skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Redundancy of Unbounded Memory Markov Classes with Continuity Conditions
Full version with complete proofs attached. Please email NS (email in paper) for other versions if desired.  more » « less
Award ID(s):
1619452
PAR ID:
10571657
Author(s) / Creator(s):
; ;
Publisher / Repository:
IEEE
Date Published:
ISBN:
978-1-5386-4781-3
Page Range / eLocation ID:
211 to 215
Format(s):
Medium: X
Location:
Vail, CO, USA
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; (, Proceedings of the 2024 ACM Web Conference)
    Email service has increasingly been outsourced to cloud-based providers and so too has the task of filtering such messages for potential threats. Thus, customers will commonly direct that their incoming email is first sent to a third-party email filtering service (e.g., Proofpoint or Barracuda) and only the "clean" messages are then sent on to their email hosting provider (e.g., Gmail or Microsoft Exchange Online). However, this loosely coupled approach can, in theory, be bypassed if the email hosting provider is not configured to only accept messages that arrive from the email filtering service. In this paper we demonstrate that such bypasses are commonly possible. We document a multi-step methodology to infer if an organization has correctly configured its email hosting provider to guard against such scenarios. Then, using an empirical measurement of edu and com domains as a case study, we show that 80% of such organizations making use of popular cloud-based email filtering services can be bypassed in this manner. We also discuss reasons that lead to such misconfigurations and outline challenges in hardening the binding between email filtering and hosting providers. 
    more » « less
  2. ; ; ; ; ; ; (, Proceedings of the 8th European Symposium on Security and Privacy (EuroS&P))
    The critical role played by email has led to a range of extension protocols (e.g., SPF, DKIM, DMARC) designed to protect against the spoofing of email sender domains. These protocols are complex as is, but are further complicated by automated email forwarding — used by individual users to manage multiple accounts and by mailing lists to redistribute messages. In this paper, we explore how such email forwarding and its implementations can break the implicit assumptions in widely deployed anti-spoofing protocols. Using large-scale empirical measurements of 20 email forwarding services (16 leading email providers and four popular mailing list services), we identify a range of security issues rooted in forwarding behavior and show how they can be combined to reliably evade existing anti-spoofing controls. We further show how these issues allow attackers to not only deliver spoofed email messages to prominent email providers (e.g., Gmail, Microsoft Outlook, and Zoho), but also reliably spoof email on behalf of tens of thousands of popular domains including sensitive domains used by organizations in government (e.g., state.gov), finance (e.g., transunion.com), law (e.g., perkinscoie.com) and news (e.g., washingtonpost.com) among others. 
    more » « less
  3. (, Proceedings of the ACM on Human-Computer Interaction)
    Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduce the number of phishing emails received, they are not perfect and phishing remains one of the largest sources of security risk in technology and communication systems. To better understand the cognitive process that end users can use to identify phishing messages, I interviewed 21 IT experts about instances where they successfully identified emails as phishing in their own inboxes. IT experts naturally follow a three-stage process for identifying phishing emails. In the first stage, the email recipient tries to make sense of the email, and understand how it relates to other things in their life. As they do this, they notice discrepancies: little things that are off'' about the email. As the recipient notices more discrepancies, they feel a need for an alternative explanation for the email. At some point, some feature of the email --- usually, the presence of a link requesting an action --- triggers them to recognize that phishing is a possible alternative explanation. At this point, they become suspicious (stage two) and investigate the email by looking for technical details that can conclusively identify the email as phishing. Once they find such information, then they move to stage three and deal with the email by deleting it or reporting it. I discuss ways this process can fail, and implications for improving training of end users about phishing. 
    more » « less
  4. ; ; (, Zenodo)
    We provide a processed JSON version of the 3234 page PDF document of Anthony Fauci's emails that were released in 2021 to provide a better understanding of the United States government response to the COVID-19 pandemic. The main JSON file contains a collection of 1289 email threads with 2761 emails among the threads, which includes 101 duplicate emails. For each email, we provide information about the sender, recipients, CC-list, subject, email body text, and email time stamp (when available). We also provide a number of derived datasets stored in individual JSON files: 5 different types of derived email networks, 1 email hypergraph, 1 temporal graph, and 3 tensors. Details for the data conversion process, the construction of the derived datasets, and subsequent analyses can all be found in an online technical report at https://arxiv.org/abs/2108.01239. Updated code for processing and analyzing the data can be found at https://github.com/nveldt/fauci-email.</p> Research additionally supported by ARO Award W911NF-19-1-0057, ARO MURI, and NSF CAREER Award IIS-2045555, as well as NSF awards CCF-1909528, IIS-2007481, and the Sloan Foundation. 
    more » « less
  5. ; ; ; ; ; ; ; ; (, Scientific Data)
    Abstract We describe a controlled experiment, aiming to study productivity and stress effects of email interruptions and activity interactions in the modern office. The measurement set includes multimodal data forn = 63 knowledge workers who volunteered for this experiment and were randomly assigned into four groups: (G1/G2) Batch email interruptions with/without exogenous stress. (G3/G4) Continual email interruptions with/without exogenous stress. To provide context, the experiment’s email treatments were surrounded by typical office tasks. The captured variables include physiological indicators of stress, measures of report writing quality and keystroke dynamics, as well as psychometric scores and biographic information detailing participants’ profiles. Investigations powered by this dataset are expected to lead to personalized recommendations for handling email interruptions and a deeper understanding of synergistic and antagonistic office activities. Given the centrality of email in the modern office, and the importance of office work to people’s lives and the economy, the present data have a valuable role to play. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email