About Contact Help us  
Interaction-Design.org
HCI, User Experience, Information Architecture, Usability, and more
 
Thank you so much to everyone involved

Last 3 Donors

Support us

Funding progress for 2010:
 
References Navigation arrow Authors Navigation arrow Dan Boneh
Bookmark and Share Printer-friendly version of this pagePrinter-friendly Instructions on how to cite/reference this pageHow to cite 

Dan Boneh

No picture of Dan Boneh available - click to provide one

About the author:
No description available of Dan Boneh...
ADD DESCRIPTION
ADD PUBLICATION
SHARE YOUR RESEARCH

Publications by Dan Boneh (bibliography)

 what's this?

» 2007 «

Edit | Del

Bortz, Andrew and Boneh, Dan (2007): Exposing private information by timing web applications. In: Proceedings of the 2007 International Conference on the World Wide Web 2007. pp. 621-628. Available online

We show that the time web sites take to respond to HTTP requests can leak private information, using two different types of attacks. The first, direct timing, directly measures response times from a web site to expose private information such as validity of an username at a secured site or the number of private photos in a publicly viewable gallery. The second, cross-site timing, enables a malicious web site to obtain information from the user's perspective at another site. For example, a malicious site can learn if the user is currently logged in at a victim site and, in some cases, the number of objects in the user's shopping cart. Our experiments suggest that these timing vulnerabilities are wide-spread. We explain in detail how and why these attacks work, and discuss methods for writing web application code that resists these attacks.

Copyrights may apply

Edit | Del

Kumar, Manu, Garfinkel, Tal, Boneh, Dan and Winograd, Terry (2007): Reducing shoulder-surfing by using gaze-based password entry. In: Proceedings of the 2007 Symposium on Usable Privacy and Security 2007. pp. 13-19. Available online

Shoulder-surfing -- using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information -- is a problem that has been difficult to overcome. When a user enters information using a keyboard, mouse, touch screen or any traditional input device, a malicious observer may be able to acquire the user's password credentials. We present EyePassword, a system that mitigates the issues of shoulder surfing via a novel approach to user input. With EyePassword, a user enters sensitive input (password, PIN, etc.) by selecting from an on-screen keyboard using only the orientation of their pupils (i.e. the position of their gaze on screen), making eavesdropping by a malicious observer largely impractical. We present a number of design choices and discuss their effect on usability and security. We conducted user studies to evaluate the speed, accuracy and user acceptance of our approach. Our results demonstrate that gaze-based password entry requires marginal additional time over using a keyboard, error rates are similar to those of using a keyboard and subjects preferred the gaze-based password entry approach over traditional methods.

Copyrights may apply

» 2006 «

Edit | Del

Jackson, Collin, Bortz, Andrew, Boneh, Dan and Mitchell, John C. (2006): Protecting browser state from web privacy attacks. In: Proceedings of the 2006 International Conference on the World Wide Web 2006. pp. 737-744. Available online

Through a variety of means, including a range of browser cache methods and inspecting the color of a visited hyperlink, client-side browser state can be exploited to track users against their wishes. This tracking is possible because persistent, client-side browser state is not properly partitioned on per-site basis in current browsers. We address this problem by refining the general notion of a "same-origin" policy and implementing two browser extensions that enforce this policy on the browser cache and visited links. We also analyze various degrees of cooperation between sites to track users, and show that even if long-term browser state is properly partitioned, it is still possible for sites to use modern web features to bounce users between sites and invisibly engage in cross-domain tracking of their visitors. Cooperative privacy attacks are an unavoidable consequence of all persistent browser state that affects the behavior of the browser, and disabling or frequently expiring this state is the only way to achieve true privacy against colluding parties.

Copyrights may apply

» 2004 «

Edit | Del

Boneh, Dan, Ding, Xuhua and Tsudik, Gene (2004): Fine-grained control of security capabilities. In ACM Trans. Internet Techn., 4 (1) pp. 60-82

ADD PUBLICATION
SHOW THIS LIST ON YOUR HOMEPAGE

What do YOU think?

Give us your opinion! Do you have any comments/additions
that you would like other visitors to see?

 
comment You say: Mar 21st, 2010
#1
Be the first to add a thoughtful note to this page ! 

  will be spam-protected
 

 
How many?
=
e.g. "6"
 

Changes to this page (author)

23 Feb 2010: Enabled abstracts to be shown on Dan Boneh's author page.
18 Aug 2009: Author was edited
09 Jul 2009: Author was edited
12 May 2008: Author was edited
25 Jul 2007: Author was added to the bibliography

Publication statistics

Publication period:2004-2007
Publication count:4
Number of co-authors:8



Productive colleagues

Dan Boneh's 3 most productive colleagues in number of publications:

Terry Winograd:56
Gene Tsudik:6
Manu Kumar:5


Collaboration count

Number of publications with 3 favourite co-authors:

Andrew Bortz:2
Xuhua Ding:1
Gene Tsudik:1

 

Other options

Learn more about Dan Boneh:
- Google Scholar
- ACM
- CSB

Mar 21

Software design is the act of determining the user's experience with a piece of software. It has nothing to do with how the code works inside, or how big or small the code is. The designer's task is to specify completely and unambiguously the user's whole experience.

-- David Liddle, From Bringing Design to Software, edited by Terry Winograd, 1996

  • Share this quote on... Bookmark and Share
  • Get more quotes

Eva Hornecker on Tangible Interaction

Eva Hornecker explains the evolving concept of Tangible Interaction.

Read Eva's insightful entry here..

Help us help you!

  • Spread the word: Bookmark and Share
  • Donate
  • Other ways to help
 
 

Page information

Page maintainer: The Editorial Team
How to cite/reference this page
URL: http://www.interaction-design.org/references/authors/dan_boneh.html
© Site Copyright/IP Policy | Privacy | Changelog

How to help | Site Map | RSS Subscribe through an RSS feed
Bookmark and Share
.
Author index:
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Æ
Ø
Ö
Å
Calendar:
Internet Calendar (.iCal/.ics format) | Printerfriendly Calendar | Approaching Deadlines | World Map | Calendar RSS Feed
 
Browse bibliography by:
Authors | Conferences | Periodicals | Publishers