论文信息 - Security user studies: methodologies and best practices

Security user studies: methodologies and best practices

Interest in usable security -- the research, development, and study of systems that are both usable and secure -- has been growing both in the CHI and information security communities in the past several years. Despite this interest, however, the process of designing and conducting security-related user studies remains extremely difficult. Users deal with security infrequently and irregularly, and most do not notice or care about security until it is missing or broken. Security is rarely a primary goal or task of users, making many traditional HCI evaluation techniques difficult or even impossible to use. This workshop will bring together researchers and practitioners from the HCI and information security communities to explore methodological challenges and best practices for conducting security-related user studies.

Rob Miller | Serge Egelman | Jennifer King | Erika Shehan Poole | Nick Ragouzis

[1] Helen Nissenbaum,et al. Users' conceptions of web security: a comparative study , 2002, CHI Extended Abstracts.

[2] Min Wu,et al. Web wallet: preventing phishing attacks by revealing user intentions , 2006, SOUPS '06.

[3] Edward W. Felten,et al. Password management strategies for online accounts , 2006, SOUPS '06.

[4] Paul Dourish,et al. Security in the wild: user strategies for managing security as an everyday, practical problem , 2004, Personal and Ubiquitous Computing.

[5] Markus Jakobsson,et al. Social phishing , 2007, CACM.

[6] J. Doug Tygar,et al. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[7] Lorrie Faith Cranor,et al. Power strips, prophylactics, and privacy, oh my! , 2006, SOUPS '06.

[8] Lorrie Faith Cranor,et al. Decision strategies and susceptibility to phishing , 2006, SOUPS '06.

[9] Andrew S. Patrick,et al. HCI and security systems , 2003, CHI Extended Abstracts.

[10] Kori Inkpen Quinn,et al. Gathering evidence: use of visual security cues in web browsers , 2005, Graphics Interface.

[11] Min Wu,et al. Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[12] Edward W. Felten,et al. Secrecy, flagging, and paranoia: adoption criteria in encrypted email , 2006, CHI.