Publication list

Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate (IEEE Symposium on Security & Privacy 2019)

Web Feature Deprecation: A Case Study for Chrome (ICSE 2019)

An Experience Sampling Study of User Reactions to Browser Warnings in the Field (CHI 2018)

Measuring HTTPS adoption on the web (USENIX Security 2017)

Where the Wild Warnings Are: Root Causes of Chrome Certificate Errors (CCS 2017)

Rethinking Connection Security Indicators (SOUPS 2016)

A Week to Remember: The Impact of Browser Warning Storage Policies (SOUPS 2016)

Improving SSL Warnings: Comprehension and Adherence (CHI 2015)

Your Reputation Precedes You: History, Reputation, and the Chrome Malware Warning (SOUPS 2014)

Experimenting At Scale With Google Chrome's SSL Warning (CHI 2014, Honorable mention)

Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness (USENIX Security 2013)

An Evaluation of the Google Chrome Extension Security Architecture (Usenix Security 2012)

Android Permissions: User Attention, Comprehension, and Behavior (SOUPS 2012, Best paper award)

How to Ask For Permission (HotSec 2012)

Measuring User Confidence in Smartphone Security and Privacy (SOUPS 2012)

Choice Architecture and Smartphone Privacy: There's a Price For That (WEIS 2012)

I've Got 99 Problems, But Vibration Ain't One: A Survey of Smartphone Users' Concerns (SPSM 2012)

Mining Permission Request Patterns from Android and Facebook Applications (ICDM 2012)

AdDroid: Privilege Separation for Applications and Advertisers in Android (AsiaCCS 2012)

Android Permissions Demystified (CCS 2011)

Analyzing Inter-Application Communication in Android (MobiSys 2011)

A Survey of Mobile Malware in the Wild (SPSM 2011)

Permission Re-delegation: Attacks and Defenses (USENIX Security 2011)

The Effectiveness of Application Permissions (WebApps 2011)

Phishing on Mobile Devices (W2SP 2011)

Protecting Browsers from Extension Vulnerabilities (NDSS 2011)

Diesel: Applying Privilege Separation to Database Access (AsiaCCS 2011)

Object Views: Fine-Grained Sharing in Browsers (WWW 2010)

Privacy Protection for Social Networking APIs (W2SP 2008)

Talking to Strangers Without Taking Their Candy: Isolating Proxied Content (SNS 2008)


Why is usable security hard, and what should we do about it? (Enigma 2016)

Where the wild warnings are (Real World Crypto 2016)

Building smart and sophisticated security warnings (Etsy Code as Craft 2015)

Making SSL warnings work (OWASP AppSec California 2015)

Asking for superpowers: Chrome's permission model (Chrome Developer Summit 2014)