SOUPS
  2010

July 20-22, 2011
Pittsburgh, PA

SOUPS Home

Call for participation

Registration

Program

Venue

Organization

Symposium On Usable Privacy and Security

Program

The following is a preliminary program, subject to change.

All sessions will take place in the Gates-Hillman Center Rashid auditorium (GHC 4401) unless otherwise stated

Wednesday, July 20

8 - 9 am: Breakfast and registration, GHC 4405

9 am - 12 pm: Workshops and Tutorials

12 - 1 pm: Lunch, Newell-Simon Hall Atrium

1 - 4 pm: Workshops and Tutorials

4 - 6 pm: Poster session, Newell-Simon Hall Atrium

6:00 - 8:00 pm: Dinner BBQ, Newell-Simon Hall Atrium

Thursday, July 21

8 - 9 am: Breakfast and registration, GHC 4405

9 am - 10:30 am: Opening session

  • Welcome and best paper award presentation
    • Lorrie Cranor, SOUPS General Chair
    • Heather Lipford and Stuart Schechter, SOUPS Technical Papers Co-Chairs
  • Invited talk: Edward Felten, Chief Technologist, Federal Trade Commission
    Privacy Policy as a Usability Problem

10:30-11 am: break

11 am - 12:30 pm: Technical paper session: Security Warnings, Session chair: Serge Egelman, NIST

A Brick Wall, a Locked Door, and a Bandit: Promoting A Physical Security Metaphor For Firewall Warnings
Fahimeh Raja, University of British Columbia
Kirstie Hawkey, Dalhousie University
Steven Hsu, University of British Columbia
Kai-Le Clement Wang, University of British Columbia
Konstantin Beznosov, University of British Columbia

Using Data Type Based Security Alert Dialogs to Raise Online Security Awareness
Max-Emanuel Maurer, University of Munich
Alexander De Luca, University of Munich
Sylvia Kempe, University of Munich

On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings
Andreas Sotirakopoulos, University of British Columbia
Kirstie Hawkey, Dalhousie University
Konstantin Beznosov, University of British Columbia

12:30 - 1:30 pm: Lunch, Newell-Simon Hall Atrium

1:30 - 3 pm: Technical paper session: Authentication, Session chair: Bill Cheswick, AT&T Research

What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID
San-Tsai Sun, University of British Columbia
Eric Pospisil, University of British Columbia
Ildar Muslukhov, University of British Columbia
Nuray Dindar, University of British Columbia
Kirstie Hawkey, Dalhousie University
Konstantin Beznosov, University of British Columbia

Breaking Undercover: Exploiting Design Flaws and Nonuniform Human Behavior
Toni Perkovic, University of Split, Croatia
Asma Mumtaz, National University of Science and Technology (NUST), Pakistan
Yusra Javed, National University of Science and Technology (NUST), Pakistan
Shujun Li, University of Konstanz, Germany
Syed Ali Khayam, National University of Science and Technology (NUST), Pakistan
Mario Cagalj, FESB, University of Split, Croatia

Shoulder Surfing Defence for Recall-based Graphical Passwords
Nur Haryani Zakaria, Newcastle University, UK
David Griffiths, Newcastle University, UK
Sacha Brostoff, University College London, UK
Jeff Yan, Newcastle University, UK

3 - 4 pm: Lightning talks

4 - 4:30 pm: break

4:30 - 6 pm: Technical paper session: SOUPS du jour, Session chair: Mary Ellen Zurko, IBM

Heuristics for Evaluating IT Security Management Tools
Pooya Jaferian, University of British Columbia
Kirstie Hawkey, Dalhousie University
Andreas Sotirakopoulos, University of British Columbia
Maria Velez-Rojas, CA Technologies
Konstantin Beznosov, University of British Columbia

Smartening the Crowds: Computational Techniques for Improving Human Verification to Fight Phishing Scams
Gang Liu, City University of Hong Kong
Guang Xiang, Carnegie Mellon University
Bryan A. Pendleton, Carnegie Mellon University
Jason I. Hong, Carnegie Mellon University
Wenyin Liu, City University of Hong Kong

Reciprocity Attacks
Feng Zhu, The University of Alabama in Huntsville
Sandra Carpenter, The University of Alabama in Huntsville
Ajinkya Kulkarni, The University of Alabama in Huntsville
Swapna Kolimi, The University of Alabama in Huntsville
[slides]

6:30 pm - Board buses outside University Center

6:45 pm - Board buses in front of Holiday Inn

Buses will depart from the circle in front of the CMU University Center at 6:30 and from the Holiday Inn at 6:45 to take participants to the Pittsburgh Zoo and Aquarium for dinner. Return buses will make several trips back to the Holiday Inn and CMU between 9 and 11 pm. There is also free parking at the zoo available to SOUPS attendees.

Friday, July 22

8 - 9 am: Breakfast and registration, GHC 4405

9-10:30 am: Technical paper session: Privacy on Social Network Sites

"I regretted the minute I pressed share": A Qualitative Study of Regrets on Facebook
Yang Wang, Carnegie Mellon University
Gregory Norcie, Carnegie Mellon University
Saranga Komanduri, Carnegie Mellon University
Pedro Giovanni Leon, Carnegie Mellon University
Lorrie Faith Cranor, Carnegie Mellon University
Alessandro Acquisti, Carnegie Mellon University

ROAuth: Recommendation Based Open Authorization
Mohamed Shehab, University of North Carolina at Charlotte
Said Marouf, University of North Carolina at Charlotte
Christopher Hudel, University of North Carolina at Charlotte

Privacy: Is There An App For That?
Jennifer King, University of California, Berkeley
Airi Lampinen, Helsinki Institute for Information Technology HIIT
Alex Smolen, University of California, Berkeley

10:30 - 11 am: Break

11 am - 12:30 pm: Technical paper session: Perceptions of Privacy and Security, Session chair: Lujo Bauer, Carnegie mellon University

Home is Safer than the Cloud! Privacy Concerns for Consumer Cloud Storage
Iulia Ion, ETH Zurich
Niharika Sachdeva, IIIT-Delhi
Ponnurangam Kumaraguru, IIIT-Delhi
Srdjan Capkun, ETH Zurich

Eyeing your Exposure: Quantifying and Controlling Information Sharing for Improved Privacy
Roman Schlegel, Indiana University Bloomington
Apu Kapadia, Indiana University Bloomington
Adam J. Lee, University of Pittsburgh

Indirect Content Privacy Surveys: Measuring Privacy Without Asking About It
Alex Braunstein, Google
Laura Granka, Google
Jessica Staddon, Google

12:30 - 1:30 pm: Lunch, Newell-Simon Hall Atrium

1:30 - 3 pm: Panel - The Battle over the Behavioral Advertising Choice Mechanisms

3 pm: Ice cream social - GHC 4405

WORKSHOPS AND TUTORIALS

8th International Symposium on Visualization for Cyber Security (VizSec2011) - Rashid Auditorium

Workshop on Usable Security Indicator Conventions - Collaborative Innovation Center

Tutorial on working with computer forensics data - Newell-Simon Hall 3305

Tutorial on experiment design and quantitative methods for usable security research - Newell Simon Hall 3305

PANEL

The Battle over the Behavioral Advertising Choice Mechanisms

Do Not Track? Triangle i? Tracking Protection Lists? Who will win? You decide.

The debate over behavioral advertising has been the main topic of conversation at regulatory and congressional hearings, and industry and academic conferences for the past year. The choice mechanisms for consumers range from Opt-out cookie-based mechanisms, Tracking Protection Lists, and the Do Not Track HTTP Header. Of these choice mechanisms, which do consumers actually understand, and which are usable? This panel will explore these mechanisms as they battle to the death for both policy maker and consumer acceptance.

Panelists:
Lorrie Cranor, Carnegie Mellon University, Moderator
Alan Chapell, BlueKai
Manoj Hastak, American University
Aleecia McDonald
Brendan Riordan-Butterworth
Harlan Yu, Princeton University

Alan Chapell is the Privacy Advisor for BlueKai. Chapell began his career at a boutique direct marketing agency in Connecticut. In 1996, Chapell founded the privacy program at Jupiter Research, an Internet research firm. After his tenure at Jupiter, Chapell helped develop DoubleClick's research product suite. Chapell also worked with email marketing firms Yesmail and Cheetahmail, where he helped clients with issues of privacy and deliverability. Chapell founded Chapell & Associates in October of 2003. A member of the DMA's Interactive Marketing Advisory Board, Chapell serves as co-chair of the NYC chapter of the International Association of Privacy Professionals (IAPP), and chairman of the Mobile Marketing Association's "Privacy and Preferences" Committee. Chapell graduated from the University of Connecticut and Fordham University School of Law, and is a member of the New York bar as well as a Certified Information Privacy Professional.

Lorrie Cranor is an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS). She is also a co-founder of Wombat Security Technologies, Inc. She has authored over 100 research papers on online privacy, usable security, phishing, spam, electronic voting, anonymous publishing, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O'Reilly 2002). She has served on a number of boards, including the Electronic Frontier Foundation Board of Directors, and on the editorial boards of several journals. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University.

Manoj Hastak is a Professor in the Department of Marketing at the Kogod School of Business at American University. Dr. Hastak along with Dr. Mary Culnan evaluated the communication efficacy of behavioral advertising disclosure based on icons in a research initiative launched by the Future of Privacy Forum. Professor Hastak has published extensively in scholarly marketing publications including the Journal of Consumer Research, Journal of Public Policy Marketing, Journal of Advertising, Journal of Business Research, and Psychology Marketing. He is a recipient of the Thomas C. Kinnear award for the best article published in the Journal of Public Policy Marketing for the period 1999-2001. He has served as a consultant to a number of federal agencies including the Federal Trade Commission, the Food and Drug Administration, and the U.S. Department of Justice. He currently serves on the editorial board of the Journal of Public Policy Marketing.

Aleecia McDonald is a privacy researcher. She also consults for Mozilla on their "Do Not Track" Web browser feature. Her research includes user expectations for Do Not Track, behavioral economics and mental models of privacy, and the efficacy of industry self-regulation. In addition to a decade of experience working for software startups, she holds a doctorate in engineering & public policy from Carnegie Mellon where she studied online privacy as a member of the Cylab Usable Privacy and Security (CUPS) research laboratory. Her findings have been featured in media outlets such as the Washington Post, Ars Technica, Free Press' Media Minute, and have contributed to testimony before the Federal Trade Commission.

Brendan Riordan-Butterworth started working with companies developing web analytics and network monitoring tools in 1998. His involvement in the anti-ad community in 2005 working on Ad Block Plus provided him with a unique perspective when he joined Microsoft's advertising division in 2006. This passion for consumer choice led him to serve as an official privacy and security advocate while focusing on data collection technologies.

Harlan Yu is a Ph.D. candidate in the Computer Science Department and the Center for Information Technology Policy at Princeton University. His primary research interests include computer security, privacy and open government. He is a co-author of "Government Data and the Invisible Hand" published in 2008 by the Yale Journal of Law and Technology, and is one of the creators of RECAP, a tool that helps the public liberate federal court documents from PACER. In 2009, he and his colleagues developed FedThread.org, a new collaborative interface to the Federal Register. He received his B.S. in Electrical Engineering and Computer Sciences (EECS) from UC Berkeley in 2004 and his M.A. in Computer Science from Princeton in 2006.

POSTERS

Poster: Knowledge-Based Authentication using Twitter
Tomofumi Nemoto, Kanagawa Institute of Technology
Kyohei Furukawa, Kanagawa Institute of Technology
Manabu Okamoto, Kanagawa Institute of Technology

Poster: oFBI: Detect Offensive Language in Social Networks for Youth Online Safety Protection
Ying Chen, The Pennsylvania State University
Yilu Zhou (Department of Information Systems and Technology Management, George Washington University
Heng Xu, The Pennsylvania State University
Sencun Zhu, The Pennsylvania State University

Poster: Towards a user behavior model in computer security
Authors: Hanul Sieger, Deutsche Telekom Laboratories, Technische University Berlin
Niklas Kirschnick, Deutsche Telekom Laboratories, Technische University Berlin
Sebastian Mueller, Deutsche Telekom Laboratories, Technische University Berlin

Poster: Exploring Contextually Bounded Access Control
Andrew Besmer, UNC Charlotte
Jason Watson, UNC Charlotte
Heather Richter Lipford, UNC Charlotte

Poster: Usable Verifiable Remote Electronic Voting - Usability Analysis of the Helios System
Fatih Karayumak, CASED / TU Darmstadt
Michaela Kauer, CASED / TU Darmstadt
Maina Olembo, CASED / TU Darmstadt
Melanie Volkamer, CASED / TU Darmstadt

Poster: Usability of Gesture-based Authentication
Niklas Kirschnick, Deutsche Telekom Laboratories, Technische University Berlin
Sven Kratz, LFE Medieninformatik, University Munich
Sebastian Mueller, Deutsche Telekom Laboratories, Technische University Berlin

Poster: Captchaecker - Automating Usability-Security Evaluation of Textual CAPTCHAs
Maliha Nazir, National University of Science & Technology (NUST), Pakistan
Yousra Javed, National University of Science & Technology (NUST), Pakistan
Muhammad Murtaza Khan, National University of Science & Technology (NUST), Pakistan
Syed Ali Khayam, National University of Science & Technology (NUST), Pakistan
Shujun Li, University of Konstanz, Germany

Poster: Relationship Privacy in a Connected World: A Case of Facebook Friendship Page
Pan Shi, Penn State University
Heng Xu, Penn State University

Poster: Motivating Users to Choose Better Passwords Through Peer Pressure
Andreas Sotirakopoulos, UBC
Ildar Muslukov, UBC
Konstantin Beznosov, UBC
Cormac Herley, Microsoft Research
Serge Egelman, National Institute of Standards

Poster: Preventing SSLstripping Attack using Visual Security Cues
Rodrigo Lopes, New Mexico Tech
Dongwan Shin, New Mexico Tech

Poster: User Centered Design and Evaluation of an Eye Movement-based Biometric Authentication System
Michael Brooks, University of Washington
Cecilia Aragon, University of Washington
Oleg Komogortsev, Texas State University - San Marcos

Poster: A Web survey on Anshin about Information Security
Dai Nishioka, Iwate Prefectural University, Japan
Yuko Murayama, Iwate Prefectural University, Japan
Fujihara Yasuhiro, Iwate Prefectural University, Japan

Poster: Helping engineers design NEAT security warnings
Robert Reeder, Microsoft
Ellen Cram Kowalczyk, Microsoft
Adam Shostack, Microsoft

Posters Showcasing Usable Privacy and Security Papers Published in the Past Year at Other Conferences

iSensor Inference Model for Assessing Trustworthiness in Computer-Mediated Communications
Shuyuan Mary Ho, Drexel University
Xiangmin Zhang, Wayne State University

Using Reinforcement to Strengthen Users' Secure Behaviors
Ricardo Villamarin-Salomon, University of Pittsburgh

Exploring Reactive Access Control
Michelle L. Mazurek, Carnegie Mellon University
Peter F. Klemperer, Carnegie Mellon University
Richard Shay, Carnegie Mellon University
Hassan Takabi, University of Pittsburgh
Lujo Bauer, Carnegie Mellon University
Lorrie Faith Cranor, Carnegie Mellon University

Of Passwords and People: Measuring the Effect of Password-Composition Policies
Saranga Komanduri, Carnegie Mellon University
Richard Shay, Carnegie Mellon University
Patrick Gage Kelley, Carnegie Mellon University
Michelle L. Mazurek, Carnegie Mellon University
Lujo Bauer, Carnegie Mellon University
Nicolas Christin, Carnegie Mellon University
Lorrie Faith Cranor, Carnegie Mellon University
Serge Egelman, National Institute of Standards and Technology

Who Is Concerned about What? A Study of American, Chinese and Indian Users' Privacy Concerns on Social Network Sites
Yang Wang, Carnegie Mellon University
Gregory Norcie, Carnegie Mellon University
Lorrie Faith Cranor, Carnegie Mellon University

Americans' Attitudes About Internet Behavioral Advertising Practices
Aleecia McDonald
Lorrie Faith Cranor, Carnegie Mellon University

Trends in Firewall Configuration Errors: Measuring the Holes in Swiss Cheese
Avishai Wool, Tel Aviv University

A Study on Memorability and Shoulder-surfing Robustness of Graphical Password Using DWT-based Image Blending
Takao Miyachi, Utsunomiya University
Keita Takahashi, Utsunomiya University
Madoka Hasegawa, Utsunomiya University
Yuichi Tanaka, Utsunomiya University
Shigeo Kato, Utsunomiya University

A Study on User Authentication based on Arm Movements Using an Acceleration Sensor
Madoka Hasegawa, Utsunomiya University
Daisuke Someya, Utsunomiya University
Yuichi Tanaka, Utsunomiya University
Shigeo Kato, Utsunomiya University

On the Necessity of User-Friendly CAPTCHA
Christos A. Fidas, University of Patras, Greece
Artemios G. Voyiatzis, RC 'Athena'/Industrial Systems
Institute
Nikolaos M. Avouris, University of Patras, Greece

Usability Testing a Malware-Resistant Input Mechanism
Alana Libonati, University of North Carolina
Jonathan M. McCune, Carnegie Mellon University
Michael K. Reiter, University of North Carolina

MARASIM: A Novel Jigsaw Based Authentication Scheme Using Tagging
Rohit Ashok Khot, IIIT, Hyderabad
Kannan Srinathan, IIIT, Hyderabad
Ponnurangam Kumaraguru, IIIT, Delhi

 

SOUPS 2011 is sponsored by Carnegie Mellon CyLab