Human Factors in Cybersecurity
| Semester: | 2020 Winter |
| For: | Master |
| Format: | Seminar |
| Credit Points: | 3 CP |
In this seminar, students will be exposed to a researcher’s bread and butter, i.e., diving into the research of the last decade in Usable Security and Privacy and getting to know the process of publishing a scientific paper.
Simulating a computer science conference’s publishing process, you will critically read and review papers, give short presentations and discuss the papers with other participants.
The topics will include (but are not limited to) usability challenges of authentication systems (including passwords), warning messages, TLS, permission systems, privacy for end-users and secure programming and configuration of computer systems.
Important Dates
| 2020-10-13 | 14:00-15:30 | Meeting [1] | Intro Session |
| 2020-10-18 | 23:59 | Deadline | HotCRP Registration |
| 2020-10-23 | 23:59 | Deadline | Paper Bidding (HotCRP) |
| 2020-10-30 | 23:59 | Deadline | Read Papers |
| 2020-11-03 | 14:00-15:30 | Meeting [1] | HowTo Session (Attendance mandatory) |
| 2020-11-13 | 23:59 | Deadline | First Review (HotCRP) |
| 2020-11-27 | 23:59 | Deadline | Second Review (HotCRP) |
| 2020-11-30 | Reviews available | ||
| 2020-12-03 | 23:59 | Deadline | Submit Rebuttal (HotCRP) |
| 2020-12-14 | Meta-Review Assignment | ||
| 2020-12-21 | 23:59 | Deadline | Submit Meta-Reviews (HotCRP) |
| 2021-01-04 | 23:59 | Deadline | Submit Lightning Talk Slides (Email) |
| 2021-01-12 | 14:00-16:00 | Meeting [1] | PC Meeting (Attendance mandatory) |
| 2021-01-22 | 23:59 | Deadline | Submit Conference Slides (Email) |
| 2021-01-26 | 14:00-16:00 | Meeting [1] | Conference (Attendance mandatory) |
[1] Online, access details in StudIP.
Structure
The structure of this seminar aims to emulate a top tier IT security conference. To provide a balanced experience, all participating students will both act as “authors” and reviewer / program chair (PC).
As author:
- Submit “your” paper (due to time limitations: get assigned one of 3 already published papers).
- Defend “your” paper against 2 reviews in a rebuttal.
- Present “your” paper at the conference in a short presentation.
As program chair/reviewer:
- Write reviews for 2 other papers.
- Write a meta review (a summary of existing reviews + rebuttal) for 1 other paper.
- Present your meta review paper in a lightning talk and argue for/against accepting it.
Submission
Depending on the assignment, submission is either done via email or the HotCRP:
- Email: Please include your name if it is not obvious from your address or submission.
- HotCRP: Upload via web form in our submission system, remember to sign up before the deadline.
Grading
- Grade consists of two written reviews, rebuttal, meta-review, lightning talk, and paper presentation.
- Submitting assignments on time is mandatory for this seminar to function.
- Presence in meetings/sessions is mandatory for this seminar to function.
Paper List
2020
USENIX Sec'20
- A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web Elissa M. Redmiles, Noel Warford Amritha Jayanti, Aravind Koneru, Sean Kross, Miraida Morales, Rock Stevens, Michelle L. Mazurek
NDSS’20
- Are You Going to Answer That? Measuring User Responses to Anti-Robocall Application Indicators. Imani N. Sherman, Jasmine D. Bowers, Keith McNamara Jr., Juan E. Gilbert, Jaime Ruiz, and Patrick Traynor
- Compliance Cautions: Investigating Security Issues Associated with U.S. Digital-Security Standards Rock Stevens, Josiah Dykstra, Wendy Knox Everette, James Chapman, Garrett Bladow, Alexander Farmer, Kevin Halliday and Michelle L. Mazurek
- Into the Deep Web: Understanding E-commerce Fraud from Autonomous Chat with Cybercriminals Peng Wang, Xiaojing Liao, Yue Qin, and XiaoFeng Wang
Oakland’20
- Ask the Experts: What Should Be on an IoT Privacy and Security Label? Pardis Emami-Naeini, Yuvraj Agarwal, Lorrie Faith Cranor, and Hanan Hibshi
- Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication Sanam Ghorbani Lyastani, Michael Schilling, Michaela Neumayr, Michael Backes, and Sven Bugiel
- Security Update Labels: Establishing Economic Incentives for Security Patching of IoT Consumer Products Philipp Morgner, Christoph Mai, Nicole Koschate-Fischer, Felix Freiling, and Zinaida Benenson
- SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap Savino Dambra, Leyla Bilge, Davide Balzarotti
- This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs Philipp Markert, Daniel Bailey, Maximilian Golla, Markus Dürmuth, and Adam Aviv
CHI’20
- Evaluating “Prefer not to say” Around Sensitive Disclosures. Mark Warner, Agnieszka Kitkowska, Jo Gibbs, Juan F. Maestre, and Ann Blandford.
- Listen to Developers! A Participatory Design Study on Security Warnings for Cryptographic APIs. Peter Leo Gorski, Yasemin Acar, Luigi Lo Iacono, and Sascha Fahl.
- “Out of Luck”: Socio-Economic Differences in Student Coping Responses to Technology Problems. Gwen Petro, Amy Gonzales, and Jessica Calarco.
- Why Johnny Can’t Unsubscribe: Barriers to Stopping Unwanted Email. Jayati Dev, Emilee Rader, and Sameer Patil.
- Is This An Ad?: Automatically Disclosing Online Endorsements On YouTube With AdIntuition. Michael Swart, Ylana Lopez, Arunesh Mathur, and Marshini Chetty.
- Smart Home Beyond the Home: A Case for Community-Based Access Control. Madiha Tabassum, Jess Kropczynski, Pamela Wisniewski, and Heather Richter Lipford.
- Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence. Midas Nouwens, Ilaria Liccardi, Michael Veale, David Karger, and Lalana Kagal.
- Understanding Cybersecurity Practices in Emergency Departments. Elizabeth Stobert, David Barrera, Valérie Homier, and Daniel Kollek.
- Under Surveillance: Technology Practices of those Monitored by the State. Pedro Sanches, Vasiliki Tsaknaki, Asreen Rostami, and Barry Brown.
- The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions. Christina Katsini, Yasmeen Abdrabou, George E. Raptis, Mohamed Khamis, and Florian Alt.
- Online Privacy Heuristics that Predict Information Disclosure. S. Shyam Sundar, Jinyoung Kim, Mary Beth Rosson, and Maria D. Molina.
- Understanding Privacy-Related Questions on Stack Overflow. Mohammad Tahaei, Kami Vaniea, and Naomi Saphra.
- Fake News on Facebook and Twitter: Investigating How People (Don’t) Investigate. Christine Geeng, Savanna Yee, and Franziska Roesner.
- On Conducting Security Developer Studies with CS Students: Examining a Password-Storage Study with CS Students, Freelancers, and Company Developers. Alena Naiakshina, Anastasia Danilova, Eva Gerlitz, and Matthew Smith.
- “I’m hoping they’re an ethical company that won’t do anything that I’ll regret”: Users Perceptions of At-home DNA Testing Companies. Khadija Baig, Reham Mohamed, Anna-Lena Theus, and Sonia Chiasson.
- Factors Influencing Perceived Fairness in Algorithmic Decision-Making: Algorithm Outcomes, Development Procedures, and Individual Differences. Ruotong Wang, F. Maxwell Harper, and Haiyi Zhu.
- “It’s a scavenger hunt”: Usability of Websites’ Opt-Out and Data Deletion Choices. Hana Habib, Sarah Pearman, Jiamin Wang, Yixin Zou, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub.
- Amazon vs. My Brother: How Users of Shared Smart Speakers Perceive and Cope with Privacy Risks. Yue Huang, Borke Obada-Obieh, and Konstantin (Kosta) Beznosov.
- Characterizing Twitter Users Who Engage in Adversarial Interactions against Political Candidates. Yiqing Hua, Mor Naaman, and Thomas Ristenpart.
- Examining the Adoption and Abandonment of Security, Privacy, and Identity Theft Protection Practices. Yixin Zou, Kevin Roundy, Acar Tamersoy, Saurabh Shintre, Johann Roturier, and Florian Schaub.
- Does Context in Privacy Communication Really Matter? A Survey on Consumer Concerns and Preferences. Nico Ebert, Kurt Alexander Ackermann, and Peter Heinrich.
- The Burden of Ending Online Account Sharing. Borke Obada-Obieh, Yue Huang, and Konstantin Beznosov.
- Understanding Fitness Tracker Users’ Security and Privacy Knowledge, Attitudes and Behaviours. Sandra Gabriele and Sonia Chiasson.
- Evaluating the End-User Experience of Private Browsing Mode. Ruba Abu-Salma and Benjamin Livshits.
- How Mandatory Second Factor Affects the Authentication User Experience. Jacob Abbott and Sameer Patil.
- Informing the Design of a Personalized Privacy Assistant for the Internet of Things. Jessica Colnago, Yuanyuan Feng, Tharangini Palanivel, Sarah Pearman, Megan Ung, Alessandro Acquisti, Lorrie Faith Cranor, and Norman Sadeh.
- Let’s Talk about Sext: How Adolescents Seek Support and Advice about Their Online Sexual Experiences. Afsaneh Razi, Karla Badillo-Urquiola, and Pamela J. Wisniewski.
- Privacy and Activism in the Transgender Community. Ada Lerner, Helen Yuxun He, Anna Kawakami, Silvia Catherine Zeamer, and Roberto Hoyle.
- The Influence of Decaying the Representation of Older Social Media Content on Simulated Hiring Decisions. Reham Mohamed, Paulina Chametka, and Sonia Chiasson.
- Evaluating the Information Security Awareness of Smartphone Users. Ron Bitton, Kobi Boymgold, Rami Puzis, and Asaf Shabtai.
- Building and Validating a Scale for Secure Software Development Self-Efficacy. Daniel Votipka, Desiree Abrokwa, and Michelle L. Mazurek.
2019
CHI'19
- On the Usability of HTTPS Deployment Matthew Bernhard, Jonathan Sharman, Claudia Ziegler Acemyan, Philip T Kortum, Dan Seth, John Alex Halderman
- “Think secure from the beginning”: A Survey with Software Developers Hala Assal, Sonia Chiasson
2017
MISC'17
- Beyond the Turk: Alternative platforms for crowdsourcing behavioral research Eyal Peer, Laura Brandimarte, Sonam Samat, Alessandro Acquisti