text-only page produced automatically by LIFT Text
Transcoder Skip all navigation and go to page contentSkip top navigation and go to directorate navigationSkip top navigation and go to page navigation
National Science Foundation HomeNational Science Foundation - Directorate for Computer & Information Science & Engineering (CISE)
Computer & Network Systems (CNS)
design element
CNS Home
About CNS
Funding Opportunities
Career Opportunities
View CNS Staff
CISE Organizations
Advanced Cyberinfrastructure (ACI)
Computing and Communication Foundations (CCF)
Computer and Network Systems (CNS)
Information & Intelligent Systems (IIS)
Proposals and Awards
Proposal and Award Policies and Procedures Guide
Proposal Preparation and Submission
bullet Grant Proposal Guide
  bullet Grants.gov Application Guide
Award and Administration
bullet Award and Administration Guide
Award Conditions
Other Types of Proposals
Merit Review
NSF Outreach
Policy Office

Security, Privacy, and Usability: Better Together

Lorrie Cranor

Lorrie Cranor

Carnegie Mellon University

Computer Science & Engineering Science Policy

THURSDAY April 19, Noon, Room 110

To register for this meeting: https://mmancusa.webex.com/mmancusa/j.php?ED=180788387&RG=1&UID=0&RT=MiMxMQ%3D%3D


Usable privacy and security research aims to consider security, privacy, and usability goals together in order to develop solutions in which these goals are not in conflict with each other. In this talk I will highlight some of our projects that illuminate the insights that can be gained through consideration of human behavior together with security and privacy. First, I will discuss our work exploring the usability of tools designed to help users control online behavioral advertising. Our empirical user studies are helping to inform the public policy debate about privacy regulation. Next I will discuss our work on usability and access control. We have explored the access-control needs of non-expert computer users and developed and tested approaches to make access control policy management more natural. We have also explored the ways that underlying access-control system models interact with user interface components and demonstrated that even seemingly small changes to a system's semantics can fundamentally affect the system's usability. Finally, I will discuss our research on the usability and security of text passwords. In a series of online studies, we have asked over 34,000 users to create passwords and return to our website several days later and try to recall their passwords. These studies allow us to compare password policies, for example, requiring long passwords or requiring passwords to include uppercase and lowercase letters, digits, and symbols. By examining usability and security properties together, we have identified several common misconceptions about the impact of password composition policies on user behavior. Throughout this talk I will argue that examining security/privacy and usability together is often critical for achieving either.


Lorrie Faith Cranor is an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS). She is also a co-founder of Wombat Security Technologies, Inc. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O'Reilly 2002).


Email this pagePrint this page
Back to Top of page