Search Icon
Register

When Security Meets Compatibility

Emily Stark

Over the past decade, HTTPS adoption has risen dramatically. The Web PKI has shifted seismically, with browsers imposing new requirements on CAs and server operators. These shifts bring security and privacy improvements for end users, but they have often been driven by incompatible browser changes that break websites, causing frustration for end users as well as server operators. Security-positive breaking changes involve a plethora of choices. Should browsers roll out a change gradually, or rip the band-aid off and deploy it all at once? How do we advertise the change and motivate different players in the ecosystem to update configurations before they break? How do different types and amounts of breakage affect the user experience? And the meta-question: how do we approach such quandaries scientifically? Drawing from several case studies in the HTTPS ecosystem, I'll talk about the science of nudging an ecosystem: methods that the web browser community has developed, and lessons we've learned, for measuring how best to get millions of websites to improve security while minimizing the frustrations of incompatibility.

View More Papers

coucouArray ( [post_type] => ndss-paper [post_status] => publish [posts_per_page] => 4 [orderby] => rand [tax_query] => Array ( [0] => Array ( [taxonomy] => category [field] => id [terms] => Array ( [0] => 40 [1] => 47 ) ) ) [post__not_in] => Array ( [0] => 7303 ) )

Google/Apple Exposure Notification Due Diligence

Douglas Leith and Stephen Farrell (Trinity College Dublin)

Read More

Taking a Closer Look at the Alexa Skill Ecosystem

Christopher Lentzsch (Ruhr-Universität Bochum), Anupam Das (North Carolina State University)

Read More

Practical Blind Membership Inference Attack via Differential Comparisons

Bo Hui (The Johns Hopkins University), Yuchen Yang (The Johns Hopkins University), Haolin Yuan (The Johns Hopkins University), Philippe Burlina (The Johns Hopkins University Applied Physics Laboratory), Neil Zhenqiang Gong (Duke University), Yinzhi Cao (The Johns Hopkins University)

Read More

Panel – Experiment Artifact Sharing: Challenges and Solutions

Moderator: Laura Tinnel (SRI International) Panelists: Clémentine Maurice (CNRS, IRIS); Martin Rosso (Eindhoven University of Technology); Eric Eide (U. Utah)

Read More

Privacy Starts with UI: Privacy Patterns and Designer Perspectives in UI/UX Practice

Anxhela Maloku (Technical University of Munich), Alexandra Klymenko (Technical University of Munich), Stephen Meisenbacher (Technical University of Munich), Florian Matthes (Technical University of Munich)

Vision: Profiling Human Attackers: Personality and Behavioral Patterns in Deceptive Multi-Stage CTF Challenges

Khalid Alasiri (School of Computing and Augmented Intelligence Arizona State University), Rakibul Hasan (School of Computing and Augmented Intelligence Arizona State University)

From Underground to Mainstream Marketplaces: Measuring AI-Enabled NSFW Deepfakes on Fiverr

Mohamed Moustafa Dawoud (University of California, Santa Cruz), Alejandro Cuevas (Princeton University), Ram Sundara Raman (University of California, Santa Cruz)