Security Policy Audits: Why and How

Arvind Narayanan, Kevin Lee, Jens Grossklags, Heather Richter Lipford, Jessica Staddon

Research output: Contribution to journalArticlepeer-review

3 Scopus citations

Abstract

We describe a series of security policy audits that we conducted, exposing policy flaws affecting billions of users that are often exploited by even low-tech attackers. We argue that a systematic study of security policies and processes is sorely needed, and present a research agenda.

Original languageEnglish (US)
Pages (from-to)77-81
Number of pages5
JournalIEEE Security and Privacy
Volume21
Issue number2
DOIs
StatePublished - Mar 1 2023
Externally publishedYes

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering
  • Law

Fingerprint

Dive into the research topics of 'Security Policy Audits: Why and How'. Together they form a unique fingerprint.

Cite this