Symposium On Usable Privacy and Security

TUTORIALS

Designing and Evaluating Usable Security and Privacy Technology

There has been increasing interest in usable security and privacy technologies, and studies that try to assess whether the technologies or services meet usability and security requirements. As always in multi-disciplinary research fields, there is a challenge of developing experimental designs, methods and criteria that lead to valid answers.

Thus, the aims of the tutorial are

1. To present a contextual approach to designing usable security and privacy technologies and services,
2. To review available experimental designs and methods for assessing usability and security of such technologies and services, and
3. To discuss how to apply these to gain valid results for research and commercial practice.

The first part of the tutorial will demonstrate how to apply the mantra "know your users, their tasks, and the context of use" in the design of potential security technologies in order to design with usability in mind. An in-depth understanding of both usability and security requirements and constraints must not only guide the developments of prototype or design mock-ups and user scenarios, but also the questions to be addressed in the evaluation, and how the evaluation is performed. The design of the evaluation needs to consider the threats to internal and external validity of the data. The tutorial will apply this to both research and commercial practice investigations.

We plan to use de-identified case study examples of mistakes made at each step as a way of educating the participants and stimulating questions and conversations about the material.

Target audience: Researchers and practitioners involved in the design, development and assessment of technologies or services that include a security or privacy element – e.g. new authentication mechanisms, privacy-enhancing technologies, policy authoring tools.

Tutorial Leaders:

M. Angela Sasse is the Professor of Human-Centred Technology in the Department of Computer Science at UCL. Since joining UCL in 1990, her research has focused on shaping the design of emerging communication technologies and services, particularly Internet-based ones. A key motivation of her research is that new technologies should be “fit for purpose”, support and enhance (individual and collective) human goals and activities, and provide a good return on investment. This means investigating the performance of systems in real operational contexts, and looking at the impact that a particular technology has on individual and organizational users. Since 1996, she has been developing a human-centred perspective on security, privacy, and trust. Her early research on users’ problems with passwords (with Anne Adams) is one of the most widely cited papers on usable security, and has been re-printed as a “classic” in Cranor & Garfinkel’s Usability and Security. She teaches a Masters-level course on People and Security at UCL and Oxford University, and has supervised 6 PhDs on these topics as first supervisor (Adams 2001, Brostoff 2004, Flechais 2005, Riegelsberger 2005, Weirich 2005, Keval 2008). She has been Principal Investigator on over 20 research projects – current long-term projects include Trust Economics, led by HP Labs, and Privacy Value Networks, led by the Oxford Internet Institute. She has (co)authored over 100 peer-reviewed publications (including 4-5 each in ACM CHI, ACM Multimedia, International Journal of Human-Computer Studies and the ACM New Security Paradigms Workshop), and was a co-author of the Best Paper Award winner at SOUPS.

Clare-Marie Karat is a Research Staff Member in the Policy Lifecycle Technologies department at the IBM TJ Watson Research Center in Hawthorne, NY. Dr. Karat conducts HCI research in the areas of policy, privacy, security, usability methods, and personalization. Dr. Karat leads the Server Privacy Architecture and Capability Enablement (SPARCLE) Policy Workbench research project to provide organizations and external users with the capability to effectively manage the personal information held by organizations (www.research.ibm.com/sparcle). She also has technical leadership roles in the Army Research Laboratory International Technology Alliance (ARL ITA) project on security policy management of information in mobile adhoc networks, IBM’s Open Collaborative Research on Policy Frameworks for Security and Privacy project with academic colleagues at CMU and Purdue Universities, and the National Security Agency High Assurance Platform project to improve secure information sharing. She has chaired international conferences and held a variety of technical committee roles in the ACM CHI, HFES, IFIP INTERACT, and SOUPS conferences. Dr. Karat has = presented keynote addresses, taught seminars, published numerous papers in technical journals and conference proceedings, and contributed to many books in the fields of HCI, policy, privacy, security, and personalization.

Roy Maxion is on the faculty of the Computer Science and Machine Learning Departments at Carnegie Mellon University. He is also director of the CMU Dependable Systems Laboratory where the range of activities includes computer security, biometric authentication, insider/masquerader detection, and keystroke forensics in addition to general issues of hardware/software system reliability and information assurance. A primary interest/concern is the correctness and completeness of experimental methodologies. He teaches a course on Research Methods for Experimental Computer Science. He has been program chair of the International Conference on Dependable Systems and Networks, member of the executive board of the IEEE Technical Committee on Fault Tolerance, the United States Defense Science Board, the European Commission AMBER advisory board, and other professional organizations. He has consulted for the US Department of State as well as for numerous industry and government bodies. He is on the editorial boards of the IEEE Transactions on Dependable and Secure Computing, the IEEE Transactions on Information Forensics and Security, and the International Journal of Security and Networks. Dr. Maxion is a Fellow of the IEEE.

Think Evil (tm)

INVITED TALK

Eric Sachs - Redirects to login pages are bad, or are they?

PANEL

Usability of Security Software - Is Open Source a Positive, Negative, or Neutral Factor?

What are the differentiating factors between open source and conventional software, and how do they affect the usability of security interfaces?

• Moderator: Luke Kowalski, Corporate UI Architect, Oracle
• Stuart Schechter, Microsoft Research
• David Sward, Director of User Centered Design, Symantec
• Nancy Frishberg, User Experience Strategist and BayChi chair
• David Recordon, Open Platforms Tech Lead, SixApart
• Rashmi Sinha, CEO, SlideShare

POSTERS

DISCUSSION SESSIONS

Short and long term research suggestions for NSF and NIST

Moderator: Nancy Gillis, National Academy of Sciences

The Computer Science and Telecommunications Board (CSTB) of the National Academies is hosting a Usability, Security and Privacy workshop in Washington DC on July 21 and 22nd, focused on identifying new usable security and privacy research areas for the benefit of NSF and NIST. Participants in this session will brainstorm to identify new "out of the box" research areas or to expand upon the list of pre-identified research questions:

Metrics: What metrics should we be using to measure usable security? How can we collect data to apply these metrics? How do we know when we’ve got the appropriate data? How do we conduct user studies that provide accurate measurements in real world or realistic laboratory conditions? What is the unit of measurement of usable security? How do we measure the ROI on usable security? How might losses due to poor user design for security and privacy be quantified? If yes, how might that information be used to improve usability in support of security and privacy?

Standards: Are we ready for developing a "usable security" standard? How viable is it? What is required to develop one? Who would develop it? 3. Economic Incentives How do people perceive the value of information? If individuals are less motivated to protect "cheap" information versus "expensive" information, can we create an associated security system?

Methods/Mental Models: We can apply human factors/cognitive science methods (e.g., usability analysis, cognitive task analysis, safety/error analysis, etc.) to issues and case studies. What might we learn from such applications? What research is needed to identify relationships or interactions among variables (such as trust and privacy values) that lead to more complex influences on usable security compared to usability of traditional IT systems? How can we get to the users conceptual models and pair those models with security models?

Ecological Validity in Studies of Security and Human Behaviour

Moderator: Andrew Patrick

Conducting research on human behaviour in a security context is hard, and it is often difficult to witness authentic behaviour in a laboratory environment. Ecological validity refers to the extent to which the results of a test or experiment can be applied to the real-life of the people being studied. Using a series of case studies from research on security-related behaviours, Dr. Patrick will lead a discussion about the nature of validity in research, the issues surrounding ecological validity, and research techniques that can be used to increase the validity of security studies.

Invisible HCI-SEC: Ways of re-architecting the operating system to increase usability and security

Moderator: Simson Garfinkel, Naval Postgraduate School

Most work in the field of HCI-SEC has looked at ways of improving the user interface to improve security. In this break-out discussion, we will look for a different path -- zero-visibility, zero-interaction changes to applications and operating systems that will have the impact of increasing security and usability and the same time. Examples include: modifying file erase commands so that erased files are actually deleted; using cryptographic disk erasure, so that disks can be "erased" instantly (by forgetting the key); providing for automatic backup of critical files through cloud computing. In this break-out session, we will chart other ways that usability and security can be aligned at the system level.

Technology transfer of successful usable security research into product

Moderator: Mary Ellen Zurko, IBM

Technology transfer in any area is a notoriously difficult problem. Yet it is also universally desirable. Researchers want to see their work deployed and used successfully. Products want to have leading edge features that give them a competitive edge. This discussion session will bring together the members of the SOUPS community interested or experienced in such matters. How do we know when our research is ready for technology transfer? What are the avenues? What has been done successfully? What has been tried and failed? We ask both researchers and product people to come with their stories, to begin to build up a corpus or oral history around this area.

The family and communication technologies

Moderator: Linda Little, PaCT Lab, Northumbria University, UK

New communication technologies are increasingly being used in family and social contexts to support and extend relationships. Yet the social aspects of these communication technologies and impact upon family life are often overlooked by researchers and designers keen to create task-based products. With this in mind there is a need to consider and focus on the social aspects of communication technologies within the family if we are to better understand how and why people are using and adapting communication technologies to suit their family and social lives. Of course, the family also plays an important role in how society functions; it acts as a primary source for the development of socialization skills and moral values. However, we need to acknowledge that decision making and value setting differ between family groups. Moreover, we must recognise that families are becoming more dispersed and consequently changing the ways they communicate. The family no longer refers solely to a core group of two parents and 2.4 children. Families are diverse both in their structure and function. Divorce, step-family relationships and multigenerational bonds are all altering familial structures. There is frequent speculation regarding the future of the family and that this leads to assumptions of a general deterioration in family bonds. This deterioration is regularly associated with the increased physical distance between family members. The further apart family members live, the greater the negative effect on any subsequent interactions. Questions naturally arise related to social and moral values, trust, privacy, disclosure, exclusion, status within the home and also the impact upon the home/work/leisure divide. This discussion will consider the issues of context, purpose and benefit to see if we can build up a richer, more detailed account of real technology usage and impact upon family life.

How does the emergence of reputation mechanisms affect the overall trust formation mechanisms, implicit and explicit, in the online environment?

Moderator: Kristiina Karvonen, Helsinki Institute for Information Technology (HIIT)

Reputation systems are used in internet services where users need to make trust decisions concerning people and data they do not know beforehand. Reputation guides users' decision making, and e.g. in eBay, high reputation can lead to price premiums. Users need to make their trust decisions based on any data available, e.g. object description, logos, user history, and so on. They also need to induce data reflecting other users' satisfaction with the other actors, such as number of actions, ratings and possible comments. Also, their own previous experience and personality strongly affect what it takes for them to trust a service or not.

Online trust formation has many ingredients and has been widely researched on from various viewpoints, including technical, legal, social, psychological and philosophical. What makes for a success story for a reputation mechanism, where security is a real issue? How to build interaction in such a way that it enhances the quality of trust decisions made? What is the relative value of personal experiences as compared with information gained from available reputation mechanisms for the trust formation process? Is there a way to gather the information about user opinions related to their trust to various objects and web resources and, at the same time, preserve user privacy?