SBE

This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers.

Warning messages are one of the last lines of defense in computer security, and are fundamental to users' security interactions with technology. Unfortunately, research shows that users routinely ignore security warnings. A key contributor to this disregard is habituation, the diminishing of attention due to frequent exposure. However, previous research examining habituation has done so only indirectly, by observing the influence of habituation on security behavior, rather than measuring habituation itself.

Cryptographic systems often rely on the secrecy of cryptographic credentials; however, these are vulnerable to eavesdropping and can resist neither a user's intentional disclosure nor coercion attacks where the user is forced to reveal the credentials. Conventional biometric keys (e.g., fingerprint, iris, etc.), unfortunately, can still be surreptitiously duplicated or adversely revealed. In this research, the PIs argue that the most secure cryptographic credentials are ones of which the users aren't even aware.

As the use of Web applications has increased, malicious content and cyber attacks are rapidly increasing in both their frequency and their sophistication. For unwary users and their organizations, social media sites such as Tumblr, Facebook, MySpace, Twitter, and LinkedIn pose a variety of serious security risks and threats. Recent studies show that social media sites are more in use for delivering malware than were previously popular methods of email delivery. Because of this, many organizations are looking for ways to implement effective security policies.

Natural language privacy policies have become a de facto standard to address expectations of notice and choice on the Web. Yet, there is ample evidence that users generally do not read these policies and that those who occasionally do struggle to understand what they read. Initiatives aimed at addressing this problem through the development of machine implementable standards or other solutions that require website operators to adhere to more stringent requirements have run into obstacles, with many website operators showing reluctance to commit to anything more than what they currently do.