EyeSpot: leveraging gaze to protect private text content on mobile devices from shoulder surfing

As mobile devices allow access to an increasing amount of private data, using them in public can potentially leak sensitive information through shoulder surfing. This includes personal private data (e.g., in chat conversations) and business-related content (e.g., in emails). Leaking the former might infringe on users’ privacy, while leaking the latter is considered a breach of the EU’s General Data Protection Regulation as of May 2018. This creates a need for systems that protect sensitive data in public. We introduce EyeSpot, a technique that displays content through a spot that follows the user’s gaze while hiding the rest of the screen from an observer’s view through overlaid masks. We explore different configurations for EyeSpot in a user study in terms of users’ reading speed, text comprehension, and perceived workload. While our system is a proof of concept, we identify crystallized masks as a promising design candidate for further evaluation with regard to the security of the system in a shoulder surfing scenario

M-health review: joining up healthcare in a wireless world

In recent years, there has been a huge increase in the use of information and communication technologies (ICT) to deliver health and social care. This trend is bound to continue as providers (whether public or private) strive to deliver better care to more people under conditions of severe budgetary constraint

Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study

Passwords are still a mainstay of various security systems, as well as the cause of many usability issues. For end-users, many of these issues have been studied extensively, highlighting problems and informing design decisions for better policies and motivating research into alternatives. However, end-users are not the only ones who have usability problems with passwords! Developers who are tasked with writing the code by which passwords are stored must do so securely. Yet history has shown that this complex task often fails due to human error with catastrophic results. While an end-user who selects a bad password can have dire consequences, the consequences of a developer who forgets to hash and salt a password database can lead to far larger problems. In this paper we present a first qualitative usability study with 20 computer science students to discover how developers deal with password storage and to inform research into aiding developers in the creation of secure password systems

Secure Virtualization and Multicore Platforms State-of-the-Art report

SVaM

From Paternalistic to User-Centred Security: Putting Users First with Value-Sensitive Design

Usable security research to date has focused on making users more secure, by identifying and addressing usability issues that lead users to making mistakes, or by persuading users to pay attention to security and make secure choices. However, security goals were set by security experts, who were unaware that users often have other priorities and value security differently. In this paper, we present examples of circumventions and non-adoption of secure systems designed under this paternalistic mindset. We argue that security experts need to identify user values and deliver on them. To do that, we need a methodological framework that can conceptualise values and identify those that impact user engagement with security. We show that (a) engagement with, and adherence to security, are mediated by user values, and that (b) it is necessary to model those values to understand the nature of security’s failures and to design viable alternatives