Sasha Romanosky
Carnegie Mellon University
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Sasha Romanosky.
ieee symposium on security and privacy | 2006
Peter M. Mell; Karen Scarfone; Sasha Romanosky
Historically, vendors have used their own methods for scoring software vulnerabilities, usually without detailing their criteria or processes. This creates a major problem for users, particularly those who manage disparate IT systems and applications. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by presenting a framework for assessing and quantifying the impact of software vulnerabilities. Organizations currently generating CVSS scores include Cisco, US National Institute of Standards and Technology (through the US National Vulnerability Database; NVD), Qualys, Oracle, and Tenable Network Security. CVSS offers the following benefits: 1) standardized vulnerability scores, 2) contextual scoring and 3) open framework. The goal is for CVSS to facilitate the generation of consistent scores that accurately represent the impact of vulnerabilities
symposium on usable privacy and security | 2006
Cynthia Kuo; Sasha Romanosky; Lorrie Faith Cranor
Textual passwords are often the only mechanism used to authenticate users of a networked system. Unfortunately, many passwords are easily guessed or cracked. In an attempt to strengthen passwords, some systems instruct users to create mnemonic phrase-based passwords. A mnemonic password is one where a user chooses a memorable phrase and uses a character (often the first letter) to represent each word in the phrase.In this paper, we hypothesize that users will select mnemonic phrases that are commonly available on the Internet, and that it is possible to build a dictionary to crack mnemonic phrase-based passwords. We conduct a survey to gather user-generated passwords. We show the majority of survey respondents based their mnemonic passwords on phrases that can be found on the Internet, and we generate a mnemonic password dictionary as a proof of concept. Our 400,000-entry dictionary cracked 4% of mnemonic passwords; in comparison, a standard dictionary with 1.2 million entries cracked 11% of control passwords. The user-generated mnemonic passwords were also slightly more resistant to brute force attacks than control passwords. These results suggest that mnemonic passwords may be appropriate for some uses today. However, mnemonic passwords could become more vulnerable in the future and should not be treated as a panacea.
Berkeley Technology Law Journal | 2009
Sasha Romanosky; Alessandro Acquisti
We analyze personal data protection laws in the United States through the lenses of the economic theories of ex ante safety regulation, ex post liability and information disclosure. Specifically, we consider and contrast how legal and economic theories interpret privacy costs and the remedies to those costs. First, we introduce the general economic theories of ex ante regulation, ex post liability and information disclosure. Then, we present their causal relationships and show how they attempt to reduce possible privacy harms caused by a firm’s activity. We then scrutinize their impact by contrasting legal and economic doctrines. Finally, we provide deeper economic analysis of the three legal mechanisms and highlight conditions under which they may become socially inefficient.
FIRST | 2007
Peter M. Mell; Karen A. Scarfone; Sasha Romanosky
Journal of Policy Analysis and Management | 2010
Sasha Romanosky; Rahul Telang; Alessandro Acquisti
conference on pattern languages of programs | 2006
Sasha Romanosky; Alessandro Acquisti; Jason I. Hong; Lorrie Faith Cranor; Batya Friedman
Journal of Empirical Legal Studies | 2013
Sasha Romanosky; David A. Hoffman; Alessandro Acquisti
Journal of Policy Analysis and Management | 2011
Sasha Romanosky; Rahul Telang; Alessandro Acquisti
NIST Interagency/Internal Report (NISTIR) - 7435 | 2007
Peter M. Mell; Karen A. Scarfone; Sasha Romanosky
Journal of Empirical Legal Studies | 2014
Sasha Romanosky; David A. Hoffman; Alessandro Acquisti