CS Tea: Lorrie Cranor presents “Real Humans, Simulated Attacks: Usability Testing with Attack Scenarios”

29 April 2024

Dr. Lorrie Cranor (Director and Bosch Distinguished Professor of the CyLab Security and Privacy Institute and FORE Systems University Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University) will be giving a talk highlighting user security studies.

Thursday, May 2, 3:30-4:30 pm, Anderson 329

Abstract: User studies are critical to understanding how users perceive and interact with security and privacy software and features. While it is important that users are able to configure and use security tools when they are not at risk, it is even more important that the tools continue to protect users during an attack. Conducting user studies in the presence of (simulated) risk is complicated. We would like to observe how users behave when they are actually at risk, but at the same time we cannot harm user study participants or subject them to increased risk. Often the risky situations we are interested in occur relatively infrequently in the real world, and thus can be difficult to observe in the wild. Researchers use a variety of strategies to overcome these challenges and place participants in situations where they will believe their security or privacy is at risk, without subjecting them to increases in actual harm. In this talk I will highlight the importance of security user studies and talk about a number of different user study approaches we have used at the CyLab Usable Privacy and Security Lab at Carnegie Mellon University to study passwords, security warnings, why people fall for phish, and more.