"I Have No Idea What I'm Doing" - On the Usability of Deploying HTTPS
暂无分享,去创建一个
Edgar R. Weippl | Katharina Krombholz | Martin Schmiedecker | Wilfried Mayer | Katharina Krombholz | E. Weippl | Martin Schmiedecker | Wilfried Mayer
[1] Matthew Smith,et al. Why eve and mallory (also) love webmasters: a study on the root causes of SSL misconfigurations , 2014, AsiaCCS.
[2] Elizabeth Stobert,et al. The Password Life Cycle: User Behaviour in Managing Passwords , 2014, SOUPS.
[3] Chris Palmer,et al. Public Key Pinning Extension for HTTP , 2015, RFC.
[4] Markus Huber,et al. No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large , 2015, 2016 11th International Conference on Availability, Reliability and Security (ARES).
[5] Frank Stajano,et al. Responsibility and Tangible Security: Towards a Theory of User Acceptance of Security Tokens , 2016, ArXiv.
[6] Dan Boneh,et al. An Experimental Study of TLS Forward Secrecy Deployments , 2014, IEEE Internet Computing.
[7] Erich M. Nahum,et al. Cryptographic strength of ssl/tls servers: current and recent practices , 2007, IMC '07.
[8] Khaled Yakdan,et al. Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study , 2016, 2016 IEEE Symposium on Security and Privacy (SP).
[9] Lorrie Faith Cranor,et al. Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.
[10] Matthew Smith,et al. Sorry, I Don't Get It: An Analysis of Warning Message Texts , 2013, Financial Cryptography Workshops.
[11] J. Alex Halderman,et al. A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.
[12] J. Alex Halderman,et al. Towards a Complete View of the Certificate Ecosystem , 2016, Internet Measurement Conference.
[13] Elissa M. Redmiles,et al. I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security , 2016, 2016 IEEE Symposium on Security and Privacy (SP).
[14] Jeremy Clark,et al. 2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , 2022 .
[15] Gordon Fyodor Lyon,et al. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning , 2009 .
[16] Sunny Consolvo,et al. Experimenting at scale with google chrome's SSL warning , 2014, CHI.
[17] Laura A. Dabbish,et al. "My Data Just Goes Everywhere: " User Mental Models of the Internet and Implications for Privacy and Security , 2015, SOUPS.
[18] Christof Paar,et al. DROWN: Breaking TLS Using SSLv2 , 2016, USENIX Security Symposium.
[19] J. Alex Halderman,et al. Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.
[20] Joseph Bonneau,et al. Upgrading HTTPS in mid-air: An empirical study of strict transport security and key pinning , 2015, NDSS.
[21] Bodo Möller,et al. This POODLE Bites: Exploiting The SSL 3.0 Fallback , 2014 .
[22] Peter Saint-Andre,et al. Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) , 2015, RFC.
[23] R. Schlatterbeck,et al. Applied Crypto Hardening , 2014 .
[24] Eric Rescorla,et al. The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.
[25] Georg Carle,et al. The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements , 2011, IMC '11.
[26] Mohamed Ali Kâafar,et al. TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication , 2015, NDSS.
[27] Matthew Smith,et al. To Pin or Not to Pin-Helping App Developers Bullet Proof Their TLS Connections , 2015, USENIX Security Symposium.
[28] Kenneth G. Paterson,et al. On the Security of RC4 in TLS , 2013, USENIX Security Symposium.
[29] Peter Saint-Andre,et al. Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS) , 2015, RFC.
[30] Gottfried Wilhelm,et al. Participatory Design for Security-Related User Interfaces , 2015 .
[31] Adrienne Porter Felt,et al. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness , 2013, USENIX Security Symposium.
[32] Sunny Consolvo,et al. Improving SSL Warnings: Comprehension and Adherence , 2015, CHI.
[33] Michael Backes,et al. You Get Where You're Looking for: The Impact of Information Sources on Code Security , 2016, 2016 IEEE Symposium on Security and Privacy (SP).
[34] John McHugh,et al. A Human Capital Model for Mitigating Security Analyst Burnout , 2015, SOUPS.