• Publications
  • Influence
Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition
TLDR
We define and investigate a novel class of attacks: attacks that are physically realizable and inconspicuous, and allow an attacker to evade recognition or impersonate another individual. Expand
  • 699
  • 50
  • PDF
Edit automata: enforcement mechanisms for run-time security policies
TLDR
We analyze the space of security policies that can be enforced by monitoring and modifying programs at run time and provide a rigorous framework for reasoning about them and their cousins. Expand
  • 383
  • 34
  • PDF
Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms
TLDR
We develop an efficient distributed method for calculating how effectively several heuristic password-guessing algorithms guess passwords. Expand
  • 376
  • 31
  • PDF
Of passwords and people: measuring the effect of password-composition policies
TLDR
We characterize the predictability of passwords by calculating their entropy, and find that a number of commonly held beliefs about password composition and strength are inaccurate. Expand
  • 347
  • 26
  • PDF
Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks
TLDR
We propose using artificial neural networks to model text passwords' resistance to guessing attacks and explore how different architectures and training methods impact neural networks' guessing effectiveness. Expand
  • 142
  • 24
  • PDF
Encountering stronger password requirements: user attitudes and behaviors
TLDR
A new password policy at Carnegie Mellon University requires users to create a complex password, but most users believe that they are now more secure. Expand
  • 312
  • 23
  • PDF
Measuring Real-World Accuracies and Biases in Modeling Password Guessability
TLDR
We investigate how cracking approaches often used by researchers compare to real-world cracking by professionals, as well as how the choice of approach biases research conclusions. Expand
  • 128
  • 22
  • PDF
How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation
TLDR
We present a 2,931-subject study of password creation in the presence of 14 password meters. Expand
  • 269
  • 21
  • PDF
Android taint flow analysis for app sets
TLDR
This paper describes a new static taint analysis for Android that combines and augments the FlowDroid and Epicc analyses to precisely track both inter-component and intra-component data flow in a set of Android applications. Expand
  • 185
  • 21
  • PDF
Run-Time Enforcement of Nonsafety Policies
TLDR
A common mechanism for ensuring that software behaves securely is to monitor programs at run time and check that they dynamically adhere to constraints specified by a security policy. Expand
  • 175
  • 20
  • PDF