Workshop on Human-Computer Interaction and Security Systems

part of CHI2003, April 5-10, 2003, Fort Lauderdale, Florida


Workshop Date: April 6, 2003

Andrew Patrick, National Research Council of Canada, Andrew.Patrick@nrc-cnrc.gc.ca
A Chris Long, Carnegie Mellon University, chrislong@acm.org
Scott Flinn, National Research Council of Canada, Scott.Flinn@nrc-cnrc.gc.ca

Workshop Papers and Instructions for Participants


This workshop will seek to understand the roles and demands placed on users of security systems, and explore design solutions that can assist in making security systems usable and effective. In addition to examining end-users, this workshop will also examine the issues faced by security system developers and operators. The goal of the workshop is to build a network of interested people, share research activities and results, discuss high priority areas for research and development, and explore opportunities for collaboration.

Accepted Submissions

NOTE: Each participant must read and be prepared to discuss all of the submissions before attending the workshop. Non-participants are also encouraged to read these papers and send question or comments to the authors and/or the HCISEC mailing list (see point 3 below).

Title Author(s) E-mail Workshop Participant
"Ten strikes and you’re out": Increasing the number of login attempts can improve password usability (revised February 18 2003) Sacha Brostoff and Angela Sasse a.sasse@cs.ucl.ac.uk M. Angela Sasse
Authentication for Remote Voting Nathanael Paul, David Evans, Avi Rubin and Dan Wallach evans@cs.virginia.edu Nathanael Paul
Computer Security: Anatomy of a Usability Disaster, and a Plan for Recovery M. Angela Sasse a.sasse@cs.ucl.ac.uk M. Angela Sasse
Designing a Privacy Preference Specification Interface: A Case Study Lorrie Cranor lorrie@research.att.com Lorrie Cranor
Designing Secure Yet Usable Credential Recovery Systems With Challenge Questions Mike Just Just.Mike@tbs-sct.gc.ca Mike Just
Honest it's me! Self service verification Lynne Coventry, Antonella De Angeli and Graham Johnson lynnco@exchange.Scotland.NCR.COM Lynne Coventry
NEW: How do consumers form their judgments of the security of e-commerce web sites? NOTE: paper e-mailed to workshop participants. Other people interested in reading it should contact Carl Turner. Carl W. Turner carl.turner.hxyf@statefarm.com Carl W. Turner
Lotus Notes And Domino Contribution to the HCI and Security Systems Workshop Dave Wilson and Mary Ellen Zurko Dave_Wilson@notesdev.ibm.com Dave Wilson
Position Paper: Effective PKI Requires Effective HCI Sean Smith sws@cs.dartmouth.edu Sean Smith
Safe Staging for Computer Security Alma Whitten and J.D. Tygar alma@SIMS.Berkeley.EDU Alma Whitten
Secure Interaction Design and the Principle of Least Authority Ka-Ping Yee ping@zesty.ca Ka-Ping Yee
Security as a Practical Problem: Some Preliminary Observations of Everyday Mental Models Paul Dourish, Jessica Delgado de la Flor, and Melissa Joseph jpd@uci.edu Paul Dourish
Three Challenges for Embedding Security into Applications Rebecca E. Grinter and D. K. Smetters beki@parc.com Rebecca Grinter
Two Visual Computer Network Security Monitoring Tools Incorporating Operator Interface Requirements (revised Feb 12 2003) William Yurcik, James Barlow, Kiran Lakkaraju and Mike Haberman jbarlow@ncsa.uiuc.edu James Barlow

NOTE: all papers are in PDF format. A ZIP archive containing all the papers is also available here (1.5 MB) (revised Feb 18 2003).

Notes for Participants

Here are some important points to consider when preparing for the workshop.
  1. if your contribution had multiple authors, only one person will be able to attend the workshop.
  2. please confirm your physical attendance at the workshop on April 6 in Florida. We need to provide a list of attendees to the CHI organizers. If, for some reason, you will not be able to attend the workshop on April 6 please inform us ASAP so we can offer the space to someone else.
  3. if you have not already done so, please join the HCISEC Discussion Group at Yahoo Groups ( http://groups.yahoo.com/group/hcisec/). This forum will be used for communications before and after the workshop.
  4. unlike typical conference sessions, this workshop will not include formal presentations of the papers. Instead, each participant will do their homework and read all of the accepted submissions before the workshop. In addition, participants will come to the workshop ready to discuss the issues raised in the submissions.
  5. there will be very brief (5 minutes) presentations by each participant to review the most important points, clarify any difficult concepts, and present late-breaking results or ideas. These presentations will be followed by (at most) 5 minutes of questions. We plan to be very strict with these time limits, as the purpose of the workshop is discussion, not presentation. Please make the effort to prepare and practice your 5-minute presentation.
  6. all of the accepted submissions are available now at the workshop WWW site ( http://www.andrewpatrick.ca/CHI2003/HCISEC/index.html). As you read the papers, you are encouraged to contact the authors and/or send messages to the HCISEC@yahoogroups.com discussion list to ask questions or raise issues that might lead to interesting discussions at the workshops.
  7. we have planned a dinner for the evening of April 6 and you should consider this to be part of the workshop and plan to attend. Anyone who has recommendations for local restaurants that would be suitable should send them to Scott Flinn ( Scott.Flinn@nrc-cnrc.gc.ca.).