About
CUPS is the Carnegie Mellon Usable Privacy & Security Lab, which is presently hosting SOUPS the Symposium on Usable Privacy & Security at Google in Mountain View, CA.
Recent Posts
What is access control? Its a specification of policy, who can do what to whom?
Systems that use named groups allow for a level of indirection. Users don’t need to know the exact content of a group just the properties of it.
Access control is hard to use! People avoid it and try and [...]
Presented by Patrick Gage Kelley
http://cups.cs.cmu.edu/soups/2009/proceedings/a4-kelley.pdf
Privacy policies are difficult to read. We examined the warning science and labeling literature (nutrition, energy) to guide our work in designing a new privacy label. The FTC commissioned a study to design a label for financial privacy.
First iteration: Text-based label with category boxes, a list view.
Second iteration: Grid-based visualization to allow users [...]
PCI DSS is Payment Card Industry Data Security Standard, a collaborative effort to achieve a common set of security standards for use by entities that process, store, or transport payment card data. This applies to: all merchants that “store, process, or transmit cardholder data” and all payment channels including brick-and-mortar, mail, telephone, and e-commerce.
PCI Standards
Install [...]
Paul Dunphy, James Nicholson and Patrick Olivier
Study 1:
18 participants (9m, 9f) , 45 faces (27f, 18m)
Record descriptions of 15 faces each
Results: Females made longer descriptions, used more words to describe them
Study 2:
56 partcipants (31m, 25f)
Within-subject with conditions:
Random decoys
Visually similar decoys (used a separate set of participants to group similar matches)
Descriptively similar decoys
Task: participant to [...]
SOUPS gets lots of press each year and we will be collecting as we see it in this post.
Analyzing Websites for User-Visible Security Design Flaws by Laura Falk, Atul Prakash and Kevin Borders has already been cited in a number of articles and posts including:
Information Week: Most Bank Sites Are Insecure
Slashdot: Most Bank Websites Are [...]
Ari Rabkin
Summary: Due to an environment where information sharing is common, security questions are becoming easier and easier to attack. What to do? Redesign security questions so that they are not easily attackable. Add additional elements (i.e. audio or video) that can still be easy for the user to remember, but unique to the user.
Security [...]
Towards a Science of Security and Human Behaviour
Summary: Economics, Sociology, and Psychology can give important insights on security and how to make it more effective. The current incentive structure makes it so that users are left to their own devices, mistakes, and misconceptions.
Security to Economics, How did I get there?
- People used to think security [...]
Persuasive Cued Click-Points is a system used to help persuade users to create better passwords.
We have created the Persuasive Text Passwords System(PTP). The system lets the user write a simple word and the system will insert random characters to create a more secure password. If the user dislikes the password they [...]
The Workshop on Usable IT Security Management was opened today with a talk by Robin Ruefle a member of CERT on Human and Organizational Aspects of Security Incident Management.
She opened with a brief history of CERT and a discussion of how important having an incident management plan is. For example when the Morris Worm [...]
Congrats to the best paper award winners!
Philip Inglesant, M. Angela Sasse, David Chadwick, and Lei Lei Shi for the paper Expressions of Expertness: The Virtuous Circle of Natural Language for Access Control Policy Specification (pdf).
© CUPS Blog. Powered by WordPress using the DePo Clean Theme.