A Reference Architecture for Management of Security Operations in Digital Service Chains

Modern computing paradigms (i.e., cloud, edge, Internet of Things) and ubiquitous connectivity have brought the notion of pervasive computing to an unforeseeable level, which boosts service-oriented architectures and microservices patterns to create digital services with data-centric models. However, the resulting agility in service creation and management has not been followed by a similar evolution in cybersecurity patterns, which still largely rest on more conventional device- and infrastructure-centric models. In this Chapter, we describe the implementation of the GUARD Platform, which represents the core element of a modern cybersecurity framework for building detection and analytics services for complex digital service chains. We briefly review the logical components and how they address scientific and technological challenges behind the limitations of existing cybersecurity tools. We also provide validation and performance analysis that show the feasibility and efficiency of our implementation

Usable cryptocurrency systems

Since the introduction of Bitcoin in 2008 cryptocurrency and blockchain technology have drawn increasing attention from research and industry alike. The probably most visible evidence of the growing adoption of cryptocurrencies is the combined market capitalization which had reached over USD 2.9 trillion in November 2021. While the market capitalization remains subject to high volatility and has fallen since, the field has been growing steadily behind the scenes. Developer activity has been growing over the last decade and multiple projects which had been started to improve over the original design have reached maturity in recent years. However, the introduction of new technologies is often accompanied by the emergence of equally new design challenges. Despite the technological progress over the past years, cryptocurrencies have earned a reputation of being hard to get started with and overall difficult to use. But what exactly are the aspects that make them difficult to use? How do users manage their cryptocurrency in practice? Which challenges do they need to overcome? And how can Human-Computer Interaction help overcome these challenges? In several studies, this dissertation addresses these questions and explores them through three different approaches: (1) Cryptocurrency in Human-Computer Interaction: By systematically reviewing published Human-Computer Interaction research since the inception of Bitcoin, we organize the existing research effort and juxtapose it with the changing landscape of emerging technologies from practice to identify avenues for future research. Our results show that existing research has overwhelmingly focused on Bitcoin and Ethereum, while not addressing novel cryptocurrencies. (2) Understanding User Behavior: By exploring user behavior through multiple lenses we shed light on real-world practices of users and the challenges they face. We explore security and privacy practices through a qualitative interview study and triangulate the results in a delphi-study with 25 experts. We conducted an interview study to understand a particularly relevant point for the adoption of cryptocurrency – we investigate challenges first-time users face. Our results show that many usability issues are not rooted in the technical aspects of blockchain technology and can be addressed through Human-Computer Interaction research. (3) Improving Application Usability: By evaluating different approaches on how to aid the development of cryptocurrency applications we translate the findings of our empirical work into artifacts and put them to the test. Our results show that onboarding in mobile apps can improve perceived usability for first-time users under the right conditions, that Bitcoin Lightning can serve as a usable settlement layer for everyday transactions, that education can support the next generation of developers in building more useful applications, and that systems for rapid interface prototyping may speed up development efforts. Collectively, the contribution of this dissertation centers around the ongoing discussion on how to build usable cryptocurrency systems. More precisely, this dissertation contributes (a) empirical studies that show how users manage their cryptocurrency in practice and which challenges they face in doing so and (b) constructive approaches attempting to support the development of cryptocurrency systems in the future. The work concludes by reflecting on the future role of Human-Computer Interaction research in the cryptocurrency and blockchain space

Cybersecurity of Digital Service Chains

This open access book presents the main scientific results from the H2020 GUARD project. The GUARD project aims at filling the current technological gap between software management paradigms and cybersecurity models, the latter still lacking orchestration and agility to effectively address the dynamicity of the former. This book provides a comprehensive review of the main concepts, architectures, algorithms, and non-technical aspects developed during three years of investigation; the description of the Smart Mobility use case developed at the end of the project gives a practical example of how the GUARD platform and related technologies can be deployed in practical scenarios. We expect the book to be interesting for the broad group of researchers, engineers, and professionals daily experiencing the inadequacy of outdated cybersecurity models for modern computing environments and cyber-physical systems

Cybersecurity of Digital Service Chains

This open access book presents the main scientific results from the H2020 GUARD project. The GUARD project aims at filling the current technological gap between software management paradigms and cybersecurity models, the latter still lacking orchestration and agility to effectively address the dynamicity of the former. This book provides a comprehensive review of the main concepts, architectures, algorithms, and non-technical aspects developed during three years of investigation; the description of the Smart Mobility use case developed at the end of the project gives a practical example of how the GUARD platform and related technologies can be deployed in practical scenarios. We expect the book to be interesting for the broad group of researchers, engineers, and professionals daily experiencing the inadequacy of outdated cybersecurity models for modern computing environments and cyber-physical systems

Moving usable security research out of the lab: evaluating the use of VR studies for real-world authentication research

Empirical evaluations of real-world research artefacts that derive results from observations and experiments are a core aspect of usable security research. Expert interviews as part of this thesis revealed that the costs associated with developing and maintaining physical research artefacts often amplify human-centred usability and security research challenges. On top of that, ethical and legal barriers often make usability and security research in the field infeasible. Researchers have begun simulating real-life conditions in the lab to contribute to ecological validity. However, studies of this type are still restricted to what can be replicated in physical laboratory settings. Furthermore, historically, user study subjects were mainly recruited from local areas only when evaluating hardware prototypes. The human-centred research communities have recognised and partially addressed these challenges using online studies such as surveys that allow for the recruitment of large and diverse samples as well as learning about user behaviour. However, human-centred security research involving hardware prototypes is often concerned with human factors and their impact on the prototypes’ usability and security, which cannot be studied using traditional online surveys. To work towards addressing the current challenges and facilitating research in this space, this thesis explores if – and how – virtual reality (VR) studies can be used for real-world usability and security research. It first validates the feasibility and then demonstrates the use of VR studies for human-centred usability and security research through six empirical studies, including remote and lab VR studies as well as video prototypes as part of online surveys. It was found that VR-based usability and security evaluations of authentication prototypes, where users provide touch, mid-air, and eye-gaze input, greatly match the findings from the original real-world evaluations. This thesis further investigated the effectiveness of VR studies by exploring three core topics in the authentication domain: First, the challenges around in-the-wild shoulder surfing studies were addressed. Two novel VR shoulder surfing methods were implemented to contribute towards realistic shoulder surfing research and explore the use of VR studies for security evaluations. This was found to allow researchers to provide a bridge over the methodological gap between lab and field studies. Second, the ethical and legal barriers when conducting in situ usability research on authentication systems were addressed. It was found that VR studies can represent plausible authentication environments and that a prototype’s in situ usability evaluation results deviate from traditional lab evaluations. Finally, this thesis contributes a novel evaluation method to remotely study interactive VR replicas of real-world prototypes, allowing researchers to move experiments that involve hardware prototypes out of physical laboratories and potentially increase a sample’s diversity and size. The thesis concludes by discussing the implications of using VR studies for prototype usability and security evaluations. It lays the foundation for establishing VR studies as a powerful, well-evaluated research method and unfolds its methodological advantages and disadvantages