Security Policy Audits: Why and How

Arvind Narayanan; Kevin Lee; Jens Grossklags; Heather Richter Lipford; Jessica Staddon

doi:10.1109/MSEC.2023.3236540

Security Policy Audits: Why and How

Arvind Narayanan
, Kevin Lee
, Jens Grossklags
, Heather Richter Lipford
, Jessica Staddon

Informatics 24 - Associate Professorship of Cyber Trust

Research output: Contribution to journal › Article › peer-review

4 Scopus citations

Abstract

We describe a series of security policy audits that we conducted, exposing policy flaws affecting billions of users that are often exploited by even low-tech attackers. We argue that a systematic study of security policies and processes is sorely needed, and present a research agenda.

Original language	English
Pages (from-to)	77-81
Number of pages	5
Journal	IEEE Security and Privacy
Volume	21
Issue number	2
DOIs	https://doi.org/10.1109/MSEC.2023.3236540
State	Published - 1 Mar 2023

Access to Document

10.1109/MSEC.2023.3236540

Cite this

@article{f464e57000f346c9bc0078d76ff829e9,

title = "Security Policy Audits: Why and How",

abstract = "We describe a series of security policy audits that we conducted, exposing policy flaws affecting billions of users that are often exploited by even low-tech attackers. We argue that a systematic study of security policies and processes is sorely needed, and present a research agenda.",

author = "Arvind Narayanan and Kevin Lee and Jens Grossklags and Lipford, \{Heather Richter\} and Jessica Staddon",

note = "Publisher Copyright: {\textcopyright} 2003-2012 IEEE.",

year = "2023",

month = mar,

day = "1",

doi = "10.1109/MSEC.2023.3236540",

language = "English",

volume = "21",

pages = "77--81",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "2",

}

TY - JOUR

T1 - Security Policy Audits

T2 - Why and How

AU - Narayanan, Arvind

AU - Lee, Kevin

AU - Grossklags, Jens

AU - Lipford, Heather Richter

AU - Staddon, Jessica

PY - 2023/3/1

Y1 - 2023/3/1

N2 - We describe a series of security policy audits that we conducted, exposing policy flaws affecting billions of users that are often exploited by even low-tech attackers. We argue that a systematic study of security policies and processes is sorely needed, and present a research agenda.

AB - We describe a series of security policy audits that we conducted, exposing policy flaws affecting billions of users that are often exploited by even low-tech attackers. We argue that a systematic study of security policies and processes is sorely needed, and present a research agenda.

UR - https://www.scopus.com/pages/publications/85153564709

U2 - 10.1109/MSEC.2023.3236540

DO - 10.1109/MSEC.2023.3236540

M3 - Article

AN - SCOPUS:85153564709

SN - 1540-7993

VL - 21

SP - 77

EP - 81

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

IS - 2

ER -

Security Policy Audits: Why and How

Abstract

Access to Document

Other files and links

Fingerprint

Cite this