Putting Security on the Table: The Digitalisation of Security Tabletop Games and its Challenging Aftertaste

IT-Security Tabletop Games for developers have been available in analog format; with the COVID-19 pandemic, interest in collaborative remote security games has increased. In this paper, we propose a methodology to evaluate the impact of a (remote) security game-based intervention on developers. The study design consists of the respective intervention, three questionnaires, and a small open interview guide for a focus group. A validated self-efficacy scale is used as a proxy for measuring effects on participants' ability to develop secure software. We tested this design with 9 participants (expert and novice developers and security experts) as part of a small feasibility study to understand the challenges and limitations of remote tabletop games. We describe how we selected and digitalised three security tabletop games, and report the qualitative findings from our evaluation. Setting up and running the virtual tabletop games turned out to be more challenging and complex for both moderator and participants than we expected. Completing the games required patience and persistence, and social interaction was limited. Our findings can be helpful in building and evaluating a better, more comprehensive, technically sound and issue-specific game-based training measure for developers. The methodology can be used by researchers to evaluate existing and new game designs

Security Champions Without Support: Results from a Case Study with OWASP SAMM in a Large-Scale E-Commerce Enterprise

Developer-centered security research has identified a variety of reasons why software developers do not follow recommended security practices: lack of knowledge, outdated information sources, time pressure, and low usability of security mechanisms and tools. Contextual factors play an important role in security, but few studies have investigated security interventions with developers in organizational settings. In this case study, we track the impact of appointing security champions in a large e-commerce company with five software development teams, using the OWASP Security Assurance Maturity Model (OWASP SAMM) to measure the extent to which security practices were adopted. We also elicited the experiences of the security champions and developers in each team in 15 qualitative interviews. The results of the OWASP SAMM assessment show the adoption of secure practices varied widely between the different teams. Results from the interviews revealed different levels of security knowledge and commitment to the role between the security champions - but they agree in their perceived lack of support from company security experts and management. We conclude that secure software development requires more than appointing individuals such as security champions - to transform software development practices requires an organization-wide commitment, including access to resources and support

Magnetic properties of (Fe1−x_{1-x}Cox_x)2_2B alloys and the effect of doping by 5dd elements

We have explored, computationally and experimentally, the magnetic properties of \fecob{} alloys. Calculations provide a good agreement with experiment in terms of the saturation magnetization and the magnetocrystalline anisotropy energy with some difficulty in describing Co$_2$B, for which it is found that both full potential effects and electron correlations treated within dynamical mean field theory are of importance for a correct description. The material exhibits a uniaxial magnetic anisotropy for a range of cobalt concentrations between $x=0.1$ and $x=0.5$. A simple model for the temperature dependence of magnetic anisotropy suggests that the complicated non-monotonous temperature behaviour is mainly due to variations in the band structure as the exchange splitting is reduced by temperature. Using density functional theory based calculations we have explored the effect of substitutional doping the transition metal sublattice by the whole range of 5$d$ transition metals and found that doping by Re or W elements should significantly enhance the magnetocrystalline anisotropy energy. Experimentally, W doping did not succeed in enhancing the magnetic anisotropy due to formation of other phases. On the other hand, doping by Ir and Re was successful and resulted in magnetic anisotropies that are in agreement with theoretical predictions. In particular, doping by 2.5~at.\% of Re on the Fe/Co site shows a magnetocrystalline anisotropy energy which is increased by 50\% compared to its parent (Fe$_{0.7}$Co$_{0.3}$)$_2$B compound, making this system interesting, for example, in the context of permanent magnet replacement materials or in other areas where a large magnetic anisotropy is of importance.Comment: 15 pages 17 figure

High performance hard magnetic NdFeB thick films for integration into Micro-Electro-Mechanical-Systems

5$\mu$m thick NdFeB films have been sputtered onto 100 mm Si substrates using high rate sputtering (18 $\mu$m/h). Films were deposited at ≤ 500 C and then annealed at 750 C for 10 minutes. While films deposited at temperatures up to 450 C have equiaxed grains, the size of which decreases with increasing deposition temperature, the films deposited at 500 C have columnar grains. The out-of-plane remanent magnetization increases with deposition temperature, reaching a maximum value of 1.4 T, while the coercivity remains constant at about 1.6 T. The maximum energy product achieved (400 kJ/m3) is comparable to that of high-quality NdFeB sintered magnets

The influence of magnetocrystalline anisotropy on the magnetocaloric effect: A case study on Co 2B

The influence of magnetocrystalline anisotropy on the magnetocaloric effect (MCE) was studied on single crystals of CoB and compared to measurements on polycrystalline samples. Large differences in adiabatic temperature change Δ T a d and magnetic entropy change Δ S M were found along the different crystallographic directions. The magnetocaloric effect differs by 40% in the case of Δ T a d in a field change of 1.9 T when applying the field along the hard axis and easy plane of magnetization. In the case of Δ S M, the values differ 50% and 35% from each other in field changes of 1 and 1.9 T, respectively. It was found that this anisotropy effect does not saturate in fields up to 4 T, which is higher than the anisotropy field of CoB ( ≈2 T). A simple model was developed to illustrate the possible effect on magnetocrystalline anisotropy, showing large differences especially in application relevant fields of about 1 T. The results strongly suggest that the MCE could be maximized when orienting single crystalline powders in an easy axis parallel to the applied field in active magnetocaloric regenerator structures, and therefore the overall device efficiency could be increased.Unión Europea FP7/2007-2013DRREAM No. 310748DAAD A/13/09434MINECO EU-FEDER MAT2013-45165-P MAT2016-77265-RNUST MISiS No. K4-2015-01

"Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication

Usable and secure authentication on the web and beyond is mission-critical. While password-based authentication is still widespread, users have trouble dealing with potentially hundreds of online accounts and their passwords. Alternatives or extensions such as multi-factor authentication have their own challenges and find only limited adoption. Finding the right balance between security and usability is challenging for developers. Previous work found that developers use online resources to inform security decisions when writing code. Similar to other areas, lots of authentication advice for developers is available online, including blog posts, discussions on Stack Overflow, research papers, or guidelines by institutions like OWASP or NIST. We are the first to explore developer advice on authentication that affects usable security for end-users. Based on a survey with 18 professional web developers, we obtained 406 documents and qualitatively analyzed 272 contained pieces of advice in depth. We aim to understand the accessibility and quality of online advice and provide insights into how online advice might contribute to (in)secure and (un)usable authentication. We find that advice is scattered and that finding recommendable, consistent advice is a challenge for developers, among others. The most common advice is for password-based authentication, but little for more modern alternatives. Unfortunately, many pieces of advice are debatable (e.g., complex password policies), outdated (e.g., enforcing regular password changes), or contradicting and might lead to unusable or insecure authentication. Based on our findings, we make recommendations for developers, advice providers, official institutions, and academia on how to improve online advice for developers.Comment: Extended version of the paper that appears at ACM CCS 2023. 18 pages, 4 figures, 11 table

Sorption properties and reversibility of Ti(IV) and Nb(V)-fluoride doped-Ca(BH4)2-MgH2 system

Ajuts: The authors are grateful to the Marie-Curie European Research Training Network (Contract MRTN-CT-2006-03 5366/COSY)In the last decade, alkaline and alkaline earth metal tetrahydroborates have been the focuses of the research due to their high gravimetric and volumetric hydrogen densities. Among them, Ca(BH4)2 and the Ca(BH4)2 + MgH2 reactive hydride composite (RHC), were calculated to have the ideal thermodynamic properties which fall within the optimal range for mobile applications.In this study, the addition of NbF5 or TiF4 to the Ca(BH4)2 + MgH2 reactive hydride composite system was attempted aiming to obtain a full reversible system with the simultaneous supression of CaB12H12. Structural characterization of the specimens was performed by means of in-situ Synchroton Radiation Power X-ray diffraction (SR-PXD) and 11B {1H} Solid State Magic Angle Spinning-Nuclear Magnetic Resonance (MAS-NMR). The evolution of the chemical state of the Nb- and Ti-based additives was monitored by X-ray Absorption Near Edge Structure (XANES). The addition of NbF5 or TiF4 to the Ca(BH4)2 + MgH2 system have not supressed completely the formation of CaB12H12 and only a slight improvement concerning the reversible reaction was displayed just in the case of Nb-doped composite materia

Multifunctional Antiperovskites driven by Strong Magnetostructural Coupling

Based on density functional theory calculations, we elucidated the origin of multifunctional properties for cubic antiperovskites with noncollinear magnetic ground states, which can be attributed to strong isotropic and anisotropic magnetostructural coupling. 16 out of 54 stable magnetic antiperovskites M$_3$XZ (M = Cr, Mn, Fe, Co, and Ni; X = selected elements from Li to Bi except for noble gases and 4f rare-earth metals; and Z = C and N) are found to exhibit the $\Gamma_{4g}$/$\Gamma_{5g}$ (i.e., characterized by irreducible representations) antiferromagnetic magnetic configurations driven by frustrated exchange coupling and strong magnetocrystalline anisotropy. Using the magnetic deformation as an effective proxy, the isotropic magnetostructural coupling is characterized, and it is observed that the paramagnetic state is critical to understand the experimentally observed negative thermal expansion and to predict the magnetocaloric performance. Moreover, the piezomagnetic and piezospintronic effects induced by biaxial strain are investigated. It is revealed that there is not a strong correlation between the induced magnetization and anomalous Hall conductivities by the imposed strain. Interestingly, the anomalous Hall/Nernst conductivities can be significantly tailored by the applied strain due to the fine-tuning of the Weyl points energies, leading to promising spintronic applications.Comment: 11 pages, 5 figure