Archive for the 'Uncategorized' Category

Apr 12 2017

Wahida Chowdhury, PhD

Published by under Uncategorized

Robert Biddle <>
Tue, 11 Apr 2017 16:10:55 -0400

Today, Wahida Chowdhury successfully defended her PhD thesis, with only
minor revisions required.
Congratulations, Wahida!

Wahida’s Thesis: Cognitive Rules and Online Privacy

Most studies of privacy assume that people are concerned about their online privacy, but few studies investigate why. Cognitive Science can advance our understanding by documenting the cognitive rules that influence people’s judgments about privacy – judgments about what kind of personal information to reveal to whom. The purpose of my dissertation was to explicate these cognitive rules.
Experiment 1 examined if the willingness to consent to share personal information varied with the kinds of personal information requested and the kinds of requestors. Fifty- four undergraduate students and 12 middle-aged adults rated their willingness to consent to the collection of 12 different kinds of personal information by five different kinds of organizations. Participants also wrote their reasons for consenting/not consenting to share personal information with each kind of organization. Results showed that the willingness to consent varied with the kinds of personal information requested, and the organization requesting the personal information. Reasons for consenting more often reflected self-interest and reasons for not consenting more often reflected moral reasons. Willingness-to-consent ratings were also correlated with personality variables. For example, the more participants rated themselves as anxious the less willing they were to consent to share personal information.

Experiment 2 explored possible double standards of willingness to consent judgments. The same participants as those in Experiment 1 rated whether or not other people should consent to the collection of the same kinds of personal information by the same kinds of organizations. Results showed that participants mostly made similar judgments about self and others’ privacy, but sometimes exhibited double standards. For example, participants who rated themselves as reserved rated that others should be less willing than themselves to consent to reveal personal information.

Experiment 3 examined if how willing people were to share personal information influenced judges’ impressions of them. A different sample of 51 undergraduate students was asked to form impressions of 12 anonymous participants from Experiment 1 (the targets), selected for their variations in willingness to consent to share personal information. Participants recorded their impressions of these 12 targets on scales related to trust, trustworthiness, honesty, friendliness, and likelihood of hiding information. The targets received less favorable impressions the less willing they were to share personal information.
Collectively, the experiments indicated that the cognitive rules for judgments about privacy served functions related to self-interest and morality, and were sensitive to the kinds of personal information requested and the nature of the requestor. Prescriptions of what others should be willing to share mostly mirrored people’s own willingness judgments, and the less willing others were to share requested information, the more negative impressions of them were formed. Conceptual and practical implications of the findings are discussed.

Jan 07 2016

Dan LeBlanc, PhD

Published by under Uncategorized


Robert Biddle <>
Tue, 5 Jan 2016 16:37:51 -0500

Today, Daniel LeBlanc successfully defended his PhD thesis, with only minor revisions required.
Congratulations Dan!
Robert Biddle

Dan's Thesis: Trust and Risk in Website Legitimacy and Software Applications


When people choose to visit a given website, they make a trust decision about the supplier and source. It appears that a large majority of users commonly place their trust in most, if not all, websites they encounter, and this causes significant security problems. Any solutions proposed to reduce the threat of malicious websites must include a consideration of the psycho- logical processes of the end users. This thesis presents several studies with the aim of understanding how people interpret the available information when making a trust decision. This understanding will better support users in making appropriate decisions and should inform better design of security mechanisms. It was found that users show some understanding of some of the key concepts in Internet security, and often make reasonable decisions. However, there are important anomalies. For example, many users had important misunderstandings about Malware, suggesting they had poor mental models about the capabilities of Malware and the capabilities of antivirus software applications in protecting them from threats online. Moreover, par- ticipants showed lack of confidence across a range of issues, but in practice they were still willing to make decisions even with this uncertainty. Some evidence was found which suggests that users employ heuristics in making such decisions and judgments under uncertainty.


Sep 08 2015

New Security Paradigms Workshop in Twente

Published by under Uncategorized

Screen Shot 2015-10-04 at 3.01.10 PM
The New Security Paradigms Workshop (NSPW) was in the Twente region of the Netherlands  this year. As usual, NSPW  invited new ideas, even if there are limitations or incomplete aspects, and everyone who does attended participate throughout. Robert Biddle presented collaborative work with Alain Forget and Sonia Chiasson, called CYOA: Choose Your Own Authentication.

May 26 2011

GRAND Annual Conference

Published by under Uncategorized

We’ve recently returned from beautiful Vancouver for the 2nd Annual GRAND Conference. We are part of projects on “Usable Privacy and Security for New Media Environments” and “Digital Games for Learning and Training”. It was an oppportunity to discuss on-going projects, get feedback from others in different disciplines, talk about research priorities, and plan for the next year.

May 18 2011

CHI 2011

Published by under Uncategorized

Members of our lab attended CHI 2011 in beautiful but cloudy Vancouver, Canada. The usable security sessions covered a wide array of sub-topics, including authentication, access control, Facebook privacy, phishing, and more. CHI’s Interactivity sessions lived up to their previous years of providing novel innovative ways of interacting with technology. We played around with Tobii’s prototype laptop with a build-in eye tracker. The Buxton Collection was very popular, where Bill tirelessly shared his insights and experiences throughout the evolution of computing technology all days of the conference.

May 10 2011

“Technologies of the Future” session

Published by under Uncategorized

On May 6, we hosted grade 8-9 students from Ottawa in our lab for a session on user interaction technologies as part of Carleton’s Enrichment Mini-Courses.  Students learned about the technologies and got hands-on experience with multitouch tables, a haptic device, an eye tracker, a head-mounted display, and a digital pen.

May 02 2011

2011 ISSNet Annual Workshop

Published by under Uncategorized

We spent a week in Toronto for the ISSNet Annual Workshop. We heard updates on recent work on research projects in all three themes (Network-oriented Security, Software Systems-oriented Security, Human-oriented Security) and had plenty of opportunity to catch up and discuss research with members from other Universities and industry partners. Several students from our lab presented posters of their on-going research projects. Invited talks by Nart Villeneuve from Trend Micro and by N. Asokan and Valtteri Niemi from Nokia gave us interesting insight into current industry work.

Mar 20 2011

Graphical passwords survey accepted to ACM Computing Surveys

Published by under Uncategorized

We were pleased to learn that our survey of graphical passwords has been accepted for publication in ACM Computing Surveys. It will appear in issue 44(4).

Title: Graphical Passwords: Learning from the First Twelve Years
Starting around 1999, a great many graphical password schemes have been proposed as alternatives to text-based password authentication. We provide a comprehensive overview of published research in the area, covering both usability and security aspects, as well as system evaluation. The paper first catalogues existing approaches, highlighting novel features of selected schemes and identifying key usability or security advantages. We then review usability requirements for knowledge-based authentication as they apply to graphical passwords, identify security threats that such systems must address and review known attacks, discuss methodological issues related to empirical evaluation, and identify areas for further research and improved methodology.

Mar 10 2011

FC 2011

Published by under Uncategorized

Several Carleton security and usable security researchers attended Financial Cryptography ‘11 in St. Lucia.  We were pleasantly surprised to see that several of the papers addressed human factors and usable security. Our workshop on Authentication was well-attended and generated lots of questions and discussion between attendees and panelists.  The workshop included invited talks by Cormac Herley, Steven Bellovin, and Robert Biddle.

Dec 21 2010

FC’11 Workshop on User Authentication

Published by under Uncategorized

Join us for a one-day workshop on user authentication:
We are organizing a workshop on user authentication, co-located with Financial Cryptography 2011 in St. Lucia on March 4, 2011. The workshop will consist of invited talks and expert panels. A preliminary program is available and will be updated as details are finalized.

Workshop on The Future of User Authentication and Authorization on the Web:
Challenges in Current Practice, New Threats, and Research Directions

Friday, March 4, 2011 — St. Lucia

Next »