CUPS (CMU)
Encyclopedia
The Carnegie Mellon University Usable Privacy and Security Laboratory (CUPS) was established in the Spring of 2004 to bring together Carnegie Mellon University
researchers working on a diverse set of projects related to understanding and improving the usability of privacy
and security software and systems. The privacy and security research community has become increasingly aware that usability
problems severely impact the effectiveness of mechanisms designed to provide security and privacy in software systems. Indeed, one of the four grand research challenges in information security and assurance identified by the Computing Research Association
in 2003 is: "Give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future." This is the challenge that CUPS strives to address. CUPS is affiliated with Carnegie Mellon CyLab and has members from the Engineering and Public Policy
Department, the School of Computer Science, the Electrical and Computer Engineering Department, the Heinz School of Public Policy and Management, and the Social and Decision Sciences Department.
Carnegie Mellon University
Carnegie Mellon University is a private research university in Pittsburgh, Pennsylvania, United States....
researchers working on a diverse set of projects related to understanding and improving the usability of privacy
Privacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
and security software and systems. The privacy and security research community has become increasingly aware that usability
Usability
Usability is the ease of use and learnability of a human-made object. The object of use can be a software application, website, book, tool, machine, process, or anything a human interacts with. A usability study may be conducted as a primary job function by a usability analyst or as a secondary job...
problems severely impact the effectiveness of mechanisms designed to provide security and privacy in software systems. Indeed, one of the four grand research challenges in information security and assurance identified by the Computing Research Association
Computing Research Association
The Computing Research Association is an association of more than 220 North American academic departments of computer science, computer engineering, and related fields; laboratories and centers in industry, government, and academia engaging in basic computing research; and affiliated professional...
in 2003 is: "Give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future." This is the challenge that CUPS strives to address. CUPS is affiliated with Carnegie Mellon CyLab and has members from the Engineering and Public Policy
Engineering and Public Policy
Engineering and Public Policy, informally known as EPP, is an interdisciplinary academic department within the Carnegie Institute of Technology , Carnegie Mellon University's engineering college. EPP combines technical analysis with social science and policy analysis, in order to address problems...
Department, the School of Computer Science, the Electrical and Computer Engineering Department, the Heinz School of Public Policy and Management, and the Social and Decision Sciences Department.
Projects
- P3P and computer-readable privacy policies
- Two members of the CUPS Lab are members of the W3C P3PP3PThe Platform for Privacy Preferences Project, or P3P, is a protocol allowing websites to declare their intended use of information they collect about browsing users...
Working Group, working on developing the P3PP3PThe Platform for Privacy Preferences Project, or P3P, is a protocol allowing websites to declare their intended use of information they collect about browsing users...
1.1 specification. - In the fall of 2005, AT&TAT&TAT&T Inc. is an American multinational telecommunications corporation headquartered in Whitacre Tower, Dallas, Texas, United States. It is the largest provider of mobile telephony and fixed telephony in the United States, and is also a provider of broadband and subscription television services...
gave the rights to the source code and trademarks surrounding Privacy Bird, their P3PP3PThe Platform for Privacy Preferences Project, or P3P, is a protocol allowing websites to declare their intended use of information they collect about browsing users...
user-agent. Privacy Bird is currently maintained and distributed by the lab. - In the summer of 2005, the lab made available to the public a "P3P-enabled search engine." This service is known as Privacy Finder, and it allows a user to reorder search results based on whether each site complies with his or her privacy preferences. This information is gleaned from P3PP3PThe Platform for Privacy Preferences Project, or P3P, is a protocol allowing websites to declare their intended use of information they collect about browsing users...
policies that are found on the web sites. - Additionally, the lab archives web sites privacy policies and has been creating a toolkit to aid in the automated analysis of both P3PP3PThe Platform for Privacy Preferences Project, or P3P, is a protocol allowing websites to declare their intended use of information they collect about browsing users...
policies as well as natural language privacy policies.
- Two members of the CUPS Lab are members of the W3C P3P
- Supporting trust decisions
- More recently, the lab is examining trends in phishing attacks as well as users' perceptions of these attacks to develop better methods of detecting and reporting phishing messages.
People
- Lorrie CranorLorrie CranorLorrie Faith Cranor is the director of the Carnegie Mellon Usable Privacy and Security Laboratory at Carnegie Mellon University and a member of the Electronic Frontier Foundation Board of Directors. She is an Associate Professor in the School of Computer Science and the Engineering and Public...
, Director - Alessandro Acquisti
- Julie Downs
- Serge Egelman
- Mandy Holbrook
- Jason Hong
- Patrick Gage Kelley
- Ponnurangam Kumaraguru
- Cynthia Kuo
- Adrian Perrig
- Robert Reeder
- Sasha Romanosky
- Norman Sadeh
- Steve Sheng
- Janice Tsai
- Kami Vaniea