HotSoS 2017

file

Visible to the public Tutorial: The Bugs Framework (BF) "Hands-On"

Submitted by Paul E. Black on Tue, 03/07/2017 - 9:23pm. Contributors:

ABSTRACT: Advancements of scientific foundation in cybersecurity rely on the availability of accurate, precise, and non-ambiguous definitions of software weaknesses (bugs) and descriptions of software vulnerabilities. The Bugs Framework (BF) organizes software weaknesses into distinct classes, such as buffer overflow (BOF), injection (INJ), faulty operation (FOP), and control of interaction frequency (CIF).

file

Visible to the public Optimal Security Investments in a Prevention and Detection Game

Submitted by cardenas on Tue, 03/07/2017 - 9:23pm. Contributors:

ABSTRACT: Most security defenses can be breached by motivated adversaries, therefore in addition to attack-prevention technologies, firms investing in cyber-security for their information technology infrastructure need to consider attack-detection and restoration tools to detect intruders, an

file

Visible to the public Use of Phishing Training to Improve Security Warning Compliance: Evidence From a Field Experiment

Submitted by rproctor on Tue, 03/07/2017 - 9:23pm. Contributors:

ABSTRACT: The current approach to protect users from phishing attacks is to display a warning when the webpage is considered suspicious. We hypothesize that users are capable of making correct informed decisions when the warning also conveys the reasons why it is displayed.