发布求助
文献互助 智能选刊 最新文献

Proceedings 2019 Workshop on Usable Security最新文献

筛选
英文 中文
Does This App Respect My Privacy? Design and Evaluation of Information Materials Supporting Privacy-Related Decisions of Smartphone Users 这个应用程序尊重我的隐私吗?支持智能手机用户隐私相关决策的信息材料的设计与评估
Proceedings 2019 Workshop on Usable Security Pub Date : 2019-03-12 DOI: 10.14722/USEC.2019.23029
O. Kulyk, Paul Gerber, Karola Marky, Christopher Beckmann, M. Volkamer
{"title":"Does This App Respect My Privacy? Design and Evaluation of Information Materials Supporting Privacy-Related Decisions of Smartphone Users","authors":"O. Kulyk, Paul Gerber, Karola Marky, Christopher Beckmann, M. Volkamer","doi":"10.14722/USEC.2019.23029","DOIUrl":"https://doi.org/10.14722/USEC.2019.23029","url":null,"abstract":"Over the years, the wide-spread usage of smartphones leads to large amounts of personal data being stored by them. These data, in turn, can be accessed by the apps installed on the smartphones, and potentially misused, jeopardizing the privacy of smartphone users. While the app stores provide indicators that allow an estimation of the privacy risks of individual apps, these indicators have repeatedly been shown as too confusing for the lay users without technical expertise. We have developed an information flyer with the goal of providing decision support for these users and enabling them make more informed decisions regarding their privacy upon choosing and installing smartphone apps. Our flyer is based on previous research in mental models of smartphone privacy and security and includes heuristics for choosing privacy-friendlier apps used by IT-security experts. It also addresses common misconceptions of users regarding smartphones. The flyer was evaluated in a user study. The results of the study show, that the users who read the flyer tend to take privacy-relevant factors into account by relying on the heuristics in the flyer more often. Hence, the flyer succeeds in supporting users in making more informed privacy-related decisions.","PeriodicalId":215851,"journal":{"name":"Proceedings 2019 Workshop on Usable Security","volume":"515 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132686936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Security When it is Welcome: Exploring Device Purchase as an Opportune Moment for Security Behavior Change 安全受欢迎的时候:探索设备购买作为安全行为改变的时机
Proceedings 2019 Workshop on Usable Security Pub Date : 2019-02-27 DOI: 10.14722/usec.2019.23024
S. Parkin, Elissa M. Redmiles, L. Coventry, M. Sasse
{"title":"Security When it is Welcome: Exploring Device Purchase as an Opportune Moment for Security Behavior Change","authors":"S. Parkin, Elissa M. Redmiles, L. Coventry, M. Sasse","doi":"10.14722/usec.2019.23024","DOIUrl":"https://doi.org/10.14722/usec.2019.23024","url":null,"abstract":"Many security experts bemoan that consumers \u0000behave insecurely. Yet, current approaches to improving behavior \u0000either fail to consider when people may be most receptive to \u0000an intervention, or only consider experiences of threat (e.g., \u0000getting hacked) when identifying opportune moments for behavior change. We instead explore how an exemplar, positive \u0000experience – buying a new device – can serve as a “security trigger \u0000moment”. Through in-situ interviews with customers (n=85) and \u0000sales staff (n=21) across four branches of a major UK retailer, \u0000we characterise the potential for behavior change during device \u0000purchase. Further, rather than assuming that users are always \u0000ready for an intervention, we explore how the abilities and \u0000motivations of users and sales staff can influence the power of a \u0000security trigger moment to drive behavior change. Our work lays \u0000the foundation for identifying additional trigger moments and \u0000deploying targeted interventions when they are most welcome","PeriodicalId":215851,"journal":{"name":"Proceedings 2019 Workshop on Usable Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128991480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
A Phish Scale: Rating Human Phishing Message Detection Difficulty 网络钓鱼量表:评估人类网络钓鱼信息检测难度
Proceedings 2019 Workshop on Usable Security Pub Date : 2019-02-24 DOI: 10.14722/usec.2019.23028
M. Steves, Kristen K. Greene, M. Theofanos
{"title":"A Phish Scale: Rating Human Phishing Message Detection Difficulty","authors":"M. Steves, Kristen K. Greene, M. Theofanos","doi":"10.14722/usec.2019.23028","DOIUrl":"https://doi.org/10.14722/usec.2019.23028","url":null,"abstract":"As organizations continue to invest in phishing awareness training programs, many Chief Information Security Officers (CISOs) are concerned when their training exercise click rates are high or variable, as they must justify training budgets to those who question the efficacy of training when click rates are not declining. We argue that click rates should be expected to vary based on the difficulty of the phishing email for a target audience. Past research has shown that when the premise of a phishing email aligns with a user’s work context, it is much more challenging for users to detect a phish. Given this, we propose a Phish Scale, so CISOs and phishing training implementers can easily rate the difficulty of their phishing exercises and help explain associated click rates. We based our scale on past research in phishing cues and user context, and applied it to previously published data and new data from organization-wide phishing exercises targeting approximately 5 000 employees. The Phish Scale performed well with the current phishing dataset, but future work is needed to validate it with a larger variety of phishing emails. The Phish Scale shows great promise as a tool to help frame data sharing on phishing exercise click rates across sectors. Keywords—phishing cues, embedded phishing awareness training, operational data, network security, phishing defenses, security defenses","PeriodicalId":215851,"journal":{"name":"Proceedings 2019 Workshop on Usable Security","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121494292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Stop to Unlock - Improving the Security of Android Unlock Patterns 停止解锁-提高Android解锁模式的安全性
Proceedings 2019 Workshop on Usable Security Pub Date : 2019-02-24 DOI: 10.14722/usec.2019.23017
Alexander Suchan, E. V. Zezschwitz, Katharina Krombholz
{"title":"Stop to Unlock - Improving the Security of Android Unlock Patterns","authors":"Alexander Suchan, E. V. Zezschwitz, Katharina Krombholz","doi":"10.14722/usec.2019.23017","DOIUrl":"https://doi.org/10.14722/usec.2019.23017","url":null,"abstract":"Android unlock patterns are among the most common authentication mechanisms on mobile devices. They are fast \u0000and easy to use but also lack security as user-chosen gestures \u0000are easy to guess and easy to observe. To improve the traditional \u0000pattern approach, we propose Stop2Unlock, a usable but more \u0000secure modification of the traditional pattern lock. Stop2Unlock \u0000allows users to define nodes where they stop for a limited amount \u0000of time before swiping to the next node. We performed a lab \u0000study (n=40) and a field study (n=14) to show that this small \u0000change in user interaction can have a significant impact on \u0000security with a minimal impact on usability. That is, user-selected \u0000Stop2Unlock patterns are significantly harder to guess while being \u0000comparable in terms of usability. Additional analysis showed that \u0000users perceived the stop component as a rhythmic and memorable \u0000cue which supported the selection of higher entropy patterns.","PeriodicalId":215851,"journal":{"name":"Proceedings 2019 Workshop on Usable Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134018146","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Case Study – Exploring Children’s Password Knowledge and Practices 个案研究-探索儿童的密码知识和实践
Proceedings 2019 Workshop on Usable Security Pub Date : 2019-02-24 DOI: 10.14722/USEC.2019.23027
Yee-Yin Choong, M. Theofanos, K. Renaud, Suzanne Prior
{"title":"Case Study – Exploring Children’s Password Knowledge and Practices","authors":"Yee-Yin Choong, M. Theofanos, K. Renaud, Suzanne Prior","doi":"10.14722/USEC.2019.23027","DOIUrl":"https://doi.org/10.14722/USEC.2019.23027","url":null,"abstract":"Children use technology from a very young age, and often have to authenticate themselves. Yet very little attention has been paid to designing authentication specifically for this particular target group. The usual practice is to deploy the ubiquitous password, and this might well be a suboptimal choice. Designing authentication for children requires acknowledgement of child-specific developmental challenges related to literacy, cognitive abilities and differing developmental stages. Understanding the current state of play is essential, to deliver insights that can inform the development of child-centred authentication mechanisms and processes. We carried out a systematic literature review of all research related to children and authentication since 2000. A distinct research gap emerged from the analysis. Thus, we designed and administered a survey to school children in the United States (US), so as to gain insights into their current password usage and behaviors. This paper reports preliminary results from a case study of 189 children (part of a much larger research effort). The findings highlight age-related differences in children’s password understanding and practices. We also discovered that children confuse concepts of safety and security. We conclude by suggesting directions for future research. This paper reports on work in progress.","PeriodicalId":215851,"journal":{"name":"Proceedings 2019 Workshop on Usable Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129544124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies 复制:如果输不了,我们会打盹吗?习惯化用户研究中带有激励的风险建模
Proceedings 2019 Workshop on Usable Security Pub Date : 2019-02-01 DOI: 10.14722/usec.2019.23001
Karoline Busse, Dominik Wermke, Sabrina Amft, S. Fahl, E. V. Zezschwitz, Matthew Smith
{"title":"Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies","authors":"Karoline Busse, Dominik Wermke, Sabrina Amft, S. Fahl, E. V. Zezschwitz, Matthew Smith","doi":"10.14722/usec.2019.23001","DOIUrl":"https://doi.org/10.14722/usec.2019.23001","url":null,"abstract":"Users of computer systems are confronted with security dialogs on a regular basis. As demonstrated by previous research, frequent exposure to these dialogs may lead to habituation (i.e., users tend to ignore them). While these previous studies are vital to gaining insights into the human factor, important realworld aspects have been ignored; most notably, not adhering to security dialogs has barely had a negative impact for user study participants. To address this limitation, we replicate and extend previous work on the habituation effect. Our new study design introduces a monetary component in order to refine the study methodology on habituation research. To evaluate our approach, we conducted an online user study (n = 1236) and found a significant effect of monetary loss on the compliance to security dialogs. Overall, this paper contributes to a deeper understanding of the habituation effect in the context of warning dialogs and provides novel insights into the complexity of ecologically valid risk modeling in user studies.","PeriodicalId":215851,"journal":{"name":"Proceedings 2019 Workshop on Usable Security","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130055445","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
In Control with no Control: Perceptions and Reality of Windows 10 Home Edition Update Features 在控制与不控制:感知和现实的Windows 10家庭版更新功能
Proceedings 2019 Workshop on Usable Security Pub Date : 2019-01-17 DOI: 10.14722/usec.2019.23008
J. Morris, Ingolf Becker, S. Parkin
{"title":"In Control with no Control: Perceptions and Reality of Windows 10 Home Edition Update Features","authors":"J. Morris, Ingolf Becker, S. Parkin","doi":"10.14722/usec.2019.23008","DOIUrl":"https://doi.org/10.14722/usec.2019.23008","url":null,"abstract":"Home computer users are regularly advised to install software updates to stay secure. Windows 10 Home edition is unique as it automatically downloads and installs updates, and restarts the computer automatically if needed. The automatic restarts can be influenced through a number of features, such as ‘active hours’ (the period during which a computer will never automatically restart to finish installing an update) or by explicitly setting a time when to restart the computer. This research investigates if the features Microsoft provides for managing updates on Windows 10 Home edition are appropriate for computer owners. We build a model of the update behaviour of Windows 10. The model identifies all interaction points between the update system and the users. We contrast the theory with reality in a survey study with 93 participants which establishes the experiences and perceptions of users of Windows 10 Home. Windows will not restart a computer outside active hours if the computer is in use. However, if any user of a machine sets an explicit restart time, the computer will restart at that time in order to install quality updates even if the computer is still in active use (potentially by a different user to the one who set the restart time). While overall perceptions of updates were positive, the pattern of use of almost all users was incompatible with the default setting of the ‘active hours’ feature. Only 28% of users knew of its existence. Users are mostly unaware of quality (bugfix) updates, perceiving that updates act mostly to add features. Half of our participants report unexpected restarts, while half also reported growing concern about the state of their device if an update took a long time. Participants who had previous negative experiences had weaker beliefs about their ability to control updates than those who had not. We recommend that operating systems obtain explicit permission for restarts consistently; there are opportunities for default features such as active hours and update progress displays to learn from usage activity.","PeriodicalId":215851,"journal":{"name":"Proceedings 2019 Workshop on Usable Security","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122771760","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters 在做的工作:关于Android模式强度计的不准确性和影响
Proceedings 2019 Workshop on Usable Security Pub Date : 1900-01-01 DOI: 10.14722/usec.2019.23025
M. Golla, Jan Rimkus, Adam J. Aviv, Markus Dürmuth
{"title":"Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters","authors":"M. Golla, Jan Rimkus, Adam J. Aviv, Markus Dürmuth","doi":"10.14722/usec.2019.23025","DOIUrl":"https://doi.org/10.14722/usec.2019.23025","url":null,"abstract":"","PeriodicalId":215851,"journal":{"name":"Proceedings 2019 Workshop on Usable Security","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125448373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Continuous Smartphone Authentication using Wristbands 使用腕带进行智能手机认证
Proceedings 2019 Workshop on Usable Security Pub Date : 1900-01-01 DOI: 10.14722/usec.2019.23013
Shrirang Mare, Reza Rawassizadeh, Ronald A. Peterson
{"title":"Continuous Smartphone Authentication using Wristbands","authors":"Shrirang Mare, Reza Rawassizadeh, Ronald A. Peterson","doi":"10.14722/usec.2019.23013","DOIUrl":"https://doi.org/10.14722/usec.2019.23013","url":null,"abstract":"","PeriodicalId":215851,"journal":{"name":"Proceedings 2019 Workshop on Usable Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125088722","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Designing a Mobile Application to Support Social Processes for Privacy Decisions 设计一个支持社交隐私决策过程的移动应用程序
Proceedings 2019 Workshop on Usable Security Pub Date : 1900-01-01 DOI: 10.14722/usec.2019.23016
Zaina Aljallad, Wentao Guo, Chhaya Chouhan, Christy M. LaPerriere, Jessica Kropczynski, Pamela Wisnewski, H. Lipford
{"title":"Designing a Mobile Application to Support Social Processes for Privacy Decisions","authors":"Zaina Aljallad, Wentao Guo, Chhaya Chouhan, Christy M. LaPerriere, Jessica Kropczynski, Pamela Wisnewski, H. Lipford","doi":"10.14722/usec.2019.23016","DOIUrl":"https://doi.org/10.14722/usec.2019.23016","url":null,"abstract":"– People often rely on their friends, family, and other loved ones to help them make decisions about digital privacy and security. However, these social processes are rarely supported by technology. To address this gap, we developed an Android-based mobile application (“app”) prototype which helps individuals collaborate with people they know to make informed decisions about their app privacy permissions. To evaluate our design, we conducted an interview study with 10 college students while they interacted with our prototype. Overall, participants responded positively to the novel idea of using social collaboration as a means for making better privacy decisions. Yet, we also found that users are less inclined to help others and may be only willing to partake in conversations that directly affect themselves. We discuss the potential for embedding social processes in the design of systems that support privacy decision-making, as well as some of the challenges of this approach.","PeriodicalId":215851,"journal":{"name":"Proceedings 2019 Workshop on Usable Security","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125032443","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信