Emily Stark

Over the past decade, HTTPS adoption has risen dramatically. The Web PKI has shifted seismically, with browsers imposing new requirements on CAs and server operators. These shifts bring security and privacy improvements for end users, but they have often been driven by incompatible browser changes that break websites, causing frustration for end users as well as server operators. Security-positive breaking changes involve a plethora of choices. Should browsers roll out a change gradually, or rip the band-aid off and deploy it all at once? How do we advertise the change and motivate different players in the ecosystem to update configurations before they break? How do different types and amounts of breakage affect the user experience? And the meta-question: how do we approach such quandaries scientifically? Drawing from several case studies in the HTTPS ecosystem, I'll talk about the science of nudging an ecosystem: methods that the web browser community has developed, and lessons we've learned, for measuring how best to get millions of websites to improve security while minimizing the frustrations of incompatibility.

View More Papers

Demo #6: Impact of Stealthy Attacks on Autonomous Robotic...

Pritam Dash, Mehdi Karimibiuki, and Karthik Pattabiraman (University of British Columbia)

Read More

Let’s Stride Blindfolded in a Forest: Sublinear Multi-Client Decision...

Jack P. K. Ma (The Chinese University of Hong Kong), Raymond K. H. Tai (The Chinese University of Hong Kong), Yongjun Zhao (Nanyang Technological University), Sherman S.M. Chow (The Chinese University of Hong Kong)

Read More

HERA: Hotpatching of Embedded Real-time Applications

Christian Niesler (University of Duisburg-Essen), Sebastian Surminski (University of Duisburg-Essen), Lucas Davi (University of Duisburg-Essen)

Read More

Empirical Scanning Analysis of Censys and Shodan

Christopher Bennett, AbdelRahman Abdou, and Paul C. van Oorschot (School of Computer Science, Carleton University, Canada)

Read More