List of Papers for T-110.71909 Research Seminar in Usable Security 2010-2011.

The list will be updated regularly.

If the link points to ACM digital library, you need to access it from the Aalto closed network to have full access. 

Groupthink: On the Usability of Secure Group Association of Wireless Devices.
by Rishab Nithyanand, Nitesh Saxena, Gene Tsudik, Ersin Uzun
In 12th ACM International Conference on Ubiquitous Computing (Ubicomp'10).

http://www.ics.uci.edu/~euzun/pub/group.pdf

This paper discusses desirable features and evaluation criteria for secure group association,

identifies suitable methods and presents a comparative usability study.

Shoulder-Surfing Resistance with Eye-Gaze Entry in Click-Based Graphical Passwords

Alain Forget, Carleton University, Canadahttp://hotsoft.carleton.ca/~aforget/Forget_CHI2010_CGP.pdf
Sonia Chiasson, Carleton University, Canada
Robert Biddle, Carleton University, Canada

Cued Gaze-Points is an eye gaze-based graphical password system resistant to shoulder-surfing. A user study showed potential usability and highlighted limits in gaze precision.

http://hotsoft.carleton.ca/~aforget/Forget_CHI2010_CGP.pdf

In ACM CHI 2010

Visual vs. Compact: A Comparison of Privacy Policy Interfaces
Heather Richter Lipford, University of North Carolina at Charlotte, USA
Jason Watson, University of North Carolina at Charlotte, USA
Michael Whitney, University of North Carolina at Charlotte, USA
Katherine Froiland, University of Minnesota, USA
Robert W. Reeder, Microsoft, USA

A comparison study of two prototype interfaces for privacy policies finds that users perform similarly with each, but have a clear preference for one or the other

http://hci.sis.uncc.edu/pubs/fbPrivacyCHI2010note.pdf (short paper, you need to pick two papers to present)

In ACM CHI 2010

Using Reinforcement to Strengthen Users' Secure Behaviors
Ricardo Villamarin Salomon, University of Pittsburgh, USA
Jose Brustoloni, University of Pittsburgh, USA

Introduces Security-Reinforcing Applications (SRAs) and Vicarious Security Reinforcement (VSR), two techniques to i mprove users' security decisions. User studies show that SRAs are effective and that VSR accelerates learning SRA's benefits In ACM CHI 2010

Who Falls for Phish? A Demographic Analysis of Phishing Susceptibility and Effectiveness of Interventions
Steve Sheng, Carnegie Mellon University, USA
Mandy Holbrook, Carnegie Mellon University, USA
Ponnurangam Kumaraguru, Indraprastha Institute of Information Technology , India
Lorrie Cranor, Carnegie Mellon University, USA
Julie Downs, Carnegie Mellon University, USA

Online survey to study the relationship between demographics and phishing susceptibility, and the effectiveness of several anti-phishing educational materials. Identifies vulnerable groups and finds education reduces susceptibility significantly.
In ACM CHI 2010

 The True Cost of Unusable Password Policies: Password Use in the Wild
Philip Inglesant, University College London, UK
M. Angela Sasse, University College London, UK

Current password policies are unusable. They antagonise users, reduce their productivity, and trigger coping strategies that undermine security. Organisations need to devise more flexible approaches appropriate to the real threats.
In ACM CHI 201

 Friends Only: Examining a Privacy-Enhancing Behavior in Facebook  CHI 2010
Fred Stutzman, UNC-Chapel Hill, USA
Jacob Kramer-Duffield, UNC-Chapel Hill, USA

Using boundary regulation theories of privacy, this paper explores and identifies factors associated with a privacy enhancing behavior in the social network site Facebook.

  Moving Beyond Untagging: Photo Privacy in a Tagged World CHI 2010
Andrew Besmer, University of North Carolina at Charlotte, USA
Heather Richter Lipford, University of North Carolina at Charlotte, USA

We examine user concerns of photo tagging on social network sites, discuss design guidelines, and present a new mechanism for improving privacy with tagged photos.

Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach CHI 2010
Patrick Gage Kelley, Carnegie Mellon University, United States
Lucian Cesca, Carnegie Mellon University, United States
Joanna Bresee, Carnegie Mellon University, United States
Lorrie Faith Cranor, Carnegie Mellon University, United States

Our 764-participant user study shows that well-designed, standardized privacy policy formats can benefit consumers by improving their understanding of a company's practices, shortening reading time, and increasing reader enjoyment.

Independence and Interaction: Understanding Seniors' Privacy and Awareness Needs For Aging in Place CHI2010
Jeremy Birnholtz, Cornell University, University of Toronto, Canada
McKenzie Jones-Rounds, Cornell University, USA

Designing for aging in place brings new twists to classic tensions between privacy and awareness. Interviews show that seniors mitigate these tensions via physical environments, temporal structures, and technology mediation.

ContraVision: Exploring Users' Reactions to FuturisticTechnology CHI 2010
Clara Mancini, Dept of Computing, The Open University, UK
Yvonne Rogers, Dept of Computing, The Open University, UK
Arosha K. Bandara, Dept of Computing, The Open University, UK
Tony Coe, Two Cats Can, UK
Lukasz Jedrzejczyk, Dept of Computing, The Open University, UK
Adam N. Joinson, School of Management, University of Bath, UK
Blaine A. Price, Dept of Computing, The Open University, UK
Keerthi Thomas, Dept of Computing, The Open , UK
Bashar Nuseibeh, Dept of Computing, The Open University & Lero, University of Limerick, UK, Ireland

Study illustrating a narrative method to represent futuristic technology. Can help designers elicit a wider spectrum of users' reactions and uncover more facets of the responses that technology might encounter.

I Don't Mind Being Logged, but Want to Remain in Control: A Field Study of Mobile Activity and Context Logging CHI 2010
Tuula Kärkkäinen, Tampere University of Technology, Unit of Human-Centered Technology, Finland
Tuomas Vaittinen, Nokia Research Center, Finland
Kaisa Väänänen-Vainio-Mattila, Tampere University of Technology, Unit of Human-Centered Technology, Nokia Research Center, Finland

We describe a UX study of a lifelogging system based on continuous mobile phone activity logging. The results can assist designers in understanding the user needs related to lifelogging systems.

SOUPS 2010:

• Do Windows Users Follow the Principle of Least Privilege? Investigating User Account Control Practices
  Sara Motiee, Kirstie Hawkey and Konstantin Beznosov
• Encountering Stronger Password Requirements: User Attitudes and Behaviors
  Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Giovanni Leon, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin and Lorrie Faith Cranor
• A Closer Look at Recognition-based Graphical Passwords on Mobile Devices
  Paul Dunphy, Andreas Heiner and N. Asokan
• Usably Secure, Low-Cost Authentication for Mobile Banking
  Saurabh Panjwani and Ed Cutrell
• Two Heads are Better Than One: Security and Usability of Device Associations in Group Scenarios
  Ronald Kainda, Ivan Flechais and Andrew William Roscoe
• Influence of User Perception, Security Needs, and Social Factors on Device Pairing Method Choices
  Iulia Ion, Marc Langheinrich, Ponnurangam Kumaraguru and Srdjan Capkun
• The Impact of Social Navigation on Privacy Policy Configuration
  Andrew Besmer, Jason Watson and Heather Richter Lipford
• Optimizing a Policy Authoring Framework for Security and Privacy Policies
  Maritza Johnson, John Karat, Clare-Marie Karat and Keith Grueneberg
• Feasibility of Structural Network Clustering for Group-Based Privacy Control in Social Networks
  Simon Jones and Eamonn O'Neill
• Where Do Security Policies Come From?
  Dinei Florencio and Cormac Herley
• Folk Models of Home Computer Security
  Rick Wash
• Improving Users' Security Choices on Home Wireless Networks
  Justin T. Ho, Khai N. Truong and David Dearman
• Textured Agreements: Re-envisioning Electronic Consent
  Matthew Kay and Michael Terry
• On The Impact of Real-Time Feedback on Users' Behaviour in Mobile Location-Sharing Applications
  Lukasz Jedrzejczyk, Blaine A. Price, Arosha K. Bandara and Bashar Nuseibeh
• Parenting from the Pocket: Value Tensions and Technical Directions for Secure and Private Parent-Teen Mobile Safety
  Alexei Czeskis, Ivayla Dermendjieva, Hussein Yapit, Alan Borning, Batya Friedman, Brian Gill and Tadayoshi Kohno
• Towards Understanding ATM Security - A Field Study of Real World ATM Use
  Alexander De Luca, Marc Langheinrich and Heinrich Hussmann

IEEE sec & priv 2010:

Reconciling Belief and Vulnerability in Information Flow

Sardaouna Hamadou (University of Southampton), Vladimiro Sassone (University of Southampton), Catuscia Palamidessi (École Polytechnique)

How Good are Humans at Solving CAPTCHAs? A Large Scale Evaluation

Elie Bursztein, Steven Bethard, John C. Mitchell, Dan Jurafsky (Stanford University), Céline Fabry

Related ws

Jon Howell and Stuart Schechter
What You See is What They Get: Protecting users from unwanted use of microphones, cameras, and other sensors

ACM RecSys 2010

A User-Centric Evaluation Framework of Recommender Systems 14-21
Pearl Pu, Li Chen ACM RecSys 2010 UCERSTI workshop

Eye-Tracking Product Recommenders' Usage (Page 29)

Sylvain Castagnos (EPFL)

Nicolas Jones (EPFL)

Pearl Pu (EPFL)

Understanding Choice Overload in Recommender Systems (Page 63)

Dirk Bollen (Eindhoven University of Technology)

Bart P. Knijnenburg (Eindhoven University of Technology)

Martijn C. Willemsen (Eindhoven University of Technology)

Mark Graus (Eindhoven University of Technology)

NORDICHI 2010:

a

HandsDown: Hand-contour-based User Identification for Interactive Surfaces Dominik Schmidt, Ming Ki Chong and Hans Gellersen NordiCHI 2010

Privacy-Awareness Information for Web Forums: Results from an Empirical Study Stefanie Pötzsch, Peter Wolkerstorfer and Cornelia Graf NordiCHI 2010

Papers from the following conferences, symposia and workshops can also be suggested:

FCDS

Usenix

Ubicom

Interact

DIS

Hypertext

UIST

NSPW

WWW

Lehtiartikkelit

CSCW