P. Andriotis, G. Oikonomou, A. Mylonas, T. Tryfonas, "A Study on Usability and Security Features of the Android Pattern Lock Screen", Information and Computer Security, Emerald, 24(1), pp. 53-72, 2016
The Android pattern lock screen (or graphical password) is a popular user authentication method that relies on the advantages provided by the visual representation of a password, which enhance its memorability. Graphical passwords are vulnerable to attacks (e.g. shoulder surfing); thus, the need for more complex passwords becomes apparent. This paper aims to focus on the features that constitute a usable and secure pattern and investigate the existence of heuristic and physical rules that possibly dictate the formation of a pattern.
T. Spyridopoulos, K. Maraslis, A. Mylonas, T. Tryfonas, G. Oikonomou, "A Game Theoretical Method for Cost-Benefit Analysis of Malware Dissemination Prevention", Information Security Journal: A Global Perspective, Taylor & Francis, 24(4-6), pp. 164-176, 2015
Literature in malware proliferation focuses on modeling and analyzing its spread dynamics. Epidemiology models, which are inspired by the characteristics of biological disease spread in human populations, have been used against this threat to analyze the way malware spreads in a network. This work presents a modified version of the commonly used epidemiology models Susceptible Infected Recovered (SIR) and Susceptible Infected Susceptible (SIS), which incorporates the ability to capture the relationships between nodes within a network, along with their effect on malware dissemination process. Drawing upon a model that illustrates the network’s behavior based on the attacker’s and the defender’s choices, we use game theory to compute optimal strategies for the defender to minimize the effect of malware spread, at the same time minimizing the security cost. We consider three defense mechanisms: patch, removal, and patch and removal, which correspond to the defender’s strategy and use probabilistically with a certain rate. The attacker chooses the type of attack according to its effectiveness and cost. Through the interaction between the two opponents we infer the optimal strategy for both players, known as Nash Equilibrium, evaluating the related payoffs. Hence, our model provides a cost-benefit risk management framework for managing malware spread in computer networks.
This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without explicit permission from the copyright holder.