Two papers accepted at ACSAC 2021

We are excited to have two papers accepted at ACSAC 2021! First, The Emperor’s New Autofill Framework: A Security Analysis of Autofill on iOS and Android. This paper examines the security of password autofill frameworks built into Android and iOS, finding significant issues with each. Second, Systematization of Password Manager Use Cases and Design Paradigms. This paper systematizes how users leverage password managers and how password managers are implemented to support those use cases. This is a critical paper for anyone looking to design user studies of password managers.

Jeremy Clark recently presented on our systematization of knowledge on securing email SoK: Securing Email—A Stakeholder-Based Analysis at the 2021 International Conference on Financial Cryptography and Data Security (FC). This paper helps describe the evolution of secure email, the challenges preventing widespread adoption, and directions for future project. Click on the link to the paper to see the video of the presentation.

Sean Oesch recently presented on his paper Understanding User Perceptions of Security and Privacy for Group Chat: A Survey of Users in the US and UK at the 2020 Annual Computer Security Applications Conference (ACSAC). This paper examines how users view secure group chat, identifying their key concerns, and exploring how they manage their security. Click on the link to the paper to see the video of the presentation.

Welcoming Dr. Doowon Kim

We are excited to announce that Dr. Doowon Kim has join the USER Lab. Dr. Kim recently joined the Department of Electrical Engineering and Computer Science at the University of Tennessee. His research centers on the code signing-PKI, security measurements, secure software engineering, and usable security. Check out his personal page to learn more about Dr. Kim.

Sean Oesch recently presented on his paper That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers at the 2020 USENIX Security Symposium. You can watch the video here.