July 18-20, 2007
Pittsburgh, PA


Call for participation





SOUPS 2005
SOUPS 2006

Symposium On Usable Privacy and Security


The following is a preliminary program, subject to change.

Wednesday, July 18

8 - 9 am: Breakfast and registration (CIC atrium)

9 am - noon:
Workshop on Usable IT Security Management - CIC DEC
Tutorial: Protocol ABCs/Why should I care if your certificate has expired? (Newell-Simon Hall Room 3305)

Noon - 1pm: Lunch - (Newell-Simon Hall Atrium)

1 - 3:45 pm:
Workshop on Usable IT Security Management - CIC DEC
Tutorial: Hands-On Usability Testing (Newell-Simon Hall Room 3305)

4 - 6 pm: Poster session and reception (Newell-Simon Hall Atrium)

Thursday, July 19

Thursday's and Friday's events will be held in the Distributed Education Center (DEC) on the L level of the Carnegie Mellon Collaborative Innovation Center (CIC), unless otherwise noted. Lunches will be held in Newell-Simon Hall room 3305.

8 - 9 am: Breakfast and registration (CIC atrium)

9 am - 10:15 am: Opening session

10:15 - 10:45 am: Break

10:45 am - 12:15 pm: Technical paper session: Passwords, Chair: Simson Garfinkel

12:15 - 1:15 pm: Lunch (Newell-Simon Hall Room 3305)

1:15 - 3:15 pm: Technical paper session: Privacy and access control, Chair: Clare-Marie Karat

3:15 - 3:45 pm: Break

3:45 - 5 pm: Panel:Multi-factor authentication for online banking: Security or snake oil?

6 - 9 pm: Dinner and bowling at the Pittsburgh Athletic Association private bowling facility (walking distance from CMU and Holiday Inn)

Friday, July 20

8 - 9 am: Breakfast and registration (CIC atrium)

9 - 10:30 am: Technical paper session: Training and such, Chair: Ka-Ping Yee

10:30 - 10:45 am: Break and move to discussion session rooms

10:45 am - noon: Discussion Sessions (CIC 1305, CIC 2201, CIC DEC, NSH 3001)

Noon - 1 pm: Lunch (Newell-Simon Hall Room 3305)

1 - 2:30 pm: Technical paper session: SOUPS du jour, Chair: Lujo Bauer

2:30 - 3:00 pm: Closing session

3:00 pm: Ice cream social


Protocol ABCs/Why should I care if your certificate has expired?

Glenn Durfee (Presenter) and Diana Smetters

Wednesday morning

Modern network security is based on a bewildering alphabet soup of protocols: SSL/TLS, IPSec, WEP/WPA/802.1X, KERBEROS, and many others. Many or all of these protocols rely on public key cryptography for authentication. In current practice, that usually means the use of digital certificates, often in the context of a Public Key Infrastructure (PKI). While all of these things are powerful and useful tools for building secure systems, today they are almost always applied in ways which are completely confusing for the users they are intended to protect. As system designers and implementors are often themselves confused by the details of cryptographic protocols and digital certificates, they often use those tools ineffectively, or resort to asking users to think directly in terms of low-level security concepts.

What are these protocols? What are digital certificates? Why are they designed the way they are? When, and how, should you use them? What aspects of them actually matter to end-user security? Of those, what does a user actually need to know, or care about -- if any? Should your mother really send her credit card number to Should she care if their digital certificate has expired? Does she need to know? Why doesn't this keep her from getting phished?

This tutorial is intended to be a crash course in security protocols and digital certificates for designers and researchers intent on building and evaluating secure systems with an eye to making them more usable. We will look at protocol design and public key-based authentication in the context of some of the protocols you are most likely to encounter in daily life -- e.g. SSL/TLS and WEP/WPA (802.11 wireless security). We will evaluate the things current systems do well, and where they fail, and consider alternate ways to use these tools to build more effective, more usable systems. This tutorial does not require any cryptographic or mathematical background; and is meant to be accessible to a mostly non-technical audience. It will consist of a mix of lecture, demos, and hands-on exercises looking at real network traffic.


Dr. Glenn Durfee is a Member of Research Staff in the Computing Science Laboratory at PARC. He holds a Ph.D. in computer science from Stanford University, and a Master's degree in mathematics and a B.S. in computer science from Carnegie Mellon University. Dr. Durfee's research interests are in usable security, security for wireless and mobile devices, and applied cryptography. His research activities have been funded by DARPA, NIST, and several corporations.

Dr. Diana Smetters is a Senior Member of the Research Staff in the Computing Science Laboratory at PARC. Dr. Smetters' research interests are in usable security, network security, and applied cryptography. She received her Ph.D. at M.I.T. and came to PARC after both postdoctoral research and several years in industry. Her research activities have been funded by DARPA, NIST, Xerox, and other industry sponsors.

Hands-On Usability Testing

Mike Atyeo (Presenter)

Wednesday afternoon

Usability testing doesn't require lots of planning, special facilities, lots of users and therefore lots of money! Usability testing can be part of a rapid, iterative, flexible and cost-effective process that delivers powerful data to drive design decisions.

In this half-day interactive workshop you will get to know some of the techniques of usability testing; how it fits into the development process; the kind of information that comes out of usability testing and how to interpret it - and run your very own usability test!

Bio: Mike Atyeo provides strategic design consultancy at Neo Insight, based in Ottawa, Canada. He has had over 25 years of industry experience, including many years as a human factors specialist for British Telecom. He built the first Interaction Design team in British Telecom (BT), prototyped their first multi-media applications and directed a corporate usability programs. Since co-founding Neo Insight in 2002, Mike has led many Customer Experience projects for government and high-tech clients. He has degrees in Psychology and Computer Science. Mike has published and presented on Human Factors techniques at international conferences, run workshops as part of the UK Government's 'Usability Now!' initiative, and chaired CapCHI in Ottawa.


Marcia Lausen - Design for Democracy: Ballot + Election Design

							  Lausen photoIn November 2000, a confusing ballot in a closely contested presidential election brought national attention to the need for improved election design. It also provided a rare opportunity for design leaders, researchers, educators, and students to step forward and demonstrate how design can help make choices clear.

Lausen will speak about Design for Democracy, a strategic initiative of AIGA. Design for Democracy advocates for the application of design principles and solutions to improve government communication and it seeks to use the power of information design to increase trust in government, to increase the transparency of government activities, and to facilitate citizen participation.

Marcia Lausen is an outspoken advocate for the power of design in corporate, consumer, and civic communications. Her experience in all three sectors is reflected in the client list of Studio/lab, an award- winning multidisciplinary design consulting firm which she co-founded with colleages in San Francisco and Chicago. Professor of graphic design at the University of Illinois at Chicago, Lausen also serves as Director of the School of Art and Design. She received her MFA in graphic design from Yale University and BFA in graphic design from Indiana University. Marcia is currently serving on the AIGA national board. She was named a Fast Company Master of Design in 2004 for her work with Design for Democracy.


Multi-factor authentication for online banking: Security or snake oil?

The proliferation of phishing, pharming and other forms of online fraud has lead to decreasing confidence in many forms of online banking and commerce. Many of the attacks work by stealing authenticating data or manipulating authentication processes. The problem became so worrisome that in late 2005 the FFIEC (Federal Financial Institutions Examination Council) mandated that all U.S. online banking sites would be required to have two-factor authentication schemes by the end of 2006. The result is there are a number of different multi-factor systems now being used on the web. In this panel, we will consider several of the multi-factor systems that have been deployed by several banks, and how effective they are from security, usability and economic perspectives. We will consider their effectiveness to the "average" user, as well as their effect in preventing current and future fraudulent attacks, such as phishing.



A Usability Evaluation of a Home Monitoring
Rajah James, Aleecia M. McDonald, Robert McGuire and Woo Tae Kim

Establishing Darknet Connections: An Evaluation of Usability and Security
John Bethencourt, Wai Yong Low, Isaac Simmons and Matthew Williamson

Defeat Spyware With Anti-Screen Capture Technology Using Visual Persistence
Johnny Lim

Detecting, Analyzing and Responding to Security Incidents: A Qualitative Analysis
Rodrigo Werlinger, David Botta and Konstantin Beznosov

Helping Users Create Better Passwords: Is this the right approach?
Alain Forget, Sonia Chiasson and Robert Biddle

Perception and Acceptance of Fingerprint Biometric Technology
Rosa Heckle, Andrew Patrick and Ant Ozok

Secure Software Installation in a Mobile Environment
Andreas Heiner and N. Asokan

Examining Privacy and Disclosure in a Social Networking Community
Katherine Strater and Heather Richter

A Survey of Privacy Concerns With Dynamic Collaborator Discovery Capabilities
Robert Marchant

Graphical Passwords & Qualitative Spatial Relations
Di Lin, Paul Dunphy, Patrick Olivier and Jeff Yan

Vidalia: Towards a Usable Tor GUI
Matthew Edman and Justin Hipple

Is FacePIN Secure and Usable?
Paul Dunphy and Jeff Yan

End User Concern about Security and Privacy Threats
Joshua Gross and Mary Beth Rosson

TwoKind Authentication: Usable Authenticators for Untrustworthy Environments
Katelin Bailey, Linden Vongsathorn, Apu Kapadia, Chris Masone and Sean Smith

Seven Privacy Worries in Ubiquitous Social Computing
Sara Motahari, Constantine Manikopoulos, Roxanne Hiltz and Quentin Jones

Privacy Implications for Single Sign-on Authentication In a Hospital Environment
Rosa Heckle and Wayne Lutters


UW2SP: Usable Web 2.0 Security & Privacy

Moderator: Larry Koved (IBM T.J. Watson Research Center)

The goal of this discussion session is to establish new collaborations in topics related to usable security for Web 2.0 security and privacy. Web 2.0 is about connecting people and amplifying the power of working together through the web. This confluence of technology and social interaction is occurring in the context of a wave of technologies supporting rapid application development that is straining both the infrastructure and usability of Web security and privacy. There are challenging issues with respect to the usability of management of identities, reputation, privacy, anonymity, transient and long term relationships, and composition of function and content, both on the server side and inside the web browser. While some security and privacy issues are not new (many of these issues already exist with portal servers and browsers), security and privacy issues are increasingly becoming acute as Web 2.0 technologies are adopted and adapted to appeal to wider audiences. Routinely these technologies deliberately bypass existing security and privacy mechanisms. This discussion is a follow-up to the successful W2SP workshop held in May in Oakland, but with a focus on usability.

Larry Koved is a Research Staff Member (RSM) and manager at the IBM T.J. Watson Research Center in Hawthorne, N.Y. One of his current research focus areas is internet security, with a focus on Web 2.0 security and privacy challenges. Recognizing that that security and privacy has not kept pace with the adoption of newer internet technologies supporting Web 2.0, Larry persuaded Dan Wallach (Rice University) to be the co-chair for the W2SP workshop at the 2007 IEEE Symposium on Security and Privacy. Larry's other current research interests are in making security more accessible to ordinary programmers. Prior to his move to security, Larry worked on a number of HCI projects, including hypertext, mobile computing and virtual reality. See

Standardizing Usable Security and Privacy: Taking It To the Next Level, or Settling for Less?

Moderators: Mary Ellen Zurko (IBM) and Maritza Johnson (Columbia University)

This discussion session will consider the relationship between standards and standardization, and usable security and privacy, including where we are today, and where the usable security and privacy community would like to see that relationship go in the future. To the extent that standardization increases interoperability and homogeneity, it has the potential to make usable security and privacy more familiar and predictable to users of all kinds. Standards in usable security and privacy can build on existing research, and provide a foundation for new research. It can also enable customers to compare and contrast claims in the area, raising the bar on minimum expectations, and decreasing the specialist knowledge needed to take those claims into consideration. On the other hand, standardization can enshrine the lowest common denominator, or promote a raft of abstract and confusing options that may or may not achieve the original goal. We're particularly interested in hearing from members of the community with experience in existing standards in usability, with the impact that P3P (or other privacy standards) has had on usable privacy, and voting as an application needing future standards in this area. The discussion leaders are active participants in W3C's working group on usable security, and will bring their perspective based on their experience so far, including security usability testing challenges in a standards context.

Mary Ellen Zurko (Mez) leads security architecture and strategy for Lotus Workplace, Portal, and Collaboration Software at IBM. She defined the field of User-Centered Security in 1996. She is on the steering committee for New Security Paradigms Workshop and the International World Wide Web Conference series (she was co-chair for WWW2007 in Banff). She has worked in security since 1986, at The Open Group Research Institute and Digital Equipment Corporation, as well as IBM. She is a contributor to the O'Reilly book "Security and Usability: Designing Secure Systems that People Can Use." Her vita is at She is the chair of the W3C Web Security Context Working Group.

Maritza Johnson is a Ph.D. student at Columbia. Her research interests are in human-computer interaction and human factors and how they relate to and affect the usability of security. Her current projects include creating a recommended procedure for evaluating the usability of technologies for authenticating a financial institution to the customer on the web (in collaboration with the FSTC), in addition to participation in this working group. She is a newcomer to the field, but is currently steeped in projects that heavily rely on effective user studies and their results.


One Laptop Per Child Security

Moderator: Ivan Krstic

A paper on Bitfrost, the One Laptop per Child security architecture, is being presented later at SOUPS. Usability was a crucial concern in the system's design, and we believe Bitfrost will resist many security problems seen with today's computers. In this discussion session, however, we wish to focus on problems that Bitfrost doesn't solve. This includes both problems whose solutions were too hard to design or implement and problems that simply don't have clear solutions, ranging anywhere from child-friendly authentication schemes to comprehensive browser security. Technical concerns aside, it should be noted that the OLPC project is unique in bringing computing to a generation that has largely had no prior high technology exposure. A number of today's computer security problems stem from misguided expectations exerted by the end users, but retroactively training hundreds of millions of users in security is a sheer impossibility. What if a generation can be brought up with the right kind of security thinking? What would we want to teach them, and how? We're open to hearing ideas about specific technical approaches (picture authentication, petnames in the browser) as well as discussing the wider possibilities of delivering usable security as a means of raising a security-literate generation.

Ivan Krstic ( is on leave from Harvard University, leading security architecture for One Laptop per Child. He is the author of OLPC's Bitfrost security platform, which is his first step out of the comfort of the backend systems security cave and towards security that directly deals with users. He dislikes writing about himself in the third person, but continues to have high hopes for usable security proving to be a functional bridge between excellent security work in the academia, and the deeply unsatisfactory state of security in mainstream computing.


SOUPS is sponsored by Carnegie Mellon CyLab.