Stop the war!Остановите войну!
for scientists:
default search action
Google
Google Scholar
Semantic Scholar
Internet Archive Scholar
CiteSeerX
ORCIDPaul C. van Oorschot
Person information
- affiliation: Carleton University, Ottawa, Canada
Refine list
refinements active!
zoomed in on ?? of ?? records
view refined list in
export refined list as
showing all ?? records
2020 – today
- 2023
[j64]Christopher Bellman
, Paul C. van Oorschot:
Systematic analysis and comparison of security advice as datasets. Comput. Secur. 124: 102989 (2023)- 2022
- [j63]Paul C. van Oorschot:
A View of Security as 20 Subject Areas in Four Themes. IEEE Secur. Priv. 20(1): 102-108 (2022) - [j62]Paul C. van Oorschot:
Security as an Artificial Science, System Administration, and Tools. IEEE Secur. Priv. 20(6): 74-78 (2022) - [c103]Feng Hao, Paul C. van Oorschot:
SoK: Password-Authenticated Key Exchange - Theory, Practice, Standardization and Real-World Lessons. AsiaCCS 2022: 697-711 - [i17]Christopher Bellman, Paul C. van Oorschot:
Systematic Analysis and Comparison of Security Advice Datasets. CoRR abs/2206.09237 (2022) - [i16]David Barrera, Christopher Bellman, Paul C. van Oorschot:
Security Best Practices: A Critical Analysis Using IoT as a Case Study. CoRR abs/2209.01285 (2022) - [i15]Srivathsan G. Morkonda, Sonia Chiasson, Paul C. van Oorschot:
SSOPrivateEye: Timely Disclosure of Single Sign-On Privacy Design Differences. CoRR abs/2209.04490 (2022) - [i14]David Barrera, Christopher Bellman, Paul C. van Oorschot:
A Close Look at a Systematic Method for Analyzing Sets of Security Advice. CoRR abs/2209.04502 (2022) - 2021
- [b3]Paul C. van Oorschot:
Computer Security and the Internet - Tools and Jewels from Malware to Bitcoin, Second Edition. Information Security and Cryptography, Springer 2021, ISBN 978-3-030-83410-4, pp. 1-409 - [j61]Furkan Alaca, Paul C. van Oorschot:
Comparative Analysis and Framework Evaluating Web Single Sign-on Systems. ACM Comput. Surv. 53(5): 112:1-112:34 (2021) - [j60]Paul C. van Oorschot:
Toward Unseating the Unsafe C Programming Language. IEEE Secur. Priv. 19(2): 4-6 (2021) - [j59]Paul C. van Oorschot:
Coevolution of Security's Body of Knowledge and Curricula. IEEE Secur. Priv. 19(5): 83-89 (2021) - [j58]Furkan Alaca, AbdelRahman Abdou, Paul C. van Oorschot:
Comparative Analysis and Framework Evaluating Mimicry-Resistant and Invisible Web Authentication Schemes. IEEE Trans. Dependable Secur. Comput. 18(2): 534-549 (2021) - [c102]Jeremy Clark, Paul C. van Oorschot, Scott Ruoti, Kent E. Seamons, Daniel Zappala:
SoK: Securing Email - A Stakeholder-Based Analysis. Financial Cryptography (1) 2021: 360-390 - [c101]Srivathsan G. Morkonda, Sonia Chiasson, Paul C. van Oorschot:
Empirical Analysis and Privacy Implications in OAuth-based Single Sign-On Systems. WPES@CCS 2021: 195-208 - [i13]Srivathsan G. Morkonda, Paul C. van Oorschot, Sonia Chiasson:
Exploring Privacy Implications in OAuth Deployments. CoRR abs/2103.02579 (2021) - [i12]Feng Hao, Paul C. van Oorschot:
SoK: Password-Authenticated Key Exchange - Theory, Practice, Standardization and Real-World Lessons. IACR Cryptol. ePrint Arch. 2021: 1492 (2021) - 2020
- [b2]Paul C. van Oorschot:
Computer Security and the Internet - Tools and Jewels. Information Security and Cryptography, Springer 2020, ISBN 978-3-030-33648-6, pp. 1-338 - [j57]Paul C. van Oorschot:
Untangling Security and Privacy. IEEE Secur. Priv. 18(2): 4-6 (2020) - [j56]Paul C. van Oorschot:
Blockchains and Stealth Tactics for Teaching Security. IEEE Secur. Priv. 18(5): 3-5 (2020) - [c100]Stephanos Matsumoto, Jay Bosamiya, Yucheng Dai, Paul C. van Oorschot, Bryan Parno:
CAPS: Smoothly Transitioning to a More Resilient Web PKI. ACSAC 2020: 655-668 - [i11]Christopher Bellman, Paul C. van Oorschot:
Best Practices for IoT Security: What Does That Even Mean? CoRR abs/2004.12179 (2020) - [i10]Xavier de Carné de Carnavalet, Paul C. van Oorschot:
A survey and analysis of TLS interception mechanisms and motivations. CoRR abs/2010.16388 (2020)
2010 – 2019
- 2019
- [j55]Paul C. van Oorschot:
Software Security and Systematizing Knowledge. IEEE Secur. Priv. 17(3): 4-6 (2019) - [j54]Paul C. van Oorschot, Sean W. Smith:
The Internet of Things: Security Challenges. IEEE Secur. Priv. 17(5): 7-9 (2019) - [c99]Christopher Bellman, Paul C. van Oorschot:
Analysis, Implications, and Challenges of an Evolving Consumer IoT Security Landscape. PST 2019: 1-7 - [c98]Hemant Gupta, Paul C. van Oorschot:
Onboarding and Software Update Architecture for IoT Devices. PST 2019: 1-11 - [i9]AbdelRahman Abdou, Paul C. van Oorschot:
Secure Client and Server Geolocation Over the Internet. CoRR abs/1906.11288 (2019) - 2018
- [j53]AbdelRahman Abdou, Paul C. van Oorschot, Tao Wan:
Comparative Analysis of Control Plane Security of SDN and Conventional Networks. IEEE Commun. Surv. Tutorials 20(4): 3542-3559 (2018) - [j52]Cormac Herley, Paul C. van Oorschot:
Science of Security: Combining Theory and Measurement to Reflect the Observable. IEEE Secur. Priv. 16(1): 12-22 (2018) - [j51]John D. McLean, Cormac Herley, Paul C. van Oorschot:
Letter to the Editor. IEEE Secur. Priv. 16(3): 6-10 (2018) - [j50]AbdelRahman Abdou, Paul C. van Oorschot:
Server Location Verification (SLV) and Server Location Pinning: Augmenting TLS Authentication. ACM Trans. Priv. Secur. 21(1): 1:1-1:26 (2018) - [j49]AbdelRahman Abdou, Paul C. van Oorschot:
Secure Client and Server Geolocation over the Internet. login Usenix Mag. 43(1) (2018) - [c97]Kevin R. B. Butler, Robert K. Cunningham, Paul C. van Oorschot, Reihaneh Safavi-Naini, Ashraf Matrawy, Jeremy Clark:
A Discussion on Security Education in Academia. CCS 2018: 2187-2188 - [c96]Toby C. Murray, Paul C. van Oorschot:
BP: Formal Proofs, the Fine Print and Side Effects. SecDev 2018: 1-10 - [i8]Jeremy Clark, Paul C. van Oorschot, Scott Ruoti, Kent E. Seamons, Daniel Zappala:
Securing Email. CoRR abs/1804.07706 (2018) - [i7]Furkan Alaca, Paul C. van Oorschot:
Comparative Analysis and Framework Evaluating Web Single Sign-On Systems. CoRR abs/1805.00094 (2018) - [i6]Markus Miettinen, Paul C. van Oorschot, Ahmad-Reza Sadeghi:
Baseline functionality for security and control of commodity IoT devices and domain-controlled device lifecycle management. CoRR abs/1808.03071 (2018) - 2017
- [j48]Manar Mohamed, Song Gao, Niharika Sachdeva, Nitesh Saxena, Chengcui Zhang, Ponnurangam Kumaraguru, Paul C. van Oorschot:
On the security and usability of dynamic cognitive game CAPTCHAs. J. Comput. Secur. 25(3): 205-230 (2017) - [j47]AbdelRahman Abdou, Ashraf Matrawy, Paul C. van Oorschot:
CPV: Delay-Based Location Verification for the Internet. IEEE Trans. Dependable Secur. Comput. 14(2): 130-144 (2017) - [j46]AbdelRahman Abdou, Ashraf Matrawy, Paul C. van Oorschot:
Location Verification of Wireless Internet Clients: Evaluation and Improvements. IEEE Trans. Emerg. Top. Comput. 5(4): 563-575 (2017) - [c95]Paul C. van Oorschot:
Science, Security and Academic Literature: Can We Learn from History? MTD@CCS 2017: 1-2 - [c94]AbdelRahman Abdou, Ashraf Matrawy, Paul C. van Oorschot:
Accurate Manipulation of Delay-based Internet Geolocation. AsiaCCS 2017: 887-898 - [c93]Cormac Herley, Paul C. van Oorschot:
SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit. IEEE Symposium on Security and Privacy 2017: 99-120 - [i5]Tao Wan, AbdelRahman Abdou, Paul C. van Oorschot:
A Framework and Comparative Analysis of Control Plane Security of SDN and Conventional Networks. CoRR abs/1703.06992 (2017) - [i4]Furkan Alaca, AbdelRahman Abdou, Paul C. van Oorschot:
Comparative Analysis and Framework Evaluating Mimicry-Resistant and Invisible Web Authentication Schemes. CoRR abs/1708.01706 (2017) - 2016
- [j45]Dinei Florêncio, Cormac Herley, Paul C. van Oorschot:
Pushing on string: the 'don't care' region of password strength. Commun. ACM 59(11): 66-74 (2016) - [c92]Furkan Alaca, Paul C. van Oorschot:
Device fingerprinting for augmenting web authentication: classification and analysis of methods. ACSAC 2016: 289-301 - [c91]Leah Zhang-Kennedy, Sonia Chiasson, Paul C. van Oorschot:
Revisiting password rules: facilitating human management of passwords. eCrime 2016: 81-90 - [i3]AbdelRahman Abdou, Paul C. van Oorschot:
Server Location Verification and Server Location Pinning: Augmenting TLS Authentication. CoRR abs/1608.03939 (2016) - 2015
- [j44]Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano:
Passwords and the evolution of imperfect authentication. Commun. ACM 58(7): 78-87 (2015) - [j43]Sonia Chiasson, Paul C. van Oorschot:
Quantifying the security advantage of password expiration policies. Des. Codes Cryptogr. 77(2-3): 401-408 (2015) - [j42]AbdelRahman Abdou, Ashraf Matrawy, Paul C. van Oorschot:
Taxing the Queue: Hindering Middleboxes From Unauthorized Large-Scale Traffic Relaying. IEEE Commun. Lett. 19(1): 42-45 (2015) - [j41]AbdelRahman Abdou, Ashraf Matrawy, Paul C. van Oorschot:
Accurate One-Way Delay Estimation With Reduced Client Trustworthiness. IEEE Commun. Lett. 19(5): 735-738 (2015) - [j40]Chaitrali Amrutkar, Patrick Traynor, Paul C. van Oorschot:
An Empirical Evaluation of Security Indicators in Mobile Web Browsers. IEEE Trans. Mob. Comput. 14(5): 889-903 (2015) - [c90]Gerardo Reynaga, Sonia Chiasson, Paul C. van Oorschot:
Heuristics for the evaluation of captchas on smartphones. BCS HCI 2015: 126-135 - [c89]AbdelRahman Abdou, David Barrera, Paul C. van Oorschot:
What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks. PASSWORDS 2015: 72-91 - [e3]Anil Somayaji, Paul C. van Oorschot, Mohammad Mannan, Rainer Böhme:
Proceedings of the 2015 New Security Paradigms Workshop, NSPW 2015, Twente, The Netherlands, September 8-11, 2015. ACM 2015, ISBN 978-1-4503-3754-0 [contents] - 2014
- [j39]Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm, Fabian Monrose, Paul C. van Oorschot:
Security Analysis and Related Usability of Motion-Based CAPTCHAs: Decoding Codewords in Motion. IEEE Trans. Dependable Secur. Comput. 11(5): 480-493 (2014) - [c88]Manar Mohamed, Niharika Sachdeva, Michael Georgescu, Song Gao, Nitesh Saxena, Chengcui Zhang, Ponnurangam Kumaraguru, Paul C. van Oorschot, Wei-bang Chen:
A three-way investigation of a game-CAPTCHA: automated attacks, relay attacks and usability. AsiaCCS 2014: 195-206 - [c87]AbdelRahman Abdou, Ashraf Matrawy, Paul C. van Oorschot:
Location verification on the Internet: Towards enforcing location-aware access policies over Internet clients. CNS 2014: 175-183 - [c86]Dinei Florêncio, Cormac Herley, Paul C. van Oorschot:
An Administrator's Guide to Internet Password Research. LISA 2014: 35-52 - [c85]Dinei Florêncio, Cormac Herley, Paul C. van Oorschot:
Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts. USENIX Security Symposium 2014: 575-590 - [c84]David Barrera, Daniel McCarney, Jeremy Clark, Paul C. van Oorschot:
Baton: certificate agility for android's decentralized signing infrastructure. WISEC 2014: 1-12 - [e2]Konstantin Beznosov, Anil Somayaji, Tom Longstaff, Paul C. van Oorschot:
Proceedings of the 2014 workshop on New Security Paradigms Workshop, Victoria, BC, Canada, September 15-18, 2014. ACM 2014, ISBN 978-1-4503-3062-6 [contents] - 2013
- [j38]Mansour Alsaleh, Paul C. van Oorschot:
Evaluation in the absence of absolute ground truth: toward reliable evaluation methodology for scan detectors. Int. J. Inf. Sec. 12(2): 97-110 (2013) - [c83]Adam Skillen, David Barrera, Paul C. van Oorschot:
Deadbolt: locking down android disk encryption. SPSM@CCS 2013: 3-14 - [c82]Serge Egelman, Cormac Herley, Paul C. van Oorschot:
Markets for zero-day exploits: ethics and implications. NSPW 2013: 41-46 - [c81]Jeremy Clark, Paul C. van Oorschot:
SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements. IEEE Symposium on Security and Privacy 2013: 511-525 - [i2]Manar Mohamed, Niharika Sachdeva, Michael Georgescu, Song Gao, Nitesh Saxena, Chengcui Zhang, Ponnurangam Kumaraguru, Paul C. van Oorschot, Wei-bang Chen:
Three-Way Dissection of a Game-CAPTCHA: Automated Attacks, Relay Attacks, and Usability. CoRR abs/1310.1540 (2013) - 2012
- [j37]Robert Biddle, Sonia Chiasson, Paul C. van Oorschot:
Graphical passwords: Learning from the first twelve years. ACM Comput. Surv. 44(4): 19:1-19:41 (2012) - [j36]Dirk Balfanz, Richard Chow, Ori Eisen, Markus Jakobsson, Steve Kirsch, Scott Matsumoto, Jesus Molina, Paul C. van Oorschot:
The Future of Authentication. IEEE Secur. Priv. 10(1): 22-27 (2012) - [j35]Cormac Herley, Paul C. van Oorschot:
A Research Agenda Acknowledging the Persistence of Passwords. IEEE Secur. Priv. 10(1): 28-36 (2012) - [j34]Mansour Alsaleh, Paul C. van Oorschot:
Revisiting network scanning detection using sequential hypothesis testing. Secur. Commun. Networks 5(12): 1337-1350 (2012) - [j33]Mansour Alsaleh, Mohammad Mannan, Paul C. van Oorschot:
Revisiting Defenses against Large-Scale Online Password Guessing Attacks. IEEE Trans. Dependable Secur. Comput. 9(1): 128-141 (2012) - [j32]Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle, Paul C. van Oorschot:
Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism. IEEE Trans. Dependable Secur. Comput. 9(2): 222-235 (2012) - [j31]Paul C. van Oorschot, Glenn Wurster:
Reducing Unauthorized Modification of Digital Objects. IEEE Trans. Software Eng. 38(1): 191-204 (2012) - [j30]Mohammad Mannan, Paul C. van Oorschot:
Passwords for Both Mobile and Desktop Computers: ObPwd for Firefox and Android. login Usenix Mag. 37(4) (2012) - [j29]Mohammad Mannan, Paul C. van Oorschot:
Passwords for Both Mobile and Desktop Computers Appendix. login Usenix Mag. 37(4) (2012) - [c80]Daniel McCarney, David Barrera, Jeremy Clark, Sonia Chiasson, Paul C. van Oorschot:
Tapas: design, implementation, and usability evaluation of a password manager. ACSAC 2012: 89-98 - [c79]David Barrera, Jeremy Clark, Daniel McCarney, Paul C. van Oorschot:
Understanding and improving app installation security mechanisms through empirical analysis of android. SPSM@CCS 2012: 81-92 - [c78]Chaitrali Amrutkar, Patrick Traynor, Paul C. van Oorschot:
Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road? ISC 2012: 86-103 - [c77]Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano:
The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. IEEE Symposium on Security and Privacy 2012: 553-567 - [c76]Yi Xu, Gerardo Reynaga, Sonia Chiasson, Jan-Michael Frahm, Fabian Monrose, Paul C. van Oorschot:
Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion. USENIX Security Symposium 2012: 49-64 - 2011
- [j28]Trent Jaeger, Paul C. van Oorschot, Glenn Wurster:
Countering unauthorized code execution on commodity kernels: A survey of common interfaces allowing kernel code modification. Comput. Secur. 30(8): 571-579 (2011) - [j27]David Barrera, Paul C. van Oorschot:
Secure Software Installation on Smartphones. IEEE Secur. Priv. 9(3): 42-48 (2011) - [j26]David Barrera, Paul C. van Oorschot:
Accommodating IPv6 Addresses in Security Visualization Tools. Inf. Vis. 10(2): 107-116 (2011) - [j25]Paul C. van Oorschot, Julie Thorpe:
Exploiting predictability in click-based graphical passwords. J. Comput. Secur. 19(4): 669-702 (2011) - [j24]Mohammad Mannan, Paul C. van Oorschot:
Leveraging personal devices for stronger password authentication from untrusted computers. J. Comput. Secur. 19(4): 703-750 (2011) - [j23]Robert Biddle, Mohammad Mannan, Paul C. van Oorschot, Tara Whalen:
User Study, Analysis, and Usable Security of Passwords Based on Digital Objects. IEEE Trans. Inf. Forensics Secur. 6(3-2): 970-979 (2011) - [j22]David Barrera, Glenn Wurster, Paul C. van Oorschot:
Back to the Future: Revisiting IPv6 Privacy Extensions. login Usenix Mag. 36(1) (2011) - [c75]Mansour Alsaleh, Paul C. van Oorschot:
Network scan detection with LQS: a lightweight, quick and stateful algorithm. AsiaCCS 2011: 102-113 - [c74]Kemal Bicakci, Nart Bedin Atalay, Mustafa Yuceel, Paul C. van Oorschot:
Exploration and Field Study of a Password Manager Using Icon-Based Passwords. Financial Cryptography Workshops 2011: 104-118 - [c73]Mohammad Mannan, David Barrera, Carson D. Brown, David Lie, Paul C. van Oorschot:
Mercury: Recovering Forgotten Passwords Using Personal Devices. Financial Cryptography 2011: 315-330 - [c72]Kemal Bicakci, Paul C. van Oorschot:
A multi-word password proposal (gridWord) and exploring questions about science in security research and usable security evaluation. NSPW 2011: 25-36 - 2010
- [j21]Paul C. van Oorschot, Amirali Salehi-Abari, Julie Thorpe:
Purely automated attacks on passpoints-style graphical passwords. IEEE Trans. Inf. Forensics Secur. 5(3): 393-405 (2010) - [c71]Elizabeth Stobert, Alain Forget, Sonia Chiasson, Paul C. van Oorschot, Robert Biddle:
Exploring usability effects of increasing security in click-based graphical passwords. ACSAC 2010: 79-88 - [c70]Paul C. van Oorschot:
System security, platform security and usability. STC@CCS 2010: 1-2 - [c69]David Barrera, Hilmi Günes Kayacik, Paul C. van Oorschot, Anil Somayaji:
A methodology for empirical analysis of permission-based security models and its application to android. CCS 2010: 73-84 - [c68]Glenn Wurster, Paul C. van Oorschot:
A control point for reducing root abuse of file-system privileges. CCS 2010: 224-236
2000 – 2009
- 2009
- [j20]Mohammad Mannan, Paul C. van Oorschot:
Reducing threats from flawed security APIs: The banking PIN case. Comput. Secur. 28(6): 410-420 (2009) - [j19]James A. Muir, Paul C. van Oorschot:
Internet geolocation: Evasion and counterevasion. ACM Comput. Surv. 42(1): 4:1-4:23 (2009) - [j18]Sonia Chiasson, Alain Forget, Robert Biddle, Paul C. van Oorschot:
User interface design affects security: patterns in click-based graphical passwords. Int. J. Inf. Sec. 8(6): 387-398 (2009) - [c67]Robert Biddle, Paul C. van Oorschot, Andrew S. Patrick, Jennifer Sobey, Tara Whalen:
Browser interfaces and extended validation SSL certificates: an empirical study. CCSW 2009: 19-30 - [c66]Sonia Chiasson, Alain Forget, Elizabeth Stobert, Paul C. van Oorschot, Robert Biddle:
Multiple password interference in text passwords and click-based graphical passwords. CCS 2009: 500-511 - [c65]Cormac Herley, Paul C. van Oorschot, Andrew S. Patrick:
Passwords: If We're So Smart, Why Are We Still Using Them? Financial Cryptography 2009: 230-237 - [c64]Paul C. van Oorschot, Tao Wan:
TwoStep: An Authentication Method Combining Text and Graphical Passwords. MCETECH 2009: 233-239 - [c63]David Barrera, Paul C. van Oorschot:
Security visualization tools and IPv6 addresses. VizSEC 2009: 21-26 - 2008
- [j17]Paul C. van Oorschot, Julie Thorpe:
On predictive models and user-drawn graphical passwords. ACM Trans. Inf. Syst. Secur. 10(4): 5:1-5:33 (2008) - [c62]Amirali Salehi-Abari, Julie Thorpe, Paul C. van Oorschot:
On Purely Automated Attacks and Click-Based Graphical Passwords. ACSAC 2008: 111-120 - [c61]Mansour Alsaleh, David Barrera, Paul C. van Oorschot:
Improving Security Visualization with Exposure Map Filtering. ACSAC 2008: 205-214 - [c60]Sonia Chiasson, Alain Forget, Robert Biddle, Paul C. van Oorschot:
Influencing users towards better passwords: persuasive cued click-points. BCS HCI (1) 2008: 121-130 - [c59]Terri Oda, Glenn Wurster, Paul C. van Oorschot, Anil Somayaji:
SOMA: mutual approval for included content in web pages. CCS 2008: 89-98 - [c58]Deholo Nali, Paul C. van Oorschot:
CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud. ESORICS 2008: 130-145 - [c57]Jennifer Sobey, Robert Biddle, Paul C. van Oorschot, Andrew S. Patrick:
Exploring User Reactions to New Browser Cues for Extended Validation Certificates. ESORICS 2008: 411-427 - [c56]Mohammad Mannan, Paul C. van Oorschot:
Weighing Down "The Unbearable Lightness of PIN Cracking". Financial Cryptography 2008: 176-181 - [c55]