发布求助
文献互助 智能选刊 最新文献

Symposium On Usable Privacy and Security最新文献

筛选
英文 中文
Graphical passwords & qualitative spatial relations 图形密码和定性空间关系
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280708
D. Lin, Paul Dunphy, P. Olivier, Jeff Yan
{"title":"Graphical passwords & qualitative spatial relations","authors":"D. Lin, Paul Dunphy, P. Olivier, Jeff Yan","doi":"10.1145/1280680.1280708","DOIUrl":"https://doi.org/10.1145/1280680.1280708","url":null,"abstract":"A potential drawback of graphical password schemes is that they are more vulnerable to shoulder surfing than conventional alphanumeric text passwords. We present a variation of the Draw-a-Secret scheme originally proposed by Jermyn et al [1] that is more resistant to shoulder surfing through the use of a qualitative mapping between user strokes and the password, and the use of dynamic grids to both obfuscate attributes of the user secret and encourage them to use different surface realizations of the secret. The use of qualitative spatial relations relaxes the tight constraints on the reconstruction of a secret; allowing a range of deviations from the original. We describe QDAS (Qualitative Draw-A-Secret), an initial implementation of this graphical password scheme, and the results of an empirical study in which we examined the memorability of secrets, and their susceptibility to shoulder-surfing attacks, for both Draw-A-Secret and QDAS.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130903451","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 78
Reducing shoulder-surfing by using gaze-based password entry 通过使用基于凝视的密码输入来减少肩部冲浪
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280683
Manu Kumar, Tal Garfinkel, D. Boneh, T. Winograd
{"title":"Reducing shoulder-surfing by using gaze-based password entry","authors":"Manu Kumar, Tal Garfinkel, D. Boneh, T. Winograd","doi":"10.1145/1280680.1280683","DOIUrl":"https://doi.org/10.1145/1280680.1280683","url":null,"abstract":"Shoulder-surfing -- using direct observation techniques, such as looking over someone's shoulder, to get passwords, PINs and other sensitive personal information -- is a problem that has been difficult to overcome. When a user enters information using a keyboard, mouse, touch screen or any traditional input device, a malicious observer may be able to acquire the user's password credentials. We present EyePassword, a system that mitigates the issues of shoulder surfing via a novel approach to user input.\u0000 With EyePassword, a user enters sensitive input (password, PIN, etc.) by selecting from an on-screen keyboard using only the orientation of their pupils (i.e. the position of their gaze on screen), making eavesdropping by a malicious observer largely impractical. We present a number of design choices and discuss their effect on usability and security. We conducted user studies to evaluate the speed, accuracy and user acceptance of our approach. Our results demonstrate that gaze-based password entry requires marginal additional time over using a keyboard, error rates are similar to those of using a keyboard and subjects preferred the gaze-based password entry approach over traditional methods.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131307294","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 358
Usability of anonymous web browsing: an examination of Tor interfaces and deployability 匿名网页浏览的可用性:对Tor接口和可部署性的检查
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280687
Jeremy Clark, P. V. Oorschot, C. Adams
{"title":"Usability of anonymous web browsing: an examination of Tor interfaces and deployability","authors":"Jeremy Clark, P. V. Oorschot, C. Adams","doi":"10.1145/1280680.1280687","DOIUrl":"https://doi.org/10.1145/1280680.1280687","url":null,"abstract":"Tor is a popular privacy tool designed to help achieve online anonymity by anonymising web traffic. Employing cognitive walkthrough as the primary method, this paper evaluates four competing methods of deploying Tor clients, and a number of software tools designed to be used in conjunction with Tor: Vidalia, Privoxy, Torbutton, and FoxyProxy. It also considers the standalone anonymous browser TorPark. Our results show that none of the deployment options are fully satisfactory from a usability perspective, but we offer suggestions on how to incorporate the best aspects of each tool. As a framework for our usability evaluation, we also provide a set of guidelines for Tor usability compiled and adapted from existing work on usable security and human-computer interaction.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131887182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 85
Examining privacy and disclosure in a social networking community 研究社交网络社区中的隐私和信息披露
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280706
K. Strater, H. Lipford
{"title":"Examining privacy and disclosure in a social networking community","authors":"K. Strater, H. Lipford","doi":"10.1145/1280680.1280706","DOIUrl":"https://doi.org/10.1145/1280680.1280706","url":null,"abstract":"The polularity of social networking websites such as Facebook and the subsequent levels and depth of online disclosures have raised several concerns for user privacy. Previous research into these sites has indicated the importance of disclosures between users as well as an under-utilization of extensive privacy options. This study qualitatively examines college students' disclosure and privacy behaviors and attitudes on Facebook.com. Results support current research into social networking and privacy and provide user-generated explanations for observed disclosure and privacy trends. Implications for future research into privacy software are discussed.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132882668","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 112
Establishing darknet connections: an evaluation of usability and security 建立暗网连接:可用性和安全性的评估
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280700
J. Bethencourt, W. Y. Low, Isaac Simmons, Matthew M. Williamson
{"title":"Establishing darknet connections: an evaluation of usability and security","authors":"J. Bethencourt, W. Y. Low, Isaac Simmons, Matthew M. Williamson","doi":"10.1145/1280680.1280700","DOIUrl":"https://doi.org/10.1145/1280680.1280700","url":null,"abstract":"In many applications, hosts in a peer to peer network may wish to maintain their anonymity or the privacy of their queries. In some applications, an even stronger guarantee is desirable: hosts would like to prevent others from determining whether they participate in the network at all. Darknets, or friend-to-friend networks, are one approach to preventing the discovery of hosts within a peer to peer network [1]. In such a network, hosts only form Internet connections with and directly communicate with a small set of hosts whose operators are known and trusted a priori. That is, each user only connects to her friends, trusting that her friends will not reveal her identity or existence in the network.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116087010","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish Anti-Phishing Phil:教人们不要上当的游戏设计和评估
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280692
Steve Sheng, Bryant Magnien, P. Kumaraguru, A. Acquisti, L. Cranor, Jason I. Hong, Elizabeth Ferrall-Nunge
{"title":"Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish","authors":"Steve Sheng, Bryant Magnien, P. Kumaraguru, A. Acquisti, L. Cranor, Jason I. Hong, Elizabeth Ferrall-Nunge","doi":"10.1145/1280680.1280692","DOIUrl":"https://doi.org/10.1145/1280680.1280692","url":null,"abstract":"In this paper we describe the design and evaluation of Anti-Phishing Phil, an online game that teaches users good habits to help them avoid phishing attacks. We used learning science principles to design and iteratively refine the game. We evaluated the game through a user study: participants were tested on their ability to identify fraudulent web sites before and after spending 15 minutes engaged in one of three anti-phishing training activities (playing the game, reading an anti-phishing tutorial we created based on the game, or reading existing online training materials). We found that the participants who played the game were better able to identify fraudulent web sites compared to the participants in other conditions. We attribute these effects to both the content of the training messages presented in the game as well as the presentation of these materials in an interactive game format. Our results confirm that games can be an effective way of educating people about phishing and other security attacks.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127610332","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 550
Seven privacy worries in ubiquitous social computing 无处不在的社交计算带来的七大隐私担忧
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280713
Sara Gatmir-Motahari, C. Manikopoulos, S. R. Hiltz, Quentin Jones
{"title":"Seven privacy worries in ubiquitous social computing","authors":"Sara Gatmir-Motahari, C. Manikopoulos, S. R. Hiltz, Quentin Jones","doi":"10.1145/1280680.1280713","DOIUrl":"https://doi.org/10.1145/1280680.1280713","url":null,"abstract":"Review of the literature suggests seven fundamental privacy challenges in the domain of ubiquitous social computing. To date, most research in this area has focused on the features associated with the revelation of personal location data. However, a more holistic view of privacy concerns that acknowledges these seven risks is required if we are to deploy privacy respecting next generation social computing applications. We highlight the threat associated with user inferences made possible by knowledge of the context and use of social ties. We also describe work in progress to both understand user perceptions and build a privacy sensitive urban enclave social computing system.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122983068","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Detecting, analyzing and responding to security incidents: a qualitative analysis 安全事件的检测、分析和响应:定性分析
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280702
R. Werlinger, David Botta, K. Beznosov
{"title":"Detecting, analyzing and responding to security incidents: a qualitative analysis","authors":"R. Werlinger, David Botta, K. Beznosov","doi":"10.1145/1280680.1280702","DOIUrl":"https://doi.org/10.1145/1280680.1280702","url":null,"abstract":"Persistence and cost are the two factors that have motivated several studies about better practices for dealing with security incidents [5]. However, there is not much literature about IT professionals who have to deal with security incidents, in terms of which tasks they actually perform and which resources they need to handle the complex scenarios given by real incidents [6]. This lack of research makes it difficult to evaluate and improve the support that IT security professionals need to respond efficiently to security incidents.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126279847","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Privacy implications for single sign-on authentication in a hospital environment 医院环境中单点登录身份验证的隐私含义
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280714
Rosa R. Heckle, W. Lutters
{"title":"Privacy implications for single sign-on authentication in a hospital environment","authors":"Rosa R. Heckle, W. Lutters","doi":"10.1145/1280680.1280714","DOIUrl":"https://doi.org/10.1145/1280680.1280714","url":null,"abstract":"Healthcare providers and their IT staff, working in an effort to balance appropriate accessibility with stricter security mandates, are considering the use of a single network sign-on approach for authentication and password management. There is an inherent tension between an authentication mechanism's security strength and the privacy implications of using that authentication technology. This is particularly true with single sign-on authentication. While single sign-on does facilitate authentication, our on-going field work in a regional hospital reveals several unanticipated privacy implications.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126740543","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Towards understanding IT security professionals and their tools 了解IT安全专业人员和他们的工具
Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI: 10.1145/1280680.1280693
David Botta, R. Werlinger, André Gagné, K. Beznosov, Lee Iverson, S. Fels, Brian D. Fisher
{"title":"Towards understanding IT security professionals and their tools","authors":"David Botta, R. Werlinger, André Gagné, K. Beznosov, Lee Iverson, S. Fels, Brian D. Fisher","doi":"10.1145/1280680.1280693","DOIUrl":"https://doi.org/10.1145/1280680.1280693","url":null,"abstract":"We report preliminary results of our ongoing field study of IT professionals who are involved in security management. We interviewed a dozen practitioners from five organizations to understand their workplace and tools. We analyzed the interviews using a variation of Grounded Theory and predesigned themes. Our results suggest that the job of IT security management is distributed across multiple employees, often affiliated with different organizational units or groups within a unit and responsible for different aspects of it. The workplace of our participants can be characterized by their responsibilities, goals, tasks, and skills. Three skills stand out as significant in the IT security management workplace: inferential analysis, pattern recognition, and bricolage.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121395949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 127
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信