HCISec Bibliography
The purpose of this web page is to provide a central resource
list of published work on human factors in computer security. If
you know of any papers that should be added to this list, please let us know. Note that publications
of the ACM are also available from the ACM
Digital Library.
Usability
of Computer Security: A Bibliography contains some overlap. It is
arranged by categories and includes some abstracts. It seems to have
last been updated in 2000.
Updated (added 15 items) 23 July, 2008 by Ponnurangam K.
| Mark S. Ackerman, Lorrie Faith Cranor and Joseph Reagle,
Privacy in e-commerce:
examining user scenarios and privacy preferences.
Proceedings of the 1st ACM Conference on Electronic Commerce, 1999,
Denver, Colorado. |
Author's web page |
| Mark S. Ackerman,
The Intellectual Challenge of
CSCW: The Gap Between Social Requirements and Technical
Feasibility. |
Author's web page |
| Anne Adams, Users' perception of privacy in multimedia communication.
Unpublished Ph.D. Thesis, School of Psychology, University College
London, UK, 2001. |
GetRealSecurity group publications
page. |
| Anne Adams and Ann Blandford Security and Online Learning: To Protect or Prohibit.
in Ghaoui, C. (eds.) Usability Evaluation of Online Learning Programs, Idea Publishing. Chapter 18. pp. 331 - 359.
|
Author's web site. |
| Anne Adams and Ann Blandford Bridging the Gap between Organizational and User Perspectives of Security in the Clinical Domain. International Journal of Human-Computer Studies. 63. pp.175 - 202.
|
Author's web site. |
| Anne Adams and Martina Angela Sasse,
Privacy in Multimedia
Communications: Protecting Users, Not Just Data. In A.
Blandford, J. Vanderdonkt and P. Gray [Eds.]: People & Computers XV
- Interaction Without Frontiers, Joint Proceedings of HCI 2001 and ICM
2001, Lille, France, September 2001, pp. 49-64, Springer. |
GetRealSecurity group publications
page. |
| Anne Adams, The Implications of Users' Privacy Perceptions on
Communication and Information Privacy Policies. In Proceedings
of Telecommunications Policy Research Conference, Washington, DC 1999. |
Author's
web page. |
| Anne Adams, Multimedia information changes the whole privacy
ballgame. In Proceedings of the Conference on Computers, Freedom
and Privacy 2000, ACM Press. |
Author's
web page. |
| Anne Adams and Martina Angela Sasse,
Privacy issues in ubiquitous
multimedia environments: Wake sleeping dogs, or let them lie?
In Proceedings of INTERACT '99, Edinburgh, pp. 214-221. |
Author's
web page. |
| Anne Adams and Martina Angela Sasse,
Taming the wolf in sheep's
clothing: privacy in multimedia communications. In
Proceedings of ACM Multimedia '99, Orlando, pp. 101-107. |
GetRealSecurity group publications
page. |
| Anne Adams and Martina Angela Sasse,
Users are not the enemy:
Why users compromise security mechanisms and how to take remedial
measures. Communications of the ACM, 42(12), pp. 40-46, December
1999. |
GetRealSecurity group publications
page. |
| Anne Adams, Martina Angela Sasse,
and Peter
Lunt, Making Passwords Secure and
Usable. In H. Thimbleby, B. O'Conaill and P. Thomas
[Eds.]: People & Computers XII, Proceedings of HCI '97,
Bristol, UK, August 12-15, p. 1-19, Springer. |
Author's
web page. |
| Kenneth Allendoerfer,
Shantanu Pai, Human factors considerations for
passwords and other user identification techniques part 1: Field study, results and
analysis (DOT/FAA/CT-05/20). Atlantic City International Airport, NJ:
Federal Aviation Administration William J. Hughes Technical Center.
|
Author's web page . |
| Kenneth Allendoerfer,
Shantanu Pai, Human factors considerations for
passwords and other user identification techniques part 2: Field study, results and
analysis (DOT/FAA/TC-06/09). Atlantic City International Airport, NJ:
Federal Aviation Administration William J. Hughes Technical Center.
|
Author's web page . |
| Elske Ammenwerth,
Anke Buchauer, Hans-Bernd
Bludau, Alexander
Roßnagel, Simulation Studies
for the Evaluation of Security Technology. Multilateral Security
in Communications, Volume 3 - Technology, Infrastructure,
Economy. Guenter Mueller and Kai Rannenberg [Eds.], Addison
Wesley, 1999. |
|
| De Angeli, A., Coventry, L., Johnson, G., Renaud, K., Is a picture
really worth a thousand words? On the feasibility of graphical
authentication systems.International Journal of Human-Computer Studies,
special issue: HCI research on Privacy and Security. Volume 63, Issue
1-2 (July 2005). Pages: 128 - 152. |
|
| Dirk Balfanz,
Usable Access Control for the World
Wide Web. In Proceedings of 19th Annual Computer
Security Applications conference, December 8 - 12, 2003. |
ACSAC web site |
| Dirk Balfanz, Durfee, G. and Smetters, D. K.
Making the Impossible Easy: Usable PKI..
In Security and Usability: Designing Secure Systems that People Can
Use, Cranor, L. F. and Garfinkel, S., eds., pp. 319-334. O'Reilly,
Sebastopol, CA. |
| Dirk Balfanz, Durfee, G., Grinter, R. E. and Smetters, D. K.
In Search of Usable Security -- Five Lessons from the Field.. IEEE Journal on Security and Privacy. 2(5) 2004. |
PARC web site |
| Dirk Balfanz, Durfee, G., Grinter, R. E. and Smetters, D. K.
In Search of Usable Security -- Five Lessons from the Field.. IEEE Journal on Security and Privacy. 2(5) 2004. |
PARC web site |
| Dirk Balfanz, Durfee, G., Grinter, R. E., Smetters, D. K. and Stewart, P.
Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute.. 13th Usenix Security Symposium, August, 2004, San Diego, CA. |
PARC web site |
| Dirk Balfanz, Smetters, D. K., Stewart, P. and Wong, H. C.
Talking to strangers: authentication in ad-hoc wireless networks.. Network and Distributed System Security Symposium. Internet Society. February 6-8, 2002, San Diego, CA. |
PARC web site |
| Lujo Bauer, Lorrie Faith Cranor, Rob Reeder, Michael K. Reiter and Kami Vaniea.
A User Study of Policy Creation in a Flexible Access-Control System. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI '08). 2008. |
Lab's web page |
| Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter and Kami Vaniea.
Lessons Learned From the Deployment of a Smartphone-Based Access-Control System. Symposium On Usable Privacy and Security (SOUPS). 2007. |
Conference
web page |
| Denis Besnard and Budi Arief,
Computer security impaired by
legitimate users. Computers & Security, 23 (3), pp. 253-264,
May 2004. |
Author's
web page. |
| Nathaniel S. Borenstein,
Computational Mail as Network
Infrastructure for Computer-Supported Cooperative Work Innovations in
E-Mail. Proceedings of ACM CSCW'92 Conference on
Computer-Supported Cooperative Work 1992 p.67-74. |
ACM
Digital Library |
| David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Lee Iverson, Sidney Fels and Brian Fisher.
Towards Understanding IT Security Professionals and Their Tools.Symposium On Usable Privacy and Security (SOUPS). 2007. |
Conference web page |
| Christina Braz and Esma Aïmeur. ASEMC: Authentication for a SEcure M-Commerce.RFID Journal. June 2005. |
Paper |
| Christina Braz and Esma Aïmeur. AuthenLink: A User-Centred Authentication System for a Secure Mobile Commerce.3rd International Workshop on Wireless Information Systems (WIS-2004), Porto, Portugal, April 2004. |
Paper |
| Christina Braz and Jean-Marc Robert. Security and usability: the case of the user authentication methods.IHM '06: Proceedings of the 18th International Conferenceof the Association Francophone d'Interaction Homme-Machine. 2006. |
ACM Digital Library |
| Christina Braz, Ahmed Seffah and David M’Raihi. Designing a Trade-Off Between Usability and Security: A Metrics Based-Model.Human-Computer Interaction – INTERACT 2007. Lecture Notes in Computer Science, Volume 4663/2007. |
LNCS web site |
| Carolyn Brodie, Clare-Marie Karat, John Karat and Jinjuan Feng, Usable Security and Privacy: A Case Study of Developing Privacy Management Tools. Symposium On Usable Privacy and Security (SOUPS), 2005. |
ACM Digital Library |
| Sacha Brostoff
and Martina Angela
Sasse, "Ten strikes and you're out":
Increasing the number of login attempts can improve password usability.
CHI 2003 Workshop on Human-Computer Interaction and
Security Systems, Ft. Lauderdale, Florida. |
HCISec mailing list
file page and at the workshop
web page. |
| Sacha Brostoff
and Martina Angela
Sasse, Safe and Sound: a
safety-critical design approach to security. Proceedings of the
New Security Paradigms Workshop 2001 (September 10-13, New Mexico), pp.
41-50, ACM Press. |
GetRealSecurity group publications
page. |
| Sacha Brostoff
and Martina Angela
Sasse, Are Passfaces More Usable Than
Passwords? In S. McDonald, Y. Waern & G. Cockton [Eds.]: People and
Computers XIV - Usability or Else! Proceedings of HCI 2000 (September
5-8, Sunderland, UK), pp. 405-424, Springer. |
GetRealSecurity group publications
page. |
| Ian Brown and Richard
Snow, A proxy approach to e-mail
security. Software - Practice and Experience, 29(12), 1049-1060,
October 1999. |
Author's web page |
| Jose Carlos Brustoloni and Ricardo Villamarin-Salomon, Improving Security Decisions with Polymorphic and Audited Dialogs. Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS'2007), ACM, Pittsburgh, PA, July 2007, pp. 76-87. |
Author's web page |
| Jose Brustoloni, Ricardo Villamarin-Salomon, Peter Djalaliev and David Kyle. Evaluating the Usability of Usage Controls in Electronic Collaboration. Symposium On Usable Privacy and Security (SOUPS). 2008. |
Conference web page |
| L. Jean Camp. Mental models of security.
IEEE Technology and Society, 2006. |
SSRN web page |
| L. Jean Camp. Reliable Usable Signaling to Defeat Masquerade Attacks.
WEIS 2006 (Cambridge, MA) 26-28 June 2006. Also published as Net Trust:
Signaling Malicious Web Sites at I/S A Journal of Law and Policy in the
Information Society, Winter 2007. |
Workshop version |
| L. Jean Camp, Cathleen McGrath and Alla Genkina. Security and Morality: A Tale of User Deceit.
Models of Trust for the Web MTW'06, (Edinburgh, Scotland) 22 May 2006. |
Author's web page |
| Xiang Cao,
and Lee Iverson. Intentional Access Management: Making Access Control Usable For End-Users.
In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. |
Symposium web page |
| Srdjan Capkun,
Levente Buttyan and Jean-Pierre Hubaux, Small
worlds in security systems: an analysis of the PGP certificate graph.
In proceedings of New Security Paradigms Workshop 2002. |
|
| Sonia Chiasson, Robert Biddle and P.C. van Oorschot. A Second Look at the Usability of Click-Based Graphical Passwords. Symposium On Usable Privacy and Security (SOUPS). 2007. |
Conference web page |
| S. Chiasson, P.C. van Oorschot, R. Biddle. A Usability Study and
Critique of Two Password Managers. USENIX Security Symposium. August 2006,
Vancouver, Canada. |
Author's web page |
| Sonia Chiasson, Jayakumar Srinivasan and P.C. van Oorschot. Centered Discretization with Application to Graphical Passwords. In Usability, Psychology, and Security. 2008. |
Conference web page |
| Jeremy Clark, P.C. van Oorschot and Carlisle Adams. Usability of Anonymous Web Browsing: An Examination of Tor Interfaces and Deployability. Symposium On Usable Privacy and Security (SOUPS). 2007. |
Conference web page |
| Gregory Conti, Mustaque Ahamad, and John Stasko Attacking Information Visualization System Usability Overloading and Deceiving the Human. Symposium On Usable Privacy and Security (SOUPS), 2005. |
ACM Digital Library
|
| Gregory Conti and Edward Sobiesk. An Honest Man Has Nothing to Fear: User Perceptions on Web-based Information Disclosure. Symposium On Usable Privacy and Security (SOUPS). 2007. |
Cofnerence web page
|
|
Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao,
Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce
McLaren, Mike Reiter, Norman Sadeh. User-Controllable Security and Privacy for Pervasive Computing. Proceedings of the 8th IEEE Workshop on Mobile Computing Systems and Applications, HotMobile 2007. 2007. |
Lab's web page |
| Lynne Coventry, Antonella De
Angeli and Graham Johnson, Honest it's
me! Self-service verification. CHI 2003 Workshop
on Human-Computer Interaction and Security Systems, Ft. Lauderdale,
Florida. |
HCISec mailing list
file page and at the workshop
web page. |
| Lorrie Faith Cranor. A framework for reasoning about the human in the loop. In Usability, Psychology, and Security. 2008. |
Conference Web page |
| Lorrie Faith Cranor. Designing a Privacy Preference Specification
Interface: A Case Study. CHI 2003 Workshop on
Human-Computer Interaction and Security Systems, Ft. Lauderdale,
Florida. |
HCISec mailing list
file page and at the workshop
web page. |
| Lorrie Faith Cranor, What do they "indicate?": evaluating security and privacy indicators ACM: Interactions 13, 3 (May. 2006), 45-47. |
ACM Digital Library. |
| Lorrie Faith Cranor, Manjula
Arjula and Praveen Guduru, Use of a P3P
User Agent by Early Adopters. In Proceedings of the ACM Workshop
on Privacy in the Electronic Society, November 21, 2002. |
Author's
web page. |
| Lorrie Faith Cranor and Joel R. Reidenberg,
Can user agents accurately represent
privacy notices? The 30th Research Conference on Communication,
Information and Internet Policy, September 2002, Alexandria, VA. |
Author's
web page. |
| Lorrie Faith Cranor, Joseph Reagle
and Mark S. Ackerman,
Beyond Concern:
Understanding Net Users' Attitudes About Online Privacy.
|
Author's
web page.
|
| Lorrie Faith Cranor, Agents of Choice: Tools that Facilitate Notice and
Choice about Web Site Data Practices. Proceedings of the 21st
International Conference on Privacy and Personal Data Protection, 13-15
September 1999, Hong Kong SAR, China. |
Author's
web page.
|
| Lorrie Faith Cranor and Mark S. Ackerman,
Privacy Critics: UI Components to
Safeguard Users' Privacy. Proceedings of the ACM
Conference on Human Factors in Computing Systems (CHI '99), short
papers (v.2), |
Author's
web page.
|
| Lorrie Faith Cranor and Simson L. Garfinkel,
Security and Usability: Designing Secure Systems that People Can Use. O'Reilly publication. |
About the book.
|
| Herbert Damker,
Ulrich Pordesch and Martin Reichenbach, Personal
Reachability and Security Management - Negotiation of Multilateral
Security. Multilateral Security in Communications, Volume 3 -
Technology, Infrastructure, Economy. Guenter Mueller and Kai
Rannenberg [Eds.], Addison Wesley, 1999. |
|
| Don Davis, Compliance Defects in Public-Key Cryptography.
Proceedings of the 6th USENIX Security Symposium, 1996. |
Author's
web page. |
| Alex J. DeWitt and Jasna Kuljis. Aligning Usability And Security-A Usability Study Of Polaris.
In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. |
Symposium
web page. |
| Alex J. DeWitt and Jasna Kuljis. Is usable security an oxymoron?
interactions. Vol. 13, Issue 3. Pages: 41-44. ACM Press. May 2006. |
ACM Digital Library. |
| Rachna Dhamija,
Hash Visualization in User
Authentication In CHI 2000 Extended Abstracts, April 2000, The
Hague, Netherlands. |
Author's web page. |
| Rachna Dhamija and Adrian Perrig,
Deja Vu: A User Study.
Using Images for Authentication. In Proceedings of the 9th
USENIX Security Symposium, August 2000, Denver, Colorado. |
Author's web page. |
| Rachna Dhamija and J.D. Tygar,
Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks In
Human Interactive Proofs: Second International Workshop (HIP 2005),
eds. H. Baird and D. Lopresti, Springer, May 2005, pp 127-141. |
Author's web page. |
| Rachna Dhamija and J.D. Tygar,
The Battle Against Phishing: Dynamic Security Skins. Symposium On Usable Privacy and Security (SOUPS), 2005. |
ACM Digital Library . |
| Rachna Dhamija and J.D. Tygar, and Marti Hearst
Why Phishing Works. To appear in the Proceedings of the Conference on Human Factors in Computing Systems (CHI2006), 2006. |
Author's web page. |
| Ahmet Emir Dirik, Nasir Memon and Jean-Camille Birget. Modeling User Choice in the PassPoints Graphical Password Scheme. Symposium On Usable Privacy and Security (SOUPS). 2007. |
Conference web page |
| Paul DiGioia and Paul Dourish
Social Navigation as a Model for Usable Security. Symposium On Usable Privacy and Security (SOUPS), 2005. |
ACM Digital Library |
| Julie S. Downs, Mandy Holbrook, and Lorrie Faith Cranor.
Decision Strategies And Susceptibility To Phishing. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. |
Symposium web page. |
| Paul Dourish, Jessica
Delgado de la Flor and Melissa Joseph, Security
as a Practical Problem: Some Preliminary Observations of Everyday
Mental Models. CHI 2003 Workshop on Human-Computer Interaction
and Security Systems, Ft. Lauderdale, Florida. |
HCISec mailing list
file page and at the workshop
web page. |
| Paul Dourish and David
Redmiles, An Approach to Usable Security
Based on Event Monitoring and Visualization. New Security
Paradigms Workshop, 2002. |
|
| Cornelius
C. Dufft, Juergen Espey, Hartmut Neuf, Georg
Rudinger and Kurt
Stapf, Usability and Security.
Multilateral Security in Communications, Volume 3 - Technology,
Infrastructure, Economy. Guenter Mueller and Kai Rannenberg [Eds.],
Addison Wesley, 1999. |
|
| Paul Dunphy, James Nicholson and Patrick Olivier. Securing Passfaces for Description.
Symposium On Usable Privacy and Security (SOUPS). 2008. |
Conference webpage |
| Scott Dynes, Hans Brechbuhl and Eric Johnson. Information Security in the Extended Enterprise: Some
Initial Results From a Field Study of an Industrial Firm.
Symposium On Usable Privacy and Security (SOUPS), 2005. |
WEIS website |
| W. Keith Edwards, Mark W. Newman, Jana Z. Sedivy and Trevor F. Smith, Dirk Balfanz, D. K. Smetters, H. Chi Wong, Shahram Izadi.
Using Speakeasy for Ad Hoc Peer-to-Peer Collaboration. Proceedings of ACM 2002 Conference on Computer Supported Cooperative Work (CSCW 2002), 2002, November, New Orleans, LA. |
PARC's web page. |
| Serge Egelman, Lorrie Cranor, and Abdur Chowdhury.
An Analysis of P3P-Enabled Web Sites among Top-20 Search Results.
. Proceedings of the Eighth International Conference on Electronic Commerce August 14-16,
2006, Fredericton, New Brunswick, Canada |
Author's
web page. |
| Serge Egelman, Lorrie Cranor, and Jason Hong.
You've been warned: an empirical study of the effectiveness of web browser phishing warnings.
CHI '08: Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems. |
ACM Webpage. |
| Serge Egelman and Ponnurangam Kumaraguru.
Report on DIMACS Workshop and
Working Group Meeting on Usable Privacy and Security Software.. May 3, 2005. Rutgers University, New Burnswick, NJ. |
Workshop web page. |
| Serge Egelman, Janice Tsai, Lorrie Cranor, and Alessandro Acquisti. Studying the Impact of Privacy Information on Online Purchase
Decisions. . Workshop on Privacy and HCI: Methodologies for Studying Privacy Issues at CHI 06, April, 2006. | Author's web page. |
| Carl Ellison, Chris Hall,
Randy Milbert and Bruce Schneier,
Protecting Secret Keys with
Personal Entropy. Future Generation Computer Systems, Volume 16,
pp. 311-318, 2000. |
Author's
web page. |
| Laura Falk, Atul Prakash and Kevin Borders. Analyzing Websites for User-Visible Security Design Flaws.Symposium On Usable Privacy and Security (SOUPS). 2008. |
Conference webpage
|
| Ivan Flechais and
Martina
Angela Sasse, Developing Secure and
Usable Software. OT2003. |
Author's web page.
|
| Ivan Flechais, Martina Angela Sasse
and Stephen M. V. Hailes, Bringing
Security Home: A process for developing secure and usable systems.
New Security Paradigms Workshop, 2003. |
Author's web page.
|
| Scott Flinn and Joanna Lumsden,
User Perceptions of Privacy and Security on the Web. Third Annual Conference on Privacy, Security and Trust, October 12-14, 2005. |
Conference web page |
| Alain Forget, Sonia Chiasson, P.C. van Oorschot and Robert Biddle.
Improving Text Passwords Through Persuasion. Symposium On Usable Privacy and Security (SOUPS). 2008. |
Conference web page |
| Batya Friedman, Helen Nissenbaum,
David Hurley, Daniel C. Howe and Edward Felten,
Users' Conceptions of Risks and Harms
on the Web: A Comparative Study. CHI 2002 Extended
Abstracts of the Conference on Human Factors in Computing Systems, pp.
614-615. |
Network
Browser Security & Human Values project publications
web page. |
| Batya Friedman, David Hurley,
Daniel C. Howe, Edward
Felten and Helen
Nissenbaum, Users' Conceptions of Web
Security: A Comparative Study. CHI 2002 Extended Abstracts
of the Conference on Human Factors in Computing Systems, pp. 746-767. |
Network
Browser Security & Human Values project publications
web page. |
| Batya Friedman, Daniel C. Howe
and Edward Felten,
Informed Consent in the
Mozilla Browser: Implementing Value-Sensitive Design.
Proceedings of the Thirty-fifth Annual Hawai'i International Conference
on System Sciences. |
Network
Browser Security & Human Values project publications
web page. |
| Batya Friedman, Peter H. Kahn, Jr.,and
Daniel C. Howe, Trust Online.
Communications of the ACM, 43(12), 34-40. |
Network
Browser Security & Human Values project publications
web page. |
| Niklas Frykholm and Ari Juels,
Error-Tolerant Password
Recovery. In P. Samarati, ed., Eighth ACM Conference on Computer
and Communications Security, pp. 1-8. ACM Press. 2001. |
Author's
publications page at RSA
Laboratories. |
| Steven M. Furnell Using security: easier said than done. In P. Computer Fraud & Security. Vol. 2004, Issue 4. Pages: 6-10. Elsevier Science B.V. April 2004. |
|
| Steven M. Furnell Why users cannot use security. Computers & Security. Vol. 24, Issue 4. Pages: 274-279. Elsevier Science B.V. June 2005. |
|
| Steven M. Furnell, Adila Jusoh, Dimitris Katsabas. The challenges of understanding and using security: A survey of end users . Computers &
Security. Vol. 25. Pages: 27-35. Elsevier Science B.V. 2006. |
|
| Steven M. Furnell and Bogdan Ghita Usability pitfalls in Wireless LAN security . Network Security. Pages: 4-8. Elsevier Science B.V. March 2006.
|
|
| Steven M. Furnell and Stamatis Bolakis Helping us to help ourselves: Assessing administrators' use of security analysis tools . Network
Security. Vol. 2004, Issue 2. Pages: 7-12. Elsevier Science B.V. February 2004. |
|
| Simson L. Garfinkel, Adopting Fair Information Practices to Low Cost RFID Systems. paper presented at Privacy in Ubicomp'2002 workshop, Gotenborg,
Sweden, September 29th, 2002. | Author's version |
| Simson L. Garfinkel, Design Principles and Patterns for Computer Systems that are
Simultaneously Secure and Usable. PhD Dissertation, 2005. | Dissertation |
| Simson L. Garfinkel, Enabling Email Confidentiality through the use of Opportunistic Encryption. presented at the 2003 National Conference on Digital Government Research, May 2003, Boston, MA. | Author's slides |
| Simson L. Garfinkel and Ivan Krstic, The One Laptop Per Child Security Model. Symposium On Usable Privacy and Security (SOUPS). 2007. | Conference web page |
| Simson L. Garfinkel and Robert C. Miller, Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express.
Symposium On Usable Privacy and Security (SOUPS), 2005. |
ACM Digital Library |
| Simson L. Garfinkel, Schiller, J., Nordlander, E., Margrave, D., and Miller, R., How To Make Secure Email Easier To Use. CHI 2005: Technology, Safety,
Community, Portland, Oregon, April 2-7, 2005. |
Author's web page |
| Simson L. Garfinkel, Schiller, J., Nordlander, E., Margrave, D., and Miller, R.,
Views, Reactions and Impact of Digitally-Signed Mail in e-Commerce.
Financial Cryptography and Data Security Ninth International
Confernece, February 28-March 3, 2005, Roseau, The Commonwealth of
Dominica. |
Conference web page |
| Carrie Gates and Jacob
Slonim, Owner-Controlled Information,
New Security Paradigms Workshop, 2003. |
|
| Carrie Gates and Tara Whalen,
Profiling the Defenders.
New Security Paradigms Workshop, 2004. |
Author's
web page. |
| Shirley Gaw and Edward W. Felten.
Password Management Strategies For Online Accounts.
In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. |
Symposium
web page. |
| Weiwei Geng, Scott Flinn and John DeDourek.
Usable Firewall Configuration.
Proceedings of the 3rd Annual Conference on Privacy, Security and Trust (PST`05). October 2005. |
Conference
web page. |
| Julia Gideon, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti.
Power Strips, Prophylactics, and Privacy, Oh My!
In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. |
Symposium
web page. |
| Nathaniel S. Good
and Aaron Krekelberg,
Usability and Privacy: A
Study of Kazaa P2P File-Sharing. In Proceedings of the ACM
Conference on Human Factors in Computing Systems (CHI 2003), Ft.
Lauderdale, Florida. |
Author's web page.
(HP Labs tech report) |
| Nathaniel S. Good
and Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan,
and Joseph Konstan,
Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware. Symposium On Usable Privacy and Security (SOUPS), 2005. |
ACM Digital Library .
|
| Rebecca E. Grinter
and D.K. Smetters,
Three Challenges for Embedding
Security into Applications. CHI 2003 Workshop on Human-Computer
Interaction and Security Systems, Ft. Lauderdale, Florida. |
HCISec mailing list
file page and at the workshop
web page. |
| Joshua B. Gross and Mary Beth Rosson. Looking for trouble: understanding end-user security management. CHIMIT '07: Proceedings of the 2007 symposium on Computer human interaction for the management of information technology. 2007. |
ACM Digitial Library |
| Jens Grossklags, Nicolas Christin, and John Chuang. Predicted and
Observed User Behavior in the Weakest-Link Security Game. In
Proceedings of the 2008 USENIX Workshop on Usability, Psychology, and
Security (UPSEC'08). San Francisco, CA. 2008. |
Conference web site |
| Jens Grossklags and Nathan Good. Empirical Studies on Software Notices to Inform Policy Makers and Usability Designers. In Usable Security (USEC’07). 2007. |
Conference web site |
| Peter Gutmann,
Plug-and-Play PKI: A PKI Your Mother Can Use. In
Proceedings of 12th USENIX Security Symposium. |
Usenix web
site. |
| Peter Gutmann,
PKI Technology Survey and Blueprint.
|
author's
web page. |
| Peter Gutmann and Ian Grigg.
Security Usability.
IEEE Security and Privacy. Pages: 56-58. IEEE. July 2005. |
|
| Jeffrey T.
Hancock, Jennifer Thom-Santelli and Thompson Ritchie, Deception and Design: The Impact of Communication
Technology on Lying Behavior. In Proceedings of CHI 2004. |
|
| Katie Hafner and John Markoff,
Cyberpunk: Outlaws and Hackers on the
Computer Frontier. 1991, Simon & Schuster. Part One: Kevin:
The Dark Side Hacker may include the earliest published references to
social engineering. |
|
| Jefferson B. Hardee, Ryan West, Christopher B. Mayhorn. To download or not to download: an examination of computer security decision making . Interactions. Vol. 13, Issue 3. Pages: 32-37. ACM Press. May 2006. |
ACM
Digital Library. |
| Jefferson B. Hardee, Christopher B. Mayhorn and Ryan West You downloaded WHAT?: Computer-based security decisions. . 50th Annual Meeting of the Human Factors and Ergonomics Society. Santa Monica, CA: HFES. San Francisco, CA, September 2006. |
| James Haskett, Pass-algorithms: A User Validation Scheme Based on
Knowledge of Secret Algorithms. Communications of the ACM,
27(8), pp. 777-781, August 1984. |
ACM
Digital Library. |
| Eiji Hayashi, Nicolas Christin, Rachna Dhamija and Adrian Perrig. Use Your Illusion: Secure Authentication Usable Anywhere. Symposium On Usable Privacy and Security (SOUPS). 2008. |
Conference webpage. |
| Juho Heikkilä,
Do I Know You? User Recognition
Without Identification. Proceedings of NordSec 2000, October
12-13, Reykjavik, Iceland. |
TeSSA project publications
web page. |
|
Morten Hertzum
Minimal-feedback hints for remembering passwords. ACM: Interaction 13, 3 (May. 2006), 38-40.
|
ACM Ditital Library |
| Almut Herzog and Nahid Shahmehri
A Usability Study of Security Policy
Management. Proceedings of the IFIP TC-11 21st International
Information Security Conference. Security and Privacy in Dynamic environments. S.
Fischer-Huebner, K. Rannenberg, L. Yngstroem, S. Lindskog (eds.). Pages: 296-306. Springer. 2006.
|
|
| Almut Herzog and Nahid Shahmehri
.
CHIMIT '07: Proceedings of the 2007 symposium on Computer human
interaction for the management of information technology. 2007. |
ACM Digital Library |
| Sebastian Höhn. Bringing the User Back into Control: A New Paradigm for Usability in Highly Dynamic Systems . In Lecture Notes in Computer Science, Trust and Privacy in Digital Business, DOI 10.1007/11824633. 2006. pp. 114 - 122. |
Abstract |
| Ursula
Holmstrmö, User-centered design
of security software. Human Factors in Telecommunications, May
1999, Copenhagen, Denmark. |
TeSSA project publications
web page. |
|
Giovanni Iachello , and Jason Hong. End-User Privacy in Human-Computer Interaction.
Foundations and Trends in Human-Computer Interaction. Vol. 1: No 1, pp 1-137. 2007. |
Publisher's webpage. |
|
Giovanni Iachello , Kenneth Walsh, Ian Smith, Sunny Consolvo, Mike Chen, and Gregory D. Abowd. Developing Privacy Guidelines for Social Location Disclosure Applications and Services. .
Symposium On Usable Privacy and Security (SOUPS), 2005. |
ACM
Digital Library. |
|
Philip Inglesant, M. Angela Sasse, David Chadwick and Lei Lei Shi. Expressions of Expertness: The Virtuous Circle of Natural Language for Access Control Policy Specification. .
Symposium On Usable Privacy and Security (SOUPS). 2008. |
Conference Webpage |
| Blake Ives, Kenneth Walsh, and Helmut
Schneider, The domino effect of
password reuse. Communications of the ACM, 47(4), pp. 75-78,
April 2004. |
ACM
Digital Library. |
| Collin Jackson, Dan Simon, Desney Tan and Adam Barth. An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks.In Usable Security (USEC’07). 2007. |
Conference web page
|
| Uwe Jendricke and
Daniela
Gerd tom Markotten, Usability Meets
Security - The Identity-Manager as Your Personal Security Assistant for
the Internet. In Proceedings of the 16th Annual Computer
Security Applications Conference, December 2000. |
Author's web page.
|
| Carlos Jensen and Colin Potts.
Privacy Policies as Deicsion-Making
Tools: An Evaluation of Online Privacy Notices. In Proceedings
of CHI 2004. |
|
| Carlos Jensen, Chandan Sarkar, Christian Jensen and Colin Potts.
Tracking Website Data-Collection and Privacy Practices with the iWatch Web Crawler. Symposium On Usable Privacy and Security (SOUPS). 2007. |
Conference web page |
| Ian Jermyn,
Alain Mayer, Fabian
Monrose, Michael K.
Reiter and Aviel D. Rubin,
The Design and Analysis of Graphical
Passwords. Proceedings of the 8th USENIX Security Symposium
(Best Paper award), August 23-36, 1999, Washington, DC. |
Author's
web page. |
| J. Johnston, Jan Harm Petrus Eloff, L. Labuschagne
Security and human computer interfaces. Computers & Security, Vol. 22, Issue 8. Pages: 675-684. Elsevier Science B.V. December 2003. |
|
| Mike Just, Designing Secure Yet Usable Credential Recovery Systems
With Challenge Questions. CHI 2003 Workshop on
Human-Computer Interaction and Security Systems, Ft. Lauderdale,
Florida. |
HCISec mailing list
file page and at the workshop
web page. |
| Johannes Kaiser, Martin Reichenbach Evaluating security tools towards usable security.Proceedings of the 17th IFIP World Computer Congress (WCC`02). August 2002. |
|
| Apu Kapadia, Tristan Henderson, Jeffrey J. Fielding, and David Kotz, Virtual Walls: Protecting Digital Privacy in Pervasive Environments
.In
Proceedings of The Fifth International Conference on Pervasive
Computing (PERVASIVE '07), pp. 162-179, Toronto, Canada, May 13 - 16,
2007. |
Author's webpage |
| Apu Kapadia, Geetanjali Sampemane, and Roy H. Campbell, KNOW Why
Your Access Was Denied: Regulating Feedback for Usable Security
.In
Proceedings of 11th ACM Conference on Computer and Communications
Security (CCS 2004), pp. 52-61, Washington DC, October 25-29, 2004
|
ACM Digital Library |
| Claire-Marie
Karat, Iterative Usability Testing of a
Security Application. Proceedings of the Human Factors
Society 33rd Annual Meeting, 1989. |
|
| Kristiina Karvonen and Jarmo
Parkkinen, Signs of Trust.
Proceedings of the 9th International Conference on HCI, August 5-10,
2001, New Orleans, Louisiana. |
TeSSA project publications
web page. |
| Kristiina Karvonen, Lucas
Cardholm and Stefan Karlsson, Designing
Trust for a Universal Audience: A Multicultural Study on the
Formation of Trust in the Internet in the Nordic Countries.
Proceedings of the First International Conference on Universal Access
in HCI, August 5-10, 2001, New Orleans, Louisiana. |
TeSSA project publications
web page. |
| Kristiina Karvonon, The Beauty of Simplicity. In Proceedings of the
ACM Conference on Universal Usability, November 16-17, 2000,
Washington, DC. |
TeSSA project publications
web page. |
| Kristiina Karvonon and Ursula
Holmström, Expressing Trust.
Proceedings of NordCHI 2000 (short papers), 23-25 October 2000, Royal
Institute of Technology, Stockholm, Sweden. |
TeSSA project publications
web page. |
| Kristiina Karvonon, Lucas
Cardholm and Stefan Karlsson, Cultures of
Trust: A Cross-Cultural Study on the Formation of Trust in an
Electronic Environment. Proceedings of NordSec 2000, October
12-13, Reykjavik, Iceland. |
TeSSA project publications
web page. |
| Kristiina Karvonen, Creating Trust. Proceedings of the fourth Nordic
Workshop on Secure IT Systems (Nordsec '99), November 1-2, 1999, Kista,
Sweden. |
TeSSA project publications
web page. |
| Kristiina Karvonen, Enhancing Trust Online. Proceedings of PhDIT '99:
Ethics in Information Technology Design, Second International Workshop
on Philosophy of Design and Information Technology, 16-17 December
1999, Saint-Ferréol, Toulouse, France. |
TeSSA project publications
web page. |
| Orin S. Kerr, Searches and Seizures in a Digital World. Telecommunication Policy Research Conference (TPRC 05), George Mason University, Washington, DC, 2005. |
Conference web page |
| Balachander Krishnamurthy, Delfina Malandrino and Craig E. Wills.
Measuring Privacy Loss and the Impact of Privacy Protection in Web Browsing.
Symposium On Usable Privacy and Security (SOUPS). 2007. |
Conference web page
|
| Manu Kumar, Tal Garfinkel, Dan Boneh and Terry Winograd.
Reducing Shoulder-surfing by Using Gaze-based Password Entry.
Symposium On Usable Privacy and Security (SOUPS). 2007. |
Conference web page
|
| Ponnurangam Kumaraguru and Lorrie Cranor,
Privacy in India: Attitudes and Awareness.
In Proceedings of the 2005 Workshop on Privacy Enhancing Technologies (PET2005), 30 May - 1 June 2005, Dubrovnik, Croatia. |
Author's web page.
|
| Ponnurangam Kumaraguru, Lorrie Cranor and Elaine Newton
Privacy Perceptions in India and the United States: An Interview Study.
Telecommunication Policy Research Conference (TPRC 05), George Mason University, Washington, DC, 2005. |
Author's web page.
|
| Ponnurangam Kumaraguru, Yong Woo Rhee, Alessandro Acquisti, Lorrie Cranor, Jason Hong and Elizabeth Nunge.
Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System.
Technical Report CMU-CyLab-06-017, CyLab, Carnegie Mellon University, November 2006. |
Organization's web page.
|
| Cynthia Kuo, Jesse Walker and Adrian Perrig.
Low-cost Manufacturing, Usability, and Security: An Analysis of Bluetooth Simple Pairing and Wi-Fi Protected Setup.In Usable Security (USEC’07). 2007. |
Conference web site.
|
|
Cynthia Kuo, Adrian Perrig and Jesse Walker
Designing an evaluation method for security user interfaces: lessons from studying secure wireless network configuration.
ACM: Interaction 13, 3 (May. 2006), 28-31. |
ACM Digital web page.
|
| Cynthia Kuo, Sasha Romanosky, and Lorrie Cranor
Human Selection Of Mnemonic Phrase-Based Passwords.
In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. |
Symposium web page.
|
| Stephen Kent, Security. More Than Screen Deep: Toward
Every-Citizen Interfaces to the Nation's Information Infrastructure,
National Academy Press, Washington, DC, 1997. |
National
Academy Press Reading Room. |
| Tessa Lau, Oren Etzioni
and Daniel S. Weld,
Privacy Interfaces for
Information Management.; Communications of the ACM, 42(10),
October 1999. |
Author's web page.
|
| Markku Laukka, Criteria for Privacy Supporting System,
Proceedings of the Fifth Nordic Workshop on Secure IT Systems (Nordsec
2000), October 12-13, Reykjavik, Iceland. |
TeSSA project publications
web page |
| Nancy Leveson. Safeware: System Safety and Computers. Addison Wesley, 1995. |
Amazon |
| Eric Lieberman and Robert C. Miller. Facemail: Showing Faces of Recipients to Prevent Misdirected Email. Symposium On Usable Privacy and Security (SOUPS). 2007. |
Conference web site |
| Heather Richter Lipford, Andrew Besmer and Jason Watson. Understanding Privacy Settings in Facebook with an Audience View. In Usability, Psychology, and Security. 2008. |
Conference web site |
| Chris Masone, Kwang-Hyun Baek and Sean Smith WSKE: Web Server Key Enabled Cookies. In Usable Security (USEC’07). 2007. |
Conference web site |
| Roy A. Maxion and
Robert W. Reeder, Improving user interface dependability through mitigation
of human error,International journal of human-computer studies, 2005, volume 63, number 1-2,
pages 25-50. |
|
| John McHugh and
Carrie Gates, Locality: A New Paradigm
for Thinking About Normal Behavior and Outsider Threats, New
Security Paradigms Workshop 2003. |
|
| J. Mulligan, A. J. Elbirt. Desktop Security and Usability Trade-Offs: An Evaluation of Password Management Systems, Information Systems Security. Vol. 14, Issue 2. Pages: 10-19. Auerbach Publications. May 2005. |
|
| Robert Morris and Ken Thompson,
Password Security: A Case
History. Communications of the ACM, 22(11), pp. 594-597,
November 1979. |
ACM
Digital Library. |
| Maria Nilsson, Anne Adams, Simon Herd. uilding security and trust in
online banking. Proceedings of the Conference on Human Factors in Computing Systems (CHI`05). Pages: 1701-1704. ACM Press. April 2005. |
ACM Digital Library |
| Pekka Nikander and Kristiina Karvonen, Users and Trust in Cyberspace. Proceedings of
Cambridge Security Protocols Workshop 2000, April 3-5, Cambridge
University. |
TeSSA project publications
web page |
| Yuan Niu, Francis Hsu, and Hao Chen. iPhish: Phishing Vulnerabilities on Consumer Electronics. In Usability, Psychology, and Security. 2008. |
Conference web page |
| A.A Ozok, and Holden, S.H, Alphanumeric and Graphical Authentication Solutions: A Comparative Evaluation.In Proceedings of HCI International 2005, Las Vegas, NV. July 22-27. CD-ROM.
| |
| Leysia Palen and Paul Dourish, Unpacking "Privacy" for a Networked World. In
Proceedings of the ACM Conference on Human Factors in Computing Systems
(CHI 2003), Ft. Lauderdale, Florida. |
Author's web page. |
| Jarmo Parkkinen and Kristiina Karvonen, Group Awareness in Bluetooth. Proceedings of the
Third International Workshop on Network Appliances, February 28-March
2, 2001, Singapore. |
TeSSA project publications
web page |
| Andrew Patrick, Building Trustworthy Software Agents. IEEE
Internet Computing, 6(6), 46-53. |
Author's
web page. |
| Andrew Patrick, Privacy, Trust, Agents & Users: A Review of
Human-Factors Issues Associated With Building Trustworthy Software
Agents. |
Author's
web page. |
| Andrew Patrick, Just-In-Time Click-Through Agreements: Interface
Widgets for Facilitating User Understanding and Confirming Informed,
Unambiguous Consent. |
Author's
web page. |
| Andrew Patrick and Steve
Kenny, From Privacy Legislation to
Interface Design: Implementing Information Privacy in
Human-Computer Interactions. Privacy Enhancing Technologies
Workshop, Dresden, Germany, 26-28 March 2003. |
Author's
web page. |
| Andrew Patrick, A. Chris Long and Scott
Flinn, HCI and Security Systems.
CHI 2003 Conference Proceedings: Extended Abstracts (Workshops), April
5-10, Ft. Lauderdale, Florida. |
Author's
web page. |
| Nathanael Paul, David Evans, Aviel D. Rubin and Dan Wallach, Authentication for Remote Voting. CHI 2003
Workshop on Human-Computer Interaction and Security Systems, Ft.
Lauderdale, Florida. |
Author's web page. |
| Trevor Perrin, Public Key Distribution through “cryptoIDs”, New
Security Paradigms Workshop, 2003. |
|
| Pew Internet Project, Trust & Privacy Online: Why Americans Want to
Rewrite the Rules. August 2000. |
Pew
project web site. |
| Ariel Rabkin.
Personal knowledge questions for fallback authentication. Symposium On Usable Privacy and Security (SOUPS). 2008. |
Conference webpage |
| M. N. Razavi and L. Iverson
A framework for privacy support in group information management systems.Group '07 Doctoral Consortium papers. 2007. |
ACM Digital Library |
| M. N. Razavi and L. Iverson
Designing for Privacy in Personal Learning Spaces.In
New Review of Hypermedia and Multimedia, Special Issue on Studying the
Users of Digital Education Technologies: Theories, Methods, and
Analytical Approaches, Vol. 13, No. 2, pp: 163-185. December 2007. |
Author's web site |
| R. W. Reeder, L. Bauer, L.F. Cranor, M.K. Reiter, K. Bacon, K. How, and H. Strong.
Expandable Grids for Visualizing and Authoring Computer Security Policies.ACM SIGCHI Conference on Human Factors in Computing Systems (CHI '08). 2008. |
Lab's web page |
| Robert W. Reeder, Roy A. Maxion
User Interface Dependability through Goal-Error Prevention, International Conference on Dependable Systems & Networks, Yokohama, Japan, 28 June - 01 July 2005 |
Author's web site |
| Karen Renaud,
A Process for Supporting Risk-Aware Web Authentication Mechanism Choice Reliability Engineering and System Safety, Special Edition. 92 (9), pp. 1204-1217. |
|
| Karen Renaud,
Quantifying the Quality of Web Authentication Mechanisms.
A Usability Perspective, Journal of Web Engineering. 3(2) 2004 p95-123. |
|
| Karen Renaud,
Visuo-Biometric Authentication Mechanism for Older Users, Proc British HCI. September 2005. Edinburgh, Scotland. p167-182. |
|
| Karen Renaud, Antonella De Angeli
My password is here! An investigation into Visuo-Spatial Authentication Mechanisms, Interacting with Computers. 16(6):1017-1041. 2004. |
|
| Karen Renaud, Elin Olsen,
DynaHand: Observation-Resistant Recognition-Based Web Authentication, IEEE Technology and Society. Special Issue on Usable Security and Privacy. 26(2):22-31 (2007). |
|
| Karen Renaud, J Ramsay,
Now what was that password again? A More Flexible Way of Identifying and Authenticating our senior, Behaviour and
Information Technology Special Issue: Designing Computer Systems for and
with Older Users. To appear. |
|
| Eric Rescorla,
Security Holes … Who Cares? In
Proceedings of 12th USENIX Security Symposium. |
Usenix
web site. |
| Jens Riegelsberger, Martina Angela Sasse
and John D. McCarthy, Trust at First
Sight? A Test of Users' Ability to Identify Trustworthy
e-Commerce Sites. Proceedings of HCI 2003, 8-12 September 2003,
Bath, UK. |
|
| Jens Riegelsberger, Martina Angela Sasse
and John D. McCarthy, The Researcher's
Dilemma: Evaluating Trust in Computer Mediated Communications.
International Journal of Human Computer Studies, Special Issue on
Trust, 2003. |
Author's web page.
|
| Jens Riegelsberger and Martina Angela Sasse,
Designing e-Commerce
Applications for Consumer Trust. In O. Petrovic [Ed.], Trust in
the Network Economy. Wien, New York: Springer. |
|
| Jens Riegelsberger, Martina Angela Sasse
and John D. McCarthy, Shiny Happy
Building Trust? Photos on e-Commerce Websites and Consumer Trust.
Proceedings of CHI 2003, April 5-10, Ft. Lauderdale, Florida. |
Author's web page.
|
| Jens Riegelsberger, Interpersonal Cues and Consumer Trust in e-Commerce.
CHI 2003 Extended Abstracts, April 5-10, Ft. Lauderdale, Florida. |
Author's web page.
|
| Jens Riegelsberger, The Effect of Facial Cues on Trust in e-Commerce Systems.
Proceedings of HCI 2002, Vol. II, Sept. 2-6, London, UK. |
GetRealSecurity group publications
page. |
| Jens Riegelsberger, Martina Angela Sasse
and J.D. McCarthy, Eye-Catcher or Blind
Spot? 2nd IFIP Conference on e-Commerce, e-Business,
e-Government (i3e), 7-9 October 2002, Lisbon, Portugal. |
GetRealSecurity group publications
page. |
| Jens Riegelsberger and Martina Angela Sasse,
Face It - Photos Don't Make a
Web Site Trustworthy. CHI 2002 Extended Abstracts, April
20-25, Minneapolis, MN, pp. 742-743. |
GetRealSecurity group publications
page. |
| Jens Riegelsberger and Martina Angela Sasse,
Trustbuilders and
trustbusters: The role of trust cues in interfaces to e-commerce
applications. 1st IFIP Conference on e-Commerce,
e-Business, e-Government (i3e), 3-5 Oct 2001, Zurich, pp. 17-30. |
GetRealSecurity group publications
page. |
|
Jennifer Rode, Carolina Johansson, Paul DiGioia, Roberto Silva Filho,
Kari Nies, David Nguyen, Jie Ren, Paul Dourish, and David Redmiles. Seeing Further: Extending Visualization As A Basis For Usable Security. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. |
Symposium web page |
| JVolker Roth, Tobias Straub, Kai Richter.
Security and usability engineering with particular attention to electronic mail . International Journal of Human-Computer Studies. Vol. 63, Issue 1--2. Pages: 51-73. Elsevier Science B.V. July 2005. |
Author's web page |
| N. Sadeh, J. Hong, L. Cranor, I. Fette, P. Kelley, M. Prabaker, and J. Rao. Understanding and Capturing People's Privacy Policies in a Mobile Social Networking Application. Journal of Personal and Ubiquitous Computing. Accepted for publication. 2008. |
Leb's web page |
| Geentanjali
Sampemane, Prasad Naldurg and Roy H. Campbell, Access Control for Access Spaces. In proceedings
of 18th Annual Computer Security Applications Conference,
December 9 - 13, 2002. |
ACSAC web site. |
| Hirokazu Sasamoto, Nicolas Christin, and Eiji Hayashi. Undercover:
Authentication Usable in Front of Prying Eyes. In Proceedings of the
2008 ACM Conference on Human Factors in Computing Systems (CHI 2008),
pages 183-192. Florence, Italy. April 2008. |
ACM web page. |
| Martina Angela Sasse,
Computer Security:
Anatomy of a Usability Disaster, and a Plan for Recovery. CHI
2003 Workshop on Human-Computer Interaction and Security Systems, Ft.
Lauderdale, Florida. |
HCISec mailing list
file page and at the workshop
web page. |
| Martina Angela Sasse,
Sacha
Brostoff and Dirk
Weirich, Transforming the "weakest
link": a human-computer interaction approach to usable and
effective security. BT Technical Journal, Vol. 19(3), July 2001,
pp. 122-131. |
GetRealSecurity group publications
page. |
| Nitesh Saxena, Md. Borhan Uddin and Jonathan Voris. Universal Device Pairing using an Auxiliary Device.Symposium On Usable Privacy and Security (SOUPS). 2008. |
Conference Webpage |
| Bruce Schneier,
Secrets and Lies: Digital
Security in a Networked World. (Chapter 17 addresses
human factors.) Wiley & Sons, 2000. |
|
| Eugene E. Schultz, Robert W. Proctor, Mei-Ching Lien, Gavriel Salvendy.
Usability and Security - An Appraisal of Usability Issues in Information Security Methods Computers & Security. Vol. 20, Issue 7. Pages: 620-634. Elsevier Science B.V. October 2001. |
|
| Umesh Shankar and Chris Karlof, Doppelganger: Better Browser Privacy Without the Bother.
Thirteenth ACM Conference on Computer and Communications Security (CCS 2006). |
Author's web page. |
| Hong-Hai Shen and Prasun Dewan, Access Control for Collaborative Environments.
Proceedings of CSCW '92. |
Author's web page. |
| Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong and Elizabeth Nunge, Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish.
Symposium On Usable Privacy and Security (SOUPS). 2007. |
Conference web page. |
| Elizabeth Sillence, Pam Briggs,
Lesley Fishwick and Peter Harris, Trust
and Mistrust of Online Health Sites. Proceedings of CHI2004. |
|
|
David A. Siegel, Bill Reid and Susan M. Dray. IT security: protecting organizations in spite of themselves. ACM: Interaction 13, 3 (May. 2006), 20-27. |
ACM Digital Library. |
| D.K. Smetters (PARC, US); Dirk Balfanz (PARC, US); Glenn Durfee (PARC, US); Trevor Smith (PARC, US); KyungHee Lee (Samsung, SK) Instant Matchmaking: Simple, Secure Virtual Extensions to Ubiquitous Computing Environments. Ubicomp, Sept, 2006, Irvine, CA. |
|
| D. K. Smetters and R. E.
Grinter, Moving from the Design of Usable
Security Technologies to the Design of Useful Secure Applications.
New Security Paradigms Workshop, 2002. |
|
| Sean Smith, Effective PKI Requires Effective HCI. CHI 2003
Workshop on Human-Computer Interaction and Security Systems, Ft.
Lauderdale, Florida. |
Dartmouth PKI
Lab web page. |
| Sean Smith, Humans in the Loop: Human-Computer Interaction and
Security. IEEE Security and Privacy. Pages: 75-79. IEEE. May 2003. |
Author's web page. |
| Eugene Spafford,
Observing Reusable Password
Choices. In 3rd Usenix UNIX Security Symposium, Usenix
Association, pp. 299-312, 14-16, September 1992. |
CERIAS
FTP site |
| Ryan Stedman, Kayo Yoshida and Ian Goldberg. A User Study of Off-the-Record Messaging. Symposium On Usable Privacy and Security (SOUPS). 2008. |
Cofnerence webpage |
| Tobias Straub, Harald Baier. A Framework for Evaluating the Usability and the Utility of PKI-enabled Applications . Proceedings of the European PKI Workshop: Research and Applications (EuroPKI`04). Vol.
3093. Pages: 112-125. Springer-Verlag. June 2004. |
Paper |
| Furkan Tari, A. Ant Ozok, and Stephen H. Holden.
A Comparison Of Perceived And Real Shoulder-Surfing Risks Between Alphanumeric And Graphical Passwords. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. |
Symposium web page |
| Carl W. Turner.
How do consumers form their judgements
of the security of e-commerce web sites? CHI 2003 Workshop on
Human-Computer Interaction and Security Systems, Ft. Lauderdale,
Florida. |
Author's webpage |
| Carl W. Turner.
Investigating consumers' perceptions of security and privacy of e-commerce web sites. Proceedings of the Usability Professionals Association Conference, 2002. Orlando, FL, USA. |
| Carl W. Turner.
The online experience and consumers' perceptions of e-commerce security. Proceedings of the Human Factors and Ergonomics Society 46th Annual Meeting, 2002, pp. 1246-1250. Baltimore, MD, USA. |
Author's webpage |
| Carl W. Turner, Zavod, M., and Yurcik, W.
Factors that affect the perception of security and privacy of e-commerce web sites.
In B. Gavish (Ed.), Proceedings of the Fourth International Conference
on Electronic Commerce Research Vol. 2, 2001, pp. 628-636. Dallas, TX,
USA. |
Author's webpage |
| Ersin Uzun, Kristiina Karvonen and N. Asokan Usability Analysis of Secure Pairing Methods.
In Usable Security (USEC’07). 2007. | Conference web site |
| Kami Vaniea, Clare-Marie Karat, Joshua B. Gross, John Karat and Carolyn Brodie. Evaluating Assistance of Natural Language Policy Authoring. Symposium On Usable Privacy and Security (SOUPS). 2008. |
Conference Webpage |
| Dirk Weirich and Martina Angela Sasse,
Pretty Good Persuasion: A
first step toward effective password security for the Real World.
Proceedings of the New Security Paradigms Workshop 2001 (September
10-13, New Mexico), pp. 41-50, ACM Press. |
GetRealSecurity group publications
page |
| Rodrigo Werlinger, Kirstie Hawkey, Kasia Muldner, Pooya Jaferian and Konstantin Beznosov. The Challenges of Using an Intrusion Detection System: Is It Worth the Effort? Symposium On Usable Privacy and Security (SOUPS). 2008. |
Conference webpage |
| Rayan West,
West, R. 2006. HCI and security. ACM: Interaction 13, 3 (May. 2006), 18-19. |
ACM Digital Library |
| Alma Whitten and J.D. Tygar, Safe Security Staging. CHI 2003 Workshop on
Human-Computer Interaction and Security Systems, Ft. Lauderdale,
Florida. |
HCISec mailing list
file page and at the workshop
web page |
| Alma Whitten and J.D. Tygar, Why Johnny Can't Encrypt: A Usability Case Study of PGP
5.0. Proceedings of the 8th USENIX Security Symposium, August
1999. |
Author's
web page. |
| Alma Whitten and J.D. Tygar, Usability of Security: A Case Study.
Technical Report CMU-CS-98-155, Carnegie Mellon University School of
Computer Science, December 1998. |
Author's
web page. |
| Dave Wilson and Mary Ellen
Zurko, Lotus Notes and Domino
Contribution to the HCI and Security Systems Workshop. CHI 2003
Workshop on Human-Computer Interaction and Security Systems, Ft.
Lauderdale, Florida. |
HCISec mailing list
file page. |
| Gritta Wolf and Andreas
Pfitzmann, Empowering Users to Set
Their Protection Goals. Multilateral Security in Communications,
Volume 3 - Technology, Infrastructure, Economy. Guenter Mueller and Kai
Rannenberg [Eds.], Addison Wesley, 1999. |
|
| Avishai Wool . The use and usability of direction-based filtering in firewalls. Computers & Security. Vol. 23, Issue 6. Pages: 459-468.
Elsevier Science B.V. September 2004. |
Author's web page |
| Wu, M.
Fighting Phishing at the User Interface. PhD Thesis proposal, December 2004. |
Author's group version |
| Wu, M. , Garfinkel, S., Miller, R.,
Secure Web Authentication with
Mobile Phones. DIMACS Workshop on Usable Privacy and Security Software, July
7 - 8, 2004. DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ. |
Conference website |
| Wu, M. , Robert C. Miller and Simson L. Garfinkel.
Do Security Toolbars Actually Prevent Phishing Attacks?
In M. Jakobsson and S. Myers, eds, Phishing and Counter-measures:
Understanding the increasing problem of electronic identity theft.
Wiley, 2006, to appear. |
Information on the book |
| Wu, M. , Robert C. Miller and Simson L. Garfinkel.
Do Security Toolbars Actually Prevent Phishing Attacks? in submission to Conference on Human Factors in Computing Systems (CHI 2006). |
Author's group version |
| Wu, M. , Robert C. Miller and Greg Little.
Web Wallet: Preventing Phishing Attacks by Revealing
User Intentions In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. |
Symposium web page |
| Thomas Wu,
A Real-World Analysis of Kerberos
Password Security. Proceedings of the 1999 Network and
Distributed System Security Symposium, February 3-5, 1999. |
NDSS
Symposium site. |
| Haidong Xia, Jose Carlos Brustoloni, Hardening Web Browsers Against Man-in-the-Middle and Eavesdropping Attacks . Proceedings of the 14th International World Wide Web Conference (WWW2005), ACM, Chiba, Japan, May 2005, pp. 489-497. |
Author's
web page. |
| Jeff Yan and Ahmad El Ahmad. Usability of CAPTCHAs Or "usability issues in CAPTCHA design". Symposium On Usable Privacy and Security (SOUPS). 2008. |
Conference web page. |
| Jianxin (Jeff) Yan, Alan Blackwell, Ross Anderson, and
Alasdair Grant, The Memorability and
Security of Passwords — Some Empirical Results. Technical Report
No. 500, Computer Laboratory, University of Cambridge, 2000. |
Author's
web page. |
| Jeff Yan, A Note on Proactive Password Checking.
Proceedings of the 2001 ACM New Security Paradigms Workshop, September
2001. |
Author's web
page. |
| Zishuang (Eileen) Ye and Sean Smith, Trusted Paths for Browsers Proceedings of the
11th USENIX Security Symposium, August 2002. |
Dartmouth PKI Lab web
page. |
| Ka-Ping
Yee, Secure Interaction Design and
the Principle of Least Authority. CHI 2003 Workshop on
Human-Computer Interaction and Security Systems, Ft. Lauderdale,
Florida. |
Author's
web page. |
| Ka-Ping
Yee, User Interaction Design for
Secure Systems. In Proceedings of the International Conference
on Information and Communications Security, 2002. |
|
| Ka-Ping
Yee and Kragen Sitaker. Passpet: Convenient Password Management And Phishing Protection. I In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA. |
Symposium web page |
| William
Yurcik, James
Barlow, Kiran
Lakkaraju and Mike Haberman, Two
Visual Computer Security Network Monitoring Tools Incorporating
Operator Interface Requirements. CHI 2003 Workshop on
Human-Computer Interaction and Security Systems, Ft. Lauderdale,
Florida. |
HCISec mailing list
file page and workshop
web page. |
| Mary Ellen Zurko
and Richard T. Simon, User-Centered
Security. New Security Paradigms Workshop, 1996. |
|
| Mary Ellen Zurko, Richard T.
Simon, and Tom Sanfilippo, A
User-Centered, Modular Authorization Service Built on an RBAC
Foundation. Proceedings of IEEE Security and Privacy, 1999. |
|
| Mary Ellen Zurko, Charlie
Kaufman, Katherine Spanbauer and Chuck Bassett, Did You Ever Have To Make Up Your Mind? What Notes Users
Do When Faced With A Security Decision. Proceedings of 18th
Annual Computer Security Applications Conference, December 9 - 13,
2002. |
ACSAC web site. |
|