"Phishing" Bibliography

Transluscent security includes usable security, risk behaviors, risk communication, HCI, safety engineering, behaviorial economics, psychology, and of course computer security. A real time complete bibiography would require a full time commitment. So here are some basic papers and some pointers to colleagues. Please send recommendations for inclusion to Greg Norice: gnorice@indiana.edu. Sending it in html will make inclusion more timely. Please make sure there is a non-paywall link to the paper.

See also the Community Page for events and people.

Selected Papers

Adams, A., and Sasse, M. Users are not the enemy. Communications of the ACM 42, 12 (1999), 40–46.

Anderson, R. Why information security is hard-an economic perspective. In Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual, IEEE (2001), 358–365.

Boyan, J. The anonymizer. Computer-Mediated Communication (CMC) Magazine (1997).

Brostoff, S., Inglesant, P., and Sasse, M. Evaluating the usability and security of a graphical one-time pin system. In Proceedings of the 24th BCS Interaction Specialist Group Conference, British Computer Society (2010), 88–97.

Clark, J., Van Oorschot, P., and Adams, C. Usability of anonymous web browsing: An examination of tor interfaces and deployability. In Proceedings of the 3rd symposium on Usable privacy and security, ACM (2007), 41–51.

Egelman, S., Acquisti, A., Molnar, D., Herley, C., Christin, N., and Krishnamurthi, S. Please continue to hold an empirical study on user tolerance of security delays.

Elmore, H. Designing translucent security: Insights from a usability evaluation of pgp desktop. Master’s thesis, Indiana University, 2009.

L. Jean Camp, Translucent Security, Risk Perception in IT Security and Privacy (RP-IT) Workshop, A SOUPS Workshop, Newcastle upon Tyne, 26 July 2013.

K. Benton, V Garg and L. Jean Camp, Studying the Effectiveness of Android Application Permissions Requests, Security and Social Networking SESOC 2013, PerCom 2013 Workshop (San Deigo, CA) 18 March 2013.

V. Garg, and L. Jean Camp, Heuristics and Biases: Implications for Security Design, IEEE Technology & Society, Mar. 2013.

J. Blythe & L. Jean Camp, Implementing Mental Models, Semantic Computing and Security, An IEEE Symposium on Security and Privacy (SP) Workshop (San Francisco, CA) 24 May 2012.

Vaibhav Garg, L Jean Camp and Kay Connelly,Risk Communication Design: Video vs. Text, PETS (Vigo, Spain) 11-13 July 2012.

V. Garg, L. Huber, L. J. Camp, K. Connelly, Risk Communication Design for Older Adults, Gerontechnology Vol. 11, No. 2 (2012).

L Jean Camp, "Bringing Mental Models to Security," IEEE Technology & Society, Vol 28 (3) 37-46.

V. Garg & L. Jean Camp, End User Perception of Online Risk Under Uncertainty, Hawaii International Conference On System Sciences, (Manoa, HI) 4-7 January 2012.

J. Blythe, L. Jean Camp & V. Garg, Targeted Risk Communication for Computer Security”, 2011 International Conference on Intelligent User Interfaces, (Palo Alto, CA) 13-16 February 2011.

L. Jean Camp, People Taking Risks Online, Security and Human Behaviors, (MIT, Cambridge MA) 11 June 2009.

Farzeneh Asgapour, Debin Liu and L. Jean Camp, Mental Models of Computer Security Risks:Experimental Results
, Usable Security 07, (Tobago) 16 February 2007 Computer Attacks have focused on the wrong issues, Boston Globe, A8, Feb. 17, 2000.

Allan Friedman & L. Jean Camp, "Making Security Manifest", Second Workshop on the Economics of Information Security, College Park, MA. May 2003.

L. Jean Camp, Cathleen McGrath & Alla Genkina, Security and Morality: A Tale of User Deceit, Models of Trust for the Web MTW'06, (Edinburgh, Scotland) 22 May 2006.

L. Jean Camp & Ka-Ping Yee "Human implications of technology", Practical Handbook of Internet Computing", ed. M. P. Singh, CRC Press (New York, NY) Winter 2003.

L. Jean Camp, Cathleen McGrath & Helen Nissenbaum, "Trust: A Collision of Paradigms", Proceedings of Financial Cryptography, Lecture Notes in Computer Science, Springer-Verlag (Berlin, Germany) Fall 2001.

L. Jean Camp & Alla Genkina, Social Engineering, Phishing, eds. S. Myers and M. Jacobsson, 2006. The version before editing.

Debin Liu, Ninghui Li, XiaoFeng Wang, and L. Jean Camp, Security Risk Management using Incentives , IEEE Security & Privacy, Vol. 9, No. 6: 20-28 (2011).

Vaibhav Garg, Sameer Patil , Apu Kapadia, and L Jean Camp,
Peer-produced Privacy Protection: A Common-pool Approach, The IEEE International Symposium on Technology and Society (ISTAS) (Toronto, ON) 27-29 July 2013.

Zheng Dong and L. Jean Camp, PeerSec: Towards Peer Production and Crowdsourcing for Enhanced Security, HotSec (Bellevue, WA) 7 August 2012.

Zheng Dong, Vaibhav Garg, Apu Kapadia and L. Jean Camp, Pools, Clubs and Security: Designing for a Party Not a Person, New Security Paradigms Workshop (Bertinoro, Italy) 19-20 September 2012.

D. Barrera, H. G. u. c. Kayacik, P. C. van Oorschot, and A. Somayaji. A methodology for empirical analysis of permission-based security models and its application to Android. In Computer and Communications Security, pages73–84, 2010.

R. Boehme and S. Koepsell. Trained to accept?: A field experiment on consent dialogs. In CHI, pages 2403–2406, 2010.

M. Boldt and B. Carlsson. Privacy-invasive software and preventive mechanisms. in PROC of ICSNC, 2006.

J. Bonneau and S. Preibusch. The privacy jungle: On the market for data protection in social networks. In WEIS, 2009.

A. P. Felt, K. Greenwood, and D. Wagner. The effectiveness of application permissions. In PROC of the 2nd USENIX conference on Web application development, WebApps’11, 2011.

P. Gilbert, B.-G. Chun, L. P. Cox, and J. Jung. Vision: automated security validation of mobile apps at app markets. In PROC of MCS, pages 21–26, 2011.

J. Goecks, W. K. Edwards, and E. D. Mynatt. Challenges in supporting end-user privacy and security management with social navigation. In PROC of SOUPS, pages 5:1–5:12, 2009.

N. Good, R. Dhamija, J. Grossklags, D. Thaw, S. Aronowitz, D. Mulligan, and J. Konstan. Stopping spyware at the gate: a user study of privacy, notice and spyware. In PROC of SOUPS, SOUPS ’05, 2005.

N. S. Good, J. Grossklags, D. K. Mulligan, and J. A. Konstan. Noticing notice: a large-scale experiment on the timing of software license agreements. In PROC of CHI, CHI ’07, pages 607–616, 2007.

J. Grossklags and N. Good. Empirical studies on software notices to inform policy makers and usability designers. In PROC of Financial cryptography and Usable Security, pages 341–355, 2007.

H. Hochheiser. The platform for privacy preference as a social protocol: An examination within the u.s. policy context. ACM Trans. Internet Technol., 2(4):276–306, 2002.

M. Kay and M. Terry. Textured agreements: re-envisioning electronic consent. In PROC of SOUPS, pages 13:1–13:13, 2010.

P. G. Kelley, J. Bresee, L. F. Cranor, and R. W. Reeder. A “nutrition label” for privacy. In PROC of the 5th Symposium on Usable Privacy and Security, SOUPS ’09, pages 4:1–4:12, 2009.

P. G. Kelley, L. Cesca, J. Bresee, and L. F. Cranor. Standardizing privacy notices: an online study of the nutrition label approach. In PROC of CHI, pages 1573–1582, 2010.

J. King, A. Lampinen, and A. Smolen. Privacy: Is there an app for that? November 2011.

D. Mulligan. Information disclosure as a light-weight regulatory mechanism. In DIMACS workshop on information security economics, pages 18–19, 2007.

M. Nauman, S. Khan, and X. Zhang. Apex: extending android permission model and enforcement with user-defined runtime constraints. In Asia Computer and Communications Security, pages 328–332, 2010.

R. Schlegel, A. Kapadia, and A. J. Lee. Eyeing your exposure: Quantifying and controlling information sharing for improved privacy. In SOUPS, 2011.

T. Vidas, N. Christin, and L. Cranor. Curbing Android permission creep. In PROC of W2SP, 2011.

T. Vila, R. Greenstadt, and D. Molnar. Why we can’t be bothered to read privacy policies models of privacy economics as a lemons market. In PROC of ICEC, pages 403–407, 2003.

Y. Wang, G. Norcie, S. Komanduri, A. Acquisti, P. Leon, and L. Cranor. I regretted the minute i pressed share: A qualitative study of regrets on facebook. In Proceedings of the Seventh Symposium on Usable Privacy and Security, page 10. ACM, 2011.