The three day Symposium On Usable Privacy and Security finished today. We were not able to attend this event, but from the program information, there was some interesting research on usability revealed during the symposium. The majority of the research papers and slides are now online for your viewing.
One of the most talked about presentations was from three students at the University of Michigan. Their paper was called Analyzing Websites for User-Visible Security Design Flaws. While analyzing 214 web sites which were mostly banks, they found 76% of them having a design flaw that would confuse users or even cause problems for security-savvy users. The CUPS blog has some good notes from this presentation, and there is some decent discussion points on Slashdot.
Some other topics that I found interesting:
- Towards a science of security and human behavior by Ross Anderson (Keynote Speaker)
- Use Your Illusion: Secure Authentication Usable Anywhere [slides] by Eiji Hayashi, Nicolas Christin, Rachna Dhamija and Adrian Perrig
- Expressions of Expertness: The Virtuous Circle of Natural Language for Access Control Policy Specification [slides] by Philip Inglesant, M. Angela Sasse, David Chadwick and Lei Lei Shi
- Evaluating the Usability of Usage Controls in Electronic Collaboration [slides] by Jose Brustoloni, Ricardo Villamarin-Salomon, Peter Djalaliev and David Kyle
- The Challenges of Using an Intrusion Detection System: Is It Worth the Effort? [slides] by Rodrigo Werlinger, Kirstie Hawkey, Kasia Muldner, Pooya Jaferian and Konstantin Beznosov
- Social Circles: Tackling Privacy in Social Networks by Fabeah Adu-Oppong, Casey Gardiner, Apu Kapadia and Patrick Tsang