Carnegie Mellon University
Browse

Ljudevit Bauer

Publications

  • Can unicorns help users compare crypto key fingerprints?
  • Designing Password Policies for Strength and Usability
  • Better passwords through science (and neural networks)
  • Design and evaluation of a data-driven password meter
  • Some recipes can do more than spoil your appetite: Analyzing the security and privacy risks of IFTTT recipes
  • Let's go in for a closer look: Observing passwords in their natural habitat
  • Riding out DOMsday: Toward detecting and preventing DOM cross-site scripting
  • Diversify to survive: Making passwords stronger with adaptive policies
  • Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition
  • (Do not) Track me sometimes: Users' contextual preferences for web tracking
  • Do Users' Perceptions of Password Security Match Reality?
  • Sharing personal content online: exploring channel choice and multi-channel behaviors
  • Usability and Security of Text Passwords on Mobile Devices
  • Self-driving cars and data collection: Privacy perceptions of networked autonomous vehicles
  • How risky are real users' IFTTT applets?
  • Cybersecurity and privacy
  • Privacy expectations and preferences in an IoT world
  • “I added '!' at the end to make it secure”: Observing password creation in the lab
  • Timing-sensitive noninterference through composition
  • Password creation in the presence of blacklists
  • Towards privacy-aware smart buildings: Capturing, communicating, and enforcing privacy policies and preferences
  • Why people (don't) use password managers effectively
  • Fast, lean, and accurate: Modeling password guessability using neural networks
  • "adulthood is trying each of the same six passwords that you use for everything": The Scarcity and Ambiguity of Security Advice on Social Media
  • Detecting iPhone Security Compromise in Simulated Stalking Scenarios: Strategies and Obstacles
  • (How) Do people change their passwords after a breach?
  • “It's not actually that horrible”
  • The Influence of Friends and Experts on Privacy Decision Making in IoT Scenarios
  • Comparing Hypothetical and Realistic Privacy Valuations
  • A Field Study of Computer-Security Perceptions Using Anti-Virus Customer-Support Chats
  • A General Framework for Adversarial Examples with Objectives
  • User behaviors and attitudes under password expiration policies
  • On the Suitability of Lp-Norms for Creating and Preventing Adversarial Examples
  • $n$-ML: Mitigating Adversarial Examples via Ensembles of Topologically Manipulated Classifiers
  • What breach? Measuring online awareness of security incidents by studying real-world browsing behavior
  • What Makes People Install a COVID-19 Contact-Tracing App? Understanding the Influence of App Design and Individual Difference on Contact-Tracing App Adoption Intention
  • Optimization-Guided Binary Diversification to Mislead Neural Networks for Malware Detection
  • Practical recommendations for stronger, more usable passwords combining minimum-strength, minimum-length, and blocklist requirements
  • “Did you know this camera tracks your mood?”: Understanding Privacy Expectations and Preferences in the Age of Video Analytics
  • Metering graphical data leakage with Snowman
  • “I would have to evaluate their objections”: Privacy tensions between smart home device owners and incidental users
  • (How) Do people change their passwords after a breach?
  • OmniCrawl: Comprehensive Measurement of Web Tracking With Real Desktop and Mobile Browsers
  • What makes people install a COVID-19 contact-tracing app? Understanding the influence of app design and individual difference on contact-tracing app adoption intention
  • Malware Makeover: Breaking ML-based Static Analysis by Modifying Executable Bytes
  • Towards a Lightweight, Hybrid Approach for Detecting DOM XSS Vulnerabilities with Machine Learning
  • What breach? Measuring online awareness of security incidents by studying real-world browsing behavior
  • Investigating Advertisers' Domain-changing Behaviors and Their Impacts on Ad-blocker Filter Lists
  • Prevalence of Third-Party Tracking on Abortion Clinic Web Pages
  • Perspectives from a Comprehensive Evaluation of Reconstruction-based Anomaly Detection in Industrial Control Systems
  • A comparison of users' perceptions of and willingness to use Google, Facebook, and Google+ single-sign-on functionality
  • Real life challenges in access-control management
  • Detecting and resolving policy misconfigurations in access-control systems
  • What you want is not what you get: Predicting sharing policies for text-based content on Facebook
  • Analyzing the dangers posed by Chrome extensions
  • Measuring password guessability for an entire university
  • What matters to users? Factors that affect users' willingness to share information with online advertisers
  • Expandable grids for visualizing and authoring computer security policies
  • A user study of policy creation in a flexible access-control system
  • Of passwords and people: measuring the effect of password-composition policies
  • Efficient proving for practical distributed access-control systems
  • Exploring reactive access control
  • Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms
  • Modeling and enhancing Android\'s permission system
  • Tag, you can see it! Using tags for access control in photo sharing
  • Run-time enforcement of information-flow properties on Android
  • Run-time enforcement of nonsafety policies
  • Constraining credential usage in logic-based access control
  • Enforcing more with less: Formalizing target-aware run-time monitors
  • Composing expressive runtime security policies
  • The post anachronism: the temporal dimension of Facebook privacy
  • Probabilistic cost enforcement of security policies
  • Correct horse battery staple: Exploring the usability of system-assigned passphrases
  • Discovering access-control misconfigurations: New approaches and evaluation methodologies
  • More than skin deep: measuring effects of the underlying model on access-control system usability
  • Out of sight, out of mind: Effects of displaying access-control information near the item it controls
  • Studying access-control usability in the lab: lessons learned from four studies
  • Don't bump, shake on it: The exploitation of a popular accelerometer-based smart phone exchange and its secure replacement
  • xDomain: Cross-border proofs of access
  • Encountering stronger password requirements: user attitudes and behaviors
  • Introducing reputation systems to the economics of outsourcing computations to rational workers
  • Introducing reputation systems to the economics of outsourcing computations to rational workers
  • Probabilistic Cost Enforcement of Security Policies
  • "I added '!' at the end to make it secure": Observing password creation in the lab
  • Measuring Real-World Accuracies and Biases in Modeling Password Guessability
  • "I added '!' at the end to make it secure": Observing password creation in the lab
  • Run-time monitoring and formal analysis of information flows in Chromium
  • Measuring Real-World Accuracies and Biases in Modeling Password Guessability
  • A Spoonful of Sugar? The Impact of Guidance and Feedback on Password-Creation Behavior
  • Studying the effectiveness of security images in Internet banking
  • Android taint flow analysis for app sets
  • Can long passwords be secure and usable?
  • Studying the effectiveness of security images in Internet banking
  • Mobile SCALe: Rules and Analysis for Secure Java and Android Coding
  • Consumable credentials in logic-based access-control systems
  • Don’t Bump, Shake on It: The Exploitation of a Popular Accelerometer-Based Smart Phone Exchange and Its Secure Replacement
  • Challenges in Access Right Assignment for Secure Home Networks
  • How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation
  • Access control for home data sharing: Attitudes, needs and practices
  • Toward strong, usable access control for shared distributed data
  • Edit automata: Enforcement mechanisms for run-time security policies
  • Distributed proving in access-control systems
  • Lessons learned from the deployment of a smartphone-based access-control system
  • More enforceable security policies
  • A linear logic of authorization and knowledge
  • Composing security policies with Polymer
  • Enforcing non-safety security policies with program monitors
  • Mechanisms for secure modular programming in Java
  • Device-enabled authorization in the Grey system
  • Types and effects for non-interfering program monitors
  • A general and flexible access-control system for the Web
  • Access control for the Web via proof-carrying authorization

Usage metrics

Co-workers & collaborators

Lorrie Cranor

Lorrie Cranor

Ljudevit Bauer's public data