You can find my updated webpage here: https://www.sce.carleton.ca/faculty/assal/
About
I am a Usable Security and User Experience Researcher.
I’m collaborating with the System Security group at ETH Zürich, Switzerland and Carleton University’s lab for Human Oriented Research in Usable Security (CHORUS), Canada on human-centric research projects aiming at enhancing users’ privacy and security.
I was a postdoctoral researcher at the University of Ottawa working with Prof. Virginie Cobigo. As a member of AGE-WELL NCE, I investigated security and privacy practices when information and communication technologies are being developed for users with cognitive disabilities.
I obtained my PhD in Computer Science from Carleton University, Canada, under the supervision of Prof. Sonia Chiasson. My thesis entitled “The Human Dimension Of Software Security And Factors Affecting Security Processes ” focused on human aspects of software security within the overall development process. This work identified factors that influence security processes and motivation to address security, including company culture towards security, resources available to address security, external pressures, and the availability and usability of security tools.
I also collaborated with multidisciplinary teams on various research projects focusing on users’ privacy knowledge and attitudes, the usability of privacy-preserving tools, alternative authentication mechanisms for children, and understanding the impact of ransomeware attacks on users.
Research Interests
I’m interested in the areas of usability, usable security and privacy, security visualizations, and collaborative multitouch surfaces.
Publications
Articles
- Hala Assal, Ahsan Imran, and Sonia Chiasson. [Journal Article] An exploration of graphical password authentication for children. International Journal of Child-Computer Interaction, Elsevier, 2018.
[Bibtex]@article{assal2018-gpkids-ijcci, title = {[Journal Article] An exploration of graphical password authentication for children}, journal = {International Journal of Child-Computer Interaction, Elsevier}, pages = {}, year = {2018}, author = {Hala Assal AND Ahsan Imran AND Sonia Chiasson}, doi={10.1016/j.ijcci.2018.06.003}, url={https://doi.org/10.1016/j.ijcci.2018.06.003}, note = {Articles} }
Conference Papers
- Kazma Chaudhry, Anna-Lena Theus, Hala Assal, and Sonia Chiasson. “It’s not that I want to see the student’s bedroom…”: Instructor Perceptions of e-Proctoring Software. In European Symposium on Usable Security (EuroUSEC). ACM 2023.
[Bibtex]@inproceedings{chaudhry2023-instructorEproctoring-eurousec, title={``It’s not that I want to see the student’s bedroom...'': Instructor Perceptions of e-Proctoring Software}, author={Kazma Chaudhry and Anna-Lena Theus and Hala Assal and Chiasson, Sonia}, booktitle={European Symposium on Usable Security (EuroUSEC)}, pages={}, year={2023}, publisher = {ACM}, note = {Conference Papers}, doi = {} }
- Michael Lutaaya, Hala Assal, Khadija Baig, Sana Maqsood, and Sonia Chiasson. [Paper] `Lose Your Phone, Lose Your Identity’: Exploring Users’ Perceptions and Expectations of a Digital Identity Service. In Workshop on Usable Security and Privacy (USEC). Internet Society 2021.
[Bibtex]@INPROCEEDINGS{lutaaya2021-digital-id-usability-usec, author = {Michael Lutaaya AND Hala Assal AND Khadija Baig AND Sana Maqsood AND Sonia Chiasson}, title = {[Paper] `Lose Your Phone, Lose Your Identity': Exploring Users’ Perceptions and Expectations of a Digital Identity Service}, booktitle = {Workshop on Usable Security and Privacy ({USEC})}, publisher={Internet Society}, year = {2021}, note = {Conference Papers} }
- Enis Ulqinaku, Hala Assal, AbdelRahman Abdou, Sonia and Chiasson, and {[Paper] Is Real-time Phishing Eliminated FIDO? Social Engineering Downgrade Attacks =. title with against FIDO. In Security Symposium (USENIX Security). USENIX Association 2021.
[Bibtex]@inproceedings {ulqinaku2021-fidophishing-usenixsec, author = {Enis Ulqinaku AND Hala Assal AND AbdelRahman Abdou AND and Sonia Chiasson AND Srdjan Capkun} title = {[Paper] Is Real-time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks against {FIDO} Protocols}, booktitle = {Security Symposium ({USENIX} Security)}, year = {2021}, url = {https://www.usenix.org/conference/usenixsecurity21/presentation/ulqinaku}, publisher = {USENIX Association}, note = {Conference Papers} }
- Hala Assal and Sonia Chiasson. [Paper]“Think secure from the beginning”: A Survey with Software Developers. In SIGCHI Conference on Human Factors in Computing Systems (CHI). ACM, 2019.
[Bibtex]@INPROCEEDINGS{assal2019developersurvey-chi, author = {Hala Assal AND Sonia Chiasson}, title = {[Paper]``Think secure from the beginning'': A Survey with Software Developers }, booktitle = { SIGCHI Conference on Human Factors in Computing Systems (CHI) }, year = {2019}, note = {Conference Papers}, organization = {ACM} }
- Leah Zhang-Kennedy, Hala Assal, Jessica Rocheleau, Reham Mohamed, Khadija Baig, and Sonia Chiasson. [Paper] The aftermath of a crypto-ransomware attack at a large academic institution. In USENIX Security 2018.
[Bibtex]@INPROCEEDINGS{zhang-kennedy2018ransomware-usenixsec, author = {Leah Zhang-Kennedy AND Hala Assal AND Jessica Rocheleau AND Reham Mohamed AND Khadija Baig AND Sonia Chiasson}, title = {[Paper] The aftermath of a crypto-ransomware attack at a large academic institution}, booktitle = {USENIX Security}, year = {2018}, url={https://www.usenix.org/conference/usenixsecurity18/presentation/zhang-kennedy}, note = {Conference Papers} }
- Hala Assal and Sonia Chiasson. [Paper] Security in the Software Development Lifecycle. In Symposium on Usable Privacy and Security (SOUPS). USENIX 2018.
[Bibtex]@INPROCEEDINGS{assal2018security-sdlc-soups, author = {Hala Assal AND Sonia Chiasson}, title = {[Paper] Security in the Software Development Lifecycle}, booktitle = {Symposium on Usable Privacy and Security ({SOUPS})}, publisher={USENIX}, year = {2018}, url={https://www.usenix.org/conference/soups2018/presentation/assal}, note = {Conference Papers} }
- Rebecca Cooper, Hala Assal, and Sonia Chiasson. [Paper] Cross-national privacy concerns on data collection by government agencies. In Privacy, Security, and Trust (PST) 2017.
[Bibtex]@INPROCEEDINGS{cooper2017crossnational-pst, author = {Rebecca Cooper AND Hala Assal AND Sonia Chiasson}, title = {[Paper] Cross-national privacy concerns on data collection by government agencies}, booktitle = {Privacy, Security, and Trust ({PST})}, year = {2017}, note = {Conference Papers} }
- Hala Assal, Sonia Chiasson, and Robert Biddle. [Paper] Cesar: Visual representation of source code vulnerabilities. In Symposium on Visualization for Cyber Security (VizSec). IEEE, 2016.
[Bibtex]@INPROCEEDINGS{assal2016-cesar-vizsec, author = {Hala Assal AND Sonia Chiasson AND Robert Biddle}, title = {[Paper] Cesar: Visual representation of source code vulnerabilities}, booktitle = {Symposium on Visualization for Cyber Security ({V}iz{S}ec)}, year = {2016}, note = {Conference Papers}, organization = {IEEE}, doi={10.1109/VIZSEC.2016.7739576} }
- Hala Assal, Stephanie Hurtado, Ahsan Imran, and Sonia Chiasson. [Paper] What’s the deal with privacy apps? A comprehensive exploration of user perception and usability. In Mobile and Ubiquitous Multimedia (MUM). ACM, 2015.
[Bibtex]@INPROCEEDINGS{assal2015mobileprivacy-mum, author = {Assal, Hala AND Hurtado, Stephanie AND Imran, Ahsan AND Chiasson, Sonia}, title = {[Paper] What's the deal with privacy apps? A comprehensive exploration of user perception and usability}, booktitle = {Mobile and Ubiquitous Multimedia (MUM)}, year = {2015}, doi = {http://dx.doi.org/10.1145/2836041.2836044}, note = {Conference Papers}, organization = {ACM} }
Extended Abstracts and Workshop Papers
- Hala Assal and Sonia Chiasson. [Workshop paper] Motivations and Amotivations for Software Security. In SOUPS Workshop on Security Information Workers (WSIW). USENIX, 2018.
[Bibtex]@INPROCEEDINGS{assal2018-motivations-, author = {Hala Assal AND Sonia Chiasson}, title = {[Workshop paper] Motivations and Amotivations for Software Security }, booktitle = {SOUPS Workshop on Security Information Workers (WSIW)}, year = {2018}, note = {Extended Abstracts and Workshop Papers}, organization = {USENIX} }
- Hala Assal, Jeff Wilson, Sonia Chiasson, and Robert Biddle. [Extended Abstract] Collaborative Security Code-Review: Towards Aiding Developers Ensure Software-Security. Symposium on Usable Privacy and Security (SOUPS), 2015.
[Bibtex]@MISC{assal2015codereview-soups, author = {Hala Assal AND Jeff Wilson AND Sonia Chiasson AND Robert Biddle}, title = {[Extended Abstract] Collaborative Security Code-Review: Towards Aiding Developers Ensure Software-Security}, howpublished = {Symposium on Usable Privacy and Security (SOUPS)}, year = {2015}, note = {Extended Abstracts and Workshop Papers} }
- Hala Assal and Sonia Chiasson. [Workshop paper] Tor for All: A Usability Study of Tor-enabled Mobile Apps. GRAND NCE Annual Conference, 2014.
[Bibtex]@MISC{assal2014tor-grand, author = {Hala Assal AND Sonia Chiasson}, title = {[Workshop paper] Tor for All: A Usability Study of Tor-enabled Mobile Apps}, howpublished = {GRAND NCE Annual Conference}, year = {2014}, note = {Extended Abstracts and Workshop Papers} }
- Hala Assal and Sonia Chiasson. [Extended abstract] Will this onion make you cry? A Usability Study of Tor-enabled Mobile Apps. In Symposium on Usable Privacy and Security (SOUPS) 2014.
[Bibtex]@INPROCEEDINGS{assal2014tor-soups, author = {Assal, Hala and Chiasson, Sonia}, title = {[Extended abstract] Will this onion make you cry? A Usability Study of Tor-enabled Mobile Apps}, booktitle = {Symposium on Usable Privacy and Security (SOUPS)}, year = {2014}, note = {Extended Abstracts and Workshop Papers} }
Posters and Others
- Hala Assal, Jeff Wilson, Sonia Chiasson, and Robert Biddle. [Poster] Collaborative Security Code-Review: Towards Aiding Developers Ensure Software-Security. Canadian Celebration of Women in Computing Conference ({CAN-CWiC}), 2016.
[Bibtex]@MISC{assal2016cscr-cwic, author = {Hala Assal AND Jeff Wilson AND Sonia Chiasson AND Robert Biddle}, title = {[Poster] Collaborative Security Code-Review: Towards Aiding Developers Ensure Software-Security}, howpublished = {Canadian Celebration of Women in Computing Conference ({CAN-CWiC})}, year = {2016}, note = {Posters and Others} }
Technical Reports
- Hala Assal, Ahsan Imran, and Sonia Chiasson. [Tech report] An Exploration of Graphical Password Authentication for Children. Technical Report arXiv:1610.09743, School of Computer Science, Carleton University, 2016.
[Bibtex]@TECHREPORT{assal2016-kidgp-tr, author = {Hala Assal AND Ahsan Imran AND Sonia Chiasson}, title = {[Tech report] An Exploration of Graphical Password Authentication for Children}, institution = {School of Computer Science, Carleton University}, year = {2016}, number = {arXiv:1610.09743}, note = {Technical Reports} }
Theses
- Hala Assal. [Thesis] The Human Dimension of Software Security and Factors Affecting Security Processes. PhD thesis, School of Computer Science, Carleton University, 2018.
[Bibtex]@PHDTHESIS{assal2018thesis-carleton, author = {Hala Assal}, title = {[Thesis] The Human Dimension of Software Security and Factors Affecting Security Processes}, school = {School of Computer Science, Carleton University}, year = {2018}, note = {Theses} }