SOUPS 2006

July 12-14, 2006
Pittsburgh, PA

Symposium On Usable Privacy and Security

Security User Studies Workshop

Organizers: Simson Garfinkel, Rob Miller

Web Browsing

ZIP fileWeb Browser Security Cues Eyetracking Study: A Construction Kit

Tara Whalen, Kori Inkpen, Dalhousie University

This construction kit contains material for an eye-tracking study on browser security cues. The full study and results were published in Whalen, T., Inkpen, K. "Gathering Evidence: Use of Visual Security Cues in Web Browsing." Graphics Interface, 2005.

ZIP fileUser Study for the Web Wallet Prototype

Min Wu, Massachusetts Institute of Technology

The Web Wallet is a browser sidebar which users can use to submit their sensitive information online This construction kit contains material for simulated phishing attacks in a lab study, along with the source code for a prototype of the Web Wallet. The full study and results are published in Min Wu, Robert C. Miller and Greg Little, “Web Wallet: Preventing Phishing Attacks by Revealing User Intentions,” Symposium on Usable Privacy and Security, July 2006.

Passwords

ZIP filePassword Interface Study Construction Kit

Richard M. Conlan, Peter Tarasewich, Northeastern University

The study described herein is focused on how the design of the interface affects the quality of passwords. The study was published in Conlan, R., Tarasewich, P., "Improving Interface Designs to Help Users Choose Better Passwords," CHI, April 2006.

ZIP fileMaterials for a Usability Study of Password Managers

Sonia Chiasson, Robert Biddle, P.C. van Oorschot, Carleton University

This construction kit contains the materials used to conduct a usability study of two password managers. A paper based on this work will be published as Sonia Chiasson, P.C. van Oorschot, and Robert Biddle, “A Usability Study and Critique of Two Password Managers,” 15th USENIX Security Symposium, August 2006.

ZIP fileConstruction kit for Password Management Strategies for Online Accounts

Shirley Gaw, Princeton University

This construction kit contains materials for a study of password selection and management behavior. The full study and results are published as Shirley Gaw and Edward W. Felten, "Password Management Strategies for Online Accounts", Symposium on Usable Privacy and Security, July 2006.

Email

ZIP fileNotes Execution Control List (ECL) User Study Construction Kit

Mary Ellen Zurko, IBM

This kit contains materials for an “in the wild” study of the ability of sites and users to set and adhere to secure defaults for their Notes protections on active content, called Execution Control Lists (ECLs). Much of the background of the study is in Mary Ellen Zurko, Charlie Kaufman, Katherine Spanbauer, and Chuck Bassett, “Did You Ever Have To Make Up Your Mind?: What Notes Users Do When Faced With A Security Decision”, 18th Annual Computer Security Applications Conference (ACSAC), 2002.

ZIP fileThe Johnny 2 Construction Kit for Testing Email Security

Simson Garfinkel, Massachusetts Institute of Technology

This construction kit contains materials for a study of how users respond to social engineering through email, with and without digital signatures. The full study and results are published as Garfinkel, S., Miller, R., "Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express", Symposium on Usable Privacy and Security (SOUPS 2005), July 6-8, 2005, Pittsburgh, PA.