Saturday, June 6, 2009

A Brief Introduction to Usable Security

A Brief Introduction to Usable Security


Bryan D. Payne, Georgia Institute of Technology

W. Keith Edwards, Georgia Institute of Technology

Researchers have studied usable computer security for more than 20 years, and developers have created numerous security interfaces. Here, the authors examine research in this space, starting with a historical look at papers that address two consistent problems: user authentication and email encryption. Drawing from successes and failures within these areas, they study several security systems to determine how important design is to usable security. Their discussion offers guidelines for future system design.


Source - http://www2.computer.org/portal/web/csdl/doi/10.1109/MIC.2008.50

Monday, May 18, 2009

HCI 2009 - register now for conference that celebrates people and technology

HCI 2009 - register now for conference that celebrates people and technology

The annual UK conference on Human Computer Interaction comes to Cambridge in the first week of September. HCI 2009 will include hands-on demonstration of the latest interactive technologies from commercial and university labs, as well as new design methods and recent user research results.

The conference includes tutorials on usability and user experience techniques, and a number of specialist workshops on new research topics.

Early-bird registration discount is available until 31 May.

For more details, and online registration, visit http://www.hci2009.org

The 23rd BCS conference on Human Computer Interaction celebrates the people who use technology, the people who create new technologies, and the relationship between them.

Taking place from 1-5 September 2009, it is hosted by Cambridge University and Microsoft Research Cambridge. The conference programme and accommodation will be located at Churchill College Cambridge. The Open House Festival of Interactive Technology will be hosted on the Cambridge University West Cambridge site.

Monday, April 27, 2009

Digital Divide: The Three Stages

Jakob Nielsen's Alertbox, November 20, 2006:
Digital Divide: The Three Stages

Summary:
The economic divide is a non-issue, but the usability and empowerment divides alienate huge population groups who miss out on the Internet's potential.

The "digital divide" refers to the fact that certain parts of the population have substantially better opportunities to benefit from the new economy than other parts of the population. Most commentators view this in purely economic terms. However, two other types of divide will have much greater impact in the years to come.

Stage 1: Economic Divide
In its simplest form, the digital divide is manifested in the fact that some people can't afford to buy a computer. Although politicians always talk about this point, it's growing more irrelevant with each passing day -- at least in the industrialized world. We should recognize that for truly poor developing countries, computers will remain out of the average citizen's reach for 20 years or more.

In areas like North America, Europe, Australia, and Asia's advanced countries, computer cost is no longer an issue. Dell's cheapest computer costs $379 (with a monitor) and is about 500 times as powerful as the Macintosh Plus I used to write my Ph.D. thesis. While it's true that a few people can't even afford $379, in another five years, computers will be one-fourth their current price. Would that all social problems would go away if we simply waited five years.

Stage 2: Usability Divide
Far worse than the economic divide is the fact that technology remains so complicated that many people couldn't use a computer even if they got one for free. Many others can use computers, but don't achieve the modern world's full benefits because most of the available services are too difficult for them to understand.

Almost 40% of the population has lower literacy skills, and yet few websites follow the guidelines for writing for low-literacy users. Even government sites that target poorer citizens are usually written at a level that requires a university degree to comprehend. The British government has done some good work on simplifying much of its direct.gov.uk site information, but even it requires at least a high school education to easily read.

Lower literacy is the Web's biggest accessibility problem, but nobody cares about this massive user group.

Senior citizens face the second-biggest accessibility problem, but again there is little interest in the guidelines for making websites easier for older users. Companies don't even have the excuse that it doesn't pay to cater to this audience, because retirees are rich these days. Even though seniors are the main remaining source of growth in Internet use, companies are still endlessly fascinated by young users and ignore older, richer users who would be much more loyal customers -- if only someone bothered to sell to them.

Whereas the economic divide is closing rapidly, I see little progress on the usability divide. Usability is improving for higher-end users. For this group, websites get easier every year, generating vast profits for site owners. Because they now follow more e-commerce user experience guidelines, companies that sell online typically have conversion rates of around 2%, which is twice the conversion rate of the bubble years. That's all great news for high-end users, but the less-skilled 40% of users have seen little in the way of usability improvement. We know how to help these users -- we're simply not doing it.

Stage 3: Empowerment Divide
We have the knowledge needed to close the usability divide, and I remain hopeful that we'll get the job done. The empowerment divide, however, is the hard one: even if computers and the Internet were extraordinarily easy to use, not everybody would make full use of the opportunities that such technology affords.

Participation inequality is one exponent of the empowerment divide that has held constant throughout all the years of Internet growth: in social networks and community systems, about 90% of users don't contribute, 9% contribute sporadically, and a tiny minority of 1% accounts for most contributions.

In researching how people use search engines for my seminar on fundamental guidelines for Web usability, we've found that many users don't know how to use search to truly master the Web. People don't understand advanced search features, they rarely employ query reformulation, and many uncritically select the first search results. Also, many users don't understand how search engines prioritize their listings, and some users don't even know that the euphemistic label "sponsored links" refers to paid advertisements. (For more info, see Consumer Reports' study of what users know about search ads.)

Because they lack the initiative and skill to take matters into their own hands, some users remain at the mercy of other people's decisions. For example, people sometimes accept the default home page chosen by their computer vendor or ISP rather than select one that's better suited to their needs. Again, this means that the user's attention can be sold off like a sheep to slaughter, as indicated by deals where search engines pay computer vendors millions of dollars to be the default setting on shipping PCs.

Similarly, some users limit themselves to "free" Web applications that display ads. What such users don't realize is that better applications (more appropriate, powerful, and liberating ones) are available at a cost that's far less than the value of the time they waste trying not to look at the ads.
Prospects for Bridge Building
The Internet can be an empowering tool that lets people find good deals, manage vendors, and control their finances and investments. But it can just as easily be an alienating environment where people are cheated. Members of the Internet elite don't realize the extent to which less-skilled users are left out of many of the advancements they cheer and enjoy.

Ultimately, I'm extremely optimistic about the economic divide, which is vanishing rapidly in industrialized countries. The usability divide will take longer to close, but at least we know how to handle it -- it's simply a matter of deciding to do so. I'm very pessimistic about the empowerment divide, however, which I expect will only grow more severe in the future.

Wednesday, April 22, 2009

CALL FOR POSTERS -- SOUPS 2009

CALL FOR POSTERS -- SOUPS 2009
Symposium On Usable Privacy and Security
July 15-17, 2009
Mountain View, CA, USA
http://cups. cs.cmu.edu/ SOUPS/

Poster submissions due May 29, 2009

The 2009 Symposium on Usable Privacy and Security (SOUPS) will
bring together an interdisciplinary group of researchers and
practitioners in human computer interaction, security, and
privacy. The program will feature technical papers, workshops
and tutorials, a poster session, panels and invited talks,
and discussion sessions. Detailed information about poster
submissions appears below. For information about other submissions
please see the SOUPS web site
http://cups. cs.cmu.edu/ soups/2009/ cfp.html.

POSTERS

We seek poster abstracts describing recent or ongoing
research or experience in all areas of usable privacy and
security. Submissions should use the SOUPS poster template
(MS Word: http://cups. cs.cmu.edu/ soups/2009/ soups2009- proceedings- template. doc
or LaTeX: http://cups. cs.cmu.edu/ soups/2009/ soups2009- latex-templates. zip)
and be at most two pages. Accepted poster abstracts will be
distributed to symposium participants and made available on the
symposium web site. Please follow the final submission
formatting instructions when preparing your poster abstract to
avoid the need to revise poster abstracts after acceptance
decisions are made. In addition, SOUPS will include a poster
session
in which authors will exhibit their posters. Note,
poster abstracts should be formatted like short papers, not
like posters. Authors of accepted posters will be sent
information about how to prepare and format posters for the
conference.

Submit your poster using the electronic submissions page
[http://cups. cs.cmu.edu/ soups/2009/ submit.html].
A successful submission will display a web page confirming it,
and a confirmation email is sent to the corresponding author.
Please make sure you receive that confirmation email when you
submit, and follow the directions in that email if you
require any follow up.

We also welcome authors of recent papers (2008 to 2009) on
usable privacy and security to present your work at the SOUPS
poster session. Please submit the title and abstract of your
conference paper, full citation, and a link to the published
version.

Submissions will close at 5pm, US East Coast time, the
evening of May 29.

General Chair:
Lorrie Cranor, Carnegie Mellon University

Posters Co-Chairs:
Dirk Balfanz, Google
Rob Miller, MIT

Thursday, April 16, 2009

Fisheye Strategy

Interesting article on Fisheye effect.

Fisheye Strategy
Cassie Thomas
cassie@cs.umd.edu

VRML (Virtual Reality Modeling Language)

VRML (Virtual Reality Modeling Language) was developed around 1994 as a means to share 3D environments, targeted primarily at the world-wide web. Its specification includes several environmental primitives, including a surrounding cube. The cube is texture-mapped, and provides a backdrop behind a scene composed otherwise of polyhedral objects. This cubic environment map is the one advocated by Greene in his 1986 paper.

Five Aspects of Usability

Jakob Nielsen suggests that there are five aspects of usability:

  • Ease of learning: the interface needs to allow users who have never seen it before to learn to use it quickly to succeed in accomplishing basic task

  • Efficiency of use: the interface needs to be designed to allow rapid accomplishment of tasks for more experienced users

  • Memorability: casual users of the site are assisted by an interface design that they can remember how to use

  • Error frequency and severity: the interface should be designed to minimize the number and severity of errors, and allow for quick error recovery

  • Subjective satisfaction: the experience of using a web interface should be a pleasant one

Thursday, March 26, 2009

The Goals of HCISec

HCI has a set of goals, as well as information security and its best practices. From my reading HCI goals incorporated with information security should produce usable, functional, secure and safe systems.

To do so researcher, developers and engineers must attempt to understand factors that determine how people use technology and achieve efficient, effective and safe interaction

Monday, March 23, 2009

W2SP 2009: Web 2.0 Security and Privacy 2009 - Workshop Call for Papers

http://w2spconf.com/2009/

Workshop Call for Papers
W2SP 2009: Web 2.0 Security and Privacy 2009
Thursday, May 21
The Claremont Resort, Oakland, California

Previous W2SP Workshops: 2008, 2007


The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas.

Web 2.0 is about connecting people and amplifying the power of working together. Enabled by a wave of new technology, these social and business interactions rely on composition of content and services from multiple sources, commonly called mash-ups, leading to systems with complex trust boundaries. This trend is likely to continue because individuals and businesses desire the efficiency and simplicity these technologies offer.

Together with their virtues, these technologies raise issues about management of identities, reputation, privacy, anonymity, transient and long term relationships, and composition of function and content, both on the server and on the client (web browser). Although the underlying security and privacy issues are not new, the use of these technologies on a wide scale and by a broad audience raises new questions. This workshop is intended to discuss the limitations of current technologies and explore alternatives.

The scope of W2SP 2009 includes, but is not limited to:

  • Trustworthy cloud-based services
  • Privacy and reputation in social networks
  • Usable security and privacy
  • Security for the mobile web
  • Identity management and psuedonymity
  • Advertisement and affiliate fraud
  • Provenance and governance
  • Security and privacy as a service
  • Web services/feeds/mashups
  • Security and privacy policies for composible content
  • Next-generation browser technology
Potential workshop participants should submit a paper on topics relevant to Web 2.0 security and privacy issues. We are seeking both short position papers (2–4 pages) and refereed papers (a maximum of 8 pages). Papers longer than 8 pages may be automatically rejected by the chair or workshop committee. From the submissions, the program committee will strive to balance participation between academia and industry and across topics. Selected papers will appear on the workshop web site.

Workshop Co-Chairs

  • Larry Koved (IBM Research)
  • Dan S. Wallach (Rice University)
Program Chair
  • Adam Barth (UC Berkeley)
Program Committee
  • Ben Adida (Harvard University)
  • Dirk Balfanz (PARC)
  • Adam Barth (UC Berkeley)
  • Konstantin (Kosta) Beznosov
  • Suresh Chari (IBM Research)
  • Hao Chen (UC Davis)
  • Douglas Crockford (Yahoo)
  • Chris Karlof (UC Berkeley)
  • Larry Koved (IBM Research)
  • Shriram Krishnamurthi (Brown University)
  • Collin Jackson (Stanford University)
  • Rob Johnson (Stony Brook University)
  • John C. Mitchell (Stanford University)
  • Sean W. Smith (Dartmouth University)
  • Helen Wang (Microsoft Research)
  • Dan S. Wallach (Rice University)
Important Dates

Paper submission deadline: March 6, 2009, (11:59pm US-Eastern)
Workshop acceptance notification date: March 31, 2009
Workshop date: Thursday, May 21, 2009

Workshop paper submission web site: To be announced.

SOUPS 2009 - CALL FOR PAPERS

CALL FOR PAPERS -- SOUPS 2009
Symposium On Usable Privacy and Security
July 15-17, 2009
Google, Mountain View, CA USA
http://cups.cs.cmu.edu/SOUPS/

The 2009 Symposium on Usable Privacy and Security (SOUPS) will bring
together an interdisciplinary group of researchers and practitioners
in human computer interaction, security, and privacy. The program will
feature technical papers, a poster session, panels and invited talks,
discussion sessions, and in-depth sessions (workshops and
tutorials). Detailed information about technical paper submissions
appears below. For information about other submissions please see the
SOUPS web site http://cups.cs.cmu.edu/soups/2009/cfp.html.

TECHNICAL PAPERS

We invite authors to submit original papers describing research or
experience in all areas of usable privacy and security. Topics
include, but are not limited to:

* innovative security or privacy functionality and design,
* new applications of existing models or technology,
* field studies of security or privacy technology,
* usability evaluations of security or privacy features or security
testing of usability features, and
* lessons learned from deploying and using usable privacy
and security features.

All submissions must relate to both usability and either security or
privacy. Papers on security or privacy applications that do not
address usability or human factors will not be considered.

Papers need to describe the purpose and goals of the work completed to
date, cite related work, show how the work effectively integrates
usability and security or privacy, and clearly indicate the innovative
aspects of the work or lessons learned as well as the contribution of
the work to the field. Submitted papers must not substantially overlap
papers that have been published or that are simultaneously submitted
to a journal or a conference with proceedings. Accepted papers will
appear in the ACM Digital Library as part of the ACM International
Conference Proceedings Series. The technical papers committee will
select an accepted paper to receive the SOUPS 2009 best paper award.

Papers may be up to 12 pages in length including bibliography,
appendices, and figures, using the SOUPS proceedings template on the
SOUPS web site. All submissions must be in PDF format and should not
be blinded. In addition, you must cut and paste an abstract of no more
than 300 words onto the submission form.

Submit your paper using the electronic submissions page for the SOUPS
2009 conference (http://cups.cs.cmu.edu/soups/2009/submit.html). A
successful submission will display a web page confirming it, and a
confirmation email is sent to the corresponding author. Please make
sure you receive that confirmation email when you submit, and follow
the directions in that email if you require any follow up.

Technical paper submissions will close at midnight, US East Coast
time, the evening of Friday, February 27. This is a hard deadline!
Authors will be notified of technical paper acceptance by April 20,
and camera ready final versions of technical papers are due May 29.

General Chair:
Lorrie Cranor, Carnegie Mellon University

Interactive and In-Depth Session Chairs:
Konstantin Beznosov, University of British Columbia
Ka-Ping Yee, Google.org

Posters Co-Chairs:
Dirk Balfanz, Google
Rob Miller, Massachusetts Institute of Technology

Technical Papers Co-Chairs:
Simson L. Garfinkel, Naval Postgraduate School
Andrew Patrick, National Research Council Canada

Technical Papers Committee
Steven Bellovin, Columbia University
Robert Biddle, Carleton University
Jose Brustoloni, University of Pittsburgh
L. Jean Camp, Indiana University
Bill Cheswick, AT&T Research
Rachna Dhamija, Usable Security Systems
Roger Dingledine, The Tor Project
Carl Ellison, Microsoft
Harry Hochheiser, Towson University
Markus Jakobsson, PARC
Audun Jøsang, University of Oslo
Clare-Marie Karat, IBM
Rob Miller, MIT
Rob Reeder, Microsoft
Karen Renaud, University of Glasgow
Angela Sasse, University College London
Stuart Schechter, Microsoft
Diana Smetters, PARC
Paul Van Oorschot, Carleton University
Hao-Chi Wong, Intel
Mary Ellen Zurko, IBM

CodeCon 2009 - Call For Presentations

CodeCon 2009
April 17-19, 2009
San Francisco CA, USA
www.codecon.org

Call For Presentations

CodeCon is the premier showcase of cutting edge software development. It
is an excellent opportunity for programmers to demonstrate their work and
keep abreast of what's going on in their community.

All presentations must include working demonstrations, ideally accompanied
by source code. Presentations must be done by one of the active developers
of the code in question. We emphasize that demonstrations be of *working*
code.

We hereby solicit papers and demonstrations.

* Papers and proposals due: February 15, 2009
* All Authors notified: March 1, 2009

Possible topics include, but are by no means restricted to:

* community-based web sites - forums, weblogs, personals
* development tools - languages, debuggers, version control
* file sharing systems - swarming distribution, distributed search
* security products - mail encryption, intrusion detection, firewalls
* malware analysis - detection, compensation, and mitigation of
emerging threats

--

As a new feature this year, CodeCon will be presenting a Biohack! track.
While we will continue our tradition of presenting only one talk at a
time, a portion of one of the days' talks will be reserved for interesting
biotechnology hacking projects. A key requirement for these presentations
is ease of reproduction with minimal access to expensive laboratory
equipment.

Example topics include:

* Purifying DNA using common household items
* Developing genetically-modified bacteria in a kitchen laboratory
* Using specially-designed software to assist in bioengineering
* The use of simple bioengineering techniques to solve real-world
problems.

Ideal Biohack! Track submissions will have a strong emphasis on the
"hack" portion of the talk -- in the last few years, there has been a
strong growth in the community of biology hackers; we aim to bring these
hackers together to discuss their techniques for inexpensive, at home
experimentation in biological engineering research.

--

Presentations will be 30 minutes long, with an additional 15 minutes
allocated for Q&A. Overruns will be truncated.

Submission details:

Submissions are being accepted immediately. Acceptance dates are
February 7th and March 1st. After the first acceptance date, submissions
will be either accepted, rejected, or deferred to the second acceptance
date.

The conference language is English.

The conference venue is open to all ages.

Ideally, technical demonstrations should be usable by attendees with
802.11b connected devices either via a web interface, or locally on
Windows, UNIX-like, or MacOS platforms. Cross-platform applications are
most desirable. Biohacking demonstrations should be viewable with a
presenter-provided camera, or prepared movies for projection.


To submit, send mail to submissions-2009@... including the
following information:

* Project name
* Code track or Biohack! track
* url of project home page
* tagline - one sentence or less summing up what the project does
* names of presenter(s) and urls of their home pages, if they have any
* one-paragraph bios of presenters, optional, under 100 words each
* project history, under 150 words
* what makes the project novel -- how it differs from similar projects
* what will be done in the project demo, under 200 words
* slides to be shown during the presentation, if applicable
* future plans

General Chairs: Jonathan Moore and Bram Cohen
Program Chair: Jered Floyd and Len Sassaman

Program Committee:

* Jon Callas, PGP, USA
* Bram Cohen, BitTorrent, USA
* Roger Dingledine, The Tor Project, USA
* Jered Floyd, Permabit, USA
* Ben Laurie, Google, UK
* Nick Mathewson, The Tor Project, USA
* David Molnar, University of California, Berkeley, USA
* Jonathan Moore, Mosuki, USA
* Meredith L. Patterson, Osogato, USA
* Andrew S. Peek, Integrated DNA Technologies, USA
* Len Sassaman, Katholieke Universiteit Leuven, BE
* Cliff Skolnick
* Paul Syverson, Naval Research Laboratory, USA
* [Others may be added]

Sponsorship:

If your organization is interested in sponsoring CodeCon, we would love to
hear from you. In particular, we are looking for sponsors for social meals
and parties on any of the three days of the conference, as well as
sponsors of the conference as a whole and donors of door prizes. If you
might be interested in sponsoring any of these aspects, please contact the
conference organizers at codecon2009@...

Press policy:

CodeCon provides a limited number of passes to qualifying press.
Complimentary press passes will be evaluated on request. Everyone is
welcome to pay the low registration fee to attend without an official
press credential.

Questions:

If you have questions about CodeCon, or would like to contact the
organizers, please mail codecon2009@.... Please note this address
is only for questions and administrative requests, and not for workshop
presentation submissions.

Tuesday, March 17, 2009

Heuristic Evaluation (Jakob Nielsen)

Heuristics are rules of thumb for reasoning, a simplification, or educated guess that reduces or limits the search for solutions in domains that are difficult and poorly understood. Unlike formal structures like algorithms, heuristics do not guarantee optimal, or even feasible, solutions and are often used with no theoretical guarantee.

Jakob Nielsen, Heuristic Evaluation

1. Visibility of system status

The system should always keep users informed about what is going on, through appropriate feedback within reasonable time.

2. Match between system and the real world

The system should speak the users' language, with words, phrases, and concepts familiar to the user, rather than system-oriented terms. Follow real-world conventions, making information appear in natural and logical order.

3. User control and freedom

Users often choose system functions by mistake and will need a clearly marked "emergency exit" to leave the unwanted state without having to go through an extended dialogue. Support undo and redo.

4. Consistency and standards

Users should not have to wonder whether different words, situations, or actions men the same thing. Follow platform conventions.

5. Error prevention

Even better than good error messages is a careful design which prevents a problem from occurring in the first place.

6. Recognition rather than recall

Make objects, actions and options visible. The user should not have to remember information from on part of the dialogue to another. Instructions for use of the system should be visible or easily retrievable whenever appropriate.

7. Flexibility and efficiency of use

Accelerators - unseen by the novice user - may often speed up the interaction for the expert user to such an extent that the system can cater to both inexperienced and experienced users. Allow users to tailor frequent actions.

8. Aesthetic and minimalist design

Dialogues should not contain information which irrelevant or rarely needed. Every extra unit of information in a dialogue competes with the relevant units of information and diminishes their relative visibility.

9. Help users recognize, diagnose, and recover from errors

Error messages should be expressed in plain language (no codes), precisely indicate the problem, and constructively suggest a solution.

10. Help and documentation

Even though it is better if the system can be used without documentation, it may be necessary to provide help and documentation. Any such information should be easy to search, focused on the user's task, list concrete steps to be carried out, and not be too large.

Friday, March 13, 2009

People in HCI - Dr Anne Adams

An infamous past acting in theatre and film led to years of work experience in Market Research. My reputation as a researcher was then saved by a degree in Psychology with IT. It was here that I realised computers can do quite useful things as long as they were designed for mere mortals to use them. I continued with this notion by studying an MSc in HCI (human computer interaction) at the UCL interaction center [formerly known as the ergonomics group]. I furthered my knowledge with a PhD at UCL, CS & psychology department. After a research fellow post at Middlesex University my quest to make computers work for people has now returned me UCLIC.

Collaborations: I enjoy collaborating with others and have worked and written with: Angela Sasse (CS, UCL), Ann Blandford (UCLIC) Peter Lunt (Psychology, UCL), Patty Kostakova (City University), Simon Attfield (UCLIC), Bob Fields (Middlesex University), Jeanette Murphy (CHIME, UCL).

Students I have also written with are: Maria Nilsson, Catherine Broome.


Source: http://www.uclic.ucl.ac.uk/usr/anne/

People in HCI - JosÉ Carlos Brustoloni

José Carlos Brustoloni obtained his Ph.D. degree in Computer Science
from Carnegie Mellon University, after getting an M.S. degree in
Electrical Engineering from University of São Paulo, Brazil, and a B.E.
degree in Electronics Engineering from Instituto Tecnológico de
Aeronáutica, Brazil.

José joined the University of Pittsburgh's faculty in August of 2002.
Previously, he was a researcher at Bell Laboratories, Lucent
Technologies. His research interests include computer networks,
operating systems, security, quality of service, and embedded systems.

Source: http://www.cs.pitt.edu/people/faculty/brustoloni.php

Thursday, March 12, 2009

The Three Parts of HCI

There are 3 parts to HCI, the human (user), the computer and the interaction between the user and computer.

The user consist of a person or group that will be using the system (Hardware or Software). The computer is the device being used by the human. The device can be hardware or software such as a computer, website or even a VCR. Lastly, the interaction between the user and computer can be evaluated to determine how usable and reliable it occurs.

Wednesday, March 11, 2009

Multi-touch Technology

Multi-touch (or multitouch) denotes a set of interaction techniques which allow computer users to control graphical applications with several fingers.

Multi-touch consists of a touch screen (screen, table, wall, etc.) or touchpad, as well as software that recognizes multiple simultaneous touch points, as opposed to the standard touchscreen (e.g. computer touchpad, ATM), which recognizes only one touch point. This effect is achieved through a variety of means, including but not limited to: heat, finger pressure, high capture rate cameras, infrared light, optic capture, tuned electromagnetic induction, ultrasonic receivers, transducer microphones, laser rangefinders, and shadow capture[1].

Many applications for multi-touch interfaces exist and are being proposed. Multi-touch is often associated with Apple Inc's iPhone and iPod Touch but is also used in many other products such as Apple's MacBook and MacBook Pro notebook line. Other products with multi-touch technology include Microsoft Surface, Asus EEE PC, and Meizu M8.

Modern multi touch controllers support Single-Touch and Multi-Touch All-Point touchscreen applications which allow functions such as playing video games on a mobile handset,using GPS to key in multiple locations, etc.

Source: http://en.wikipedia.org/wiki/Multi-touch

Here is an interesting video on it below:

Evaluation Techniques

Cognitive walk-through is a usability evaluation technique modeled after the software engineering practice of code walk-throughs. To perform a cognitive walk-through the evaluators step though the use of the software as if they were novice users, looking for probably errors and areas of confusion.

In heuristic evaluation the user interface is evaluated against a specific list of high-priority usability principles.

Problematic Properties of Security

The Unmotivated User Property
Security is usually a secondary goal. People do not generally sit at their computers wanting to manage security; rather, they want to complete a task that may tangentially involve security.

The Abstraction Property
Computer security management often involves security policies which may be alien and unintuitive to many members of the general user population. This makes achieving simple abstractions difficult.

The Lack of Feedback Property
Providing good feedback for security management is a difficult problem. The state of a security configuration is usually complex, and attempts to summarize it are often inadequate.

The Barn Door Property
Once a security secret has been left accidentally unprotected, even for a short time, there is no way to be sure that it has not already been read by an attacker. Because of this, a very high priority must be placed on making sure the user does not make potentially high-cost mistakes.

The Weakest Link Property
It is well known that the security of a networked computer is only as strong as its weakest component. This means that users need to be guided to attend to all aspects of their security, not left to proceed through random exploration as they might with a word processor or spreadsheet.

Monday, March 9, 2009

People in HCI

Simson L. Garfinkel is a person that is well known in the world of information security and computer forensics. He has also made a name for himself in the Human Computer Interaction (HCI) community as well. His bio is attached below as well as a link to his website.

Simson Garfinkel’s Bio

Simson L. Garfinkel is an Associate Professor at the Naval Postgraduate School in Monterey, California, and an associate of the School of Engineering and Applied Sciences at Harvard University. His research interests include computer forensics, the emerging field of usability and security, personal information management, privacy, information policy and terrorism.

Source: http://faculty.nps.edu/slgarfin/index.html

Symposium On Usable Privacy and Security

The fifth Symposium on Usable Privacy and Security (SOUPS) will be held July 15-17, 2009 at Google in Mountain View, CA. This symposium will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program features technical papers, workshops and tutorials, a poster session, panels and invited talks, and discussion sessions.

SOUPS 2009 Highlights

During this three-day event, you'll have an opportunity to hear from people doing cutting edge research as well as from industry folks who will report on their first hand experiences with usable privacy and security challenges. The popular SOUPS poster session as well as social events, breaks, and discussion sessions will provide opportunities to share ideas and network with other participants.

A SOUPS preliminary program will be available in April 2009.

SOUPS 2009 will be held on the Google campus. Accommodations have been reserved for SOUPS attendees at a nearby hotel.

Not Your Typical Conference

SOUPS distinguishes itself from other conferences by both providing a high quality technical program and by bringing together an interdisciplinary group of attendees in a format conducive to informal discussion and networking. SOUPS offers reasonable registration fees, which include meals catered by local restaurants featuring a variety of cuisines. Past attendees have raved about "the amazing group of people who were here to talk with" and the "awesome food." One past attendee wrote: "Overall, this is the best conference I've attended. I may be ruined forever going to SIGCHI and other larger conferences."


Source: http://cups.cs.cmu.edu/soups/2009/


Saturday, March 7, 2009

About HCISec

HCISec is the study of interaction between humans and computers, or HCI, specifically as it pertains to information security. Its aim, in plain terms, is to improve the usability of security features in end user applications.