Reducing risky security behaviours:utilising affective feedback to educate users

Despite the number of tools created to help end-users reduce risky security behaviours, users are still falling victim to online attacks. This paper proposes a browser extension utilising affective feedback to provide warnings on detection of risky behaviour. The paper provides an overview of behaviour considered to be risky, explaining potential threats users may face online. Existing tools developed to reduce risky security behaviours in end-users have been compared, discussing the success rate of various methodologies. Ongoing research is described which attempts to educate users regarding the risks and consequences of poor security behaviour by providing the appropriate feedback on the automatic recognition of risky behaviour. The paper concludes that a solution utilising a browser extension is a suitable method of monitoring potentially risky security behaviour. Ultimately, future work seeks to implement an affective feedback mechanism within the browser extension with the aim of improving security awareness

Assessing the impact of affective feedback on end-user security awareness

A lack of awareness regarding online security behaviour can leave users and their devices vulnerable to compromise. This paper highlights potential areas where users may fall victim to online attacks, and reviews existing tools developed to raise users’ awareness of security behaviour. An ongoing research project is described, which provides a combined monitoring solution and affective feedback system, designed to provide affective feedback on automatic detection of risky security behaviour within a web browser. Results gained from the research conclude an affective feedback mechanism in a browser-based environment, can promote general awareness of online security

Security awareness and affective feedback:categorical behaviour vs. reported behaviour

A lack of awareness surrounding secure online behaviour can lead to end-users, and their personal details becoming vulnerable to compromise. This paper describes an ongoing research project in the field of usable security, examining the relationship between end-user-security behaviour, and the use of affective feedback to educate end-users. Part of the aforementioned research project considers the link between categorical information users reveal about themselves online, and the information users believe, or report that they have revealed online. The experimental results confirm a disparity between information revealed, and what users think they have revealed, highlighting a deficit in security awareness. Results gained in relation to the affective feedback delivered are mixed, indicating limited short-term impact. Future work seeks to perform a long-term study, with the view that positive behavioural changes may be reflected in the results as end-users become more knowledgeable about security awareness

Staging Transformations for Multimodal Web Interaction Management

Multimodal interfaces are becoming increasingly ubiquitous with the advent of mobile devices, accessibility considerations, and novel software technologies that combine diverse interaction media. In addition to improving access and delivery capabilities, such interfaces enable flexible and personalized dialogs with websites, much like a conversation between humans. In this paper, we present a software framework for multimodal web interaction management that supports mixed-initiative dialogs between users and websites. A mixed-initiative dialog is one where the user and the website take turns changing the flow of interaction. The framework supports the functional specification and realization of such dialogs using staging transformations -- a theory for representing and reasoning about dialogs based on partial input. It supports multiple interaction interfaces, and offers sessioning, caching, and co-ordination functions through the use of an interaction manager. Two case studies are presented to illustrate the promise of this approach.Comment: Describes framework and software architecture for multimodal web interaction managemen

Program analysis for anomaly detection

When interacting with mobile applications, users may not always get what they expect. For instance, when users download Android applications from a market, they do not know much about their actual behavior. A brief description, a set of screenshots and a list of permissions, which give a high level intuition of what applications might be doing, form user expectations. However applications do not always meet them. For example, a gaming application intentionally could send SMS messages to a premium number in a background without a user’s knowledge. A less harmful scenario would be a wrong message confirming a successful action that was never executed. Whatever the behavior of a mobile application might (app) be, in order to test and fully understand it, there needs to be a technique that can analyse the User Interface (UI) of the app and the code associated with it as the whole. This thesis presents a static analysis framework called SAFAND that given an ANDROID app performs the following analysis: - gathers information on how the application uses sensitive data; - identifies and analyses UI elements of the application; - binds UI elements with their corresponding behavior. The thesis illustrates how results obtained from the framework can be used to identify problems ranging from small usability issues to malicious behavior of real-world applications.Bei der Interaktion mit mobilen Anwendungen erhalten Benutzer möglicherweise nicht immer das, was sie erwarten. Wenn Benutzer beispielsweise Android- Anwendungen von einem Marktplatz herunterladen, wissen sie nicht viel über das tatsächliche Verhalten dieser Anwendungen. Eine kurze Beschreibung, eine Reihe von Screenshots und eine Liste von Berechtigungen, die eine umfassende Vorstellung davon geben sollen, welche Anwendungen möglicherweise ausgeführt werden können, bilden die Erwartungen der Benutzer. Die Anwendungen entsprechen diesen Erwartungen aber nicht immer. Zum Beispiel könnte ein Spiel ohne Wissen des Benutzers im Hintergrund absichtlich SMS-Nachrichten an eine Premium-Nummer senden. Ein weniger schädliches Szenario wäre eine falsche Meldung, welche eine erfolgreiche Aktion bestätigt, die jedoch niemals durchgeführt wurde. Unabhängig vom Verhalten einer mobilen Anwendung (App) muss eine Technik vorhanden sein, die die Benutzeroberfläche (User Interface, UI) der App und des damit verbundenen Codes testet und als Ganzes versteht. In dieser Arbeit wird ein statisches Analyseframework namens SAFAND2 vorgestellt, bei dem eine ANDROID-App die folgende Analyse durchführt: * sammelt Informationen darüber, wie die Anwendung sensible Daten verwendet; * identifiziert und analysiert UI-Elemente der Anwendung; * verbindet UI-Elemente mit ihrem entsprechenden Verhalten. Die Arbeit zeigt, wie Probleme, von kleinen Usability-Problemen bis hin zu böswilligem Verhalten realer Anwendungen, mit den Ergebnissen des Frameworks identifiziert werden können. 2SAFAND = Static Analysis For Anomaly Detectio

NtGCM User's Manual: 1.1 (High Pressure High Temperature Laser based) Nanotube Growth Chamber Monitor

This manual describes the installation and use of NtGCM software. NtGCM is software designed for monitoring the growth of nanotubes in a high temperature and high pressure chamber using a laser*. NtGCM software monitors a dozen dierent parameters that are important to understanding the growth of the nanomaterials including the laser input power, the temperature at eight separate locations inside and outside the growth chamber, as well as the pressure and ow rate of the gaseous media that control the environment in the chamber. The measurements are all made in real time. The program features a robust user account management layer and a rich data display manager that allows plotted data, displayed units and other parameters to be changed on the y for the operator's convenience

Using X+V to construct a non-proprietary speech browser for a public-domain SpeechWeb

A SpeechWeb is a collection of hyperlinked speech applications that are distributed over the Internet. Users access the speech applications through remote browsers, which accept human-voice-input and return synthesized-voice-output. In previous research, a new architecture (LRRP) has been proposed, which is ideally suited for building a Public-Domain SpeechWeb. However, a non-proprietary speech browser is needed for this architecture. In this thesis, we have solved several limitations of X+V, a programming language for developing Multimodal applications, and we have used X+V to build a viable Public-Domain SpeechWeb browser. Our browser has the following properties: real-time human-machine speech interaction; ease of installation and use; acceptable speech-recognition accuracy in a suitable environment; no cost, non-proprietary, ease of distribution; use of common communication protocol---CGI; ease of creation of speech applications; possibility to deploy on mobile devices.Dept. of Computer Science. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2006 .M31. Source: Masters Abstracts International, Volume: 45-01, page: 0360. Thesis (M.Sc.)--University of Windsor (Canada), 2006