Publications

As part of this project, we have organized 3 workshops on Security Information Workers:

• Workshop on Security Information Workers, at CCS 2014
• 2nd Workshop on Security Information Workers, at SOUPS 2016
• 3rd Workshop on Security Information Workers, at SOUPS 2017

Below is a list of our publications related to ASIDE and interactive secure programming:

• Tyler Thomas, Madiha Tabassum, Bill Chu, and Heather Richter Lipford. “Security during Application Development: A Security Expert Perspective.” In the Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI 2018), April 2018.
• Tyler Thomas, Justin Smith, Heather Richter Lipford, Bill Chu, and Emerson Murphy-Hill. What Questions Remain? An Examination of How Developers Understand an Interactive Static Analysis Tool. Presented at the 2^nd Workshop on Security Information Workers, SOUPS 2016.
• Jun Zhu, Bill Chu, Heather Richter Lipford. “Detecting Privilege Escalation Attacks through Instrumenting Web Application Source Code.”  In the Proceedings of the Symposium on Access Control Models and Technologies (SACMAT), June 2016.
• Mahmoud Mohammadi, Bill Chu, Heather Richter Lipford, and Emerson Murphy-Hill. “Automatic Web Security Unit Testing: XSS Vulnerability Detection.” In the Proceedings of the IEEE/ACM Workshop on Automated Software Testing (AST 2016), May 2016.
• Tyler Thomas, Justin Smith, Bill Chu, Emerson Murphy-Hill, and Heather Richter Lipford. “A Study of Interactive Code Annotation for Access Control Vulnerabilities.” In the Proceedings of the IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC 2015), October, 2015.
• Justin Smith, Brittany Johnson, Emerson Murphy-Hill, Bill Chu, and Heather Richter Lipford. “Questions Developers Ask While Diagnosing Security Vulnerabilities with Static Analysis.” In the Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE), September 2015.
• Jun Zhu, Bill Chu, Heather Lipford, and Tyler Thomas. “Mitigating Access Control Vulnerabilities through Interactive Stative Analysis” In the Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), June 2015.
• Heather Richter Lipford, Tyler Thomas, Bill Chu, Emerson Murphy-Hill. “Interactive Code Annotation for Security Vulnerability Detection.” In the Proceedings of the Workshop on Security Information Workers, ACM Conference on Computer and Communications Security, November 2014.
• Jun Zhu, Jing Xie, Heather Richter Lipford, Bill Chu. “Supporting Secure Programming in Web Applications through Interactive Static Analysis” Journal of Advanced Research, 2013. 
• Jing Xie, Heather Richter Lipford, and Bei-Tseng Chu. “Evaluating Interactive Support for Secure Programming.” In the Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI 2012), May 2012. 
• Jing Xie, Bei-Tseng Chu, Heather Richter Lipford, and John Melton. “ASIDE: IDE Support for Web Application Security.” In the Proceedings of the 27^th Annual Computer Security Applications Conference (ACSAC 2011), December 2011, pp 267-276. 
• Jing Xie, Bei-Tseng Chu, and Heather Richter Lipford. “Idea: Interactive Support for Secure Software Development.” In the Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS 2011), February 2011, pp 248-255.