Computer viruses: theory and experiments
Computers and Security
Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Communications of the ACM
SSL and TLS: designing and building secure systems
SSL and TLS: designing and building secure systems
Understanding PKI: Concepts, Standards, and Deployment Considerations
Understanding PKI: Concepts, Standards, and Deployment Considerations
Good-Enough Security: Toward a Pragmatic Business-Driven Discipline
IEEE Internet Computing
The Problem with Multiple Roots in Web Browsers - Certificate Masquerading
WETICE '98 Proceedings of the 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
A Formal Specification of Requirements for Payment Transactions in the SET Protocol
FC '98 Proceedings of the Second International Conference on Financial Cryptography
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2003 ACM workshop on Rapid malcode
Computer Security in the Real World
Computer
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Cyber-physical systems: the next computing revolution
Proceedings of the 47th Design Automation Conference
A Research Agenda Acknowledging the Persistence of Passwords
IEEE Security and Privacy
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
There appears to be consensus among seasoned cyber security researchers that there is substantial disconnect between the research community's priorities and the real world-notwithstanding numerous intellectual advances in the theory and practice of cyber security over the past four decades. This is in part manifested by recent recurring calls for dramatic shifts in cyber security research paradigms, including so called game-changing approaches that go beyond the typical computer science and engineering perspectives. This article focusses on a specially important piece of cyber security called web user security where the prime concern is security for the ordinary consumer of web application services. The proliferation of web services and their enthusiastic reception by the ordinary citizen attests to the tremendous practical success of these technologies. As such it is prima facie evident that the current web is ''secure enough'' for mass adoption. Now, one certain prediction about the web is that it will continue to evolve rapidly. This article gives the author's personal perspective on what web user security science might be developed to address the need to be ''secure enough'' in light of continued evolution. To this end the article begins by considering what happened in evolution of the web in the past and how much of it, if any, was guided by ''science.'' The article identifies some security principles that can be abstracted from this short but eventful history. The article then speculates on what directions the science of web user security should take.