Browsing Non INESC TEC publications - Indexed Articles in Conferences by Author "Alexandra Sofia Mendes"
Results Per Page
ItemEvaluating the Accuracy of Password Strength Meters using Off-The-Shelf Guessing Attacks( 2020) Ferreira,JF ; Pereira,D ; Alexandra Sofia Mendes ; 7344In this paper we measure the accuracy of password strength meters (PSMs) using password guessing resistance against off-the-shelf guessing attacks. We consider 13 PSMs, 5 different attack tools, and a random selection of 60,000 passwords extracted from three different datasets of real-world password leaks. Our results show that a significant percentage of passwords classified as strong were cracked, thus suggesting that current password strength estimation methods can be improved. © 2020 IEEE.
ItemExploring Usable Security to Improve the Impact of Formal Verification: A Research Agenda( 2021) Carreira,C ; Ferreira,JF ; Alexandra Sofia Mendes ; Christin,N ; 7344As software becomes more complex and assumes an even greater role in our lives, formal verification is set to become the gold standard in securing software systems into the future, since it can guarantee the absence of errors and entire classes of attack. Recent advances in formal verification are being used to secure everything from unmanned drones to the internet. At the same time, the usable security research community has made huge progress in improving the usability of security products and end-users comprehension of security issues. However, there have been no human-centered studies focused on the impact of formal verification on the use and adoption of formally verified software products. We propose a research agenda to fill this gap and to contribute with the first collection of studies on people's mental models on formal verification and associated security and privacy guarantees and threats. The proposed research has the potential to increase the adoption of more secure products and it can be directly used by the security and formal methods communities to create more effective and secure software tools. © C. Carreira et al.
ItemLost in disclosure: On the inference of password composition policies( 2019) Ferreira,J ; Johnson,S ; Alexandra Sofia Mendes ; Cordry,J ; 7344Large-scale password data breaches are becoming increasingly commonplace, which has enabled researchers to produce a substantial body of password security research utilising real-world password datasets, which often contain numbers of records in the tens or even hundreds of millions. While much study has been conducted on how password composition policies-sets of rules that a user must abide by when creating a password-influence the distribution of user-chosen passwords on a system, much less research has been done on inferring the password composition policy that a given set of user-chosen passwords was created under. In this paper, we state the problem with the naive approach to this challenge, and suggest a simple approach that produces more reliable results. We also present pol-infer, a tool that implements this approach, and demonstrates its use in inferring password composition policies. © 2019 IEEE.
ItemSkeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection( 2020) Johnson,SA ; Cordry,J ; Alexandra Sofia Mendes ; Ferreira,JF ; 7344
ItemTowards Verified Handwritten Calculational Proofs - (Short Paper)( 2018) Alexandra Sofia Mendes ; Ferreira,JF ; 7344