Network


Latest external collaboration on country level. Dive into details by clicking on the dots.

Hotspot


Dive into the research topics where Sasha Romanosky is active.

Publication


Featured researches published by Sasha Romanosky.


ieee symposium on security and privacy | 2006

Common Vulnerability Scoring System

Peter M. Mell; Karen Scarfone; Sasha Romanosky

Historically, vendors have used their own methods for scoring software vulnerabilities, usually without detailing their criteria or processes. This creates a major problem for users, particularly those who manage disparate IT systems and applications. The Common Vulnerability Scoring System (CVSS) is a public initiative designed to address this issue by presenting a framework for assessing and quantifying the impact of software vulnerabilities. Organizations currently generating CVSS scores include Cisco, US National Institute of Standards and Technology (through the US National Vulnerability Database; NVD), Qualys, Oracle, and Tenable Network Security. CVSS offers the following benefits: 1) standardized vulnerability scores, 2) contextual scoring and 3) open framework. The goal is for CVSS to facilitate the generation of consistent scores that accurately represent the impact of vulnerabilities


symposium on usable privacy and security | 2006

Human selection of mnemonic phrase-based passwords

Cynthia Kuo; Sasha Romanosky; Lorrie Faith Cranor

Textual passwords are often the only mechanism used to authenticate users of a networked system. Unfortunately, many passwords are easily guessed or cracked. In an attempt to strengthen passwords, some systems instruct users to create mnemonic phrase-based passwords. A mnemonic password is one where a user chooses a memorable phrase and uses a character (often the first letter) to represent each word in the phrase.In this paper, we hypothesize that users will select mnemonic phrases that are commonly available on the Internet, and that it is possible to build a dictionary to crack mnemonic phrase-based passwords. We conduct a survey to gather user-generated passwords. We show the majority of survey respondents based their mnemonic passwords on phrases that can be found on the Internet, and we generate a mnemonic password dictionary as a proof of concept. Our 400,000-entry dictionary cracked 4% of mnemonic passwords; in comparison, a standard dictionary with 1.2 million entries cracked 11% of control passwords. The user-generated mnemonic passwords were also slightly more resistant to brute force attacks than control passwords. These results suggest that mnemonic passwords may be appropriate for some uses today. However, mnemonic passwords could become more vulnerable in the future and should not be treated as a panacea.


Berkeley Technology Law Journal | 2009

Privacy Costs and Personal Data Protection: Economic and Legal Perspectives

Sasha Romanosky; Alessandro Acquisti

We analyze personal data protection laws in the United States through the lenses of the economic theories of ex ante safety regulation, ex post liability and information disclosure. Specifically, we consider and contrast how legal and economic theories interpret privacy costs and the remedies to those costs. First, we introduce the general economic theories of ex ante regulation, ex post liability and information disclosure. Then, we present their causal relationships and show how they attempt to reduce possible privacy harms caused by a firm’s activity. We then scrutinize their impact by contrasting legal and economic doctrines. Finally, we provide deeper economic analysis of the three legal mechanisms and highlight conditions under which they may become socially inefficient.


FIRST | 2007

A Complete Guide to the Common Vulnerability Scoring System Version 2.0

Peter M. Mell; Karen A. Scarfone; Sasha Romanosky


Journal of Policy Analysis and Management | 2010

Do Data Breach Disclosure Laws Reduce Identity Theft

Sasha Romanosky; Rahul Telang; Alessandro Acquisti


conference on pattern languages of programs | 2006

Privacy patterns for online interactions

Sasha Romanosky; Alessandro Acquisti; Jason I. Hong; Lorrie Faith Cranor; Batya Friedman


Journal of Empirical Legal Studies | 2013

Empirical Analysis of Data Breach Litigation

Sasha Romanosky; David A. Hoffman; Alessandro Acquisti


Journal of Policy Analysis and Management | 2011

Do data breach disclosure laws reduce identity theft?: Do Data Breach Disclosure Laws Reduce Identity Theft?

Sasha Romanosky; Rahul Telang; Alessandro Acquisti


NIST Interagency/Internal Report (NISTIR) - 7435 | 2007

The common vulnerability scoring system (CVSS) and its applicability to federal agency systems

Peter M. Mell; Karen A. Scarfone; Sasha Romanosky


Journal of Empirical Legal Studies | 2014

Empirical Analysis of Data Breach Litigation: Empirical Analysis of Data Breach Litigation

Sasha Romanosky; David A. Hoffman; Alessandro Acquisti

Collaboration


Dive into the Sasha Romanosky's collaboration.

Top Co-Authors

Avatar
Top Co-Authors

Avatar
Top Co-Authors

Avatar

Rahul Telang

Carnegie Mellon University

View shared research outputs
Top Co-Authors

Avatar

David A. Hoffman

University of Pennsylvania

View shared research outputs
Top Co-Authors

Avatar
Top Co-Authors

Avatar

Karen A. Scarfone

National Institute of Standards and Technology

View shared research outputs
Top Co-Authors

Avatar
Top Co-Authors

Avatar

Paul Heaton

University of Pennsylvania

View shared research outputs
Top Co-Authors

Avatar
Top Co-Authors

Avatar

Batya Friedman

University of Washington

View shared research outputs
Researchain Logo
Decentralizing Knowledge