Towards robust experimental design for user studies in security and privacy

Background: Human beings are an integral part of computer security, whether we actively participate or simply build the systems. Despite this importance, understanding users and their interaction with security is a blind spot for most security practitioners and designers. / Aim: Define principles for conducting experiments into usable security and privacy, to improve study robustness and usefulness. / Data: The authors’ experiences conducting several research projects complemented with a literature survey. Method: We extract principles based on relevance to the advancement of the state of the art. We then justify our choices by providing published experiments as cases of where the principles are and are not followed in practice to demonstrate the impact. Each principle is a discipline specific instantiation of desirable experiment-design elements as previously established in the domain of philosophy of science. / Results: Five high-priority principles – (i) give participants a primary task; (ii) incorporate realistic risk; (iii) avoid priming the participants; (iv) perform doubleblind experiments whenever possible and (v) think carefully about how meaning is assigned to the terms threat model, security, privacy, and usability. / Conclusion: The principles do not replace researcher acumen or experience, however they can provide a valuable service for facilitating evaluation, guiding younger researchers and students, and marking a baseline common language for discussing further improvements

Remote Laboratory for Nuclear Security Education

Laboratory experiences for online students are very limited. To fill this gap, educators in the Department of Nuclear Engineering at Texas A&M University developed a series of radiation detection experiments for their remote students. Radiation detection is only one piece of nuclear security. The objective of the current research is to describe the development and execution of three online laboratories that investigate the basic application of physical security sensors that use light, ultrasonics, and heat to detect adversaries. This laboratory complements lecture material from the department’s Nuclear Security System and Design course. Using the Remote Desktop Application, students connect to a laboratory computer at Texas A&M to control the apparatus and record data. The sensors from a LEGO MINDSTORMS EV3 Education Core set were employed because of their ease of connectivity and their ability to show in a simplistic way how more complex security systems use light, ultrasonics, and heat. Additionally, LabVIEW software was used to control ethernet stepper motors for lateral and rotary motion to move sensors and other apparatus. The three laboratories are described in detail in addition to their learning objectives and results

An Immune Inspired Approach to Anomaly Detection

The immune system provides a rich metaphor for computer security: anomaly detection that works in nature should work for machines. However, early artificial immune system approaches for computer security had only limited success. Arguably, this was due to these artificial systems being based on too simplistic a view of the immune system. We present here a second generation artificial immune system for process anomaly detection. It improves on earlier systems by having different artificial cell types that process information. Following detailed information about how to build such second generation systems, we find that communication between cells types is key to performance. Through realistic testing and validation we show that second generation artificial immune systems are capable of anomaly detection beyond generic system policies. The paper concludes with a discussion and outline of the next steps in this exciting area of computer security.Comment: 19 pages, 4 tables, 2 figures, Handbook of Research on Information Security and Assuranc