11,713 research outputs found
"No Good Reason to Remove Features": Expert Users Value Useful Apps over Secure Ones
Application sandboxes are an essential security mechanism to contain malware, but are seldom used on desktops. To understand why this is the case, we interviewed 13 expert users about app appropriation decisions they made on their desktop computers. We collected 201 statements about app appropriation decisions. Our value-sensitive empirical analysis of the interviews revealed that (a) security played a very minor role in app appropriation; (b) users valued plugins that support their productivity; (c) users may abandon apps that remove a feature – especially when a feature was blocked for security reasons. Our expert desktop users valued a stable user experience and flexibility, and are unwilling to sacrifice those for better security. We conclude that sandboxing – as currently implemented – is unlikely to be voluntarily adopted, especially by expert users. For sandboxing to become a desirable security mechanism, they must first accommodate plugins and features widely found in popular desktop apps
Why Do People Adopt, or Reject, Smartphone Password Managers?
People use weak passwords for a variety of reasons, the most prescient of these being memory load and inconvenience. The motivation to choose weak passwords is even more compelling on Smartphones because entering complex passwords is particularly time consuming and arduous on small devices. Many of the memory- and inconvenience-related issues can be ameliorated by using a password manager app. Such an app can generate, remember and automatically supply passwords to websites and other apps on the phone. Given this potential, it is unfortunate that these applications have not enjoyed widespread adoption. We carried out a study to find out why this was so, to investigate factors that impeded or encouraged password manager adoption. We found that a number of factors mediated during all three phases of adoption: searching, deciding and trialling. The study’s findings will help us to market these tools more effectively in order to encourage future adoption of password managers
Encouraging Privacy-Aware Smartphone App Installation: Finding out what the Technically-Adept Do
Smartphone apps can harvest very personal details
from the phone with ease. This is a particular privacy concern.
Unthinking installation of untrustworthy apps constitutes risky
behaviour. This could be due to poor awareness or a lack of knowhow:
knowledge of how to go about protecting privacy. It seems
that Smartphone owners proceed with installation, ignoring any
misgivings they might have, and thereby irretrievably sacrifice
their privacy
Digital curation and the cloud
Digital curation involves a wide range of activities, many of which could benefit from cloud
deployment to a greater or lesser extent. These range from infrequent, resource-intensive tasks
which benefit from the ability to rapidly provision resources to day-to-day collaborative activities
which can be facilitated by networked cloud services. Associated benefits are offset by risks
such as loss of data or service level, legal and governance incompatibilities and transfer
bottlenecks. There is considerable variability across both risks and benefits according to the
service and deployment models being adopted and the context in which activities are
performed. Some risks, such as legal liabilities, are mitigated by the use of alternative, e.g.,
private cloud models, but this is typically at the expense of benefits such as resource elasticity
and economies of scale. Infrastructure as a Service model may provide a basis on which more
specialised software services may be provided.
There is considerable work to be done in helping institutions understand the cloud and its
associated costs, risks and benefits, and how these compare to their current working methods,
in order that the most beneficial uses of cloud technologies may be identified. Specific
proposals, echoing recent work coordinated by EPSRC and JISC are the development of
advisory, costing and brokering services to facilitate appropriate cloud deployments, the
exploration of opportunities for certifying or accrediting cloud preservation providers, and
the targeted publicity of outputs from pilot studies to the full range of stakeholders within the
curation lifecycle, including data creators and owners, repositories, institutional IT support
professionals and senior manager
From Paternalistic to User-Centred Security: Putting Users First with Value-Sensitive Design
Usable security research to date has focused on making
users more secure, by identifying and addressing usability
issues that lead users to making mistakes, or by persuading
users to pay attention to security and make secure choices.
However, security goals were set by security experts, who
were unaware that users often have other priorities and
value security differently. In this paper, we present examples
of circumventions and non-adoption of secure systems
designed under this paternalistic mindset. We argue that
security experts need to identify user values and deliver
on them. To do that, we need a methodological framework
that can conceptualise values and identify those that impact
user engagement with security. We show that (a) engagement
with, and adherence to security, are mediated by user
values, and that (b) it is necessary to model those values
to understand the nature of security’s failures and to design
viable alternatives
The Android Platform Security Model
Android is the most widely deployed end-user focused operating system. With
its growing set of use cases encompassing communication, navigation, media
consumption, entertainment, finance, health, and access to sensors, actuators,
cameras, or microphones, its underlying security model needs to address a host
of practical threats in a wide variety of scenarios while being useful to
non-security experts. The model needs to strike a difficult balance between
security, privacy, and usability for end users, assurances for app developers,
and system performance under tight hardware constraints. While many of the
underlying design principles have implicitly informed the overall system
architecture, access control mechanisms, and mitigation techniques, the Android
security model has previously not been formally published. This paper aims to
both document the abstract model and discuss its implications. Based on a
definition of the threat model and Android ecosystem context in which it
operates, we analyze how the different security measures in past and current
Android implementations work together to mitigate these threats. There are some
special cases in applying the security model, and we discuss such deliberate
deviations from the abstract model
Engaging through social media. Part 1 social media explained
This guide is designed for youth project managers, and has the following aims "To explain social media technologies and functions
using simple language. To provide you with the tools to increase interest and attendance at your project by working with young people and promoting your activities through social media.
Risk analysis of Android applications: A user-centric solution
Android applications (apps) pose many risks to their users, e.g., by including code that may threaten user privacy or system integrity. Most of the current security countermeasures for detecting dangerous apps show some weaknesses, mainly related to users' understanding and acceptance. Hence, users would benefit from an effective but simple technique that indicates whether an app is safe or risky to be installed. In this paper, we present MAETROID (Multi-criteria App Evaluator of TRust for AndrOID), a framework to evaluate the trustworthiness of Android apps, i.e., the amount of risk they pose to users, e.g., in terms of confidentiality and integrity. MAETROID performs a multi-criteria analysis of an app at deploy-time and returns a single easy-to-understand evaluation of the app's risk level (i.e., Trusted, Medium Risk, and High Risk), aimed at driving the user decision on whether or not installing a new app. The criteria include the set of requested permissions and a set of metadata retrieved from the marketplace, denoting the app quality and popularity. We have tested MAETROID on a set of 11,000 apps both coming from Google Play and from a database of known malicious apps. The results show a good accuracy in both identifying the malicious apps and in terms of false positive rate
The Evolution of Embedding Metadata in Blockchain Transactions
The use of blockchains is growing every day, and their utility has greatly
expanded from sending and receiving crypto-coins to smart-contracts and
decentralized autonomous organizations. Modern blockchains underpin a variety
of applications: from designing a global identity to improving satellite
connectivity. In our research we look at the ability of blockchains to store
metadata in an increasing volume of transactions and with evolving focus of
utilization. We further show that basic approaches to improving blockchain
privacy also rely on embedding metadata. This paper identifies and classifies
real-life blockchain transactions embedding metadata of a number of major
protocols running essentially over the bitcoin blockchain. The empirical
analysis here presents the evolution of metadata utilization in the recent
years, and the discussion suggests steps towards preventing criminal use.
Metadata are relevant to any blockchain, and our analysis considers primarily
bitcoin as a case study. The paper concludes that simultaneously with both
expanding legitimate utilization of embedded metadata and expanding blockchain
functionality, the applied research on improving anonymity and security must
also attempt to protect against blockchain abuse.Comment: 9 pages, 6 figures, 1 table, 2018 International Joint Conference on
Neural Network
- …