基于角色扮演的用户安全行为研究——以电子邮件保密为例

10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing Pub Date : 2014-11-11 DOI:10.4108/ICST.COLLABORATECOM.2014.257242

Kui Xu, D. Yao, Manuel A. Pérez-Quiñones, Casey Link, E. Geller

{"title":"基于角色扮演的用户安全行为研究——以电子邮件保密为例","authors":"Kui Xu, D. Yao, Manuel A. Pérez-Quiñones, Casey Link, E. Geller","doi":"10.4108/ICST.COLLABORATECOM.2014.257242","DOIUrl":null,"url":null,"abstract":"Understanding the capabilities of adversaries (e.g., how much the adversary knows about a target) is important for building strong security defenses. Computing an adversary's knowledge about a target requires new modeling techniques and experimental methods. Our work describes a quantitative analysis technique for modeling an adversary's knowledge about private information at workplace. Our technical enabler is a new emulation environment for conducting user experiments on attack behaviors. We develop a role-playing cyber game for our evaluation, where the participants take on the adversary role to launch ID theft attacks by answering challenge questions about a target. We measure an adversary's knowledge based on how well he or she answers the authentication questions about a target. We present our empirical modeling results based on the data collected from a total of 36 users.","PeriodicalId":432345,"journal":{"name":"10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Role-playing game for studying user behaviors in security: A case study on email secrecy\",\"authors\":\"Kui Xu, D. Yao, Manuel A. Pérez-Quiñones, Casey Link, E. Geller\",\"doi\":\"10.4108/ICST.COLLABORATECOM.2014.257242\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Understanding the capabilities of adversaries (e.g., how much the adversary knows about a target) is important for building strong security defenses. Computing an adversary's knowledge about a target requires new modeling techniques and experimental methods. Our work describes a quantitative analysis technique for modeling an adversary's knowledge about private information at workplace. Our technical enabler is a new emulation environment for conducting user experiments on attack behaviors. We develop a role-playing cyber game for our evaluation, where the participants take on the adversary role to launch ID theft attacks by answering challenge questions about a target. We measure an adversary's knowledge based on how well he or she answers the authentication questions about a target. We present our empirical modeling results based on the data collected from a total of 36 users.\",\"PeriodicalId\":432345,\"journal\":{\"name\":\"10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4108/ICST.COLLABORATECOM.2014.257242\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/ICST.COLLABORATECOM.2014.257242","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

了解对手的能力(例如，对手对目标了解多少)对于构建强大的安全防御非常重要。计算对手对目标的了解需要新的建模技术和实验方法。我们的工作描述了一种定量分析技术，用于模拟对手对工作场所私人信息的了解。我们的技术使能器是一个新的仿真环境，用于对攻击行为进行用户实验。我们为我们的评估开发了一个角色扮演网络游戏，参与者扮演对手的角色，通过回答关于目标的挑战问题来发起身份盗窃攻击。我们衡量对手的知识是基于他或她如何回答关于目标的身份验证问题。我们基于从36个用户中收集的数据给出了我们的实证建模结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Role-playing game for studying user behaviors in security: A case study on email secrecy

Understanding the capabilities of adversaries (e.g., how much the adversary knows about a target) is important for building strong security defenses. Computing an adversary's knowledge about a target requires new modeling techniques and experimental methods. Our work describes a quantitative analysis technique for modeling an adversary's knowledge about private information at workplace. Our technical enabler is a new emulation environment for conducting user experiments on attack behaviors. We develop a role-playing cyber game for our evaluation, where the participants take on the adversary role to launch ID theft attacks by answering challenge questions about a target. We measure an adversary's knowledge based on how well he or she answers the authentication questions about a target. We present our empirical modeling results based on the data collected from a total of 36 users.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

自引率

0.00%

发文量