Symposium On Usable Privacy and Security
Security User Studies Workshop
Organizers: Simson Garfinkel, Rob Miller
Web Browser Security Cues Eyetracking Study: A Construction Kit
This construction kit contains material for an eye-tracking study on browser security cues. The full study and results were published in Whalen, T., Inkpen, K. "Gathering Evidence: Use of Visual Security Cues in Web Browsing." Graphics Interface, 2005.
User Study for the Web Wallet Prototype
The Web Wallet is a browser sidebar which users can use to submit their sensitive information online This construction kit contains material for simulated phishing attacks in a lab study, along with the source code for a prototype of the Web Wallet. The full study and results are published in Min Wu, Robert C. Miller and Greg Little, “Web Wallet: Preventing Phishing Attacks by Revealing User Intentions,” Symposium on Usable Privacy and Security, July 2006.
Password Interface Study Construction Kit
The study described herein is focused on how the design of the interface affects the quality of passwords. The study was published in Conlan, R., Tarasewich, P., "Improving Interface Designs to Help Users Choose Better Passwords," CHI, April 2006.
Materials for a Usability Study of Password Managers
This construction kit contains the materials used to conduct a usability study of two password
managers. A paper based on this work will be published as Sonia Chiasson, P.C. van Oorschot, and Robert Biddle, “A Usability Study and Critique of Two Password Managers,” 15th USENIX Security Symposium, August 2006.
Construction kit for Password Management Strategies for Online Accounts
This construction kit contains materials for a study of password selection and management behavior. The full study and results are published as Shirley Gaw and Edward W. Felten, "Password Management Strategies for Online Accounts", Symposium on Usable Privacy and Security, July 2006.
Notes Execution Control List (ECL) User Study Construction Kit
This kit contains materials for an “in the wild” study of the ability of sites and users to set and adhere to secure defaults for their Notes protections on active content, called Execution Control Lists (ECLs). Much of the background of the study is in Mary Ellen Zurko, Charlie Kaufman, Katherine Spanbauer, and Chuck Bassett, “Did You Ever Have To Make Up Your Mind?: What Notes Users Do When Faced With A Security Decision”, 18th Annual Computer Security Applications Conference (ACSAC), 2002.
The Johnny 2 Construction Kit for Testing Email Security
This construction kit contains materials for a study of how users respond to social engineering through email, with and without digital signatures. The full study and results are published as Garfinkel, S., Miller, R., "Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express", Symposium on Usable Privacy and Security (SOUPS 2005), July 6-8, 2005, Pittsburgh, PA.