CyLab Researchers Host Symposium On Usable Privacy and Security


June 30, 2005

Carnegie Mellon University will host about 100 security, privacy and usability experts from industry and academia July 6-8 at a symposium at the Carnegie Mellon Collaborative Innovation Center (CIC) designed to make Internet users cybersafe.

Lorrie Cranor, an associate professor at the Institute for Software Research International and Carnegie Mellon CyLab, said the three-day Symposium On Usable Privacy and Security (SOUPS) will focus on privacy and security from a user's perspective.

"Internet users are told that they need to install anti-virus software, anti-spyware software, antiphishing toolbars, spam filters, follow all sorts of security rules and come up with lots of complicated passwords that they are not supposed to write down. Users are feeling overwhelmed, and we need to find ways of helping people stay safe," Cranor said.

The symposium will feature several presentations on ways to combat phishing. Phishers send out emails masquerading as popular Web sites. They lure unsuspecting users into clicking on links that take them to Web sites that resemble those of banks or other trusted companies. But, in reality, the sites belong to the phisher. When users type in their user name, password, account number, mother's maiden name and other sensitive information, the phisher captures it and is able to steal the victim's identity.

During the SOUPS poster session Thursday, July 7, from 9 a.m. to 6 p.m., Carnegie Mellon CyLab researchers Adrian Perrig, an assistant professor of electrical and computer engineering and engineering and public policy, and Dawn Song, an assistant professor in electrical and computer engineering, will present additions to the Firefox Web browser they developed to help detect phishing attacks and warn users. Researchers from MIT and the University of California at Berkeley also will present their work combating phishing.

The Thursday session also will feature Cranor and her students demonstrating an Internet search engine that can help people find Web sites that will respect user privacy.

"Internet users are concerned about privacy, but privacy policies are often too difficult for people to read," Cranor said. "With our search engine, you can do a search and find out not only which online stores have what you are looking for, but also which ones will respect your privacy," she added.

A panel on Friday, July 8, will examine ways of testing software such as antiphishing tools with real-users. The Friday session runs from 9 a.m. to 5 p.m.

"In order to test this software you sometimes need to actually put users under attack and see whether they fall for it," Cranor said. "But setting up these experiments so that users are motivated to use security tools without actually putting your subjects at risk is difficult," she said.

Filippo Menczer, an associate professor of computer science from Indiana University and a symposium panelist, recently conducted a study where researchers sent unsuspecting users emails designed to simulate a phishing attack. When the researchers revealed to users what they had done at the end of the study, many users were outraged and complained to the researchers and university officials, according to Cranor.

Bill Cheswick, chief scientist of Lumeta Corp. and co-author of "Firewalls and Internet Security: Repelling the Wily Hacker," will give a keynote talk Thursday morning, July 7. Cheswick will describe the difficulties people like his father have in keeping their computers free of infection, how software vendors are trying to address the problem and how long we are going to have to live with this problem before good solutions are found.

Other symposium topics include privacy management tools, stopping spyware, making passwords more secure but easier for users to remember, making anti-virus software easier to use and user privacy on wireless networks.

SOUPS is sponsored by Carnegie Mellon CyLab, a university-wide, multidisciplinary initiative that builds on more than two decades of Carnegie Mellon's leadership in information technology and involves more than 200 faculty, students and staff from Carnegie Mellon.

SOUPS is designed to make Internet users cybersafe.

Related People:

Adrian Perrig


Related Groups: