156,593 research outputs found
Reducing risky security behaviours:utilising affective feedback to educate users
Despite the number of tools created to help end-users reduce risky security behaviours, users are still falling victim to online attacks. This paper proposes a browser extension utilising affective feedback to provide warnings on detection of risky behaviour. The paper provides an overview of behaviour considered to be risky, explaining potential threats users may face online. Existing tools developed to reduce risky security behaviours in end-users have been compared, discussing the success rate of various methodologies. Ongoing research is described which attempts to educate users regarding the risks and consequences of poor security behaviour by providing the appropriate feedback on the automatic recognition of risky behaviour. The paper concludes that a solution utilising a browser extension is a suitable method of monitoring potentially risky security behaviour. Ultimately, future work seeks to implement an affective feedback mechanism within the browser extension with the aim of improving security awareness
The GLASS project: supporting secure shibboleth-based single sign-on to campus resources
Higher and Further education institutions in the UK are in the process of migrating their IT infrastructures to exploit Shibboleth technologies for federated access management. Ease of use and secure access are paramount to the successful uptake of these technologies, both from the end user and system administrator perspective. The JISC-funded GLASS project is a one-year project investigating the use of Shibboleth to support single sign-on to a variety of campus resources at the University of Glasgow including browser-based email access; the Moodle online virtual learning environment; the WebSURF online student records facility, and a network filestore browser. This paper describes the implementation issues and experiences gained in rolling out the Shibboleth technologies to support federated access management
DOBBS: Towards a Comprehensive Dataset to Study the Browsing Behavior of Online Users
The investigation of the browsing behavior of users provides useful
information to optimize web site design, web browser design, search engines
offerings, and online advertisement. This has been a topic of active research
since the Web started and a large body of work exists. However, new online
services as well as advances in Web and mobile technologies clearly changed the
meaning behind "browsing the Web" and require a fresh look at the problem and
research, specifically in respect to whether the used models are still
appropriate. Platforms such as YouTube, Netflix or last.fm have started to
replace the traditional media channels (cinema, television, radio) and media
distribution formats (CD, DVD, Blu-ray). Social networks (e.g., Facebook) and
platforms for browser games attracted whole new, particularly less tech-savvy
audiences. Furthermore, advances in mobile technologies and devices made
browsing "on-the-move" the norm and changed the user behavior as in the mobile
case browsing is often being influenced by the user's location and context in
the physical world. Commonly used datasets, such as web server access logs or
search engines transaction logs, are inherently not capable of capturing the
browsing behavior of users in all these facets. DOBBS (DERI Online Behavior
Study) is an effort to create such a dataset in a non-intrusive, completely
anonymous and privacy-preserving way. To this end, DOBBS provides a browser
add-on that users can install, which keeps track of their browsing behavior
(e.g., how much time they spent on the Web, how long they stay on a website,
how often they visit a website, how they use their browser, etc.). In this
paper, we outline the motivation behind DOBBS, describe the add-on and captured
data in detail, and present some first results to highlight the strengths of
DOBBS
Authentication and Authorization for the front-end web developer
Traditional web pages are hosted and served through a web server that are executed in a web browser in the user’s devices. Advancement in technologies used to create web pages has led to a paradigm shift in web development, leading to concepts such as front-end and back-end. Browser-based technologies, particularly JavaScript, has seen enormous advancements in functionalities and capabilities. This led to a possibility of creating standalone web applications capable of running in the browser and relying on the back-end server only for data. This is corroborated by the rise and popularity of various JavaScript frameworks that are used by default when creating web applications in modern times. As code running on a web browser can be inspected by anyone, this led to a challenge in incorporating authentication and authorization. Particularly because storing user credentials and secrets on the web browser code is not secure in any way.
This thesis explores and documents authentication and authorization methods that can be securely implemented in a front-end web application. Token-based authentication and authorization has become widely accepted as the solution. OpenID Connect and OAuth 2.0 protocols were explored, which are the most commonly used token-based solution for authentication and authorization. Furthermore, three use-cases were described that used token-based solutions in real world client projects
How to design browser security and privacy alerts
Browser security and privacy alerts must be designed to ensure they are of value to the end-user, and communicate risks efficiently. We performed a systematic literature review, producing a list of guidelines from the research. Papers were analysed quantitatively and qualitatively to formulate a comprehensive set of guidelines. Our findings seek to provide developers and designers with guidance as to how to construct security and privacy alerts. We conclude by providing an alert template, highlighting its adherence to the derived guidelines
A tool for parameter-space explorations
A software for managing simulation jobs and results, named "OACIS", is
presented. It controls a large number of simulation jobs executed in various
remote servers, keeps these results in an organized way, and manages the
analyses on these results. The software has a web browser front end, and users
can submit various jobs to appropriate remote hosts from a web browser easily.
After these jobs are finished, all the result files are automatically
downloaded from the computational hosts and stored in a traceable way together
with the logs of the date, host, and elapsed time of the jobs. Some
visualization functions are also provided so that users can easily grasp the
overview of the results distributed in a high-dimensional parameter space.
Thus, OACIS is especially beneficial for the complex simulation models having
many parameters for which a lot of parameter searches are required. By using
API of OACIS, it is easy to write a code that automates parameter selection
depending on the previous simulation results. A few examples of the automated
parameter selection are also demonstrated.Comment: 4 pages, 5 figures, CSP 2014 conferenc
- …