Search

Your search keyword '"Staddon, Jessica"' showing total 95 results
Start Over Author "Staddon, Jessica"
95 results on '"Staddon, Jessica"'

1. Assessment of LLM Responses to End-user Security Questions

Author

Prakash, Vijay, Lee, Kevin, Bhattacharya, Arkaprabha, Huang, Danny Yuxing, and Staddon, Jessica

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Computation and Language, Computer Science - Human-Computer Interaction
Abstract

Answering end user security questions is challenging. While large language models (LLMs) like GPT, LLAMA, and Gemini are far from error-free, they have shown promise in answering a variety of questions outside of security. We studied LLM performance in the area of end user security by qualitatively evaluating 3 popular LLMs on 900 systematically collected end user security questions. While LLMs demonstrate broad generalist ``knowledge'' of end user security information, there are patterns of errors and limitations across LLMs consisting of stale and inaccurate answers, and indirect or unresponsive communication styles, all of which impacts the quality of information received. Based on these patterns, we suggest directions for model improvement and recommend user strategies for interacting with LLMs when seeking assistance with security., Comment: 18 pages, 1 figure, 8 tables

Published
2024

2. Can LLMs be Scammed? A Baseline Measurement Study

Author

Sehwag, Udari Madhushani, Patel, Kelly, Mosca, Francesca, Ravi, Vineeth, and Staddon, Jessica

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence
Abstract

Despite the importance of developing generative AI models that can effectively resist scams, current literature lacks a structured framework for evaluating their vulnerability to such threats. In this work, we address this gap by constructing a benchmark based on the FINRA taxonomy and systematically assessing Large Language Models' (LLMs') vulnerability to a variety of scam tactics. First, we incorporate 37 well-defined base scam scenarios reflecting the diverse scam categories identified by FINRA taxonomy, providing a focused evaluation of LLMs' scam detection capabilities. Second, we utilize representative proprietary (GPT-3.5, GPT-4) and open-source (Llama) models to analyze their performance in scam detection. Third, our research provides critical insights into which scam tactics are most effective against LLMs and how varying persona traits and persuasive techniques influence these vulnerabilities. We reveal distinct susceptibility patterns across different models and scenarios, underscoring the need for targeted enhancements in LLM design and deployment.

Published
2024

3. Shortchanged: Uncovering and Analyzing Intimate Partner Financial Abuse in Consumer Complaints

Author

Bhattacharya, Arkaprabha, Lee, Kevin, Ravi, Vineeth, Staddon, Jessica, and Bellini, Rosanna

Subjects
Computer Science - Computers and Society, Computer Science - Cryptography and Security, Computer Science - Human-Computer Interaction
Abstract

Digital financial services can introduce new digital-safety risks for users, particularly survivors of intimate partner financial abuse (IPFA). To offer improved support for such users, a comprehensive understanding of their support needs and the barriers they face to redress by financial institutions is essential. Drawing from a dataset of 2.7 million customer complaints, we implement a bespoke workflow that utilizes language-modeling techniques and expert human review to identify complaints describing IPFA. Our mixed-method analysis provides insight into the most common digital financial products involved in these attacks, and the barriers consumers report encountering when doing so. Our contributions are twofold; we offer the first human-labeled dataset for this overlooked harm and provide practical implications for technical practice, research, and design for better supporting and protecting survivors of IPFA., Comment: 20 pages, 9 figures, 8 tables, This paper will be published in CHI '24: Proceedings of the 2024 CHI Conference on Human Factors in Computing Systems

Published
2024
Full Text
View/download PDF

4. Policy by Example: An Approach for Security Policy Specification

Author

Nadkarni, Adwait, Enck, William, Jha, Somesh, and Staddon, Jessica

Subjects
Computer Science - Cryptography and Security
Abstract

Policy specification for personal user data is a hard problem, as it depends on many factors that cannot be predetermined by system developers. Simultaneously, systems are increasingly relying on users to make security decisions. In this paper, we propose the approach of Policy by Example (PyBE) for specifying user-specific security policies. PyBE brings the benefits of the successful approach of programming by example (PBE) for program synthesis to the policy specification domain. In PyBE, users provide policy examples that specify if actions should be allowed or denied in certain scenarios. PyBE then predicts policy decisions for new scenarios. A key aspect of PyBE is its use of active learning to enable users to correct potential errors in their policy specification. To evaluate PyBE's effectiveness, we perform a feasibility study with expert users. Our study demonstrates that PyBE correctly predicts policies with 76% accuracy across all users, a significant improvement over naive approaches. Finally, we investigate the causes of inaccurate predictions to motivate directions for future research in this promising new domain.

Published
2017

6. Secure Conjunctive Keyword Search over Encrypted Data

Author

Golle, Philippe, Staddon, Jessica, Waters, Brent, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jakobsson, Markus, editor, Yung, Moti, editor, and Zhou, Jianying, editor

Published
2004
Full Text
View/download PDF

15. Security Policy Audits: Why and How

Author

Narayanan, Arvind, Lee, Kevin, Grossklags, Jens, Lipford, Heather Richter, and Staddon, Jessica

Abstract

We describe a series of security policy audits that we conducted, exposing policy flaws affecting billions of users that are often exploited by even low-tech attackers. We argue that a systematic study of security policies and processes is sorely needed, and present a research agenda.

Published
2023
Full Text
View/download PDF

16. Multirecipient encryption schemes: how to save on bandwidth and computation without sacrificing security

Author

Bellare, Mihir, Boldyreva, Alexandra, Kurosawa, Kaoru, and Staddon, Jessica

Subjects
Encryption, Bandwidth allocation, Bandwidth technology, Data security issue, Data encryption -- Methods, Bandwidth -- Measurement, Data security -- Control
Abstract

This paper proposes several new schemes which allow a sender to send encrypted messages to multiple recipients more efficiently (in terms of bandwidth and computation) than by using a standard encryption scheme. Most of the proposed schemes explore a new natural technique called randomness reuse. In order to analyze security of our constructions, we introduce a new notion of multirecipient encryption schemes (MRESs) and provide definitions of security for them. We finally show a way to avoid ad hoc analyses by providing a general test that can be applied to a standard encryption scheme to determine whether the associated randomness reusing MRES is secure. The results and applications cover both asymmetric and symmetric encryption. Index Terms--Cryptography, encryption, provable security, randomness. Digital Object Identifier 10.1109/TIT.2007.907471

Published
2007

17. Applications of list decoding to tracing traitors

Author

Silverberg, Alice, Staddon, Jessica, and Walker, Judy L.

Subjects
Information theory -- Research
Abstract

We apply results from algebraic coding theory to solve problems in cryptography, by using recent results on list decoding of error-correcting codes to efficiently find traitors who collude to create pirates. We produce schemes for which the traceability (TA) traitor tracing algorithm is very fast. We compare the TA and identifiable parent property (IPP) traitor tracing algorithms, and give evidence that when using an algebraic structure, the ability to trace traitors with the IPP algorithm implies the ability to trace with the TA algorithm. We also demonstrate that list decoding techniques can be used to find all possible pirate coalitions. Finally, we raise some related open questions about linear codes, and suggest uses for other decoding techniques in the presence of additional information about traitor behavior. Index Terms--Algebraic-geometry (AG) code, identifiable parent property (IPP), list decoding, Reed-Solomon code, traceability (TA) code, traitor tracing.

Published
2003

18. Beyond Passwords—Challenges and Opportunities of Future Authentication.

Author

Alt, Florian, Schneegass, Stefan, Grossklags, Jens, Lipford, Heather Richter, and Staddon, Jessica

Abstract

The usable security community seems ready for another attempt to move beyond passwords. We shed light on current scientific developments in implicit authentication—that is, authentication approaches in which physiological features and behavior authenticate users—and discuss opportunities and obstacles. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

23. Equity and Privacy: More Than Just a Tradeoff.

Author

Pujol, David, Machanavajjhala, Ashwin, Grossklags, Jens, Lipford, Heather Richter, and Staddon, Jessica

Abstract

Organizations large and small collect information about individuals and groups and then want to share insights from this data to inform research and policy making. For instance, hospitals release deidentified data to innovate on disease detection and mitigation. Internet companies train and release machine learning (ML) models as a service for a variety of classification tasks. Government agencies distribute statistical data to enable research and policy making. However, releasing data, even in "anonymous" or aggregated form, creates vulnerabilities to privacy attacks that can result in individuals' sensitive details being revealed. [ABSTRACT FROM AUTHOR]

Published
2021
Full Text
View/download PDF

30. Combinatorial Properties of Frameproof and Traceability Codes

Author

Staddon, Jessica N., Stinson, Douglas R., and Wei, Ruizhong

Subjects
Codes -- Analysis, Copyright -- Safety and security measures
Abstract

In order to protect copyrighted material, codes may be embedded in the content or codes may be associated with the keys used to recover the content. Codes can offer protection by providing some form of traceability (TA) for pirated data. Several researchers have studied different notions of TA and related concepts in recent years. "Strong" versions of TA allow at least one member of a coalition that constructs a "pirate decoder" to be traced. Weaker versions of this concept ensure that no coalition can "frame" a disjoint user or group of users. All these concepts can be formulated as codes having certain combinatorial properties. In this paper, we study the relationships between the various notions, and we discuss equivalent formulations using structures such as perfect hash families. We use methods from combinatorics and coding theory to provide bounds (necessary conditions) and constructions (sufficient conditions) for the objects of interest. Index Terms--Frameproof (FP) codes, identifiable parent property (IPP), perfect hash families, traceability (TA) codes.

Published
2001

37. Protecting the Privacy of Individuals in Terrorist Tracking Applications

Author

PALO ALTO RESEARCH CENTER CA, Lunt, Teresa, Aoki, Paul, Balfanz, Dirk, Durfee, Glenn, Golle, Philippe, Smetters, Diana, Staddon, Jessica, Thornton, Jim, Uribe, Tomas, PALO ALTO RESEARCH CENTER CA, Lunt, Teresa, Aoki, Paul, Balfanz, Dirk, Durfee, Glenn, Golle, Philippe, Smetters, Diana, Staddon, Jessica, Thornton, Jim, and Uribe, Tomas

Abstract

Countering terrorism involves gathering information from a wide diversity of sources to discover key facts and relationships, develop models of hypotheses, and support human reasoning on likely futures and outcomes. Many of these data sources contain sensitive personal information, such as data on telephone calls, email, credit card usage, bank accounts, car rentals, housing, educational data, health-related data, drivers' licenses, airline and hotel reservations, visas, border crossing, attendance at events, and application for government programs. In tracking potential terrorists and attempting to discover their relationships and organization, is it necessary to focus on data about individuals. Yet it is this identification of data with individuals that makes the information sensitive. The goal of this project was to allow authorized analysts to search these data for terrorist-related activity while providing a realistic degree of privacy protection for ordinary citizens who may be also represented in those databases. The proposed solution has the following elements: Inference control to prevent unauthorized individuals from completing queries that would allow identification of ordinary citizens, access control to return sensitive identifying data to appropriately authorized users, Immutable audit logs that ensure all data accesses are recorded immediately and permanently with no possibility of alteration., The original document contains color images.

Published
2005

41. Controlling data in the cloud

Author

Chow, Richard, primary, Golle, Philippe, additional, Jakobsson, Markus, additional, Shi, Elaine, additional, Staddon, Jessica, additional, Masuoka, Ryusuke, additional, and Molina, Jesus, additional

Published
2009
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results