ITIS 6010/8010: Usable Security and Privacy

Spring 2010                            6:00pm - 8:45pm Tuesdays            Atkins 143

<-- Back to Class page

Reading List

Security

Camp, L. Jean, Mental Models of Privacy and Security (2006). Available at SSRN: http://ssrn.com/abstract=922735

Edwards, W. K., Poole, E. S., and Stoll, J. 2008. Security automation considered harmful?. In Proceedings of the 2007 Workshop on New Security Paradigms (New Hampshire, September 18 - 21, 2007). NSPW '07. ACM, New York, NY, 33-42. DOI= http://doi.acm.org/10.1145/1600176.1600182

Dourish, Paul, Rebecca E. Grinter, Jessica Delgado de la flor, and Melissa Joseph. Security in the while: user strategies for managing security as an everyday, practical problem. In Personal and Ubiquitous Computing 8 (2004), pp 391-401.

What is Security Engineering? Chapter 1 of Security Engineering by Ross Anderson.

Privacy
Acquisti, Alessandro, and Jens Grosslags. Privacy and Rationality in Individual Decision Making. IEEE Security and Privacy, 2005, pp 26-33.

Iachello, Giovanni, and Jason Hong. End user Privacy in Human Computer Interaction. Foundations and Trends in Human Computer Interaction, Vol. 1, Issue 1, 2007, pp 1-137.

Secure communications
Garfinkel, Simon and Robert C. Miller. Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express, in the Proceedings of the Symposium on Usable Privacy and Security (SOUPS 2005), 2005.


Phishing
Wu, Min, Robert C. Miller, Simson L. Garfinkel. Do Security Toolbars Actually Prevent Phishing Attacks? In the Proceedings of CHI 2006, Montreal, Quebec, Canada, April 2006.

Jagatic, Tom, Nathaniel Johnson, Markus Jakobsson, and Filippo Menczer. Social Phishing. 2006.

Corley, Colleen. 'Phishing' experiment attracts national debate about ethics of study. Indiana Daily Student News, July 24, 2007.

Privacy Technologies
Cranor, Lorrie Faith. The Role of Privacy Enhancing Technologies. in Considering Consumer Privacy: A Resource for Policymakers and Practitioners. Center for Democracy and Technology, edited by Paula J. Bruening, March 2003.

Privacy Policies
Jensen, Carlos, Colin Potts, and Christian Jensen. Privacy practices of Internet users: Self-reports versus observed behavior. International Journal of Human-Computer Studies 63 (2005), pp 203-227.


Mobile and Ubicomp
Stajano, Frank. Security For Whom? The Shifting Security Assumptions of Pervasive Computing. In the Proceedings of the International Security Symposium, 2002.

Langheinrich, Marc. Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems. in the Proceedings from Ubiquitous Computing Conference, Ubicomp 2001.

Security Administrators
David Botta et. al. Towards Understanding IT Security Professionals and Their Tools, in Proceedings of the Symposium on Usable Privacy and Security (SOUPS'07), July 2007.

Conti et al. Countering Security Information Overload through Alert and Packet Visualization. IEEE Computer Graphics and Applications, March/April 2006, pp 30-40.

 

 

Other interesting readings


Security
Special Publication 800-12: An Introduction to Computer Security: The NIST Handbook.


Phishing
Dhamija, Rachna, J. D. Tygar, and Marti Hearst. Why Phishing Works. Proceedings of the SIGCHI conference on Human Factors in Computing Systems (CHI 2006), Montreal, Quebec, Canada, April 2006, pp 581-590.



Online Security and Privacy
Pretty Poor Privacy: An Assessment of P3P and Internet Privacy. Electronic Privacy Information Center.

Nathaniel Good et al. Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware. in the Proceedings of the Symposium On Usable Privacy and Security (SOUPS) 2005, July 2005.

Design
Smetters, D.K., R.E. Grinter. Moving from the Design of Usable Security Technologies to the Design of Useful Secure Applications. New Security Paradigms Workshop, Sept. 2002.

 

Palen, Leysia, and Paul Dourish. Unpacking "Privacy" for a Networked World. In Proceedings of CHI 2003, pp 129-136.