WIPS 2017 Workshop Program

Website Maintenance Alert

Due to scheduled maintenance, the USENIX website will not be available on Tuesday, December 17, from 10:00 am to 2:00 pm Pacific Daylight Time (UTC -7). We apologize for the inconvenience.

If you are trying to register for Enigma 2020, please complete your registration before or after this time period.

Wednesday, July 12, 2017

7:30 am–9:00 am

Continental Breakfast

9:00 am–10:00 am

Keynote Address

Accessibility on Mobile Device: Opportunities and Challenges

Dr. Yu Zhong, Google

Mobile devices have been playing a critical role in people's modern lifestyle. They also have been helping individuals with impairments live a more independent life. Research communities and companies have built various assistive technologies so that mobile devices have alternative interaction models for users with visual, hearing, motor and other impairments. And those devices can aid users with real world tasks while users go about their daily routines. For example, screen readers and image recognition apps have been widely adopted by blind people to perform object identification tasks. When there is opportunity there is also challenge and risk, when developing assistive technology security and privacy are easily overlooked and dangerous. Take the same example that blind people take photographs to recognize objects; how do we help them ensure those photos sent to the recognition servers don't have sensitive personal information and those results spoken by the device don't announce users' personal information to the world? While usability being the core of accessibility services, security and privacy implications are receiving more attentions from the users and mainstream companies.

Yu Zhong, Google

Yu Zhong is a Software Engineer in the Accessibility team at Google Mountain View headquarters. He received his PhD degree at University of Rochester in 2015 where his research focused on assisting blind people complete independent tasks with the help of assistive technologies on mobile devices. He has since then continued working on accessibility on a large scale at Google to improve the accessibility of its product. He has also been actively advocating and promoting accessibility in research and develop communities and working on tools to streamline accessible application development and testing.

10:00 am–10:30 am

Paper Talks 1

Learning System-assigned Passwords: A Preliminary Study on the People with Learning Disabilities

Sonali Tukaram Marne, University of Texas at Arlington; Mahdi Nasrullah Al-Ameen, Clemson University; Matthew Wright, Rochester Institute of Technology

Available Media

With an increase in cyber attacks, including online password guessing attacks, system-assigned password schemes are studied as alternatives to traditional user-chosen textual passwords. While people with learning disabilities face difficulty in memorizing new information, it is not clear yet if system-assigned passwords would be usable for them. We begin to address this gap with this preliminary study, where we leveraged a recently-proposed graphical authentication scheme that offers multiple cues (visual, verbal, spatial, audio) to memorize system-assigned random passwords. In our single-session study with 14 participants having different types of learning disabilities, all of them could effectively learn system-assigned passwords, and were able to successfully log in using that authentication secret within just one attempt. Based on our findings, we outline the directions for future research in evaluating the authentication performance of people with learning disabilities.

Victim Privacy in Crowdsourcing Based Public Safety Reporting: A Case Study of LiveSafe

Huichuan Xia, Yun Huang, and Yang Wang, Syracuse University

Available Media

Prior works in criminology have studied victims' privacy protection in extreme cases such as rape, but little is known about victims' privacy concerns and experiences in less severe incidents. Also, little has studied on privacy issues in crowdsourcing based reporting systems. In this paper, we conducted a case study with LiveSafe which is a popular crowdsourcing based safety reporting system. We reported our initial interview results with several victim students about their privacy concerns and experiences, and then we discussed about how to protect victim privacy as well as some special challenges to achieve it. To the best of our knowledge, this work is pioneering in this research field.

10:30 am–11:00 am

Break with Refreshments

11:00 am–11:15 am

Paper Talks 2

Security and privacy design considerations for low-literate users in developing regions

Shrirang Mare, Aditya Vashistha and Richard Anderson, University of Washington

With the increasing adoption of mobile phone, the previously hard-to-reach low-literate low-income users in developing regions can now be reached through their mobile phones. Government and other agencies are providing mobile services such as banking and healthcare to this marginalized population to improve their quality of life. In this paper we highlight the security and privacy challenges in developing solutions for this user group.

11:15 am–12:00 pm

Scenario-Based Group Work

12:00 pm–1:30 pm

Lunch (on your own)

1:30 pm–2:00 pm

Paper Talks 3

Formal Mental Models for Inclusive Privacy and Security

Adam M. Houser and Matthew L. Bolton, Ph.D. University at Buffalo, State University of New York

Available Media

Efforts to bring inclusive privacy and security solutions to disadvantaged populations will require multifaceted approaches. A key aspect of this challenge is understanding the diverse needs of the userbase, as this will help ensure the alignment of proposed solutions with these needs. One potential strategy for addressing this challenge is to rigorously explore the mental models that characterize stakeholders' privacy and security concerns. This paper will suggest a strategy to meet this challenge, drawing on approaches from human factors engineering and formal methods to establish a framework for modeling and exploring user mental models within a security context. Potential areas of exploration using this method will also be discussed.

Inclusive persuasion for security software adoption

Eunjin (EJ) Jung and Evelyn Y. Ho, University of San Francisco; Hyewon Chung, Chungnam National University

Available Media

Using security software such as anti-virus, firewalls, and certain browser add-ons helps users stay safe on the Internet. As part of the ongoing CRISP project (Communicating Risk in Internet Security and Privacy), we conducted a user study across a wide range of computer proficiency levels, in a marginalized community and in a private university, to better understand all community members' interactions with computers and the Internet in terms of security and privacy. We interviewed 44 participants at the public computer lab in a marginalized community, and also interviewed 33 university students. In this paper, we report our preliminary quantitative and qualitative findings on what factors may affect the decision to adopt security software.

2:00 pm–3:30 pm

Design Activity

3:30 pm–4:00 pm

Break with Refreshments

4:00 pm–5:15 pm

Presentation of Design Solutions to Other Groups

5:15 pm–5:30 pm

Wrap-up