The Abacus: A New Architecture for Policy-based Authorization

Modern authorization architectures using role-based, policy-based, and even custom solutions have numerous flaws and challenges. A new design for authorization architecture is presented called the Abacus. This paper discusses the architecture that the Abacus utilizes to overcome the issues inherent in other proprietary and open-source authorization solutions. Specifically, the Abacus respects domain boundaries, is less complex than existing systems, and does not require direct connections to domain data stores

Measuring Computer Forensics Skill

Computer forensic analysts combine their technical skills with their forensic aptitude to recover information from computers and storage devices. Most technology professionals demonstrate expertise through the acquisition of different professional certifications. Certifications, however, are not always a valid judge of skill, because certifications are formatted as written and applicable tests. It is common for people to forget knowledge and skills when they are not routinely practiced. The same applies with technology certifications. One must practice the skills learned for the certification test consistently in order to convert them to long-term memory. “Cognitive processes play a prominent role in the acquisition and retention of new behavior patterns” (Bandura 1977, p. 192). As a skill is practiced, it is better retained. Due to the current inability to accurately measure an individual’s skills and understanding of computer forensics principles, this research will investigate how to measure proficiency amongst professionals and novices. Recent research utilized conceptual expertise within the context of computer security (Giboney et al. 2016). This study utilized a technique to quickly measure the difference between novices and experts. Following their guidelines, we propose to do the same for computer forensics expertise with the following research question: What knowledge, skills and abilities are needed to be demonstrated in a measure to assess computer forensics expertise? Conceptual expertise is the understanding about the theoretical concepts and their relationship in a topic area. The SEAM process (Giboney et al. 2016) aims to gauge the practical application of situations to the goal wherein experts can show their conceptual expertise. The conceptual expertise task is based on the idea that those who have surface level knowledge will group scenarios by surface features while experts will be able to group the same scenarios by deep features (Giboney et al. 2016). The assessment has been designed to measure the understanding of basic computer forensics processes. It consists of twenty-five situations created to highlight different stages of the digital forensic process. These situations focus on a gender-neutral individual, Jordan and the tasks they perform given certain parameters. Survey takers will group the situations by stage of forensics or by what crime the task is involved with. We will show that the assessment can accurately determine an individual’s understanding of computer forensics. When this is shown, this assessment could be used in a variety of ways including initial assessments of job candidates and pre- and post- tests for computer forensic classes

Design of a Chatbot Social Engineering Victim

Social engineering is an ever-growing problem in online and offline communication. Companies invest time and resources to train employees not to fall victim to attacks. The concept of adversarial thinking encourages people to learn the ways of the attacker to better defend themselves. This research introduces the design features of a chatbot that plays the role of a social engineering victim to allow people to perform the role of an attacker in a training exercise. By attacking this chatbot, people can learn better how to defend themselves

Social media is weakening passwords

Passwords are often generated from readily available information such as family names and memorable events. However, people put the same readily available information on social media often times making it available to the general public. We propose an experiment to empirically validate the previous premise as well as develop an algorithm to generate passwords based off participant’s Facebook public information

Facilitating Natural Conversational Agent Interactions: Lessons from a Deception Experiment

This study reports the results of a laboratory experiment exploring interactions between humans and a conversational agent. Using the ChatScript language, we created a chat bot that asked participants to describe a series of images. The two objectives of this study were (1) to analyze the impact of dynamic responses on participants’ perceptions of the conversational agent, and (2) to explore behavioral changes in interactions with the chat bot (i.e. response latency and pauses) when participants engaged in deception. We discovered that a chat bot that provides adaptive responses based on the participant’s input dramatically increases the perceived humanness and engagement of the conversational agent. Deceivers interacting with a dynamic chat bot exhibited consistent response latencies and pause lengths while deceivers with a static chat bot exhibited longer response latencies and pause lengths. These results give new insights on social interactions with computer agents during truthful and deceptive interactions

Developing a measure of adversarial thinking in social engineering scenarios

Social engineering is a major issue for organizations. In this paper, we propose that increasing adversarial thinking can improve individual resistance to social engineering attacks. We formalize our understanding of adversarial thinking using Utility Theory. Next a measure of adversarial thinking in a text-based context. Lastly the paper reports on two studies that demonstrate the effectiveness of the newly developed measure. We show that the measure of adversarial thinking has variability, can be manipulated with training, and that it is not influenced significantly by priming. The paper also shows that social engineering training has an influence on adversarial thinking and that practicing against an adversarial conversational agent has a positive influence on adversarial thinking

The effect of conversational agent skill on user behavior during deception

Conversational agents (CAs) are an integral component of many personal and business interactions. Many recent advancements in CA technology have attempted to make these interactions more natural and human-like. However, it is currently unclear how human-like traits in a CA impact the way users respond to questions from the CA. In some applications where CAs may be used, detecting deception is important. Design elements that make CA interactions more human-like may induce undesired strategic behaviors from human deceivers to mask their deception. To better understand this interaction, this research investigates the effect of conversational skill—that is, the ability of the CA to mimic human conversation—from CAs on behavioral indicators of deception. Our results show that cues of deception vary depending on CA conversational skill, and that increased conversational skill leads to users engaging in strategic behaviors that are detrimental to deception detection. This finding suggests that for applications in which it is desirable to detect when individuals are lying, the pursuit of more human-like interactions may be counter-productive

Facilitating Natural Conversational Agent Interactions: Lessons from a Deception Experiment

This study reports the results of a laboratory experiment exploring interactions between humans and a conversational agent. Using the ChatScript language, we created a chat bot that asked participants to describe a series of images. The two objectives of this study were (1) to analyze the impact of dynamic responses on participants’ perceptions of the conversational agent, and (2) to explore behavioral changes in interactions with the chat bot (i.e. response latency and pauses) when participants engaged in deception. We discovered that a chat bot that provides adaptive responses based on the participant’s input dramatically increases the perceived humanness and engagement of the conversational agent. Deceivers interacting with a dynamic chat bot exhibited consistent response latencies and pause lengths while deceivers with a static chat bot exhibited longer response latencies and pause lengths. These results give new insights on social interactions with computer agents during truthful and deceptive interactions

Examining the learning effects of live streaming video game instruction over Twitch

Technology facilitates advances in learning and drives learning paradigms. One recent innovation is Twitch™, an online streaming platform often used for video game tutorials but also enables amateur online instruction (Hamilton, Garretson, & Kerne, 2014)). Twitch represents a unique learning paradigm that is not perfectly represented in previous technologies because of its “ground-up” evolution and the opportunity for novice instructors to educate mass audiences in real-time over the Internet while enabling interaction between teachers and learners and among learners. The purpose of this research is to empirically examine the efficacy of Twitch as a learning platform by manipulating each of the key characteristics of Twitch and to understand the conditions in which novice instructors may be beneficial. Drawing from Cognitive Load Theory, we demonstrate the worked-example effect in the Twitch environment by manipulating teacher-learner-learner interactions, live versus recorded streaming, and expert-versus novice-based instruction. Based on a laboratory experiment involving 350 participants, we found that learning performance under novice instructors was at least as good as that of experts. However, an exploratory analysis of learner personalities revealed that extroverts benefit only when learner-learner interaction is enabled. Surprisingly, those who are highly agreeable and less neurotic benefited more from novice instructors