2006 Proceeding- General Chair:
- Lorrie Faith Cranor
Welcome to the Symposium On Usable Privacy and Security! This is the second installment of what we hope will be an annual event for many years to come. SOUPS 2005 was the first refereed technical conference to bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. Attendees reported that they valued both the formal sessions and the informal interactions they had with other participants. Thus we have tried to develop a program for SOUPS 2006 that builds on the success of SOUPS 2005, including a similar mix of sessions.This year's program features 14 technical papers, a workshop, 23 posters, a panel, three discussion sessions, and an invited talk. We received 39 paper submissions. Each paper was refereed by at least three members of the refereed papers committee, and through an online discussion process the committee selected 14 papers for presentation and publication.A panel and follow-up discussion session on security user studies at SOUPS 2005 provoked so much interest and discussion that SOUPS 2006 features a full day workshop on security user studies. The workshop focuses on the design, implementation and challenges of conducting security user studies. The workshop will be an opportunity for researchers to share experiences, materials, and ideas, and for newcomers to learn about problems and best practices.This year's panel addresses the phishing problem, which has been the focus of much discussion in the media and in technical forums. At SOUPS we will discuss the various approaches that have been proposed to stop or blunt phishing attacks and debate which approach or approaches are most worthy of an investment of time, skill, and money. The program also features an invited talk by Austin Hill that will provide insights on usable security from a corporate perspective.Finally, the SOUPS 2006 program includes three parallel "discussion" sessions, featuring moderated discussion on a topic of interest to attendees. Discussion sessions have been organized around the following topics: "Johnny Can Obfuscate: Beyond Mother's Maiden Name," "Teaching Usable Privacy and Security," and "Policy Management: A Central Theme for Usable Privacy and Security Systems." Other discussion sessions may be added depending on interest. We hope the informal, small group format will lead to lively and productive interactions.
Proceeding Downloads
Aligning usability and security: a usability study of Polaris
Security software is often difficult to use thus leading to poor adoption and degraded security. This paper describes a usability study that was conducted on the software 'Polaris'. This software is an alpha release that uses the Principle of Least ...
An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench
Today organizations do not have good ways of linking their written privacy policies with the implementation of those policies. To assist organizations in addressing this issue, our human-centered research has focused on understanding organizational ...
Intentional access management: making access control usable for end-users
The usability of access control mechanisms in modern distributed systems has been widely criticized but little studied. In this paper, we carefully examine one such widely deployed access control mechanism, the one embedded in the WebDAV standard, from ...
Passpet: convenient password management and phishing protection
We describe Passpet, a tool that improves both the convenience and security of website logins through a combination of techniques. Password hashing helps users manage multiple accounts by turning a single memorized password into a different password for ...
Password management strategies for online accounts
Given the widespread use of password authentication in online correspondence, subscription services, and shopping, there is growing concern about identity theft. When people reuse their passwords across multiple accounts, they increase their ...
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords
Previous research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased ...
Human selection of mnemonic phrase-based passwords
Textual passwords are often the only mechanism used to authenticate users of a networked system. Unfortunately, many passwords are easily guessed or cracked. In an attempt to strengthen passwords, some systems instruct users to create mnemonic phrase-...
Decision strategies and susceptibility to phishing
Phishing emails are semantic attacks that con people into divulging sensitive information using techniques to make the user believe that information is being requested by a legitimate source. In order to develop tools that will be effective in combating ...
The methodology and an application to fight against Unicode attacks
Unicode is becoming a dominant character representation format for information processing. This presents a very dangerous usability and security problem for many applications. The problem arises because many characters in the UCS (Universal Character ...
Web wallet: preventing phishing attacks by revealing user intentions
We introduce a new anti-phishing solution, the Web Wallet. The Web Wallet is a browser sidebar which users can use to submit their sensitive information online. It detects phishing attacks by determining where users intend to submit their information ...
Privacy and security threat analysis of the federal employee personal identity verification (PIV) program
This paper is a security and privacy threat analysis of new Federal Information Processing Standard for Personal Identity Verification (FIPS PUB 201). It identifies some problems with the standard, and it proposes solutions to those problems, using ...
Protecting domestic power-line communications
In this paper we describe the protection goals and mechanisms in HomePlug AV, a next-generation power-line communications standard. This is a fascinating case-history in security usability. There are also novel protocol issues; interactions with ...
Power strips, prophylactics, and privacy, oh my!
While Internet users claim to be concerned about online privacy, their behavior rarely reflects those concerns. In this paper we investigate whether the availability of comparison information about the privacy practices of online merchants affects users'...
Seeing further: extending visualization as a basis for usable security
- Jennifer Rode,
- Carolina Johansson,
- Paul DiGioia,
- Roberto Silva Filho,
- Kari Nies,
- David H. Nguyen,
- Jie Ren,
- Paul Dourish,
- David Redmiles
The focus of our approach to the usability considerations of privacy and security has been on providing people with information they can use to understand the implications of their interactions with a system, as well as, to assess whether or not a ...
Cited By
-
Butler R and Butler M (2018). Some password users are more equal than others: Towards customisation of online security initiatives, SA Journal of Information Management, 10.4102/sajim.v20i1.920, 20:1
-
Butler R and Butler M (2015). The password practices applied by South African online consumers: Perception versus reality, SA Journal of Information Management, 10.4102/sajim.v17i1.638, 17:1
Recommendations
Acceptance Rates
| Year | Submitted | Accepted | Rate |
|---|---|---|---|
| SOUPS '09 | 49 | 15 | 31% |
| Overall | 49 | 15 | 31% |