About
CUPS is the Carnegie Mellon Usable Privacy & Security Lab, which is presently hosting SOUPS the Symposium on Usable Privacy & Security at Google in Mountain View, CA.
Recent Posts
What is access control? Its a specification of policy, who can do what to whom?
Systems that use named groups allow for a level of indirection. Users don’t need to know the exact content of a group just the properties of it.
Access control is hard to use! People avoid it and try and [...]
Paper presented by Rob Reeder.
Looked at the “secret” questions used by the top four webmail providers. The problem with secret questions are that 1) some random person could guess it 2) your significant other could guess it 3) you could forget it. So why not just use your email account to verification? What happens when [...]
Presented by Patrick Gage Kelley
http://cups.cs.cmu.edu/soups/2009/proceedings/a4-kelley.pdf
Privacy policies are difficult to read. We examined the warning science and labeling literature (nutrition, energy) to guide our work in designing a new privacy label. The FTC commissioned a study to design a label for financial privacy.
First iteration: Text-based label with category boxes, a list view.
Second iteration: Grid-based visualization to allow users [...]
Paper presented by Linda Little.
In this research the authors tried to look at the data very broadly. Linda told us that she intends to focus heavily on the methodology which she thinks will be very helpful to this audience.
Each of us carry around many different devices in our daily lives. If someone else starts [...]
Paper
The author presented two social navigation systems intended to assist users with privacy and security decisions by showing them the solutions others used. He then discussed the various issues that arose from using these systems.
Audience questions:
You had a small number of users so there were a very small number of experts? Other work I [...]
As presented yesterday at the poster session, which was fun , here is the link to the web-based demo and some information.
http://homes.esat.kuleuven.be/~rpeeters/usability/
Things That Think is the collective of mobile devices with computational power and storage capabilities. By combining these devices in a network of personal devices we can achieve threshold security. A honest [...]
Presented by Ponnurangam Kumaraguru (PK) from the CUPS lab at CMU.
Phishing attacks work, in 2005 73 million adults received more than 50 phising attacks. There are many different strategies for dealing with Phishing attacks. 1) Eliminate the threat 2) warn users about the threat 3) educates users about Phishing attacks. The speakers focus is [...]
There are more SOUPS 2009 blog posts availible at usablesecurity.com.
The Think Evil tutorial (slides) talks about how attackers and defenders react to each other.
Netalyzr
When security people want to measure the network?
The speaker’s group built a system called Netalyzr which tests “your Internet connection for signs of trouble.” The application test for many different things to determine if there is anything sitting between the user [...]
The Think Evil tutorial (slides) talks about how attackers and defenders react to each other.
Intro/Casinos
As a first example we looked at casino cheating. Casinos have an interesting problem because 1) money is involved 2) there is no hope of negotiating with the attackers 3) determining the difference between a good and bad player is [...]
© CUPS Blog. Powered by WordPress using the DePo Clean Theme.