knight. Pinprick Attacks, a Lesser Included Case , In Conference on Cyber Conflict , CCD COE Publications , 2010.
•	Phillipa Gill, Afshar Ganjali, B. Wong, David Lie. Dude, Where's That IP? Circumventing Measurement-based IP Geolocation , In USENIX Security Symposium , 2010.
•	K. Forest, Scott Knight. Permutation-based Steganographic Channels , In International Conference on Risks and Security of Internet and Systems (CRISIS) , 2009.
•	J. Clark, S. Leblanc, Scott Knight. Hardware Trojan Horse Device based on Unintended USB Channels , In Proceedings of the 3rd International Conference on Network & System Security (NSS) , 2009.
•	Masoud Ghoreishi Madiseh, M. L. McGuire, Stephen W. Neville, A.A. Beheshti. Secret Key Extraction in Ultra Wideband Channels for Unsynchronized Radios , In Sixth Annual Conference on Communication Networks and Services Research , 2008.
•	Mansour Alsaleh, David Barrera, Paul C. van Oorschot. Improving Security Visualization with Exposure Map Filtering , In Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC) , 2008.

Journal or Periodical

•	Daniel Boteanu, Jose M. Fernandez. A Comprehensive Study of Queue Management as a DoS Counter-Measure , In International Journal of Information Security , 2013.
•	San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov. Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures , In Computers & Security , volume 31(4), 2012. [doi]
•	Masoud Ghoreishi Madiseh, Stephen W. Neville, M. L. McGuire. Applying Beamforming to Address Temporal Correlation in Wireless Channel Characterization-based Secret Key Generation , In IEEE Transactions on Information Forensics and Security (TIFS) , 2012.
•	Mansour Alsaleh, Paul C. van Oorschot. Revisiting Network Scanning Detection Using Sequential Hypothesis Testing , In Security and Communication Networks , volume 5(12), 2012. [doi]
•	Mansour Alsaleh, Paul C. van Oorschot. Evaluation in the Absence of Absolute Ground Truth: Towards Reliable Evaluation Methodology for Scan Detectors (in press) , In International Journal of Information Security , 2012. [doi]
•	Ron Smith, Scott Knight. Predictable 3-Parameter Design of Network Covert Communication Systems , In IEEE Transactions on Information Forensics and Security (TIFS) , volume 6(1), 2011.
•	J. Clark, S. Leblanc, Scott Knight. Compromise through USB-based Hardware Trojan Horse device , In Future Generation Computer Systems , 2010. [doi]

Thesis

•	Antoine Lemay. Defending the SCADA Network Controlling the Electrical Grid from Advanced Persistent Threats , PhD thesis, École Polytechnique de Montréal , 2013.
•	Phillipa Gill. Improving Dependability for Internet-scale Services , PhD thesis, University of Toronto , 2012.
•	Masoud Ghoreishi Madiseh. Wireless Secret Key Generation Versus Capable Adversaries , PhD thesis, University of Victoria , 2011.
•	Mansour Alsaleh. Defenses Against Network Scanning and Other Malicious Remote Host Activity: Empirical Studies, Analysis, and New Approaches , PhD thesis, Carleton University , 2011.
•	David Whyte. Network Scanning Detection Strategies for Enterprise Networks , PhD thesis, School of Computer Science, Carleton University , 2008.

•	Fanny Lalonde-Levesque. Évaluation dèun produit de sécurité par essai clinique , Master's thesis, École Polytechnique de Montréal , 2013.
•	Teghan Godkin. Statistical Assessment of Peer-to-Peer Botnet Features , Master's thesis, University of Victoria , 2013.
•	Chris Chapman. Towards an Intrusion Surveillance Toolset , Master's thesis, Royal Military College of Canada , 2013.
•	Adam Zarek. OpenFlow Timeouts Demystified , Master's thesis, Univerisity of Toronto , 2012.
•	Niko Rebenich. Fast Low Memory T-Transform: string complexity in linear time and space with applications to Android app store security , Master's thesis, University of Victoria , 2012.
•	Saran Neti. Towards a Theory of Software Diversity for Security , Master's thesis, , 2012.
•	Sunjeet Singh. Towards Improved functionality and performance of Intrusion Detection Systems , Master's thesis, University of British Columbia , 2011.
•	Eamon Millman. Analysing MANET Jamming Strategies , Master's thesis, University of Victoria , 2011.
•	Harley Bruce Heywood. An Intrusion Surveillance Toolset Based on Virtual Machine Introspection , Master's thesis, Royal Military College of Canada , 2011.
•	P. Kini. Towards Improving the Performance of Enterprise Authorization Systems using Speculative Authorization , Master's thesis, University of British Columbia , 2010.
•	K. Forest. Identification of and Automated Support for an Efficient Covert Channel Analysis Process , Master's thesis, Royal Military College of Canada , 2009.
•	J. Clark. On Unintended USB Communication Channels , Master's thesis, Royal Military College of Canada , 2009.
•	Preeti Raman. JaSPIn: JavaScript based Anomaly Detection of Cross-site scripting attacks , Master's thesis, Carleton University , 2008.

Project 1.3 Botnet Analysis and Supporting Infrastructure

Conference, Symposium or Workshop

•	Alireza Sadighian, Jose M. Fernandez, Antoine Lemay, Saman T. Zargar. ONTIDS: A flexible context-aware and ontology-based alert correlation framework , In Foundations & Practice of Security (FPS 2013) , 2013.
•	Yazan Boshmaf, Konstantin Beznosov, Matei Ripeanu. Graph-based Sybil Detection in Social and Information Systems , In IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM) , 2013.
•	Fanny Lalonde-Levesque, C.R. Davis, Jose M. Fernandez, Sonia Chiasson, Anil Somayaji. Methodology for a Field Study of Anti-Malware Software , In Financial Cryptography and Data Security - Usability of Security Workshop , 2012.
•	Fanny Lalonde-Levesque, C.R. Davis, Jose M. Fernandez, Anil Somayaji. Evaluating Antivirus Products with Field Studies , In Virus Bulletin Conference , 2012.
•	Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. Key Challenges in Defending Against Malicious Socialbots , In 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) , 2012.
•	Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. The Socialbot Network: When Bots Socialize for Fame and Money , In 27th Annual Computer Security Applications Conference (ACSAC) , 2011.
•	D. Arora, Eamon Millman, Stephen W. Neville. A Framework for Statistically Rigourous MANET Testing , In IEEE International Conference on Advanced Information Networking and Applications (AINA 2011) Workshop on Quantitative Evaluation of large-scale Systems and Technologies (QuEST11) , 2011.
•	D. Williams-King, John Aycock, D. M. N. de Castro. Enbug: When Debuggers Go Bad , In ACM Innovation and Technology in Computer Science Education (ITiCSE) , 2010.
•	M. Horie, Stephen W. Neville. A Framework for Performing Statistical Testing of Distributed Systems , In IEEE International Conference on Advanced Information Networking and Applications (AINA 2010) Workshop on Quantitative Evaluation of large-scale Systems and Technologies (QuEST10) , 2010.
•	Joan Calvet, C.R. Davis, Jose M. Fernandez, W. Guizani, M. Kaczmarek, J.-Y. Marion, P.-L. St-Onge. Isolated virtualised clusters: testbeds for high-risk security experimentation and training , In USENIX Workshop on Cyber Security Experimentation and Testing (CSET) , 2010.
•	Joan Calvet, C.R. Davis, Jose M. Fernandez, J.-Y. Marion, P.-L. St-Onge, W. Guizani, P.-M. Bureau, Anil Somayaji. The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet , In Annual Computer Security Applications Conference (ACSAC) , 2010.
•	Joan Calvet, P.-M. Bureau, Jose M. Fernandez, J.-Y. Marion. Large-scale Malware Experiments: Why, How and So What? , In 20th Virus Bulletin International Conference (non-academic industry conference) , 2010.
•	He Shuai, X. Dong, Z. Tian, Ted C.-K. Liu, Masoud Ghoreishi Madiseh, M. L. McGuire, Stephen W. Neville, Noel Tin. On the Empirical Evaluation of Spatial and Temporal Characteristics of Ultra-wideband Communications , In IEEE 69th Vehicular Technology Conference; VTC 2009 - Spring , 2009.
•	C. Roehrig, Jose M. Fernandez. The supervision of research projects entailing computer risks within an academic context: the case of École Polytechnique de Montréal , In ICEE-ICEER International Conference on Engineering Education and Research , 2009.
•	M McDonald, J. Ong, John Aycock, H. Crawford, N. Friess. A Lightweight Drive-by Download Simulator , In 18th Annual EICAR Conference , 2009.
•	N. Friess, John Aycock. A Kosher Source of Ham , In MIT Spam Conference , 2009.
•	N. Friess, H. Crawford, John Aycock. A Multi-Agent Approach to Testing Anti-Spam Software , In 1st International Workshop on Defence against Spam in Electronic Communication , 2009.
•	C.R. Davis, Jose M. Fernandez, Stephen W. Neville. Optimising Sybil Attacks against P2P-based Botnets , In 4th International Conference on Malware and Unwanted Software with IEEE technical sponsorship (MALWARE) , 2009.
•	Joan Calvet, C.R. Davis, P.-M. Bureau. Malware Authors Don't Learn, and That's Good! , In 4th International Conference on Malicious and Unwanted Software (MALWARE) , 2009.
•	C.R. Davis, Stephen W. Neville, Jose M. Fernandez, J.-M. Robert, John McHugh. Structured Peer-to-Peer Overlay Networks Ideal Botnets Command and Control Infrastructures? , In European Symposium on Research in Computer Security (ESORICS) , 2008.
•	C.R. Davis, Jose M. Fernandez, Stephen W. Neville, John McHugh. Sybil Attacks as a Mitigation Strategy against the Storm Botnet , In 3rd International Conference on Malware and Unwanted Software with IEEE technical sponsorship (MALWARE) , 2008.

Journal or Periodical

•	Niko Rebenich, U. Speidel, Stephen W. Neville, T.A. Gulliver. FLOTT - A Fast, Low Memory T-transform Algorithm for Measuring String Complexity , In IEEE Transactions on Computers , 2013.
•	Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. Design and analysis of a social botnet , In Computer Networks (impact factor 1.2) , volume 57(2), 2013. [doi]
•	Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. Design and Analysis of a Social Botnet , In Elsevier Journal of Computer Network - Special Issue on Social Botnets , 2012.

Thesis

•	Christopher Matthews. Isolating Legacy Applicatons with Lind , PhD thesis, University of Victoria , 2013.
•	Joan Calvet. Analyse dynamique de logiciels malveillants , PhD thesis, École Polytechnique de Montréal , 2013.

•	Mahshid Yassaei. Security and privacy analysis of Radio Frequency Identification systems , Master's thesis, McGill University , 2012.
•	Arseniy Akuney. Information Flow Identification in Large EMail Datasets , Master's thesis, University of British Columbia , 2011.
•	Sudhir Agarwal. Performance Analysis of Peer-to-Peer Botnets using “The Storm Botnet” as an Exemplar , Master's thesis, University of Victoria , 2010.

Theme 2: Software Systems-Oriented Security

Project 2.1 Software System Hardening and Virtual Machine Monitor Technologies

Conference, Symposium or Workshop

•	Beom Heyn Kim, Wei Huang, David Lie. Unity: Secure and Durable Personal Cloud Storage , In ACM Cloud Computing Security Workshop, ACM CCS , 2012.
•	Afshar Ganjali, David Lie. Auditing Cloud Management Using Information Flow Control , In 7th ACM Workshop on Scalable Trusted Computing, ACM STC , 2012.
•	Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, David Lie. PScout: Analyzing the Android Permission Specification , In 19th ACM Conference on Computer and Communications Security (CCS 2012) , 2012.
•	Patrick Colp, Mihir Nanavati, Jun Zhu, William Aiello, George Coker, Tim Deegan, Peter Loscocco, Andrew Warfield. Breaking Up is Hard To Do: Security and Functionality in a Commodity Hypervisor , In 23rd ACM Symposium on Operating Systems Principles (SOSP) , 2011.
•	David Lie, Lionel Litty. Using Hypervisors to Secure Commodity Operating Systems (invited paper) , In 5th Annual Workshop on Scalable Trusted Computing , 2010.
•	F. Yan, P.W.L Fong. Efficient IRM Enforcement of History-Based Access Control Policies , In 4th AMC Symposium on Information, Computer and Communication Security (ASIACCS'09) , 2009.
•	Lionel Litty, H.A. Lagar-Cavilla, David Lie. Computer Meteorology: Monitoring Compute Clouds , In Workshop on Hot Topics in Operating Systems (HotOS) , 2009.
•	Lionel Litty, H.A. Lagar-Cavilla, David Lie. Hypervisor Support for Identifying Covertly Executing Binaries , In 17th USENIX Security Symposium , 2008.

Journal or Periodical

•	P.W.L Fong, S. Orr. Isolating Untrusted Software Extension by Custom Scoping Rules, Computer Languages, Systems and Structure , In Elsevier , 2010.

Thesis

•	Lionel Litty. Architectural Introspection and Applications , PhD thesis, University of Toronto , 2010.

•	Wei Huang. UnityFS: A File System for the Unity Block Store , Master's thesis, University of Toronto , 2013.
•	Mihir Nanavati. Breaking Up is Hard to Do: Security and Funtionality in a Commodity Hypervisor , Master's thesis, University of British Columbia , 2011.
•	Beom Heyn Kim. Automated Virtual Machine Replication and Transparent Machine Switch Support for An Individual Personal Computer User , Master's thesis, University of Toronto , 2010.

Project 2.2 Ensuring Software Integrity of Hosts

Conference, Symposium or Workshop

•	Jean-Sebastien Legare, Dutch Meyer, Mark Spear, Alex Totolici, Sara Bainbridge, Kalan MacRow, William Aiello, Andrew Warfield. Tolerating Business Failures in Hosted Applications , In ACM Symposium on Cloud Computing (to appear) , 2013.
•	Ann Fry, Sonia Chiasson, Anil Somayaji. Not Sealed But Delivered: The (Un)Usability of S/MIME Today , In 7th Annual Symposium on Information Assurance (ASIA '12) - Invited Publication , 2012.
•	David Barrera, Jeremy Clark, Daniel McCarney, Paul C. van Oorschot. Understanding and Improving App Installation Security Mechanisms through Empirical Analysis of Android , In 2nd ACM Computer and Communications Security (CCS) Workshop on Security and Privacy in Mobile Devices (SPSM) , 2012.
•	Glenn Wurster, Paul C. van Oorschot. A Control Point for Reducing Root Abuse of File-System Privileges , In ACM Computer and Communications Security (CCS) , 2010.
•	Paul C. Van Oorschot. System Security, Platform Security and Usability (extended abstract) , In 5th Annual ACM Workshop on Scalable Trusted Computing (ACM STC '10) , 2010.
•	Terri Oda, Anil Somayaji. Visual Security Policy for the Web , In USENIX HotSec'10 (5th Workshop on Hot Topics in Security) , 2010.
•	Terri Oda, Anil Somayaji. No Web Site Left Behind: Are We Making Web Security Only for the Elite? , In Web 2.0 Security and Privacy (W2SP) , 2010.
•	Glenn Wurster, Paul C. van Oorschot. System Configuration as a Privilege , In USENIX Workshop on Hot Topics in Security (HotSec '09) , 2009.
•	Glenn Wurster, Paul C. van Oorschot. The Developer is the Enemy , In New Security Paradigms Workshop (NSPW) , 2008.
•	Terri Oda, Glenn Wurster, Paul C. van Oorschot, Anil Somayaji. SOMA: Mutual Approval for Included Content in Web Pages , In ACM Computer and Communications (CCS) , 2008.

Journal or Periodical

•	Y. Li, Anil Somayaji, Carrie Gates. Fine-grained Access Control using Email Social Networks , In CA Technology Exchange (CATX) , 2013.
•	Paul C. van Oorschot, Glenn Wurster. Reducing Unauthorized Modification of Digital Objects , In IEEE Transactions on Software Engineering , volume 38(1), 2012.
•	T. Jaeger, Paul C. van Oorschot, Glenn Wurster. Countering Unauthorized Code Execution on Commodity Kernels: A Survey of Common Interfaces Allowing Kernel Code Modification , In Computers & Security , volume 30(8), 2011.
•	David Barrera, Paul C. van Oorschot. Secure Software Installation on Smartphones , In IEEE Security & Privacy , volume 9(3), 2011.
•	San-Tsai Sun, Konstantin Beznosov. Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks , In International Journal of Secure Software Engineering , volume 1(1), 2010.

Thesis

•	Terri Oda. Simple Security Policy for the Web , PhD thesis, Carleton University , 2011.
•	Glenn Wurster. Security Mechanisms and Policy for Mandatory Access Control in Computer Systems , PhD thesis, Carleton University , 2010.

•	Alex Totolici. CryptStor: A Platform for Secure Storage , Master's thesis, University of British Columbia , 2013.
•	Kathy Wain Yee Au. PScout: Analysing the Android Permission Specification , Master's thesis, University of Toronto , 2012.

Project 2.3 Host-based Detection of Malicious Activity

Conference, Symposium or Workshop

•	Gehana Booth, A. Soknacki, Anil Somayaji. Cloud Security: Attacks and Current Defenses , In 8th Annual Symposium on Information Assurance (ASIA '13) , 2013.
•	Seyed Hossein Ahmadinejad, P.W.L Fong. On the Feasibility of Infernce Attacks by Third-Party Extensions to Social Network Systems , In 8th ACM Symposium on Informaton, Computer and Communicatons Security (ASIACCS' 2013) , 2013.
•	Cheng Xu, P.W.L Fong. The Specification and Compilation of Obligation Policies for Program Monitoring , In 7th ACM Symposium on Information, Computer and Communicaitons Security (ASIACCS' 2012) , 2012.
•	Eric Lin, John Aycock, Mohammad Mannan. Lightweight Client-side Methods for Detecting Email Forgery , In 13th International Workshop on Information Security Applications , 2012.
•	Christopher Jarabek, David Barrera, John Aycock. ThinAV: Truly Lightweight Mobile Cloud-based Anti-malware , In 28th Annual Computer Security Applications Conference , 2012.
•	Joan Calvet, Jose M. Fernandez, Jean-Yves Marion. Aligot: cryptographic function identification in obfuscated binary programs , In ACM Conference on Computer and Communications Security (CCS) , 2012.
•	Christopher Benninger, Stephen W. Neville, Y.O. Yazir, Christopher Matthews, Y. Coady. Maitland: Lighter-Weight VM Introspection to Support Cyber-security in the Cloud , In IEEE 5th International Conference on Cloud computing (IEEE CLOUD) , 2012.
•	John Aycock, D. M. N. de Castro, M. E. Locasto, Christopher Jarabek. Babel: A Secure Computer is a Polyglot , In ACM Cloud Computing Security Workshop (CCSW) , 2012.
•	Jason Sean Alexander, Thomas R. Dean, Scott Knight. Spy vs. Spy: Counter-intelligence Methods for Backtracking Malicious Intrusions , In International Conference on Computer Science and Software Engineering (CASCON) , 2011.
•	Seyed Hossein Ahmadinejad, Mohd Anwar, P.W.L Fong. Inference Attacks by Third-Party Extensions to Social Network Systems , In 3rd IEEE International Workshop on Security and Social Networking (SESOC '11) - part of proceedings for 2011 IEEE International Conference on Pervasive Computing and Communications Workshop (PERCOM) , 2011.
•	Anil Somayaji, Y. Li, Hajime Inoue, Jose M. Fernandez, R. Ford. Evaluating security products with clinical trials , In USENIX Workshop on Cyber Security Experimentation and Test (CSET) , 2009.

Journal or Periodical

Thesis

•	Jayalakshmi Balasubramaniam. A Novel Approach to White-Box Policy Analysis , Master's thesis, University of Calgary , 2013.
•	Arif Khan. Satisfiability and Feasibility in a Relationship-based Workflow Authorizaton Model , Master's thesis, University of Calgary , 2012.
•	Christopher Jarabek. Towards cloud-based anti-malware protection for desktop and mobile platforms , Master's thesis, University of Calgary , 2012.
•	Christopher Benninger. Maitland: Analysis of Packed and Encrypted Malware via Paravirtualization Extensions , Master's thesis, University of Victoria , 2012.
•	Jason Sean Alexander. Ghost in the Shell: A Counter-intelligence Method for Spying while Hiding in (or from) the Kernel with APCs , Master's thesis, Queen's University , 2012.
•	Cheng Xu. The Specification and Compilation of Obligation Policies for Program Monitoring , Master's thesis, University of Calgary , 2011.
•	Eric Lin. Detecting email forgery , Master's thesis, University of Calgary , 2011.
•	D. M. N. de Castro. Towards automatic generation of AV emulators , Master's thesis, University of Calgary , 2010.
•	Stan Kvasov. DREM: Architectural Support for Deterministic Redundant Execution of Multithreaded Programs , Master's thesis, University of Toronto , 2009.
•	F. Yan. Efficient IRM Enforcement of History-Based Access Control Policies , Master's thesis, University of Regina , 2008.

Theme 3: Human-Oriented Security

Project 3.1 Usability of Authentication and Access Control Mechanisms

Conference, Symposium or Workshop

•	Jeff Wilson, Judith M. Brown, Robert Biddle. Distributed Data and Displays via SVG and HTML5: Web Server Log Security Analysis , In Workshop on Distributed User Interfaces: Models, Methods and Tools, AMC , 2013.
•	Sadegh Torabi, Konstantin Beznosov. Privacy Aspects of Health Related Information Sharing in Online Social Networks , In USENIX (HealthTech '13) , 2013.
•	Elizabeth Stobert, Robert Biddle. Memory retrieval and graphical passwords , In Symposium on Usable Privacy and Security (SOUPS) , 2013.
•	Serge Egelman, Andreas Sotirakopoulos, Ildar Muslukhov, Konstantin Beznosov, Cormac Herley. Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection , In ACM Computer-Human Interaction (CHI) Conference , 2013.
•	Jeremy Clark, Paul C. van Oorschot. SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , In IEEE Symposium on Security and Privacy , 2013.
•	Vanessa Boothroyd, Sonia Chiasson. Writing down passwords: does it help? , In Conference on Privacy, Security, and Trust (PST) , 2013.
•	Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm, Fabian Monrose, Paul C. van Oorschot. Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion , In USENIX Security Symposium , 2012.
•	Daniel McCarney, David Barrera, Jeremy Clark, Sonia Chiasson, Paul C. van Oorschot. Tapas: Design, Implementation, and Usability of a Password Manager , In ACSAC , 2012.
•	Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes , In IEEE Symposium on Security and Privacy , 2012.
•	San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, Konstantin Beznosov. OpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On , In 29th International Conference Extended Abstracts on Human Factors in Computing Systems (CHI) , 2011.
•	Elizabeth Stobert, Sonia Chiasson, Robert Biddle. User-Choice Patterns in PassTiles Graphical Passwords , In Annual Computer Security Applications Conference (ACSAC) , 2011.
•	Mohammad Mannan, David Barrera, Carson Brown, David Lie, Paul C. van Oorschot. Mercury: Recovering Forgotten Passwords Using Personal Devices , In Financial Cryptography and Data Security , LNCS 7035 pp.315-330 (Springer-Verlag, 2012) , 2011.
•	San-Tsai Sun, Yazan Boshmaf, Kirstie Hawkey, Konstantin Beznosov. A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On , In New Security Paradigms Workshop (NSPW) , 2010.
•	San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov. OpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On Triangle , In 6th ACM Workshop on Digital Identity Management (DIM) , 2010.
•	Fahimeh Raja, Kirstie Hawkey, Pooya Jaferian, Konstantin Beznosov, K.S. Booth. It's Too Complicated, So I Turned It Off! Expectations, Perceptions, and Misconceptions of Personal Firewalls , In 3rd ACM Workshop on Assurable & Usable Security Configuration (SafeConfig) , 2010.
•	Sara Motiee, Kirstie Hawkey, Konstantin Beznosov. Investigating User Account Control Practices , In 28th International Conference Extended Abstracts on Human Factors in Computing Systems , ACM , 2010.
•	Masoud Ghoreishi Madiseh, M. McGuire, Stephen W. Neville. Time Correlation Analysis of Secret Key Generation via UWB Channels , In IEEE Global Communications Conference (Globecom) , 2010.
•	Daniel LeBlanc, Alain Forget, Robert Biddle. Guessing Click-Based Graphical Passwords by Eye Tracking , In IEEE Privacy, Security and Trust (PST) , 2010.
•	Alain Forget, Sonia Chiasson, Robert Biddle. Shoulder-Surfing Resistance with Eye-Gaze Entry in Click-Based Graphical Passwords , In ACM SIGCHI Conference on Human Factors in Computing Systems (CHI) , 2010.
•	A. Elliott, Scott Knight. Role Explosion: Acknowledging the Problem , In Software Engineering Research and Practice, WORLDCOMP , 2010.
•	Paul C. van Oorschot, T. Wan. TwoStep: An Authentication Method Combining Text and Graphical Passwords , In 4th International MCeTech Conference on eTechnologies , Springer LNBIP, vol 26 , 2009.
•	Masoud Ghoreishi Madiseh, S. He, M. L. McGuire, Stephen W. Neville, X. Dong. Secret Key Verification and Generation in UWB Channels Based on Real Data Measurements , In IEEE International Conference on Communications , 2009.
•	Pooya Jaferian, D. Botta, Kirstie Hawkey, Konstantin Beznosov. A Case Study of Enterprise Identity Management System Adoption in an Insurance Organization , In 3rd Symposium on Computer Human Interaction for Management of Information Technology (AMC CHIMIT '09) , 2009.
•	Cormac Herley, Paul C. van Oorschot, Andrew S Patrick. Passwords: If We're So Smart, Why Are We Still Using Them? , In Financial Cryptography and Data Security , 2009.
•	A. Elliott, Scott Knight. One Employee and Several Applications: An Information Management Case Study , In Software Engineering Research and Practice, World Congress in Computer Science Computer Engineering and Applied Computing (WORLDCOMP) , 2009.
•	Sonia Chiasson, Alain Forget, Elizabeth Stobert, Paul C. van Oorschot, Robert Biddle. Multiple password interference in text and click-based graphical passwords , In ACM Computer and Communications Security (CCS) , 2009.
•	Jennifer Sobey, Robert Biddle, Paul C. van Oorschot, Andrew S Patrick. Exploring User Reactions to Browser Cues for Extended Validation Certificates , In European Symposium on Research in Computer Security (ESORICS 2008) , 2008.
•	Mohammad Mannan, Paul C. van Oorschot. Digital Objects as Passwords , In USENIX Workshop on Hot Topics in Security (HotSec '08) , 2008.
•	Masoud Ghoreishi Madiseh, M. McGuire, Stephen W. Neville. Secret Key Generation and Agreement in UWB Communication Channels , In IEEE Global Communications Conference (Globecom) , 2008.
•	Pooya Jaferian, D. Botta, Fahimeh Raja, Kirstie Hawkey, Konstantin Beznosov. Guidelines for Designing IT Security Management Tools , In Symposium on Computer Human Interaction for the Management of Information Technology (ACM CHIMIT'08) , 2008.
•	Alain Forget, Sonia Chiasson, Paul C. Van Oorschot, Robert Biddle. Improving Text Passwords Through Persuasion , In ACM Symposium on Usable Privacy and Security (SOUPS) , 2008.
•	Sonia Chiasson, Alain Forget, Robert Biddle, Paul C. Van Oorschot. Influencing Users Towards Better Passwords: Persuasive Cued Click-Points , In International British Coputer Society Human Computer Interaction Conference (BCS-HCI) , 2008.
•	Sonia Chiasson, J. Srinivasan, Robert Biddle, Paul C. Van Oorschot. Centered Discretization with Application to Graphical Passwords , In USENIX UPSEC (Usability, Psychology, and Security) , 2008.

Journal or Periodical

•	San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, Konstantin Beznosov. Investigating users' perspectives of web single sign-on: Conceptual gaps and acceptance model , In ACM Transactions on Internet Technology (TOIT) (impact factor 0.89) , 2013.
•	C. Amrutkar, P. Traynor, Paul C. van Oorschot. An Empirical Evaluation of Security Indicators in Mobile Web Browsers , In IEEE Transactions on Mobile Computing (July 24, 2013) , 2013.
•	Cormac Herley, Paul C. van Oorschot. A Research Agenda Acknowledging the Persistence of Passwords , In IEEE Security & Privacy , volume 10(1), 2012.
•	Mohammad Mannan, Paul C. van Oorschot. Leveraging Personal Devices for Stronger Password Authentication from Untrusted Computers , In Journal of Computer Security , volume 19(4), 2011.
•	Robert Biddle, Mohammad Mannan, Paul C. van Oorschot, Tara Whalen. User Study, Analysis, and Usable Security Passwords Based on Digital Objects , In IEEE Transactions on Information Forensics and Security (TIFS) , volume 6(3), 2011.
•	Mansour Alsaleh, Mohammad Mannan, Paul C. van Oorschot. Revisiting Defenses Against Large-Scale Online Password Guessing Attacks , In IEEE Transactions on Dependable and Secure Computing (TDSC) , 2011.
•	Paul C. van Oorschot, A. Salehi-Abari, Julie Thorpe. Purely Automated Attacks on PassPoints-Style Graphical Passwords , In IEEE Transactions on Information Forensics and Security (TIFS) , volume 5(3), 2010.

Thesis

•	San-Tsai Sun. “Towards Improving the Security and Usability of Web Single Sign-On Systems” , PhD thesis, University of British Columbia , 2013.
•	Alain Forget. A World with Many Authentication Schemes , PhD thesis, , 2012.
•	Mohammad Mannan. Authentication and Securing Personal Information in an Untrusted Internet , PhD thesis, Carleton University , 2009.

•	Daniel McCarney. Password Managers: Comparative Evaluation, Design, Implementation and Empirical Analysis , Master's thesis, Carleton University , 2013.
•	Hsin-Yi Chiang. A Graphical Password Scheme for Mobile Devices , Master's thesis, Carleton University , 2013.
•	Elizabeth Stobert. Memorability of Assigned Random Graphical Passwords , Master's thesis, Carleton University , 2011.
•	Fahimeh Raja. Towards Improving the Usability of Personal Firewalls , Master's thesis, University of British Columbia , 2011.
•	Carson Brown. A Meta-Scheme for Authentication Using Text Adventures , Master's thesis, Carleton University , 2010.

•	Elizabeth Stobert. Effects on Usability of Increasing Security in Click-based Graphical Passwords , Bachelor's thesis, Carleton University , 2009.

Project 3.2 Human Behaviour and Computer Security

Conference, Symposium or Workshop

•	Leah Zhang-Kennedy, Sonia Chiasson, Robert Biddle. Password Advice Shouldn't Be Boring: Visualizing Password Guessing Attacks , In IEEE eCrime Researchers Summit , 2013.
•	Ravina Samaroo, Judith M. Brown, Steven Greenspan, Robert Biddle. Day in the life: A method for documenting user expereince in complex environments , In Emerging Technologies for a Smarter World (CEWIT), 10th International Conference Expo, IEEE , 2013.
•	Gerardo Reynaga, Sonia Chiasson. The Usability of Captchas on Smartphones , In International Conference on Security and Cryptography (SECRYPT) , 2013.
•	Ildar Muslukhov, Yazan Boshmaf, Cynthia Kuo, J Lester, Konstantin Beznosov. Know Your Enemy: The Risk of Unauthorized Access in Smartphones by Insiders , In 15th International Conference on Human-computer Interaction with Mobile Devices and Services (Mobile HCI) , 2013.
•	Fanny Lalonde-Levesque, Jude Nsiempba, Jose M. Fernandez, Sonia Chiasson, Anil Somayaji. A Clinical Study of Risk Factors Related to Malware Infections , In ACM Conference on Computer and Communications Security (to appear) , 2013.
•	Hsin-Yi Chiang, Sonia Chiasson. Improving user authentication on mobile devices: A Touchscreen Graphical Password , In ACM MobileHCI , 2013.
•	Judith M. Brown, Steven Greenspan, Robert Biddle. Complex activities in an operations center: A case study and model for engineering interaction , In Engineering Interactive Computing Systems (EICS2013) , 2013.
•	Ildar Muslukhov, Yazan Boshmaf, Cynthia Kuo, J Lester, Konstantin Beznosov. Understanding Users’ Requirements for Data Protection in Smartphones , In 1st Workshop on Secure Data Management on Smartphones and Mobiles (SDMSM) , 2012.
•	M. Mahmoud, Sonia Chiasson, Ashraf Matrawy. Does Context Influence Responses to Firewall Warnings? , In APWG eCrime Summit , 2012.
•	Alain Forget, Sonia Chiasson, Robert Biddle. Supporting Learning of an Unfamiliar Authentication Scheme , In Association for the Advancement of Computing in Education (AACE E-Learn) , 2012.
•	Sonia Chiasson, C. Deschamps, Elizabeth Stobert, Max Hlywa, Bruna Machado Freitas, Alain Forget, N. Wright, G. Chan, Robert Biddle. The MVP Web-based Authentication Framework [Short Paper] , In Financial Cryptography (FC) , 2012.
•	David Barrera, W. Enck, Paul C. van Oorschot. Meteor: Seeding a Security-Enhancing Infrastructure for Multi-market Application Ecosystems , In IEEE MoST 2012 (Mobile Security Technologies Workshop) , 2012.
•	San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, Konstantin Beznosov. What makes users refuse web single sign-on? An empirical investigation of OpenID , In Symposium on Usable Privacy and Security (SOUPS’11) , 2011.
•	Andreas Sotirakopoulos, Kirstie Hawkey, Konstantin Beznosov. On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings , In 7th Symposium on Usable Privacy and Security (SOUPS) , 2011.
•	Fahimeh Raja, Kirstie Hawkey, S. Hsu, K.-L. Wang, Konstantin Beznosov. A Brick Wall, a Locked Door, & a Bandit: A Physical Security Metaphor For Firewall Warnings , In 7th Symposium on Usable Privacy and Security (SOUPS) , 2011.
•	Eric Lin, S. Greenberg, E. Trotter, D. Ma, John Aycock. Does Domain Highlighting Help People Identify Phishing Sites? , In ACM Conference on Human Factors in Computing Systems (ACM CHI) , 2011.
•	Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, Konstantin Beznosov. Heuristics for Evaluating IT Security Management Tools (Extended Abstract) , In 29th International Conference Extended Abstracts on Human Factors in Computing Systems (CHI) , 2011.
•	Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, Maria Velez-Rojas, Konstantin Beznosov. Heuristics for Evaluating IT Security Management Tools , In Symposium on Usable Privacy and Security (SOUPS) , 2011.
•	Max Hlywa, Robert Biddle, Andrew S Patrick. Facing the facts about image type in recognition-based graphical passwords , In 27th Annual Computer Security Applications Conference (ACSAC) , 2011.
•	Sonia Chiasson, M. Modi, Robert Biddle. Auction Hero: The Design of a Game to Learn and Teach about Computer Security , In AACE World Conference on E-Learning in Corporate, Government, Healthcare & Higher Education (E-Learn) , 2011.
•	Kemal Bicakci, Nart Bedin Atalay, M. Yuceel, Paul C. van Oorschot. Exploration and Field Study of a Browser-based Password Manager using Icon-based Passwords , In 2nd Workshop on Real-Life Cryptographic Protocols and Standardization (RLCPS'11) , Springer (2012) LNCS 7126 , 2011.
•	Elizabeth Stobert. Usability and Strength in Click-based Graphical Passwords (Extended abstract) , In ACM Special Interest Group on Computer-Human Interaction Student Research Competition Entry (SIGCHI SRC) , 2010.
•	Elizabeth Stobert, Alain Forget, Sonia Chiasson, Paul C. van Oorschot, Robert Biddle. Exploring Usability Effects of Increasing Security in Click-based Graphical Passwords , In Annual Computer Security Applications Conference (ACSAC) , 2010.
•	Andreas Sotirakopoulos, Kirstie Hawkey, Konstantin Beznosov. I did it because I trusted you: Challenges with the study environment biasing participant behaviours , In Symposium of Usable Privacy & Security (SOUPS) Usable Security Experiment Reports (USER) Workshop , 2010.
•	Sara Motiee, Kirstie Hawkey, Konstantin Beznosov. The Challenges of Understanding Users’ Security-related Knowledge, Behaviour, and Motivations , In Symposium of Usable Privacy & Security (SOUPS) Usable Security Experiment Reports (USER) Workshop , 2010.
•	Sara Motiee, Kirstie Hawkey, Konstantin Beznosov. Do windows users follow the principle of least privilege?: Investigating user account control practices , In 6th Symposium on Usable Privacy Security , 2010.
•	Pooya Jaferian, Kirstie Hawkey, Konstantin Beznosov. Challenges in evaluating complex IT security management systems , In SOUPS Usable Security Experiment Reports (USER) Workshop , 2010.
•	San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov. Towards enabling Web 2.0 content sharing beyond walled gardens , In Workshop on Security and Privacy in Online Social Networking , 2009.
•	San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov. Secure Web 2.0 content sharing beyond walled gardens , In 25th Annual Computer Security Applications Conference (ACSAC) , 2009.
•	San-Tsai Sun, Konstantin Beznosov. Open problems in Web 2.0 user content sharing , In iNetSec Workshop , 2009.
•	Fahimeh Raja, Kirstie Hawkey, Konstantin Beznosov. Revealing hidden context: Improving mental models of personal firewall users , In 5th Symposium on Usable Privacy and Security (SOUPS) , 2009.
•	Alain Forget, Sonia Chiasson, Robert Biddle. Lessons from brain age on persuasion for computer security , In CHI' 09 extended abstracts on Human Factors in Computing Systems , 2009.
•	Robert Biddle, Paul C. van Oorschot, Andrew S Patrick, Jennifer Sobey, Tara Whalen. Browser Interfaces and Extended Validation SSL Certificates: An Empirical Study , In ACM Cloud Computing Security Workshop (CCSW) , 2009.
•	R. Werlinger, Kirstie Hawkey, K. Mulder, Pooya Jaferian, Konstantin Beznosov. The challenges of using an intrusion detection system: Is it worth the effort? , In ACM Symposium on Usable Privacy and Security (SOUPS) , 2008.
•	A. Salehi-Abari, Julie Thorpe, Paul C. van Oorschot. On Purely Automated Attacks and Click-Based Graphical Passwords , In 24th Annual Computer Security Applications Conference (ACSAC) , 2008.
•	Alain Forget, Sonia Chiasson, Paul C. Van Oorschot, Robert Biddle. Persuasion for Stronger Passwords: Motivation and Pilot Study , In 3rd Conference on Persuasive Technology , Springer LNCS , 2008.

Journal or Periodical

•	Pooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, Maria Velez-Rojas, Konstantin Beznosov. Heuristics for Evaluating IT Security Management Tools , In Human–Computer Interaction , 2013. [doi]
•	Sonia Chiasson, H. Crawford, Serge Egelman, P. Irani. Refelections on U-PriSM 2: The Second Workshop on Usable Privacy and Security for Mobile Devices , In International Journal of Mobile Human Computer Interaction (IJMHCI), Special Issue , 2013.
•	Sonia Chiasson, Alain Forget, Robert Biddle, Paul C. van Oorschot. Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism , In IEEE Transactions on Dependable and Secure Computing (TDSC) , 2012.
•	Robert Biddle, Sonia Chiasson, Paul C. van Oorschot. Graphical Passwords: Learning from the First Twelve Years , In ACM Computing Surveys , 2012.
•	D. Botta, K. Mulder, Kirstie Hawkey, Konstantin Beznosov. Toward Understanding Distributed Cognition in IT Security Management: The Role of Cues and Norms , In International Journal of Cognition, Technology & Work , 2010.
•	Sonia Chiasson, Alain Forget, Robert Biddle, Paul C. van Oorschot. User interface design affects security: Patterns in click-based graphical passwords , In International Journal of Information Security , volume 8(5), 2009.

Thesis

•	Sonia Chiasson. Usable Authentication and Click-based Graphical Passwords , PhD thesis, Carleton University , 2009.

•	Leah Zhang-Kennedy. Improving mental models of computer security through information graphics , Master's thesis, Carleton University , 2013.
•	Bruna Machado Freitas. The impact of social network advice on software security decisions , Master's thesis, Carleton University , 2013.
•	Wahida Chowdhury. Do malware warnings reduce the likelihood of installing bad software? , Master's thesis, Carleton University , 2013.
•	Nicholas Marchant Wright. Do you see your password?; applying recognition to textual passwords , Master's thesis, Carleton University , 2011.
•	Andreas Sotirakopoulos. Influencing User Password Choice Through Peer Pressure , Master's thesis, University of British Columbia , 2011.
•	Sara Motiee. Towards Supporting Users in Assessing the Risk in Privilege Elevation , Master's thesis, University of British Columbia , 2011.
•	Max Hlywa. Do houses have faces?: the effect of image type in recognititon-based graphical passwords , Master's thesis, Carleton University , 2011.
•	Daniel LeBlanc. Can preselection gaze distribution statistics predict graphical passwords? , Master's thesis, Carleton University , 2009.
•	Jennifer Sobey. An Evaluation of New Browser Indicators for Extended Validation Certificates , Master's thesis, Carleton University , 2008.

Project 3.3 Visualisation for Understanding Network Behaviour and Security Management

Conference, Symposium or Workshop

•	A. Vahdat, M.I. Heywood, Nur Zincir-Heywood. Symbiotic Evolutionary Subspace Clustering , In IEEE World Congress on Computational Intelligence, WCCI - CEC , 2012.
•	A. Vahdat, M.I. Heywood, Nur Zincir-Heywood. Bottom-up Evolutionary Subspace Clustering , In IEEE World Congress on Computational Intelligence, (WCCI – CEC) , 2010.
•	David Barrera, H.G. Kayacik, Paul C. van Oorschot, Anil Somayaji. A Methodology for Empirical Analysis of Permission-Based Security Models and Its Application to Android , In ACM Computer and Communications Security (CCS) , 2010.
•	A Makanju, Nur Zincir-Heywood, E. Milios. Clustering of Event Logs Using Iterative Partitioning , In ACM SIGKDD International Conference on Knowledge Discovery and Data Mining , 2009.
•	R. Khaled, P. Barr, H. Johnson, Robert Biddle. Let's clean up this mess: exploring multi-touch collaborative play , In 27th International Conference extended abstracts on Human Factors in Computing Systems , 2009.
•	David Barrera, Paul C. van Oorschot. Security Visualization Tools and Source Addresses in IPv6 (short paper) , In VizSec 2009: Workshop on Visualization for Cyber Security , 2009.
•	A Makanju, S. Brooks, Nur Zincir-Heywood, E. Milios. LogView: Visualizing Event Log Clusters , In IEEE Conference on Privacy, Security and Trust , 2008.
•	Mansour Alsaleh, David Barrera, Paul C. van Oorschot. Improving Security Visualization with Exposure Map Filtering , In Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC) , 2008.

Journal or Periodical

•	David Barrera, Paul C. van Oorschot. Accommodating IPv6 Addresses in Security Visualization Tools , In Information Visualization , volume 10(2), 2011.

Thesis

•	David Barrera. Towards Classifying and Selecting Appropriate Security Visualization Techniques , Master's thesis, Carleton University , 2009.