Steve Sheng's Publications (Last Update: 6 April 2015)


REFEREED JOURNAL PAPERS

  • Lorrie Faith Cranor, Serge Egelman, Steve Sheng, Aleecia M. McDonald, and Abdur Chowdhury. P3P Deployment on Websites. Electronic Commerce Research and Applications, Volume 7, Issue 3, Autumn 2008, Pages 274-293.
    [Authors' Preprint Version]
  • Ponnurangam Kumaraguru, Steve Sheng, Alessandro Acquisti, Lorrie Faith Cranor, and Jason Hong. 2010. Teaching Johnny not to fall for phish. ACM Trans. Internet Technology. 10, 2, Article 7 (June 2010), 31 pages.
    [Authors' PDF]
  • Sheng, S. and L. Cranor, “An Evaluation of the Effectiveness of US Financial Privacy Legislation Through the Analysis of Privacy Policies,” In I/S: A Journal of Law and Policy for the Information Society, Volume 2, Number 3, Fall 2006, pp. 943-979.
    [Authors' PDF]

REFEREED CONFERENCE/WORKSHOP PAPERS

  • Steve Sheng, Mandy Holbrook, Ponnurangam Kumaraguru, Lorrie Faith Cranor, and Julie Downs. 2010. Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the 28th international conference on Human factors in computing systems (CHI '10). ACM, New York, NY, USA, 373-382.
    [Authors' PDF]
  • Julie S. Downs, Mandy B. Holbrook, Steve Sheng, and Lorrie Faith Cranor. 2010. Are your participants gaming the system?: screening mechanical turk workers. In Proceedings of the 28th international conference on Human factors in computing systems (CHI '10). ACM, New York, NY, USA, 2399-2402
    [Authors' PDF]
  • Sheng, S., Kumaraguru, P. Acquisti, A., Cranor, L. Hong, J., "Improving phishing countermeasures: An analysis of expert interviews," In the Proceedings of eCrime Researchers Summit, 2009. eCRIME '09.vol., no., pp.1-15, Sept. 20 2009-Oct. 21 2009
    [Authors' PDF]
  • Sheng, S., Wardman, B., Warner, G., Cranor, L., Hong, J ., And Zhang, C. An empirical analysis of phishing blacklists. In Proceedings of the 6th Conference in Email and Anti-Spam (Mountain view, CA, July 16 - 17 2009). CEAS 2009.
    [Authors' PDF]
  • Ponnurangam Kumaraguru, Steve Sheng, Alessandro Acquisti, Lorrie Faith Cranor, and Jason Hong. 2008. Lessons From a Real World Evaluation of Anti-Phishing Training. In Proceedings of the anti-phishing working groups 3rd annual eCrime researchers summit (eCrime '08).
    [Authors' PDF]
  • Ponnurangam Kumaraguru, Yong Rhee, Steve Sheng, Sharique Hasan, Alessandro Acquisti, Lorrie Faith Cranor, and Jason Hong. 2007. Getting users to pay attention to anti-phishing education: evaluation of retention and transfer. In Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit (eCrime '07). ACM, New York, NY, USA, 70-81.
    [Authors' PDF]
  • Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, and Elizabeth Nunge. 2007. Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish. In Proceedings of the 3rd symposium on Usable privacy and security (SOUPS '07). ACM, New York, NY, USA, 88-99.
    [Authors' PDF]

UNREFEREED CONFERENCE/WORKSHOP PAPERS

  • Sheng, S., L. Broderick, J. Hyland, and C. Koranda. Why Johnny Still Cant Encrypt: Evaluating the Usability of Email Encryption Software. In Proceedings of the 6th Symposium on Usable Privacy and Security: SOUPS 06, 2006.
    [PDF]
  • Peha, J., Gilden, B., Savage, R., Sheng, S., Yankiver, B. Finding an Effective Sustainable Model for a Wireless Metropolitan-Area Network: Analyzing the Case of Pittsburgh. In The 35rd Research Conference on Communication, Information and Internet Policy (TPRC), Sep 29 - Sep 30, 2007
    [PDF]
  • Dave Piscitello, Steve Sheng, Ryan Su, Nicolas Christian, Misuse of Domain Privacy Protection Services by Spammers. The anti-phishing working groups 5th annual eCrime researchers summit (eCrime '10).
    [PDF]

TECHNICAL REPORTS (AS AUTHORS OR EDITORS)

  • ICANN Root Server System Advisory Committee (RSSAC). (2014) Advisory on Measurements of the Root Server System (RSSAC publication No. 002).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2014) Maintaining the Security and Stability of the IANA Functions Through the Stewardship Transition (SSAC publication No. 069).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2014) The IANA Functions Contract (SSAC publication No. 068).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2014) Overview and History of IANA Functions (SSAC publication No. 067).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2014) Comment Concerning JAS Phase One Report on Mitigating the Risk of DNS Namespace Collisions (SSAC publication No. 066).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2014) Advisory on DDoS Attacks Leveraging the DNS Infrastgructure (SSAC publication No. 065).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2014) Advisory On Search List Processing (SSAC publication No. 064).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2013) Advisory Concerning the Mitigation of Name Collision Risk (SSAC publication No. 062).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2013) Comment on ICANN's Initial Report from the Expert Working Group on gTLD Directory Services (SSAC publication No. 061).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2013) Comment on Examining the User Experience Implications of Active Variant TLDs Report (SSAC publication No. 060).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2013) Report on Domain Name Registration Data Validation (SSAC publication No. 058).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2013) Advisory on Internal Name Certificates (SSAC publication No. 057).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2012) Comment on WHOIS Review Team Final Report (SSAC publication No. 055).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2012) Report on Domain Name Registration Data Model (SSAC publication No. 054).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2012) Report on Dotless Domains (SSAC publication No. 053).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2012) Advisory on the Delegation of IDN Single Character Top-Level Domains (SSAC publication No. 052).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2011) Report on Domain Name WHOIS Terminology and Structure (SSAC publication No. 051).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2011) Comment on the Orphan Glue Records in the Draft Applicant Guidebook. (SSAC publication No. 048).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2011) Report on Root Scaling (SSAC publication No. 046).
    [PDF]
  • ICANN Security and Stability Advisory Committee (SSAC). (2010) Report on Invalid Top Level Domain Queries at the Root Level of the Domain Name System (SSAC publication No. 045).
    [PDF]
  • P. Kumaraguru, Steve Sheng, Alessandro Acquisti, Lorrie Faith Cranor, and Jason Hong. 2010. Teaching Johnny not to fall for phish. Technical Report, Carnegie Mellon University, CMU-CyLab-07-003, February 8, 2007
    [PDF]
  • Lorrie Faith Cranor, Aleecia M. McDonald, Serge Egelman, and Steve Sheng. Privacy Policy Trends Report. Carnegie Mellon University, January 31, 2007
    [PDF] [Presentation]

POLICY REPORTS / RESEARCH PUBLICATIONS

  • Internet Corporation for Assigned Names and Numbers (ICANN). (2015) Final Report from the Expert Working Group on Internationalized Registration Data. Los Angeles, CA: ICANN.
    [PDF]
  • Internet Corporation for Assigned Names and Numbers (ICANN). (2014) Study to Evaluate Available Solutions for the Submission and Display of Internationalized Contact Data. Los Angeles, CA: ICANN.
    [PDF]
  • Internet Corporation for Assigned Names and Numbers (ICANN). (2012) Roadmap to a New Domain Name Registration Data Access Protocol (WHOIS). Marina Del Rey, CA: ICANN.
    [PDF]
  • Internet Corporation for Assigned Names and Numbers (ICANN). (2012) A Study of Issues Related to the Management of IDN Variant TLDs (Integrated Issues Report). Marina Del Rey, CA: ICANN.
    [PDF]
  • ICANN Generic Names Supporting Organization (GNSO). (2012) Final Report of Internationalized Registration Data Working Group. Marina Del Rey, CA: ICANN.
    [PDF]
  • Internet Corporation for Assigned Names and Numbers (ICANN). (2011) Disscussion Paper on the Creation of non-binding Best Practices to Help Registrars and Registries address the Abusive Registration of Domain Names. Marina Del Rey, CA: ICANN.
    [PDF]
  • Internet Corporation for Assigned Names and Numbers (ICANN). (2011) Report on Chinese Variants in Internationalized Top-Level Domains. Marina Del Rey, CA: ICANN.
    [PDF]
  • Internet Corporation for Assigned Names and Numbers (ICANN). (2010) Technical Evolution of the Whois Service. Marina Del Rey, CA: ICANN.
    [PDF]
  • ICANN Generic Names Supporting Organization (GNSO)(2010), Inventory of Whois Service Requirement Final Report
    [PDF]

INTERNET STANDARDS AND DRAFTS

  • L. Zhou, N. Kong, S. Shen, S. Sheng and A. Servin. “Domain Name Registration Data Access Protocol Object Inventory Analysis.” RFC 7485, RFC Editor, March 2015.
    [TXT]
  • Sheng, S and Arias, F., "A RESTful Interface for Domain Name Registration Data", IETF Work in Progress (draft-sheng-weirds-icann-rws-dnrd-00), 2010.
    [PDF]

MAGAZINE ARTICLES

  • Andrew Newton, Dave Piscitello, Benedetto Fiorelli and Steve Sheng, A RESTful Web Service for Internet Names and Address Directory Services. USENIX ;login, October 2011, Volume 36.
    [PDF]

DISSERTATIONS

  • Sheng, S. “A Policy Analysis for Phishing Countermeasures,” Ph.D. Thesis, Carnegie Mellon University, September 20, 2009.
    [PDF] [Presentation]

PATENTS AND INVENTION DISCLOSURES

  • Cranor, L., Sheng, S., Magnien, B., Acquisti, A., Hong, J., Kumaraguru, P., “An online game that teaches people how to protecting themselves from phishing attacks,” Invention Disclosure Submitted, March 13, 2007.