Apr 12 2017

Wahida Chowdhury, PhD

Published by under News

Robert Biddle <Robert.Biddle@carleton.ca>
Tue, 11 Apr 2017 16:10:55 -0400

Today, Wahida Chowdhury successfully defended her PhD thesis, with only
minor revisions required.
Congratulations, Wahida!

Wahida’s Thesis: Cognitive Rules and Online Privacy

Most studies of privacy assume that people are concerned about their online privacy, but few studies investigate why. Cognitive Science can advance our understanding by documenting the cognitive rules that influence people’s judgments about privacy – judgments about what kind of personal information to reveal to whom. The purpose of my dissertation was to explicate these cognitive rules.
Experiment 1 examined if the willingness to consent to share personal information varied with the kinds of personal information requested and the kinds of requestors. Fifty- four undergraduate students and 12 middle-aged adults rated their willingness to consent to the collection of 12 different kinds of personal information by five different kinds of organizations. Participants also wrote their reasons for consenting/not consenting to share personal information with each kind of organization. Results showed that the willingness to consent varied with the kinds of personal information requested, and the organization requesting the personal information. Reasons for consenting more often reflected self-interest and reasons for not consenting more often reflected moral reasons. Willingness-to-consent ratings were also correlated with personality variables. For example, the more participants rated themselves as anxious the less willing they were to consent to share personal information.

Experiment 2 explored possible double standards of willingness to consent judgments. The same participants as those in Experiment 1 rated whether or not other people should consent to the collection of the same kinds of personal information by the same kinds of organizations. Results showed that participants mostly made similar judgments about self and others’ privacy, but sometimes exhibited double standards. For example, participants who rated themselves as reserved rated that others should be less willing than themselves to consent to reveal personal information.

Experiment 3 examined if how willing people were to share personal information influenced judges’ impressions of them. A different sample of 51 undergraduate students was asked to form impressions of 12 anonymous participants from Experiment 1 (the targets), selected for their variations in willingness to consent to share personal information. Participants recorded their impressions of these 12 targets on scales related to trust, trustworthiness, honesty, friendliness, and likelihood of hiding information. The targets received less favorable impressions the less willing they were to share personal information.
Collectively, the experiments indicated that the cognitive rules for judgments about privacy served functions related to self-interest and morality, and were sensitive to the kinds of personal information requested and the nature of the requestor. Prescriptions of what others should be willing to share mostly mirrored people’s own willingness judgments, and the less willing others were to share requested information, the more negative impressions of them were formed. Conceptual and practical implications of the findings are discussed.

Jan 07 2016

Dan LeBlanc, PhD

Published by under News


Robert Biddle <robert.biddle@carleton.ca>
Tue, 5 Jan 2016 16:37:51 -0500

Today, Daniel LeBlanc successfully defended his PhD thesis, with only minor revisions required.
Congratulations Dan!
Robert Biddle

Dan's Thesis: Trust and Risk in Website Legitimacy and Software Applications


When people choose to visit a given website, they make a trust decision about the supplier and source. It appears that a large majority of users commonly place their trust in most, if not all, websites they encounter, and this causes significant security problems. Any solutions proposed to reduce the threat of malicious websites must include a consideration of the psycho- logical processes of the end users. This thesis presents several studies with the aim of understanding how people interpret the available information when making a trust decision. This understanding will better support users in making appropriate decisions and should inform better design of security mechanisms. It was found that users show some understanding of some of the key concepts in Internet security, and often make reasonable decisions. However, there are important anomalies. For example, many users had important misunderstandings about Malware, suggesting they had poor mental models about the capabilities of Malware and the capabilities of antivirus software applications in protecting them from threats online. Moreover, par- ticipants showed lack of confidence across a range of issues, but in practice they were still willing to make decisions even with this uncertainty. Some evidence was found which suggests that users employ heuristics in making such decisions and judgments under uncertainty.


Sep 25 2015

Peter Simonyi, Master of Computer Science

Published by under News

2015-09-25, 10:13 AM
Today, Peter Simonyi successfully defended his MCS thesis, with only minor 
revisions required. 
Congratulations, Peter!

Peter’s Thesis: Interaction History Support for Web Applications


All users of complex software make decisions that they may later wish to change. Many computer systems have tools to support this need for revision, such as the undo command. However, the common history tools (like undo) do not support exploratory, epistemic interaction well. And there are common, non-specialized tasks that are difficult in common computer systems, but would be much easier with improved support for managing interaction history. Desktop computing environments have well-established norms for how undo works, but there is room to explore this in newer computing environments, such as the Web and surface computing, as their design culture has not stabilized to the same extent. We argue that history tracking needs to be more accessible to users. We developed a prototype JavaScript library for Web applications that lets users keep a history of all their interaction states, including those that would be discarded by using a traditional stack-model undo system. The history is presented to users in a tree structure similar to the model used in source control software. We ran a usability study of our system with two applications designed to encourage the kind of exploratory behaviour we wanted to support. We identified usability improvements that could be made, but the study suggests that this kind of system could be generally useful even in non-specialized fields.


Sep 15 2015

Jeff Wilson, Master of Computer Science

Published by under News

2015-09-15, 4:40 PM
Today, Jeff Wilson successfully defended his MCS thesis, with only minor revisions required. 
Congratulations Jeff!

Jeff’s Thesis: ACH Walkthrough:  Designing and Building a Web Application for Collaborative Sensemaking


This thesis describes the research and development of a prototype for a co-located collaborative intelligence analysis tool: ACH Walkthrough. The tool is a collaborative variation of an established structured analysis method called Analysis of Competing Hypotheses, originally developed for intelligence analysis. Recent changes to web application architectures offer important opportunities to produce visually rich applications that support co-located and remote collaborative decision making scenarios. We begin by reviewing the literature on sensemaking and development frameworks for surface applications. We then explore architectural issues in using web frameworks for collaborative applications. We then present the design and implementation of ACH Walkthrough, our prototype design for team-based intelligence analysis, and the evaluation of the application’s major architectural components. Finally, we document feedback on the tool and explore alternative designs and architectural approaches.



Sep 08 2015

New Security Paradigms Workshop in Twente

Published by under Conferences

Screen Shot 2015-10-04 at 3.01.10 PM
The New Security Paradigms Workshop (NSPW) was in the Twente region of the Netherlands  this year. As usual, NSPW  invited new ideas, even if there are limitations or incomplete aspects, and everyone who does attended participate throughout. Robert Biddle presented collaborative work with Alain Forget and Sonia Chiasson, called CYOA: Choose Your Own Authentication.

Aug 28 2015

Ravina Samaroo, MA (Human Computer Interaction)

Published by under News

2015-08-28, 3:24 PM
Today, Ravina Samaroo successfully defended her MA (HCI) thesis, with only 
minor revisions required!  Congratulations Ravina! 

Ravina’s Thesis: Intent-Gesture Relationships for Collaborative Information Visualization


In this study we look at the relationship between gestures and intents when pairs of participants are collaborating around a large display with a graph. We aimed to find out what gestures paired with which intents, which gestures participants would find suitable for various intents, and how our findings could influence designing interactions with graphs being used for collaborative analysis work. We studied 8 pairs of participants and found 10 frequent gestures and 11 frequent intents. An exploration of the relationship between these gestures and intents found 15 frequent co-occurrences. We analyzed these findings and then proceeded to make design suggestions for enabling co-located collaboration interaction using large multi-touch displays. Throughout, we used a theory of technical intersubjectivity to guide our research.  In particular, this helped us to position large multi-touch displays as enablers of intersubjective interactions, which facilitated our design process.

Jun 30 2015

Symposium on Usable Privacy and Security at Carleton

Published by under News

SOUPS 2014

Usable Privacy and Security is the field where Human-Computer Interaction and Cybersecurity meet. The premier research conference in this area is SOUPS: the Symposium on Usable Privacy and Security. This year the conference will be held here at Carleton, July 22-24! The Local Activities Chair is Sonia Chiasson, and the Technical Program Co-Chair is Robert Biddle. The Lightning Talks and Demos Chair is Elizabeth Stobert, who recently finished her PhD and is now at ETH Zurich.

See: http://cups.cs.cmu.edu/soups/2015/

Jun 01 2015

Elizabeth Stobert, PhD

Published by under News

Screen Shot 2015-07-01 at 12.03.23 PM

2015-05-01, 3:26 PM
Today, Elizabeth Stobert successfully defended her PhD.
Congratulations Elizabeth!
Robert Biddle

Elizabeth’s Thesis: Graphical Passwords and Practical Password Management


Text passwords pose a number of difficulties for end users, who must create, remember, and manage large numbers of passwords. Users are often regarded as the weak link in security systems, but they are a crucial component of the system, and need to be better considered in the design of security products. Many password alternatives have been proposed, but none have successfully replaced ordinary text passwords, and the potential consequences of password problems grow as more information relating to work and life is stored online.

This thesis explores practical approaches to helping users select, securely reuse, and manage passwords, and investigates questions about password alternatives. The attention is on the end user, and how authentication affects these users in their daily lives. Our focus is on practical, actionable results to assist end users in their daily tasks.

The thesis begins by investigating issues of memorability with graphical passwords, and proposes the design of PassTiles, a new graphical password system that allows secure random memorable passwords to be easily assigned. This graphical password system is used to explore what type of memory retrieval best supports the memorability of graphical passwords, and the results show that cued-recall graphical passwords give an advantageous combination of memorability and usability.

Password coping strategies are next explored through interviews with end users, and investigation into the techniques that users rely on to handle current password demands. Interviews with expert users were conducted to understand how their additional expertise helps them manage the same problems faced by end users. Grounded Theory analysis led to the emergence of a password life cycle model. A survey study suggested that the coping strategies discussed in the interviews are widespread.

Finally, the thesis proposes the design of a password manager to support users’ existing coping strategies by protecting password reuse, and to securely protect users’ accounts with memorable assigned random graphical passwords.

May 01 2015

Visit by Prof. Martin Kropp

Published by under News

Screen Shot 2015-07-01 at 12.45.22 PM Screen Shot 2015-07-01 at 12.43.56 PM

We’re very lucky this year to have as a sabbatical visitor Prof. Martin Kropp, from the University of Applied Sciences and Arts Northwestern Switzerland (FHNW). He has been doing excellent work on support Agile Software Development processes. In particular, he and his colleagues have developed a truly impressive agile card wall system aWall (shown above, also see a presentation). He has also conducted surveys of Agile Software Development in Switzerland. We hope to work together on these projects while he is at our lab in Ottawa, April-July.

Oct 01 2014

New Security Paradigms Workshop in Victoria

Published by under Conferences

Screen Shot 2015-07-01 at 10.43.26 AM
The annual New Security Paradigms Workshop (NSPW) is not a typical conference. It specifically invites new ideas, even if there are limitations or incomplete aspects. And it only invites people actually presenting or otherwise involved. Moreover, everyone who does attend is expected to participate throughout. And it has a Trojan Rabbit as it’s mascot (pictured above). This year NSPW was in Victoria, on Vancouver Island, Canada. Elizabeth Stobert presented her work on Versipass, A Password Manager That Doesn’t Remember Passwords.

« Prev - Next »