author photo
By Clare O’Gara
Wed | Aug 7, 2019 | 12:15 PM PDT

This August, Carnegie Mellon University will hold its 15th annual SOUPS (Symposium On Usable Privacy and Security) conference.

And no, we're not talking about chicken noodle.

Because this kind of soup can help you with cybersecurity.

The history of SOUPS at CMU: making cybersecurity user-friendly

In the early 2000s, Lorrie Cranor feared that security and privacy had a usability problem. "I realized that not a lot was known about how to make privacy or security tools usable," Cranor said.

And she wasn't the first to express concern. Alma Whitten's 1999 research paper, "Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0," revealed that most security failures stemmed from confusing interfaces that caused clumsy user errors.

When Cranor joined CMU faculty in 2003, however, she was driven to find a solution.

In 2004, she formed the CyLab Usable Privacy and Security (CUPS) Laboratory to teach students and focus her research, which is unique from other cybersecurity academics.

"One of the ways that usable privacy and security research often differs from other human-computer interaction research is the need to study user behavior in the presence of risk or adversaries."

CyLab explained a few of CUPS' unconventional research methods:

CUPS Lab studies often use deception to study how users react to security prompts, without revealing the true purpose of the study.

For example, researchers may recruit users to test online video games, but in reality, they are studying users' reactions to pop-up security warnings that the researchers trigger on gaming websites.

Since 2005, CUPS has also held the annual SOUPS conference (and no, the irony of the two acronyms is not lost on them). Their one-of-a-kind Symposium On Usable Privacy and Security brings together researchers from companies and universities under a common goal: make security tools usable for everyone.

With the help of Cranor and the CUPS Lab, the world of cybersecurity is becoming a simpler, safer, and more secure space.

Other ways to learn about cybersecurity usability

The researchers at CMU believe that complications in security and privacy stem from the confusing nature of these tools.

"Complexity is the enemy of security" is a common phrase we hear at SecureWorld conferences.

Like SOUPS, SecureWorld aims to bring together cybersecurity professionals for knowledge sharing and collaboration.

And a major part of that is ensuring that these tools can be used effectively by as many organizations as possible.