CHI Work in Progress to Feature LERSSE Research
This year, in Vancouver, Work In Progress Posters session of SIG CHI Conference will feature three research projects of my graduate students. San-Tsai Sun and his team-mates will present results of investigating the challenges web users face when using OpenID for authentication. They also designed a phishing-resistant, privacy-preserving browser add-on to provide a consistent and […]
Undergrad Security Course Features Cool Projects
Students in my undergraduate computer security course had done several excellent projects. You can watch video clips of the projects or read reports. httpvp://www.youtube.com/view_play_list?p=ABEF30FCC4453A52 I would like particularly mention the following projects: Security Analysis of the i>clicker Audience Response System best analysis project! best presentation! Derek Gourlay, Yuan Sunarto, Yik Lam Sit, Tian-Cheng Wang Security Analysis of Verrus Pay-by-Phone […]
Lessons learned from studying users’ mental models of security
In the course of past three years at LERSSE, we have done several studies that helped us to further the understanding of users’ mental models, when it comes to security. A mental model is “an abstraction of system’s architecture and software structures that is simple enough for non-technical users to grasp. . . It provides an integrated […]
Single Sign On on the Web: What’s broken and What can be fixed?
With Ph.D. student San-Tsai Sun, we have been investigating single-sign-on for Web. We have been looking at usability, business, and technical aspects of web single sign on (SSO) solutions: He has analyzed OpenID protocol and 200 OpenID-enabled web sitesand found, among other things, that 50% of OpenID-enabled websites are vulnerable to cross-site request forgery attack (CSRF), […]
Understanding Wants and Needs of Personal Firewall Users
I’ve presented results of a user study by my graduate student Fahimeh Raja at SafeConfig. She conducted semi-structured interviews with a diverse set of participants to gain an understanding of their knowledge, requirements, perceptions, and misconceptions of personal firewalls. There are several interesting findings. Through a qualitative analysis of the data, we found that most of our participants were not […]