Technology Usability Lab in Privacy and Security

Logo: Technology Usability Lab in Privacy and Security
Research Publications People Student Projects Wiki Outreach

The Technology Usability Lab in Privacy and Security (TULIPS) brings together a diverse set of students and researchers interested in understanding and improving the usability of security and privacy technologies. The lab is part of the Electrical and Computer Engineering Department at the University of Waterloo. It is also affiliated with the Cybersecurity and Privacy Institute. Before 2023, the lab was located at the University of Edinburgh.

Research Projects

Project screenshot.

PhishEd: Automated Phishing Feedback for End-Users

Adam Jenkins, Tarini Saka, Nadin Kokciyan, Kami Vaniea

Phishing training is typically focused on general threats and is determined by the training provider. In this project we look into providing feedback and training when a user reports a potential phishing message. The idea is that by giving automatic feedback to users about a specific message they are concerned about, we can: give them timely advice, provide useful specific information about threats they actually see, and change the act of phishing education into helpful feedback rather than an employer mandated activity. The project uses a combination of AI and human factors research to process provided messages and provide helpful advice that is written in a language accessible to users.

Project screenshot.

Software Updates

Adam Jenkins, Yasmeen Rashidi, Kami Vaniea

Updating software is one of the best ways to keep a computer safe, yet many people -- including system administrators -- choose not to install updates in a timely maner. This work explores the reasons behind avoiding updates for both end users and system administrators.

Project screenshot.

Phishing Human Factors

Sara S. Albakry, Kholoud Althobaiti, Nadin Kokciyan, Maria Wolters, Kami Vaniea

Reading a URL is one of the key abilities necessary for identifying malicious communications, but many people cannot accurately read a URL and predict where it will go. This happens for several reasons, URLs are naturally complex to read, visually identical characters can easily confuse a person, and for some URLs, such as shortened ones, it is physically impossible to predict the destination from simply reading the text due to redirection.

Project screenshot.

Developer Centered Security and Privacy

Mohammad Tahaei, Kami Vaniea

Developer-focused interfaces need to be designed to be usable, minimize accidental error, and generally support the workflow of users. When these principles are not taken into account, it becomes easy for even highly skilled developers to make mistakes. In this project we explore different aspects of how developers interact with the security and privacy aspects of their work.

Project screenshot.

Chatty Factories

Adam Jenkins, Dave Murray-Rust, Kami Vaniea

Factories of the future may be able to reconfigure themselves based on how their products are used and what their consumers most need. Manufactoring systems are characterised by a multitude of interconnected procedures that include many discrete, highly specialised and human intensive activities, such as: consumer research, concept design, engineering design, prototyping, and manufacturing operations. This project looks at how we can use information collected by devices themselves to support rapid redesign and manufacture in a way that produces better products while still being respectful of privacy rights of users.

Project screenshot.

Internet of Things (IoT) Awareness

Kami Vaniea, Nicole Meng

Consumers are generally concerned about their privacy when using Internet of Things (IoT) devices. This project explores different ways to help people better understand the implications of their "things".

Project screenshot.

Security Games

Kami Vaniea

Topics in computer security, such as firewalls, can seem inaccessible or very difficult to beginners. That perceived inaccessibility is a serious problem at a time when we need to be attracting more people of all types into the area of computer security. In this project we explore the use of educational games as a way of both teaching about computer security concepts as well as creating controlled spaces were we can test new security technology approaches.