SOUPS 2009: Mountain View, California, USA

Mental models

• Fahimeh Raja, Kirstie Hawkey, Konstantin Beznosov:
  Revealing hidden context: improving mental models of personal firewall users.
  
• Andrew Besmer, Heather Richter Lipford, Mohamed Shehab, Gorrell Cheek:
  Social applications: exploring a more secure framework.
  
• Ponnurangam Kumaraguru, Justin Cranshaw, Alessandro Acquisti, Lorrie Faith Cranor, Jason I. Hong, Mary Ann Blair, Theodore Pham:
  School of phish: a real-word evaluation of anti-phishing training.
  

Community

• Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, Robert W. Reeder:
  A "nutrition label" for privacy.
  
• Jeremy Goecks, W. Keith Edwards, Elizabeth D. Mynatt:
  Challenges in supporting end-user privacy and security management with social navigation.
  
• Linda Little, Elizabeth Sillence, Pamela Briggs:
  Ubiquitous systems and the family: thoughts about the networked home.
  

Passwords and authentication

• Alexander De Luca, Martin Denzel, Heinrich Hussmann:
  Look into my eyes!: can you guess my password?
  
• Mike Just, David Aspinall:
  Personal choice and challenge questions: a security and usability assessment.
  
• Stuart E. Schechter, Robert W. Reeder:
  1 + 1 = you: measuring the comprehensibility of metaphors for configuring backup authentication.
  

Small devices

• Alfred Kobsa, Rahim Sonawalla, Gene Tsudik, Ersin Uzun, Yang Wang:
  Serial hook-ups: a comparative usability study of secure device pairing methods.
  
• Ronald Kainda, Ivan Flechais, A. W. Roscoe:
  Usability and security of out-of-band channels in secure device pairing protocols.
  
• Ran Halprin, Moni Naor:
  Games for extracting randomness.
  

Tools

• Richard Chow, Ian Oberst, Jessica Staddon:
  Sanitization's slippery slope: the design and study of a text revision assistant.
  
• Kurt Alfred Kluever, Richard Zanibbi:
  Balancing usability and security in a video CAPTCHA.
  
• Diana K. Smetters, Nathan Good:
  How users use access control.
  

Tutorials

• Martina Angela Sasse, Clare-Marie Karat, Roy A. Maxion:
  Designing and evaluating usable security and privacy technology.
  
• Nicholas Weaver:
  Think Evil (tm).
  

Posters

• Roel Peeters, Markulf Kohlweiss, Bart Preneel, Nicky Sulmon:
  Threshold things that think: usable authorization for resharing.
  
• Alan H. Karp, Marc Stiegler, Tyler Close:
  Not one click for security?
  
• Luke Church, Jonathan Anderson, Joseph Bonneau, Frank Stajano:
  Privacy stories: confidence in privacy behaviors through end user programming.
  
• Haichang Gao, Xiyang Liu:
  A new graphical password scheme against spyware by using CAPTCHA.
  
• Michael Benisch, Patrick Gage Kelley, Norman M. Sadeh, Tuomas Sandholm, Janice Y. Tsai, Lorrie Faith Cranor, Paul Hankes Drielsma:
  The impact of expressiveness on the effectiveness of privacy mechanisms for location-sharing.
  
• Sara Motahari, Sotirios G. Ziavras, Quentin Jones:
  Designing for different levels of social inference risk.
  
• Azene Zenebe, Claude Tuner, Jinjuan Feng, Jonathan Lazar, Mike O'Leary:
  Integrating usability and accessibility in information assurance education.
  
• Eiji Hayashi, Jason Hong, Nicolas Christin:
  Educated guess on graphical authentication schemes: vulnerabilities and countermeasures.
  
• Peter Likarish, Don Dunbar, Juan Pablo Hourcade, Eunjin Jung:
  BayeShield: conversational anti-phishing user interface.
  
• Yves Maetz, Stéphane Onno, Olivier Heen:
  Recall-a-story, a story-telling graphical password system.
  
• Kathi Fisler, Shriram Krishnamurthi:
  Escape from the matrix: lessons from a case-study in access-control requirements.
  
• Janice Y. Tsai, Serge Egelman, Lorrie Faith Cranor, Alessandro Acquisti:
  The impact of privacy indicators on search engine browsing patterns.
  
• Joseph Bonneau, Jonathan Anderson, Luke Church:
  Privacy suites: shared privacy for social networks.
  
• Michael McQuaid, Kai Zheng, Nigel Melville, Lee Green:
  Usable deidentification of sensitive patient care data.
  
• Eran Toch, Ramprasad Ravichandran, Lorrie Faith Cranor, Paul Hankes Drielsma, Jason I. Hong, Patrick Gage Kelley, Norman M. Sadeh, Janice Y. Tsai:
  Analyzing use of privacy policy attributes in a location sharing application.
  
• Keerthi Thomas, Clara Mancini, Lukasz Jedrzejczyk, Arosha K. Bandara, Adam N. Joinson, Blaine A. Price, Yvonne Rogers, Bashar Nuseibeh:
  Studying location privacy in mobile applications: 'predator vs. prey' probes.
  
• Nitesh Saxena, Md. Borhan Uddin, Jonathan Voris:
  Treat 'em like other devices: user authentication of multiple personal RFID tags.
  
• Matthew Kay, Michael Terry:
  Textured agreements: re-envisioning electronic consent.
  
• Pooya Jaferian, David Botta, Kirstie Hawkey, Konstantin Beznosov:
  A multi-method approach for user-centered design of identity management systems.
  

Posters showcasing usable privacy and security papers published in the past year at other conferences

• Matthew M. Lucas, Nikita Borisov:
  flyByNight: mitigating the privacy risks of social networking.
  
• Chris Karlof, J. D. Tygar, David Wagner:
  Conditioned-safe ceremonies and a user study of an application to web authentication.
  
• Kemal Bicakci, Mustafa Yuceel, Burak Erdeniz, Hakan Gurbaslar, Nart Bedin Atalay:
  Graphical passwords as browser extension: implementation and usability study.
  
• Stuart E. Schechter, A. J. Bernheim Brush, Serge Egelman:
  It's no secret: measuring the security and reliability of authentication via 'secret' questions.
  
• Stuart E. Schechter, Serge Egelman, Robert W. Reeder:
  It's not what you know, but who you know: a social approach to last-resort authentication.
  
• Robert W. Reeder, Patrick Gage Kelley, Aleecia M. McDonald, Lorrie Faith Cranor:
  A user study of the expandable grid applied to P3P privacy policy visualization.
  
• Janice Y. Tsai, Patrick Gage Kelley, Paul Hankes Drielsma, Lorrie Faith Cranor, Jason I. Hong, Norman M. Sadeh:
  Who's viewed you?: the impact of feedback in a mobile location-sharing application.
  
• Madoka Hasegawa, Nicolas Christin, Eiji Hayashi:
  New directions in multisensory authentication.
  
• Philippe Golle:
  Machine learning attacks against the Asirra CAPTCHA.
  
• Aleecia M. McDonald, Robert W. Reeder, Patrick Gage Kelley, Lorrie Faith Cranor:
  A comparative study of online privacy policies and formats.
  
• Ramprasad Ravichandran, Michael Benisch, Patrick Gage Kelley, Norman M. Sadeh:
  Capturing social networking privacy preferences: can default policies help alleviate tradeoffs between expressiveness and user burden?
  

Invited talk

• Eric Sachs:
  Redirects to login pages are bad, or are they?
  

Discussion sessions

• Nancy Gillis:
  Short and long term research suggestions for NSF and NIST.
  
• Andrew Patrick:
  Ecological validity in studies of security and human behaviour.
  
• Simson L. Garfinkel:
  Invisible HCI-SEC: ways of re-architecting the operating system to increase usability and security.
  
• Mary Ellen Zurko:
  Technology transfer of successful usable security research into product.
  
• Linda Little:
  The family and communication technologies.
  
• Kristiina Karvonen:
  How does the emergence of reputation mechanisms affect the overall trust formation mechanisms, implicit and explicit, in the online environment?