Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science

e-Science projects face a difficult challenge in providing access to valuable computational resources, data and software to large communities of distributed users. Oil the one hand, the raison d'etre of the projects is to encourage members of their research communities to use the resources provided. Oil the other hand, the threats to these resources from online attacks require robust and effective Security to mitigate the risks faced. This raises two issues: ensuring that (I) the security mechanisms put in place are usable by the different users of the system, and (2) the security of the overall system satisfies the security needs of all its different stakeholders. A failure to address either of these issues call seriously jeopardise the success of e-Science projects.The aim of this paper is to firstly provide a detailed understanding of how these challenges call present themselves in practice in the development of e-Science applications. Secondly, this paper examines the steps that projects can undertake to ensure that security requirements are correctly identified, and security measures are usable by the intended research community. The research presented in this paper is based Oil four case studies of c-Science projects. Security design traditionally uses expert analysis of risks to the technology and deploys appropriate countermeasures to deal with them. However, these case studies highlight the importance of involving all stakeholders in the process of identifying security needs and designing secure and usable systems.For each case study, transcripts of the security analysis and design sessions were analysed to gain insight into the issues and factors that surround the design of usable security. The analysis concludes with a model explaining the relationships between the most important factors identified. This includes a detailed examination of the roles of responsibility, motivation and communication of stakeholders in the ongoing process of designing usable secure socio-technical systems such as e-Science. (C) 2007 Elsevier Ltd. All rights reserved

Hang With Your Buddies to Resist Intersection Attacks

Some anonymity schemes might in principle protect users from pervasive network surveillance - but only if all messages are independent and unlinkable. Users in practice often need pseudonymity - sending messages intentionally linkable to each other but not to the sender - but pseudonymity in dynamic networks exposes users to intersection attacks. We present Buddies, the first systematic design for intersection attack resistance in practical anonymity systems. Buddies groups users dynamically into buddy sets, controlling message transmission to make buddies within a set behaviorally indistinguishable under traffic analysis. To manage the inevitable tradeoffs between anonymity guarantees and communication responsiveness, Buddies enables users to select independent attack mitigation policies for each pseudonym. Using trace-based simulations and a working prototype, we find that Buddies can guarantee non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for both short-lived and long-lived pseudonyms.Comment: 15 pages, 8 figure

Beyond tools: building learning organisations to adapt to a changing climate

Executive summary: The focus of this VCCCAR Visiting Fellowship was participation in the project ‘Implementing tools to increase adaptive capacity in the community and natural resources management sectors’. This project aimed to improve understanding of the adaptation capabilities and needs of three types of government service providers and funded agencies (catchment management authorities, community sector organisations and primary care partnerships). The intention was to draw on my experience of working at the UK Climate Impacts Program (UKCIP) and with projects in Europe to inform the development of this project and the way it might support adaptation efforts in Victoria.UKCIP was a small organisation, varying in size over its life from 2 to a maximum of about 25 people. Given such limited capacity there was a tension between trying to address the need for tailored adaptation support and the capacity to deliver it. One response was to provide widespread support through downloadable tools and other web resources. However, it was quickly discovered that downloading a tool only gets you so far. Similarly, having access to accurate climate data and information about future climate projections was also seen as the obvious place to start in responding to a changing climate. However, it soon became clear that even with access to accurate, reliable, salient information there could still be no assumption that decision makers would take action to adapt and there was frequently a gap between the quite high general awareness of climate change within an organisation (and an understanding of how it could affect their core business) and the implementation of actions to respond to it. This raises key questions about availability of usable information and extent of agreement on potential responses to climate risks.To be usable, information should relate to existing decision making processes and the key priorities of the organisation. It should also be locally relevant. In discussions with Victorian organisations, people wanted to know how to translate more general information about climate change into useful messages for everyday practice and service delivery. It is clearly important to start with current concerns and overlay on these the likely impacts of changing climate. Most future climate impacts are often not yet seen as urgent or important and there is a need for better coordination of users, demonstration projects, activities that bridge the gap between providers and users, and demonstration of how climate information can improve decision making.&nbsp

User-driven design of decision support systems for polycentric environmental resources management

Open and decentralized technologies such as the Internet provide increasing opportunities to create knowledge and deliver computer-based decision support for multiple types of users across scales. However, environmental decision support systems/tools (henceforth EDSS) are often strongly science-driven and assuming single types of decision makers, and hence poorly suited for more decentralized and polycentric decision making contexts. In such contexts, EDSS need to be tailored to meet diverse user requirements to ensure that it provides useful (relevant), usable (intuitive), and exchangeable (institutionally unobstructed) information for decision support for different types of actors. To address these issues, we present a participatory framework for designing EDSS that emphasizes a more complete understanding of the decision making structures and iterative design of the user interface. We illustrate the application of the framework through a case study within the context of water-stressed upstream/downstream communities in Lima, Peru

How to make privacy policies both GDPR-compliant and usable

It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers

Pattern-driven security, privacy, dependability and interoperability management of iot environments

Achieving Security, Privacy, Dependability and Interoperability (SPDI) is of paramount importance for the ubiquitous deployment and impact maximization of Internet of Things (IoT) applications. Nevertheless, said requirements are not only difficult to achieve at system initialization, but also hard to prove and maintain at run-time. This paper highlights an approach to tackling the above challenges, through the definition of pattern language and a framework that can guarantee SPDI in IoT orchestrations. By integrating pattern reasoning engines at the various layers of the IoT infrastructure, and a machine-processable representation of said pattern through Drools rules, the proposed framework can provide ways to fulfill SPDI requirements at design time, and also provide the means to guarantee those SPDI properties and manage the orchestrations accordingly. Moreover, an application example of the framework is presented in an Industrial IoT monitoring environment

Changing tools to catch the beast: Why the EU studies should take policy seriously, and how this shift could help to understand integration

While the EU is still enlarging its membership and range of actions, the current stalemate of the integration project is pushing the ‘ontological’ question about the nature of the common Europe again at the top of both the political and the research agendas. This paper aims to contribute the debate and display the possibilities of enhancing the comprehension of the ‘supranational beast’ from a policy perspective. The focus hence is shifted on implementation and policy frameworks, and the field of analysis widened to cover the institutional transformations occurred within the administrative dimension both at the national and supranational levels in the last decades. From this perspective, previous findings are revisited to account for the new meaning of the common Europe after the Single European Act, the complexity of the current institutional architecture, and the reasons beneath the stalemate. Finally, the approach is translated into research hypotheses about integration and viable strategies for sustaining it beneath and beyond the usual ‘hard’ institutional re-engineering