Workshop on
The Future of User Authentication and
Authorization on the Web:
Challenges in Current Practice, New Threats, and Research Directions
Friday, March 4, 2011
Co-located with
Financial Cryptography and Data Security 2011
St. Lucia
Preliminary Program
| 9:00 - 10:00 | Keynote: | Cormac Herley, Microsoft Research Passwords and Web Authentication: Two Decades of Confusion and Counting |
| 10:00 - 10:30 | Break | |
| 10:30 - 11:15 | Panel: Password Managers, Single Sign-On, Federated ID: Have users signed up? | |
| Panelists: | Dirk Balfanz, Google Rachna Dhamija, Usable Security Systems Konstantin Beznosov, University of British Columbia | |
| Chair: | Robert Biddle, Carleton University | |
| 11:15 - 12:00 | Panel: Is the SSL (CA) trust model still working? | |
| Panelists: | Steven. M. Bellovin, Columbia University Jesse Burns, iSEC Partners Sid Stamm, Mozilla | |
| Chair: | Paul van Oorschot, Carleton University | |
| 12:00 - 1:15 | Lunch | |
| 1:15 - 2:00 | Invited talk: | Robert Biddle, Carleton University Human computer security: the solution space |
| 2:00 - 2:45 | Panel: Authentication By and For Humans: Design and Evaluation | |
| Panelists: |
Lynne Coventry, Northumbria University Cynthia Kuo, Nokia Research Center Andrew Patrick, Office of the Privacy Commissioner of Canada | |
| Chair: | Sonia Chiasson, Carleton University | |
| 2:45 - 3:15 | Break | |
| 3:15 - 4:00 | Invited talk: | Steven M. Bellovin, Columbia University What am I Doing? Comprehension and Authentication |
| 4:00 - 4:45 | Panel: Latest Attacks on User Authentication and Transaction Authorization | |
| Panelists: |
Markus Jakobsson, PayPal Engin Kirda, Northeastern University Steven Murdoch, University of Cambridge | |
| Chair: | Fabian Monrose, University of North Carolina at Chapel Hill | |
| 4:45 - 5:00 | Wrap-up | |
Invited speakers
Cormac Herley, Microsoft Research | |
 |
Cormac Herley is a Principal Researcher at Microsoft Research. He's been at MSR since 1999, and before that was at HP where he headed the company's currency anti-counterfeiting efforts. His current interests lie in the overlap between the disciplines of security, economics, usability and data analysis. He's authored numerous publications, is inventor of over seventy patents, and has shipped technologies used by millions of users. Some of his recent work has achieved widespread coverage in venues such as the NY Times, the Boston Globe, NPR All Things Considered, CBS News and Newsweek. He received the PhD degree from Columbia University, the MSEE from Georgia Tech, and the BE(Elect) from the National University of Ireland. |
Steven M. Bellovin, Columbia University | |
 |
Steven M. Bellovin is a professor of computer science at Columbia University, where he does research on networks, security, and especially why the two don't get along. While a graduate student, he helped create Netnews; for this, he and the other perpetrators were given the 1995 Usenix Lifetime Achievement Award (The Flame). He is a member of the U.S. National Academy of Engineering, the co-author of Firewalls and Internet Security: Repelling the Wily Hacker, and the recipient of the 2007 NIST/NSA National Computer Systems Security Award. He was a member of the Internet Architecture Board from 1996-2002; he was co-director of the Security Area of the IETF from 2002 through 2004. |
Robert Biddle, Carleton University | |
 |
Robert is a Professor of Human-Computer Interaction appointed to the School of Computer Science at Carleton University, in Ottawa, Canada. He was a British Commonwealth Scholar, and worked for many years at universities in New Zealand. His interests are in "the secret life of software": how software can work in rich and subtle ways with human expression and human behaviour. His current work is on interaction design for computer security, and he leads themes for Canadian research networks on security, on interactive application development, and on new media. |