Welcome to the Symposium On Usable Privacy and Security! This inaugural event brings together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. While papers on usable privacy and security have appeared periodically in privacy, security, and human-computer interaction conferences and workshops for many years, until recently there had been no event focusing specifically on this area. Because of the inherently interdisciplinary nature of this area, there are benefits to researchers from these communities meeting together to discuss their work. Successful workshops at CHI 2003 and DIMACS in 2004, and a number of recent journal special issues on related topics demonstrated that there was sufficient interest to organize a symposium featuring refereed papers. We organized a program that provides both a forum for refereed papers as well as opportunities for informal interactions and small group discussions.The program features 10 refereed papers, two tutorials, 22 posters, two panels, four discussion sessions, and an invited talk. We received 39 paper submissions. Each paper was refereed by at least three members of the refereed papers committee, and through an online discussion process the committee selected 10 papers for presentation and publication. The committee also selected the paper "Developing Privacy Guidelines for Social Location Disclosure Applications and Services" by Giovanni Iachello (Georgia Institute of Technology), Ian Smith, Sunny Consolvo, Mike Chen (Intel Research ), and Gregory D. Abowd (Georgia Institute of Technology) to receive the best paper award.Our two tutorials are intended to help attendees who have a primary background in either security/privacy or HCI/usability to get up to speed in the other area. Jason I. Hong (Carnegie Mellon University) developed a tutorial on "User Interface Design, Prototyping, and Evaluation," covering the key concepts and techniques in these areas. Simson Garfinkel (MIT) developed a tutorial on "Introduction to Computer Security and Privacy," providing a primer on security and privacy for those with a background in usability. While there is much more to learn in these areas than can be covered in a half-day tutorial, we hope our tutorials provide a good overview of these areas, allowing participants to gain an appreciation for the important issues and techniques.We have lined up two interesting panels. The first panel, organized by Konstantin Beznosov (University of British Columbia), explores, "Usability of Security Administration vs. Usability of End-user Security." The second panel, organized by Robert Miller (MIT), examines what happens "When User Studies Attack: Evaluating Security By Intentionally Attacking Users."The program also features an invited talk by Bill Cheswick on "My Dad's Computer, Microsoft, and the Future of Internet Security." Cheswick uses his father's computer to illustrate why millions of people routinely run dangerous software on badly-infected computers. He discusses the prospects for improved security for home users, and for corporate and government intranets.Finally, the SOUPS 2005 program includes four parallel "discussion" sessions, featuring moderated discussion on a topic of interest to attendees. Discussion sessions have been organized around the following topics: "Usability and Acceptance of Biometrics," "Valuation and Context," "When User Studies Attack: Evaluating Security By Intentionally Attacking Users," and "Usable Interfaces for Anonymous Communication." We hope the small group format will lead to lively and productive interactions.
Proceeding Downloads
Authentication using graphical passwords: effects of tolerance and image choice
Graphical passwords are an alternative to alphanumeric passwords in which users click on images to authenticate themselves rather than type alphanumeric strings. We have developed one such system, called PassPoints, and evaluated it with human users. ...
Johnny 2: a user test of key continuity management with S/MIME and Outlook Express
Secure email has struggled with signifcant obstacles to adoption, among them the low usability of encryption software and the cost and overhead of obtaining public key certificates. Key continuity management (KCM) has been proposed as a way to lower ...
Two experiences designing for effective security
- Rogério de Paula,
- Xianghua Ding,
- Paul Dourish,
- Kari Nies,
- Ben Pillet,
- David Redmiles,
- Jie Ren,
- Jennifer Rode,
- Roberto Silva Filho
In our research, we have been concerned with the question of how to make relevant features of security situations visible to users in order to allow them to make informed decisions regarding potential privacy and security problems, as well as regarding ...
Usable security and privacy: a case study of developing privacy management tools
Privacy is a concept which received relatively little attention during the rapid growth and spread of information technology through the 1980's and 1990's. Design to make information easily accessible, without particular attention to issues such as ...
Stopping spyware at the gate: a user study of privacy, notice and spyware
- Nathaniel Good,
- Rachna Dhamija,
- Jens Grossklags,
- David Thaw,
- Steven Aronowitz,
- Deirdre Mulligan,
- Joseph Konstan
Spyware is a significant problem for most computer users. The term "spyware" loosely describes a new class of computer software. This type of software may track user activities online and offline, provide targeted advertising and/or engage in other ...
Making PRIME usable
- John Sören Pettersson,
- Simone Fischer-Hübner,
- Ninni Danielsson,
- Jenny Nilsson,
- Mike Bergmann,
- Sebastian Clauss,
- Thomas Kriegelstein,
- Henry Krasemann
Privacy-enhanced Identity Management can enable users to retain and maintain informational self-determination in our networked society. This paper describes the usability research work that has been done within the first year of the European Union ...
Developing privacy guidelines for social location disclosure applications and services
In this article, we describe the design process of Reno, a location-enhanced, mobile coordination tool and person finder. The design process included three field experiments: a formative Experience Sampling Method (ESM) study, a pilot deployment and an ...
The battle against phishing: Dynamic Security Skins
Phishing is a model problem for illustrating usability concerns of privacy and security because both system designers and attackers battle using user interfaces to guide (or misguide) users.We propose a new scheme, Dynamic Security Skins, that allows a ...
Attacking information visualization system usability overloading and deceiving the human
Information visualization is an effective way to easily comprehend large amounts of data. For such systems to be truly effective, the information visualization designer must be aware of the ways in which their system may be manipulated and protect their ...
Social navigation as a model for usable security
As interest in usable security spreads, the use of visual approaches in which the functioning of a distributed system is made visually available to end users is an approach that a number of researchers have examined. In this paper, we discuss the use of ...
Cited By
-
Abdesslem F, Parris I and Henderson T (2012). Reliable Online Social Network Data Collection Computational Social Networks, 10.1007/978-1-4471-4054-2_8, (183-210),
- Egelman S, King J, Miller R, Ragouzis N and Shehan E Security user studies CHI '07 Extended Abstracts on Human Factors in Computing Systems, (2833-2836)
- Proceedings of the 2005 symposium on Usable privacy and security
Recommendations
Acceptance Rates
Year | Submitted | Accepted | Rate |
---|---|---|---|
SOUPS '09 | 49 | 15 | 31% |
Overall | 49 | 15 | 31% |