SOUPS 2012

July 11-13, 2012
Washington, DC

SOUPS Home

Call for participation

Registration

Program

Venue

Organization

Symposium On Usable Privacy and Security

PROGRAM

The SOUPS proceedings will be archived in the ACM Digital Library a few weeks after the conference. All papers are also available on this website, linked from the program. You may also view the proceedings front matter.

Google Calendar view of the SOUPS program

All sessions will take place in the AAAS auditorium, unless otherwise indicated. Breakfast, lunch, and breaks will take place in the second floor reception area.

Wednesday, July 11

8 - 9 am: Breakfast and registration

8:45 am - 11:30 am: Hacking Public Policy Tutorial - White House tour, depart AAAS promptly at 8:45 for .5 mile walk to White House, advance registration required by May 30

9 am - 12 pm: Workshop on Usable Privacy & Security for Mobile Devices (U-PriSM)

12 - 1 pm: Lunch

1 - 4:30 pm: Hacking Public Policy Tutorial and Workshop on Usable Privacy & Security for Mobile Devices (U-PriSM)

4:45 - 6:45 pm: Poster session - First floor lobby
Sponsored by Nielsen

Thursday, July 12

8 - 9 am: Breakfast and registration

9 am - 10:30 am: Opening session

  • Welcome and best paper award presentation
    • Lorrie Cranor, SOUPS General Chair
    • Heather Richter Lipford and Konstantin Beznosov, SOUPS Technical Papers Co-Chairs
  • NSF Secure and Trustworthy Cyberspace Program
    • Jeremy Epstein, NSF [slides]
    • Peter Muhlberger, NSF
  • Invited talk: Julie Brill, Commissioner, Federal Trade Commission
    Privacy in the mobile world: A big task on a small screen
In her remarks, Commissioner Brill will discuss the privacy implications of the increasing shift of consumers’ online experiences to the mobile environment. Among other topics, she will discuss children’s privacy in the mobile space, issues surrounding effective disclosures on mobile devices, and the privacy implications of mobile payments.

10:30-11 am: break

11 am - 12:30 pm: Technical paper session: Mobile Privacy and Security, Session chair: Mary Ellen Zurko, Cisco

Measuring User Confidence in Smartphone Security and Privacy
Erika Chin, UC Berkeley
Adrienne Porter Felt, UC Berkeley
Vyas Sekar, Intel Labs
David Wagner, UC Berkeley

Goldilocks and the Two Mobile Devices: Going Beyond All-Or-Nothing Access to a Device's Applications
Eiji Hayashi, Carnegie Mellon University
Oriana Riva, Microsoft Research
Karin Strauss, Microsoft Research
A.J. Bernheim Brush, Microsoft Research
Stuart Schechter, Microsoft Research

[Best Paper Award] Android Permissions: User Attention, Comprehension, and Behavior
Adrienne Porter Felt, UC Berkeley
Elizabeth Ha, UC Berkeley
Serge Egelman, UC Berkeley
Ariel Haney, UC Berkeley
Erika Chin, UC Berkeley
David Wagner, UC Berkeley

12:30 - 1:30 pm: Lunch sponsored by RIM

1:30 - 3 pm: Technical paper session: User Perceptions, Session chair: Serge Egelman, University of California, Berkeley

Smart, Useful, Scary, Creepy: Perceptions of Behavioral Advertising
Blase Ur, Carnegie Mellon University
Pedro G. Leon, Carnegie Mellon University
Lorrie Faith Cranor, Carnegie Mellon University
Richard Shay, Carnegie Mellon University
Yang Wang, Carnegie Mellon University

Reasons, Rewards, Regrets: Privacy Considerations in Location Sharing as an Interactive Practice
Sameer Patil, Indiana University, Bloomington
Greg Norcie, Indiana University, Bloomington
Apu Kapadia, Indiana University, Bloomington
Adam J. Lee, University of Pittsburgh

Stories as Informal Lessons about Security [slides]
Emilee Rader, Michigan State University
Rick Wash, Michigan State University
Brandon Brooks, Michigan State University

3 - 3:30 pm: break

3:30 - 4:30 pm: Technical paper session: Authentication, Session chair: Stuart Schechter, Microsoft Research

Correct horse battery staple: Exploring the usability of system-assigned passphrases
Richard Shay, Carnegie Mellon University
Patrick Gage Kelley, Carnegie Mellon University
Saranga Komanduri, Carnegie Mellon University
Michelle L. Mazurek, Carnegie Mellon University
Blase Ur, Carnegie Mellon University
Tim Vidas, Carnegie Mellon University
Lujo Bauer, Carnegie Mellon University
Nicolas Christin, Carnegie Mellon University
Lorrie Faith Cranor, Carnegie Mellon University

Do You See Your Password? Applying Recognition to Textual Passwords
Nicholas Wright, Carleton University
Andrew S. Patrick, Carleton University
Robert Biddle, Carleton University

4:30 - 5:45 pm: Demos and lightning talks

Demos

InViz: Instant Visualization of Security Attacks
Lucas Layman and Nico Zazworka (Fraunhofer Center for Experimental Software Engineering)

Audiotegrity
Richard Carback (University of Maryland, Baltimore County), Alex Florescu, Tyler Kaczmarek, Jan Rubio (George Washington University), Noel Runyan (Personal Data Systems), Poorvi L. Vora, John Wittrock (George Washington University), and Filip Zagórski (Wroclaw University of Technology)

A Chrome Extension to Prevent the SSLstripping Attack
Daniel Fairweather and Dongwan Shin (New Mexico Tech)

Prototype System for Visualizing Security Risks on Mobile Device
Shin’ichiro Matsuo, Akira Kanaoka, Takeshi Takahashi, and Tadashi Minowa (National Institute of Information and Communications Technology, Tokyo, Japan)

Remotegrity: Are Usable and Secure Remote Voting Schemes Possible?
Poorvi Vora (George Washington University) and Filip Zagórski (Wroclaw University of Technology)

Lightning talks

Emotional CAPTCHA: Bots Cannot Feel Happiness or Sadness!
Hyoungshick Kim, Hootan Rashtian, and Konstantin Beznosov (University of British Columbia)

AppWindow: Tracking Mobile Apps Tracking You
Fuming Shih and Frances Zhang (MIT/CSAIL Decentralized Information Group)

Smartphones and Election 2012: Rewards and Risks of e-Democracy
Lillie Coney (Electronic Privacy Information Center)

Usability Considerations for DNSSEC
Steve Sheng (ICANN)

The Fine Print: Adding UX to Terms + Conditions
Gregg Bernstein (MailChimp)

Scamicry!
Rob Reeder (Microsoft)

6 - 9 pm: Dinner reception at Microsoft (901 K St. NW, 11th floor) - a 5-minute walk from AAAS

Friday, July 13

8 - 9 am: Breakfast and registration

9-10:30 am: Technical paper session: Online Social Networks, Session chair: Robert Biddle, Carleton University

Facebook and Privacy: It's Complicated
Maritza Johnson, Columbia University
Serge Egelman, UC Berkeley
Steven M. Bellovin, Columbia University

Are privacy concerns a turn-off? Engagement and privacy in social networks
Jessica Staddon, Google
David Huffaker, Google
Larkin Brown, Google
Aaron Sedley, Google

Helping Johnny 2.0 to Encrypt His Facebook Conversations
Sascha Fahl, Leibniz Universitaet Hannover, Germany
Marian Harbach, Leibniz Universitaet Hannover, Germany
Thomas Muders, Leibniz Universitaet Hannover, Germany
Uwe Sander, University of Applied Sciences and Arts Hannover, Germany
Matthew Smith, Leibniz Universitaet Hannover, Germany

10:30 - 11 am: Break

11 am - 12:30 pm: Technical paper session: Access Control, Session chair: Rob Reeder, Microsoft

+Your Circles: Sharing Behavior on Google+
Jason Watson, University of North Carolina at Charlotte
Andrew Besmer, University of North Carolina at Charlotte
Heather Richter Lipford, University of North Carolina at Charlotte

The PViz Comprehension Tool for Social Network Privacy Settings
Alessandra Mazzia, University of Michigan
Kristen LeFevre, University of Michigan
Eytan Adar, University of Michigan

Relating Declarative Semantics and Usability in Access Control
Vivek Krishnan, University of Waterloo
Mahesh V. Tripunitara, University of Waterloo
Kinson Chik, Qualcomm Inc.
Tony Bergstrom, Desire2Learn

12:30 - 1:30 pm: Lunch

1:30 - 3 pm: Panel - Will No Humans be Harmed? The argument against IRB approval for some human subjects research

3 pm: Ice cream social

PANEL

Will No Humans be Harmed? The argument against IRB approval for some human subjects research

The role of the Institutional Review Board is to ensure that human subjects protections are in place in research. The principles and guidelines that guide IRBs in their processes were set forth in the Belmont Report in 1979. As the medium of conducting research has evolved, is the IRB holding back usable privacy and security research and is it still equipped to properly evaluate the risks of our protocols? Are we any further along than the previously troublesome "trust me" model?

This panel will explore the ethics of gathering data online via public postings, working with data (both identifiable and anonymized), and observational research.

  • Maritza Johnson, Columbia University, Moderator
  • Michael Zimmer, University of Wisconsin-Milwaukee
  • Simson Garfinkel, Naval Postgraduate School
  • Doug Maughan, DHS Science & Technology Directorate

Michael Zimmer, PhD, is an assistant professor in the School of Information Studies at the University of Wisconsin-Milwaukee, and co-director of the Center for Information Policy Research. With a background in new media and Internet studies, the philosophy of technology, and information policy & ethics, Zimmer’s research focuses on the ethical dimensions of new media and information technologies, with particular interest in privacy, social media, internet research ethics, and values-in-design.

Simson L. Garfinkel is an Associate Professor at the Naval Postgraduate School. Based in Arlington VA, Garfinkel's research interests include computer forensics, the emerging field of usability and security, personal information management, privacy, information policy and terrorism. He holds six US patents for his computer-related research and has published dozens of journal and conference papers in security and computer forensics. Garfinkel is the author or co-author of fourteen books on computing. He is perhaps best known for his book Database Nation: The Death of Privacy in the 21st Century. Garfinkel's most successful book, Practical UNIX and Internet Security (co-authored with Gene Spafford), has sold more than 250,000 copies and been translated into more than a dozen languages since the first edition was published in 1991. Garfinkel received three Bachelor of Science degrees from MIT in 1987, a Master's of Science in Journalism from Columbia University in 1988, and a Ph.D. in Computer Science from MIT in 2005.

Dr. Douglas Maughan is a Program Manager in Homeland Security Advanced Research Projects Agency (HSARPA) within the Science and Technology (S&T) Directorate of the Department of Homeland Security (DHS). Dr. Maughan is directing the Cyber Security Research and Development activities at HSARPA. Prior to his appointment at DHS, Dr. Maughan was a Program Manager in the Advanced Technology Office (ATO) of the Defense Advanced Research Projects Agency (DARPA) in Arlington, Virginia. His research interests and related programs were in the areas of networking and information assurance. Prior to his appointment at DARPA, Dr. Maughan worked for the National Security Agency (NSA) as a senior computer scientist and led several research teams performing network security research. Dr. Maughan received Bachelor’s Degrees in Computer Science and Applied Statistics from Utah State University, a Masters degree in Computer Science from Johns Hopkins University, and a PhD in Computer Science from the University of Maryland, Baltimore County (UMBC).

POSTERS

Anti-Phishing system using footprint-sharing web site
Eri Otsuka (Kanagawa Institute of Technology Japan)
Ayaka Miyazawa (Kanagawa Institute of Technology Japan
Manabu Okamoto (Kanagawa Institute of Technology Japan)

CommonTerms - Magnifying the Fine Print
Pär Lannerö (Metamatrix AB)
Gregg Bernstein (MailChimp)

Preliminary Investigation of Gesture-Based Password: Integrating Additional User Behavioral Features
Lakshmidevi Sreeramareddy (Towson University)
Jinjuan Feng (Towson University)
Andrew Sears (Rochester Institute of Technology)

Towards Measuring Warning Readability
Marian Harbach (Dept. of Computer Science, Leibniz Universitaet, Hannover, Germany)
Sascha Fahl (Dept. of Computer Science, Leibniz Universitaet, Hannover, Germany)
Thomas Muders (Dept. of Computer Science, Leibniz Universitaet, Hannover, Germany)
Matthew Smith (Dept. of Computer Science, Leibniz Universitaet, Hannover, Germany)

On Design of Audio Instructions for Multisensory Authentication for Portable Touchscreen Device
Madoka Hasegawa (Utsunomiya University)
Naoaki Isogai (Utsunomiya University)
Shigeo Kato (Utsunomiya University)

Attitudes to IT-Security When Using a Smartphone
Zinaida Benenson (University of Erlangen-Nuremberg)
Nadina Hintz (University of Erlangen-Nuremberg)
Olaf Kroll-Peters (EnBW AG, Karlsruhe)
Matthias Krupp (P.M. Belz GmbH, Stuttgart)

Friendship in German Online Social Networks
Nadina Hintz (University of Erlangen-Nuremberg)
Zinaida Benenson (University of Erlangen-Nuremberg)
Thorsten Strufe (TU Darmstadt)

Cellphones and Punishment: Encouraging Secure Mobile Behavior Through Morality
Dirk Van Bruggen (University of Notre Dame)
Shu Liu (University of Notre Dame)
Aaron Striegel (University of Notre Dame)
Chuck Crowell (University of Notre Dame)
John D'Arcy (University of Notre Dame)

Is a Picture Worth a Thousand Alerts?
Nicklaus A. Giacobe (The Pennsylvania State University)

User perception of usability and security of a mobile payment system
Hanul Sieger (QU Labs, Telekom Innovation Laboratories, TU Berlin)
Niklas Kirschnick (QU Labs, Telekom Innovation Laboratories, TU Berlin)
Sebastian Möller (QU Labs, Telekom Innovation Laboratories, TU Berlin)

Usability Evaluation of Gesture-Based Authentication Using a Mobile Phone
Niklas Kirschnick (Quality and Usability Lab, Telekom Innovation Laboratories, Technische Universität Berlin)
Benjamin Müller (Quality and Usability Lab, Telekom Innovation Laboratories, Technische Universität Berlin)
Sebastian Möller (Quality and Usability Lab, Telekom Innovation Laboratories, Technische Universität Berlin)

Towards improving usability of access certification interfaces
Pooya Jaferian (University of British Columbia)
Hootan Rashtian (University of British Columbia)
Konstantin Beznosov (University of British Columbia)

Examining Confidant Disclosures through Facebook Apps and Tagging
Kim RoSser (UNC Charlotte)
Emmanuel Bello-Ogunu (UNC Charlotte)
Pamela Karr Wisniewski (UNC Charlotte)

Visualization of user’s end-to-end security risks
Takeshi Takahashi (National Institute of Information and Communications Technology)
Shin’ichiro Matsuo (National Institute of Information and Communications Technology)
Akira Kanaoka (National Institute of Information and Communications Technology)
Keita Emura (National Institute of Information and Communications Technology)
Yuuki Takano (National Institute of Information and Communications Technology)

Posters Showcasing Usable Privacy and Security Papers Published in the Past Year at Other Conferences

PhorceField: A Phish-Proof Password Ceremony (ACSAC 2011)
Michael Hart (Symantec)
Claude Castille (Google)
Manoj Harpalani (Amazon)
Jonathon Toohill (Stony Brook University)
Rob Johnson (Stony Brook University)

Third-Party Apps on Facebook: Privacy and the Illusion of Control (CHIMIT 2011)
Na Wang (The Pennsylvania State University)
Heng Xu (The Pennsylvania State University)
Jens Grossklags (The Pennsylvania State University)

ASIDE: IDE Support for Web Application Security (ACSAC 2011)
Jing Xie (UNC Charlotte)
Bill Chu (UNC Charlotte)
Heather Richter Lipford (UNC Charlotte)
John T. Melton (UNC Charlotte)

Social Authentication: Harder than it Looks (FC 2012)
Hyoungshick Kim (University of British Columbia)
John Tang (University of Cambridge)
Ross Anderson (University of Cambridge)

Tag, you can see it!: using tags for access control in photo sharing (CHI 2012)
Peter F. Klemperer (Carnegie Mellon University)
Yuan Liang (Carnegie Mellon University)
Michelle L. Mazurek (Carnegie Mellon University)
Manya Sleeper (Carnegie Mellon University)
Blase Ur (Carnegie Mellon University)
Lujo Bauer (Carnegie Mellon University)
Lorrie Faith Cranor (Carnegie Mellon University)
Nitin Gupta (Carnegie Mellon University)
Michael K. Reiter (University of North Carolina, Chapel Hill)

The Implications of Offering More Disclosure Choices for Social Location Sharing (CHI 2012)
Karen P. Tang (University of California, Irvine)
Jason I. Hong (Carnegie Mellon University)
Dan P. Siewiorek (Carnegie Mellon University)

Don't bump, shake on it: The exploitation of a popular accelerometer-based smart phone exchange and its secure replacement (ACSAC 2011)
Ahren Studer (Carnegie Mellon University)
Timothy Passaro (Carnegie Mellon University)
Lujo Bauer (Carnegie Mellon University)

How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation (USENIX Security 2012)
Blase Ur (Carnegie Mellon University)
Patrick Gage Kelley (Carnegie Mellon University)
Saranga Komanduri (Carnegie Mellon University)
Joel Lee (Carnegie Mellon University)
Michael Maass (Carnegie Mellon University)
Michelle Mazurek (Carnegie Mellon University)
Timothy Passaro (Carnegie Mellon University)
Richard Shay (Carnegie Mellon University)
Timothy Vidas (Carnegie Mellon University)
Lujo Bauer (Carnegie Mellon University)
Nicolas Christin (Carnegie Mellon University)
Lorrie Faith Cranor (Carnegie Mellon University)

On the need for different security methods on mobile phones (MobileHCI 2011)
Noam Ben-Asher (Carnegie Mellon University)
Niklas Kirschnick (TU Berlin)
Hanul Sieger (TU Berlin)
Joachim Meyer (Ben Gurion University)
Sebastian Möller (TU Berlin)

Security and Privacy Considerations in Digital Death (NSPW 2011)
Michael E. Locasto (University of Calgary)
Mike Massimi (University of Toronto)
Peter J. DePasquale (The College of New Jersey)

A Conundrum of Permissions: Installing Applications on an Android Smartphone (USEC 2012)
Patrick Gage Kelley (Carnegie Mellon University)
Sunny Consolvo (University of Washington)
Lorrie Faith Cranor (Carnegie Mellon University)
Jaeyeon Jung (Microsoft Research)
Norman Sadeh (Carnegie Mellon University)
David Wetherall (University of Washington)

Security and Usability Challenges of Moving-Object CAPTCHAs: Decoding Codewords in Motion (USENIX Security 2012)
Yi Xu (University of North Carolina at Chapel Hill)
Gerardo Reynaga (Carleton University)
Sonia Chiasson (Carleton University)
Jan-Micheal Frahm (University of North Carolina at Chapel Hill)
Fabian Monrose (University of North Carolina at Chapel Hill)
P. C. van Oorschot (Carleton University)

Security, Privacy and Usability Requirements for Federated Identity (W2SP 2012)
Michael Hackett (Dalhousie University)
Kirstie Hawkey (Dalhousie University)

 

SOUPS 2012 is sponsored by Carnegie Mellon CyLab