The Usable Security Empirical Research Lab

Welcome to the home page for the Usable Security Empirical Research (USER) lab at the University of Tennessee, Knoxville (UTK). The USER lab sits at the intersection of cybersecurity, privacy, and usability research. We measure and evaluate the effectiveness of existing security solutions, explore mental models and perceptions related to cybersecurity and privacy, and build novel security technologies to improve the lives of users the world around. In contrast to most security research labs, our research group integrates HCI methods to ensure that we properly understand the needs of users and that the technologies we build meet real-world needs and are used correctly. Our research group’s work has been published at top cybersecurity (IEEE S&P, USENIX Security, ACM CCS) and top HCI (CHI, UIST, UbiComp) venues.


Research


Recent News

Presentations at ACSAC 2021

We just had two excellent presentations on our research given at ACSAC 2021! You can view these talks on their respective pages. First, The Emperor’s New Autofill Framework: A Security Analysis of Autofill on iOS and Android. This paper examines the security of password autofill frameworks built into Android and iOS, finding significant issues with each. Second, Systematization of Password Manager Use Cases and Design Paradigms. This paper systematizes how users leverage password managers and how password managers are implemented to support those use cases. This is a critical paper for anyone looking to design user studies of password managers.


Two papers accepted at ACSAC 2021

We are excited to have two papers accepted at ACSAC 2021! First, The Emperor’s New Autofill Framework: A Security Analysis of Autofill on iOS and Android. This paper examines the security of password autofill frameworks built into Android and iOS, finding significant issues with each. Second, Systematization of Password Manager Use Cases and Design Paradigms. This paper systematizes how users leverage password managers and how password managers are implemented to support those use cases. This is a critical paper for anyone looking to design user studies of password managers.


Jeremy Clark recently presented on our systematization of knowledge on securing email SoK: Securing Email—A Stakeholder-Based Analysis at the 2021 International Conference on Financial Cryptography and Data Security (FC). This paper helps describe the evolution of secure email, the challenges preventing widespread adoption, and directions for future project. Click on the link to the paper to see the video of the presentation.