Lujo Bauer's Publications


Wordle representation of recent paper titles.

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicity permission of the copyright holder.


2015

new!  Run-time monitoring and formal analysis of information flows in Chromium.   [BibTeX]
Lujo Bauer, Shaoying Cai, Limin Jia, Timothy Passaro, Michael Stroucken, and Yuan Tian.
In Proceedings of the 22nd Annual Network & Distributed System Security Symposium, February 2015. To appear.


2014

new!  Studying the effectiveness of security images in Internet banking.   [BibTeX]
Joel Lee, Lujo Bauer and Michelle L. Mazurek.
IEEE Internet Computing, 2014. IEEE. Preprint.  DOI:10.1109/MIC.2014.108

new!  Analyzing the dangers posed by Chrome extensions.   [BibTeX]
Lujo Bauer, Shaoying Cai, Limin Jia, Timothy Passaro, and Yuan Tian.
In Proceedings of the IEEE Conference on Communications and Network Security, October 2014.

Android taint flow analysis for app sets.   [BibTeX]
William Klieber, Lori Flynn, Amar Bhosale, Limin Jia, and Lujo Bauer.
In Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis (SOAP 2014), June 2014. ACM. © ACM  DOI:10.1145/2614628.2614633

Studying the effectiveness of security images in Internet banking.   [BibTeX]
Joel Lee and Lujo Bauer.
In Web 2.0 Security and Privacy (W2SP) Workshop, May 2014.

Can long passwords be secure and usable?   [BibTeX, video teaser]
Richard Shay, Saranga Komanduri, Adam L. Durity, Philip (Seyoung) Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor.
In CHI 2014: Conference on Human Factors in Computing Systems, April 2014. ACM. © authors  DOI:10.1145/2556288.2557377

Toward strong, usable access control for shared distributed data.   [BibTeX, talk video]
Michelle L. Mazurek, Yuan Liang, William Melicher, Manya Sleeper, Lujo Bauer, Gregory R. Ganger, Nitin Gupta, and Michael K. Reiter.
In Proceedings of the 12th USENIX Conference on File and Storage Technologies (FAST '14), February 2014. USENIX.

Challenges faced in working with users to design access-control systems for domestic environments.   [BibTeX]
Manya Sleeper, Michelle L. Mazurek and Lujo Bauer.
In Designing with Users for Domestic Environments workshop at CSCW14 (the 17th ACM Conference on Computer Supported Cooperative Work and Social Computing), February 2014. Position paper.


2013

A comparison of users' perceptions and willingness to use Google, Facebook, and Google+ single-sign-on functionality.   [BibTeX]
Lujo Bauer, Cristian Bravo-Lillo, Elli Fragkaki, and William Melicher.
In Proceedings of the ACM Digital Identity Management Workshop, November 2013. ACM. © authors  DOI:10.1145/2517881.2517886

Measuring password guessability for an entire university.   [BibTeX]
Michelle L. Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, and Blase Ur.
In Proceedings of the 2013 ACM Conference on Computer and Communications Security, November 2013. ACM. © authors  DOI:10.1145/2508859.2516726

The post anachronism: The temporal dimension of Facebook privacy.   [BibTeX]
Lujo Bauer, Lorrie Faith Cranor, Saranga Komanduri, Michelle L. Mazurek, Michael K. Reiter, Manya Sleeper, and Blase Ur.
In Proceedings of the 12th Annual Workshop on Privacy in the Electronic Society, November 2013. ACM. © authors  DOI:10.1145/2517840.2517859

What you want is not what you get: Predicting sharing policies for text-based content on Facebook.   [BibTeX]
Arunesh Sinha, Yan Li and Lujo Bauer.
In Proceedings of the 6th ACM Workshop on Security and Artificial Intelligence, November 2013. ACM. © authors  DOI:10.1145/2517312.2517317

Probabilistic cost enforcement of security policies.   [BibTeX]
Yannis Mallios, Lujo Bauer, Dilsun Kaynar, Fabio Martinelli, and Charles Morisset.
In Security and Trust Management: 9th International Workshop, STM 2013, Proceedings, volume 8203 of Lecture Notes in Computer Science, pages 144–159, September 2013. Springer. © Springer-Verlag  DOI:10.1007/978-3-642-41098-7_10

Run-time enforcement of information-flow properties on Android (extended abstract).   [BibTeX, demo]
Limin Jia, Jassim Aljuraidan, Elli Fragkaki, Lujo Bauer, Michael Stroucken, Kazuhide Fukushima, Shinsaku Kiyomoto, and Yutaka Miyake.
In Computer Security—ESORICS 2013: 18th European Symposium on Research in Computer Security, pages 775–792, September 2013. Springer. (Full version appears as technical report CMU-CyLab-12-015.) © Springer-Verlag  DOI:10.1007/978-3-642-40203-6_43

What matters to users? Factors that affect users' willingness to share information with online advertisers.   [BibTeX]
Pedro G. Leon, Blase Ur, Yang Wang, Manya Sleeper, Rebecca Balebako, Richard Shay, Lujo Bauer, Mihai Christodorescu, and Lorrie Faith Cranor.
In SOUPS '13: Proceedings of the 9th Symposium on Usable Privacy and Security, July 2013. ACM. © authors  DOI:10.1145/2501604.2501611

The impact of length and mathematical operators on the usability and security of system-assigned one-time PINs.   [BibTeX]
Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor.
In 2013 Workshop on Usable Security (USEC), volume 7862 of Lecture Notes in Computer Science, pages 34–51, April 2013. Springer. © Springer-Verlag  DOI:10.1007/978-3-642-41320-9_3

Warning design guidelines.   [BibTeX]
Lujo Bauer, Cristian Bravo-Lillo, Lorrie Cranor, and Elli Fragkaki.
Technical Report CMU-CyLab-13-002, CyLab, Carnegie Mellon University, February 2013.


2012

Helping users create better passwords.   [BibTeX]
Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, and Julio López.
USENIX ;login:, 37(6), December 2012. USENIX. © authors

Enforcing more with less: Formalizing target-aware run-time monitors.   [BibTeX]
Yannis Mallios, Lujo Bauer, Dilsun Kaynar, and Jay Ligatti.
In Security and Trust Management: 8th International Workshop, STM 2012, Pisa, Italy, September 13–14, 2012, Revised Selected Papers, volume 7783 of Lecture Notes in Computer Science, pages 17–32, 2013. © Springer-Verlag  DOI:10.1007/978-3-642-38004-4_2

Modeling and enhancing Android's permission system.   [BibTeX]
Elli Fragkaki, Lujo Bauer, Limin Jia, and David Swasey.
In Computer Security—ESORICS 2012: 17th European Symposium on Research in Computer Security, volume 7459 of Lecture Notes in Computer Science, pages 1–18, September 2012. (Full version appears as Technical report CMU-CyLab-11-020.) © Springer-Verlag  DOI:10.1007/978-3-642-33167-1_1

Run-time enforcement of information-flow properties on Android.   [BibTeX]
Jassim Aljuraidan, Elli Fragkaki, Lujo Bauer, Limin Jia, Kazuhide Fukushima, Shinsaku Kiyomoto, and Yutaka Miyake.
Technical Report CMY-CyLab-12-015, CyLab, Carnegie Mellon University, July 2012.

How does your password measure up? The effect of strength meters on password creation.   [BibTeX, talk video]
Blase Ur, Patrick Gage Kelly, Saranga Komanduri, Joel Lee, Michael Maass, Michelle Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor.
In Proceedings of the 21st USENIX Security Symposium, August 2012. USENIX Association. © authors

Check points against privacy breaches in Android applications.   [BibTeX]
Kazuhide Fukushima, Lujo Bauer, Limin Jia, Shinsaku Kiyomoto, and Yutaka Miyake.
IJCSNS, 12(8), August 2012.

Studying access control usability in the lab: Lessons learned from four studies.   [BibTeX]
Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, and Michael K. Reiter.
In LASER '12: Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results, pages 31–40, July 2012. ACM. © ACM  DOI:10.1145/2379616.2379621

Out of sight, out of mind: Effects of displaying access-control information near the item it controls.   [BibTeX]
Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, and Michael K. Reiter.
In Proceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST), pages 128–136, July 2012. IEEE. © IEEE  DOI:10.1109/PST.2012.6297929

Correct horse battery staple: Exploring the usability of system-assigned passphrases.   [BibTeX]
Richard Shay, Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Blase Ur, Tim Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor.
In SOUPS '12: Proceedings of the 8th Symposium on Usable Privacy and Security, July 2012. ACM. © authors  DOI:10.1145/2335356.2335366

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms.   [BibTeX]
Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez.
In Proceedings of the 2012 IEEE Symposium on Security and Privacy, pages 523–537, May 2012. IEEE. © IEEE  DOI:10.1109/SP.2012.38

Tag, you can see it! Using tags for access control in photo sharing.   [BibTeX]
Peter F. Klemperer, Yuan Liang, Michelle L. Mazurek, Manya Sleeper, Blase Ur, Lujo Bauer, Lorrie Faith Cranor, Nitin Gupta, and Michael K. Reiter.
In CHI 2012: Conference on Human Factors in Computing Systems, pages 377–386, May 2012. ACM. © ACM  DOI:10.1145/2207676.2207728

Discovering access-control misconfigurations: New approaches and evaluation methodologies.   [BibTeX]
Lujo Bauer, Yuan Liang, Michael K. Reiter, and Chad Spensky.
In CODASPY'12: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, February 2012. © ACM  DOI:10.1145/2133601.2133613


2011

Guess again (and again and again: Measuring password strength by simulating password-cracking algorithms.   [BibTeX]
Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Rich Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez.
Technical Report CMU-CYLAB-11-008, CyLab, Carnegie Mellon University, August 2011.

Don't bump, shake on it: The exploitation of a popular accelerometer-based smart phone exchange and its secure replacement.   [BibTeX]
Ahren Studer, Timothy Passaro and Lujo Bauer.
In ACSAC '11: Proceedings of the 27th Annual Computer Security Applications Conference, pages 333–342, December 2011. ACM. © ACM  DOI:10.1145/2076732.2076780

More than skin deep: Measuring effects of the underlying model on access-control system usability.   [BibTeX]
Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea.
In CHI '11: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pages 2065–2074, May 2011. ACM. © ACM  DOI:10.1145/1978942.1979243

Exploring reactive access control.   [BibTeX]
Michelle L. Mazurek, Peter F. Klemperer, Richard Shay, Hassan Takabi, Lujo Bauer, and Lorrie Faith Cranor.
In CHI '11: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pages 2085–2094, May 2011. ACM. © ACM  DOI:10.1145/1978942.1979245

Of passwords and people: Measuring the effect of password-composition policies.   [BibTeX]
Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Serge Egelman.
In CHI '11: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pages 2595–2604, May 2011. ACM. CHI 2011 Honorable Mention. © ACM  DOI:10.1145/1978942.1979321

Detecting and resolving policy misconfigurations in access-control systems.   [BibTeX]
Lujo Bauer, Scott Garriss and Michael K. Reiter.
ACM Transactions on Information and System Security, 14(1), May 2011. ACM. © ACM  DOI:10.1145/1952982.1952984

Don't bump, shake on it: The exploitation of a popular accelerometer-based smart phone exchange and its secure replacement.   [BibTeX]
Ahren Studer, Timothy Passaro and Lujo Bauer.
Technical Report CMU-CYLAB-11-011, CyLab, Carnegie Mellon University, February 2011.

Access right assignment mechanisms for secure home networks.   [BibTeX]
Tiffany Hyun-Jin Kim, Lujo Bauer, James Newsome, Adrian Perrig, and Jesse Walker.
Journal of Communications and Networks, 13(2):175–186, 2011. Korean Institute of Communication Sciences.


2010

Challenges in access right assignment for secure home networks.   [BibTeX]
Tiffany Hyun-Jin Kim, Lujo Bauer, James Newsome, Adrian Perrig, and Jesse Walker.
In Proceedings of the 5th USENIX Workshop on Hot Topics in Security, August 2010.

Constraining credential usage in logic-based access control.   [BibTeX]
Lujo Bauer, Limin Jia and Divya Sharma.
In Proceedings of the 23rd IEEE Computer Security Foundations Symposium, pages 154–168, July 2010. IEEE. © IEEE  DOI:10.1109/CSF.2010.18

Encountering stronger password requirements: User attitudes and behaviors.   [BibTeX]
Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Giovanni Leon, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor.
In SOUPS '10: Proceedings of the 6th Symposium on Usable Privacy and Security, July 2010. ACM. © authors  DOI:10.1145/1837110.1837113

Access control for home data sharing: Attitudes, needs and practices.   [BibTeX]
Michelle L. Mazurek, J.P. Arsenault, Joanna Breese, Nitin Gupta, Iulia Ion, Christina Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, Richard Shay, Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, Gregory R. Ganger, and Michael K. Reiter.
In CHI 2010: Conference on Human Factors in Computing Systems, pages 645–654, April 2010. ACM. © ACM  DOI:10.1145/1753326.1753421


2009

Access control for home data sharing: Attitudes, needs and practices.   [BibTeX]
Michelle L. Mazurek, J.P. Arsenault, Joanna Breese, Nitin Gupta, Iulia Ion, Christina Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, Richard Shay, Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, Gregory R. Ganger, and Michael K. Reiter.
Technical Report CMU-CyLab-09-013, CyLab, Carnegie Mellon University, October 2009.

Composing expressive runtime security policies.   [BibTeX]
Lujo Bauer, Jay Ligatti and David Walker.
ACM Transactions on Software Engineering and Methodology, 18(3), May 2009. ACM. © ACM  DOI:10.1145/1525880.1525882

xDomain: Cross-border proofs of access.   [BibTeX]
Lujo Bauer, Limin Jia, Michael K. Reiter, and David Swasey.
In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pages 43–52, June 2009. ACM. (Full version appears as technical report CMU-CyLab-09-005.) © ACM  DOI:10.1145/1542207.1542216

Real life challenges in access-control management.   [BibTeX]
Lujo Bauer, Lorrie Cranor, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea.
In CHI 2009: Conference on Human Factors in Computing Systems, pages 899–908, April 2009. ACM. © ACM  DOI:10.1145/1518701.1518838

Effects of access-control policy conflict-resolution methods on policy-authoring usability.   [BibTeX]
Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea.
Technical Report CMU-CyLab-09-006, CyLab, Carnegie Mellon University, March 2009.

Run-time enforcement of nonsafety policies.   [BibTeX]
Jay Ligatti, Lujo Bauer and David Walker.
ACM Transactions on Information and System Security, 12(3), January 2009. ACM. © ACM  DOI:10.1145/1455526.1455532

Usable key agreement in home networks.   [BibTeX]
Ramu Panayappan, Tom Palarz, Lujo Bauer, and Adrian Perrig.
In Proceedings of the 1st International Conference on COMmunication Systems and NETworkS (COMSNETS), pages 550–559, January 2009. IEEE Press. © IEEE  DOI:10.1109/COMSNETS.2009.4808898


2008

Detecting and resolving policy misconfigurations in access-control systems.   [BibTeX]
Lujo Bauer, Scott Garriss and Michael K. Reiter.
In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pages 185–194, June 2008. ACM. © ACM  DOI:10.1145/1377836.1377866

A user study of policy creation in a flexible access-control system.   [BibTeX]
Lujo Bauer, Lorrie Cranor, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea.
In CHI 2008: Conference on Human Factors in Computing Systems, pages 543–552, April 2008. ACM. © ACM  DOI:10.1145/1357054.1357143

Expandable grids for visualizing and authoring computer security policies.   [BibTeX]
Robert W. Reeder, Lujo Bauer, Lorrie Cranor, Michael K. Reiter, Kelli Bacon, Keisha How, and Heather Strong.
In CHI 2008: Conference on Human Factors in Computing Systems, pages 1473–1482, April 2008. ACM. © ACM  DOI:10.1145/1357054.1357285


2007

Efficient proving for practical distributed access-control systems.   [BibTeX]
Lujo Bauer, Scott Garriss and Michael K. Reiter.
In Computer Security—ESORICS 2007: 12th European Symposium on Research in Computer Security, volume 4734 of Lecture Notes in Computer Science, pages 19–37, September 2007. Springer. (Full version appears as technical report CMU-CyLab-06-015R.) © Springer-Verlag  DOI:10.1007/978-3-540-74835-9_3

Lessons learned from the deployment of a smartphone-based access-control system.   [BibTeX]
Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea.
In SOUPS '07: Proceedings of the 3rd Symposium on Usable Privacy and Security, pages 64–75, July 2007. ACM. © authors  DOI:10.1145/1280680.1280689

Consumable credentials in logic-based access-control systems.   [BibTeX]
Kevin D. Bowers, Lujo Bauer, Deepak Garg, Frank Pfenning, and Michael K. Reiter.
In Proceedings of the 2007 Network & Distributed System Security Symposium, pages 143–157, February 2007. Internet Society. © Internet Society

Comparing access-control technologies: a study of keys and smartphones.   [BibTeX]
Lujo Bauer, Lorrie Cranor, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea.
Technical Report CMU-CYLAB-07-005, CyLab, Carnegie Mellon University, February 2007.

User-controllable security and privacy for pervasive computing.   [BibTeX]
Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, and Norman Sadeh.
In Eighth IEEE Workshop on Mobile Computing Systems and Applications (HotMobile), pages 14–19, February 2007. IEEE. © IEEE  DOI:10.1109/WMCSA.2007.4389552


2006

Efficient proving for distributed access-control systems.   [BibTeX]
Lujo Bauer, Scott Garriss and Michael K. Reiter.
Technical Report CMU-CYLAB-06-015R, CyLab, Carnegie Mellon University, September 2006.

A linear logic of authorization and knowledge.   [BibTeX]
Deepak Garg, Lujo Bauer, Kevin D. Bowers, Frank Pfenning, and Michael K. Reiter.
In Computer Security—ESORICS 2006: 11th European Symposium on Research in Computer Security, volume 4189 of Lecture Notes in Computer Science, pages 297–312, September 2006. Springer. Official, slightly abbreviated version. © Springer-Verlag  DOI:10.1007/11863908_19


2005

Device-enabled authorization in the Grey system.   [BibTeX]
Lujo Bauer, Scott Garriss, Jonathan M. McCune, Michael K. Reiter, Jason Rouse, and Peter Rutenbar.
In Information Security: 8th International Conference, ISC 2005, volume 3650 of Lecture Notes in Computer Science, pages 431–445, September 2005. Springer. An extended version of this paper appears as a tech report. © Springer-Verlag  DOI:10.1007/11556992_31

Enforcing non-safety security policies with program monitors.   [BibTeX]
Jay Ligatti, Lujo Bauer and David Walker.
In Computer Security—ESORICS 2005: 10th European Symposium on Research in Computer Security, volume 3679 of Lecture Notes in Computer Science, pages 355–373, September 2005. Springer. © Springer-Verlag  DOI:10.1007/11555827_21

Composing security policies with Polymer.   [BibTeX]
Lujo Bauer, Jay Ligatti and David Walker.
In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 305–314, June 2005. ACM. © ACM  DOI:10.1145/1065010.1065047

Distributed proving in access-control systems.   [BibTeX]
Lujo Bauer, Scott Garriss and Michael K. Reiter.
In Proceedings of the 2005 IEEE Symposium on Security & Privacy, pages 81–95, May 2005. IEEE. © IEEE  DOI:10.1109/SP.2005.9

Enforcing non-safety security policies with program monitors.   [BibTeX]
Jay Ligatti, Lujo Bauer and David Walker.
Technical Report TR-720-05, Princeton University, January 2005.

Edit automata: Enforcement mechanisms for run-time security policies.   [BibTeX]
Jay Ligatti, Lujo Bauer and David Walker.
International Journal of Information Security, 4(1–2):2–16, February 2005. Springer. (Published online 26 Oct 2004.) © Springer-Verlag  DOI:10.1007/s10207-004-0046-8


2004

A language and system for composing security policies.   [BibTeX]
Lujo Bauer, Jay Ligatti and David Walker.
Technical Report TR-699-04, Princeton University, January 2004.


2003

Access control for the Web via proof-carrying authorization.   [BibTeX]
Lujo Bauer.
Ph.D. Thesis, Princeton University, November 2003.

Types and effects for non-interfering program monitors.   [BibTeX]
Lujo Bauer, Jarred Ligatti and David Walker.
In Software Security—Theories and Systems. Mext-NSF-JSPS International Symposium, ISSS 2002, Tokyo, Japan, November 8-10, 2002, Revised Papers, volume 2609 of Lecture Notes in Computer Science, pages 154–171, 2003. Springer. © Springer-Verlag

Mechanisms for secure modular programming in Java.   [BibTeX]
Lujo Bauer, Andrew W. Appel and Edward W. Felten.
Software—Practice and Experience, 33(5):461–480, 2003. Wiley. © Wiley  DOI:10.1002/spe.516


2002

A general and flexible access-control system for the Web.   [BibTeX]
Lujo Bauer, Michael A. Schneider and Edward W. Felten.
In Proceedings of the 11th USENIX Security Symposium, pages 93–108, August 2002. USENIX. © authors

A calculus for composing security policies.   [BibTeX]
Lujo Bauer, Jarred Ligatti and David Walker.
Technical Report TR-655-02, Princeton University, August 2002.

More enforceable security policies.   [BibTeX]
Lujo Bauer, Jarred Ligatti and David Walker.
In Foundations of Computer Security, July 2002.

More enforceable security policies.   [BibTeX]
Lujo Bauer, Jarred Ligatti and David Walker.
Technical Report TR-649-02, Princeton University, June 2002.


2001

A proof-carrying authorization system.   [BibTeX]
Lujo Bauer, Michael A. Schneider and Edward W. Felten.
Technical Report TR-638-01, Princeton University, April 2001.


1999

Mechanisms for secure modular programming in Java.   [BibTeX]
Lujo Bauer, Andrew W. Appel and Edward W. Felten.
Technical Report TR-603-99, Princeton University, July 1999.