Internet Security Research Lab

• T. W. van der Horst and K. E. Seamons. pwdArmor: Protecting Conventional Password-based Authentications. 24th Annual Computer Security Applications Conference (ACSAC 2008), Anaheim, CA, December 2008. [Presentation]


• R. S. Abbott, T. W. van der Horst, and K. E. Seamons. CPG: Closed Pseudonymous Groups. Workshop on Privacy in the Electronic Society (WPES 2008), Alexandria, VA, October 2008.


• D. D. Walker, E. G. Mercer, and K. E. Seamons. Or Best Offer: A Privacy Policy Negotiation Protocol. IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2008), Palisades, NY, June 2008.


• A. Harding, T. W. van der Horst, and K. E. Seamons. Wireless Authentication using Remote Passwords. 1st ACM Conference on Wireless Network Security (WiSec), Alexandria, VA, March 2008.


• P. L. Hellewell, T. W. van der Horst, and K. E. Seamons. Extensible Pre-Authentication in Kerberos. 23rd Annual Computer Security Applications Conference (ACSAC), Miami, FL, December 2007.


• T. W. van der Horst, and K. E. Seamons. Simple Authentication for the Web. 3rd International Conference on Security and Privacy in Communication Networks, Nice, France, September, 2007. [Presentation]


• R. C. Jammalamadaka, R. Gamboni, S. Mehrotra, K. Seamons, N. Venkatasubramanian. gVault: A Gmail Based Cryptographic Network File System. 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Redondo Beach, CA, July 2007.


• T. W. van der Horst, and K. E. Seamons. Poster Paper -- Simple Authentication for the Web. 16th International World Wide Web Conference (WWW2007), Banff, Alberta, Canada, May 2007.


• T. W. van der Horst, and K. E. Seamons. Simple Authentication for the Web. Internet Security Research Lab Technical Report 2007-1, Brigham Young University, January 2007.


• A. J. Lee, K. E. Seamons, M. Winslett and T. Yu. Automated Trust Negotiation in Open Systems. In Secure Data Management in Decentralized Systems, edited by Ting Yu and Sushil Jajodia, Springer, December 2006.


• R. C. Jammalamadaka, T. W. van der Horst, S. Mehrotra, K. E. Seamons, and N. Venkasubramanian. Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine. 22nd Annual Computer Security Applications Conference (ACSAC), Miami, FL, December 2006.


• L. Olson, M. Winslett, G. Tonti, N. Seeley, A. Uszok, and J. Bradshaw.TrustBuilder as an Authorization Service for Web Services. International Workshop on Security and Trust in Decentralized/Distributed Data Structures (STD3S) in conjuction with the 22nd International Conference on Data Engineering (ICDE'06), Atlanta, Georgia, April 2006.


• J. Holt. Logcrypt: Forward Security and Public Verification for Secure Audit Logs. Australasian Information Security Workshop 2006, Hobart, Tasmania, January 2006.


• T. Ryutov, L. Zhou, C. Neuman, N. Foukia, T. Leithead, and K. E. Seamons. Adaptive Trust Negotiation and Access Control for Grids. 6th IEEE/ACM International Workshop on Grid Computing, Seattle, WA, November 2005.


• T. W. van der Horst and K. E. Seamons. Short Paper: Thor -- The Hybrid Online Repository. First IEEE International Conference on Security and Privacy for Emerging Areas in Communications Networks, Athens, Greece, September 2005. slides


• T. Ryutov, L. Zhou, C. Neuman, T. Leithead, and K. E. Seamons. Adaptive Trust Negotiation and Access Control. 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, June 2005.


• T. Leithead, W. Nejdl, D. Olmedilla, K. Seamons, M. Winslett, T. Yu, and C. Zhang. How to Exploit Ontologies in Trust Negotiation. Workshop on Trust, Security, and Reputation on the Semantic Web, part of the Third International Semantic Web Conference, Hiroshima, Japan, November 2004.


• R. Bradshaw, J. Holt, and K. E. Seamons. Concealing Complex Policies with Hidden Credentials. Eleventh ACM Conference on Computer and Communications Security, Washington, DC, October 2004.


• T. W. van der Horst, T. Sundelin, K. E. Seamons, and C. D. Knutson. Mobile Trust Negotiation: Authentication and Authorization in Dynamic Mobile Networks. Eighth IFIP Conference on Communications and Multimedia Security, Lake Windermere, England, September 2004. Slides


• A. Hess, J. Holt, J. Jacobson, and K. E. Seamons. Content-Triggered Trust Negotiation. ACM Transaction on Information System Security, Vol. 7, No. 3, August 2004.


• B. Smith, K. E. Seamons, and M. D. Jones. Responding to Policies at Runtime in TrustBuilder. 5th International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), Yorktown Heights, New York, June 2004.


• R. Gavriloaie, W. Nejdl, D. Olmedilla, K. E. Seamons, and M. Winslett. No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web. 1st European Semantic Web Symposium, Heraklion, Greece, May 2004.


• J. Holt, R. Bradshaw, K. E. Seamons, and H. Orman. Hidden Credentials. 2nd ACM Workshop on Privacy in the Electronic Society, Washington, DC, October 2003. Slides


• D. Vawdrey, T. Sundelin, K. E. Seamons, and C. Knutson. Trust Negotiation for Authentication and Authorization in Healthcare Information Systems. 25th Annual International Conference of the IEEE Engineering In Medicine And Biology Society, Cancun, Mexico, September 2003.


• A. Hess and K. E. Seamons. An Access Control Model for Dynamic Client Content. 8th ACM Symposium on Access Control Models and Technologies, Como, Italy, June 2003. Slides


• M. Winslett. An Introduction to Automated Trust Establishment. 1st International Conference on Trust Management, Crete, Greece, May 2003.


• T. Yu and M. Winslett. A Unified Scheme for Resource Protection in Automated Trust Negotiation.IEEE Symposium on Security and Privacy, Berkeley, California, May 2003.


• T. Yu, M. Winslett, and K. E. Seamons. Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation. ACM Transactions on Information and System Security,vol. 6, no. 1, February 2003.


• M. Winslett, T. Yu, K. E. Seamons, A. Hess, J. Jacobson, R. Jarvis, B. Smith, and L. Yu. Negotiating Trust on the Web. IEEE Internet Computing, vol. 6, no. 6, November/December 2002. 


• T. Yu, M.Winslett, and K.E. Seamons. Automated Trust Negotiation over the Internet. 6th World Multiconference on Systemics, Cybernetics and Informatics, Orlando, FL, July 14-18, 2002.


• K. E. Seamons, M. Winslett, T. Yu, B. Smith, E. Child, J. Jacobson, H. Mills, and L. Yu. Requirements for Policy Languages for Trust Negotiation. 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Monterey, CA, June 2002. Slides


• K. E. Seamons, M. Winslett, T. Yu, L. Yu, and R. Jarvis. Protecting Privacy during On-line Trust Negotiation. 2nd Workshop on Privacy Enhancing Technologies, San Francisco, CA, April 2002. Slides


• A. Hess, J. Jacobson, H. Mills, R. Wamsley, K. E. Seamons, and B. Smith. Advanced Client/Server Authentication in TLS. Network and Distributed System Security Symposium, San Diego, CA, February 2002. Slides


• J. Holt and K. E. Seamons. Selective Disclosure Credential Sets. Cryptology ePrint Archive, Report 2002/151


• T. Yu, M. Winslett, and K. E. Seamons. Interoperable Strategies in Automated Trust Negotiation. 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, November 2001.


• T. Barlow, A. Hess, and K. E. Seamons. Trust Negotiation in Electronic Markets. Eighth Research Symposium in Emerging Electronic Markets, Maastricht, Netherlands, September 2001.


• K. E. Seamons, M. Winslett, and T. Yu. Limiting the Disclosure of Access Control Policies During Automated Trust Negotiation. Network and Distributed System Security Symposium, San Diego, CA, February 2001. Slides


• T. Yu, X. Ma, and M. Winslett. PRUNES: An Efficient and Complete Strategy for Trust Negotiation over the Internet. ACM Conference on Computer and Communications Security, Athens, November 2000.


• W. H. Winsborough, K. E. Seamons, and V. E. Jones. Automated Trust Negotiation. DARPA Information Survivability Conference and Exposition, Hilton Head, SC, January 2000.


• W. H. Winsborough, K. E. Seamons, and V. E. Jones. Negotiating Disclosure of Sensitive Credentials. Second Conference on Security in Communication Networks, Amalfi, Italy, September 1999.


• K. E. Seamons, W. Winsborough, and M. Winslett. Internet Credential Acceptance Policies. Proceedings of the Workshop on Logic Programming for Internet Applications, Leuven, Belgium, July 1997.

Student Theses

• Reed Abbott. CPG: Closed Pseudonymous Groups. March 2008.


• Andrew Harding. Wireless Authentication using Remote Passwords (WARP). Jamuary 2008.


• Phillip Hellewell Extensible Pre-Authentication in Kerberos (EPAK). August 2007.


• Dan Walker Or Best Offer: Privacy Policy Negotiation Protocol. June 2007.


• Nathan Seeley. Digital Receipts. November 2006.


• Paul Porter. Trust Negotiation for Open Database Access Control. May 2006.


• Cameron Morris. Browser Based Trust Negotiation. March 2006.


• Michael Edvalson. TrustBroker: A Defense Against identify Theft From Online Transactions. December 2005.


• Travis Leithead. Challenging Policies That Do Not Play Fair: A Credential Relevancy Framework Using Trust Negotiation Ontologies. August 2005.


• Jim Henshaw. Phishing Warden: Enhancing Content-Triggered Trust Negotiation to Prevent Phishing Attacks. May 2005.


• Tim van der Horst. Thor: The Hybrid Online Repository. February 2005.


• Jason Holt. Logcrypt: Forward Security and Public Verification for Secure Audit Logs. February 2005.


• Evan Child. Trust Negotiation Using Hidden Credentials. July 2004.


• Robert Bradshaw. Concealing Complex Policies with Hidden Credentials. June 2004.


• Thomas Chan. Preserving Trust Across Multiple Sessions in Open Systems. June 2004.


• Bryan Smith. Responding to Policies at Runtime in TrustBuilder. March 2004.


• Tore Sundelin. Surrogate Trust Negotiation. July 2003.


• Jared Jacobson. Trust Negotiation In Session Level Protocols. July 2003.


• Ryan Jarvis. Protecting Sensitive Credential Content During Trust Negotiation. April 2003.


• Adam Hess. Content Triggered Trust Negotiation. February 2003.

Technical Reports

• Timothy W. van der Horst, and Kent E. Seamons. Simple Authentication for the Web. Internet Security Research Lab Technical Report 2007-1, Brigham Young University, January 2007.


• Jason E. Holt and Kent E. Seamons. Reconciling CA-Oblivious Encryption, Hidden Credentials, OSBE, and Secret Handshakes. Internet Security Research Lab Technical Report 2006-5, Brigham Young University, June 2006.


• Jason E. Holt and Kent E. Seamons. Nym: Practical Pseudonymity for Anonymous Networks. Internet Security Research Lab Technical Report 2006-4, Brigham Young University, June 2006.


• Jason E. Holt. Surety Bond PKI. Internet Security Research Lab Technical Report 2006-3, Brigham Young University, March 2006.


• Jason E. Holt. Key Privacy for Identity Based Encryption. Internet Security Research Lab Technical Report 2006-2, Brigham Young University, March 2006.


• Jason E. Holt, Ed Schaller, and Kent E. Seamons. Logcrypt: Forward Security and Public Verification for Secure Audit Logs. Internet Security Research Lab Technical Report 2006-1, Brigham Young University, March 2006.