Usable assured deletion in the cloud

The prevalence of cloud and storage-as-a-service has led to users storing and sharing data through such services. However, little is understood about one key element of data management in this new landscape, i.e., data deletion and more critically assured deletion. With regards to deletion, existing research has not explored the deletion needs of users, their preferences and the challenges they face. Nor is there any understanding of the challenges faced by cloud providers should they want to offer assured deletion. Users’ deletion needs and their preferences are diverse and vary depending on the context. However, satisfying these needs may be limited to the properties of the infrastructure - what the infrastructure permits and does not. For instance, the cloud infrastructure has various features that may pose different challenges to meeting the needs of users and providing assured deletion. These features include virtualization, multi-tenancy, high availability and On-demand elasticity. The work presented in this thesis is the first to investigate these issues. Thus, it finds that users’ motivation to delete are: privacy-, policy-, expertise- and storage-driven. They fail to delete because of the poorly designed interfaces, the way they perceive cloud deletion and lack of information about cloud deletion. Users want to have a choice in how their data is deleted, they want to be able to specify the type of deletion. Their deletion preferences are complex and may always change depending on the context of deletion, i.e., individually or socially. Regarding information about deletion, they want important information that may help them to delete or recover from failures to be easily accessible through the interface. They do not want essential information only to be restricted to privacy policies. Using these findings, this thesis provides a conceptual framework for the design of usable assured deletion in the cloud and then formulates user requirements for usable assured deletion. With regards to providers, by analysing the cloud infrastructure, this work provides a systematization of the challenges that providers face while attempting to assure deletion. It also identifies the cloud provider requirements for usable assured deletion. By considering both sets of requirements, i.e., user and provider requirements, this work provides user requirements and principles for usable assured deletion. Overall, the findings of this work formulate a solid grounding for the design and the development of cloud systems that assure deletion in a usable way. More importantly, it helps in the empowerment of users with regards to assured deletion

Assured deletion in the cloud:requirements, challenges and future directions

Inadvertent exposure of sensitive data is a major concern for potential cloud customers. Much focus has been on other data leakage vectors, such as side channel attacks, while issues of data disposal and assured deletion have not received enough attention to date. However, data that is not properly destroyed may lead to unintended disclosures, in turn, resulting in heavy financial penalties and reputational damage. In non-cloud contexts, issues of incomplete deletion are well understood. To the best of our knowledge, to date, there has been no systematic analysis of assured deletion challenges in public clouds. In this paper, we aim to address this gap by analysing assured deletion requirements for the cloud, identifying cloud features that pose a threat to assured deletion, and describing various assured deletion challenges. Based on this discussion, we identify future challenges for research in this area and propose an initial assured deletion architecture for cloud settings. Altogether, our work offers a systematization of requirements and challenges of assured deletion in the cloud, and a well-founded reference point for future research in developing new solutions to assured deletion

The best laid plans or lack thereof: Security decision-making of different stakeholder groups

Cyber security requirements are influenced by the priorities and decisions of a range of stakeholders. Board members and CISOs determine strategic priorities. Managers have responsibility for resource allocation and project management. Legal professionals concern themselves with regulatory compliance. Little is understood about how the security decision-making approaches of these different stakeholders contrast, and if particular groups of stakeholders have a better appreciation of security requirements during decision-making. Are risk analysts better decision makers than CISOs? Do security experts exhibit more effective strategies than board members? This paper explores the effect that different experience and diversity of expertise has on the quality of a team's cyber security decision-making and whether teams with members from more varied backgrounds perform better than those with more focused, homogeneous skill sets. Using data from 208 sessions and 948 players of a tabletop game run in the wild by a major national organization over 16 months, we explore how choices are affected by player background (e.g.,~cyber security experts versus risk analysts, board-level decision makers versus technical experts) and different team make-ups (homogeneous teams of security experts versus various mixes). We find that no group of experts makes significantly better game decisions than anyone else, and that their biases lead them to not fully comprehend what they are defending or how the defenses work.Comment: 13 pages plus 2 page appendix. IEEE Transactions on Software Engineering 202

Skip, Skip, Skip, Accept!!!:A Study on the Usability of Smartphone Manufacturer Provided Default Features and User Privacy

Smartphone manufacturer provided default features (e.g., default location services, iCloud, Google Assistant, ad tracking) enhance the usability and extend the functionality of these devices. Prior studies have highlighted smartphone vulnerabilities and how users’ data can be harvested without their knowledge. However, little is known about manufacturer provided default features in this regard—their usability concerning configuring them during usage, and how users perceive them with regards to privacy. To bridge this gap, we conducted a task-based study with 27 Android and iOS smart-phone users in order to learn about their perceptions, concerns and practices, and to understand the usability of these features with regards to privacy. We explored the following: users’ awareness of these features, why and when do they change the settings of these features, the challenges they face while configuring these features, and finally the mitigation strategies they adopt. Our findings reveal that users of both platforms have limited awareness of these features and their privacy implications. Awareness of these features does not imply that a user can easily locate and adjust them when needed. Furthermore, users attribute their failure to configure default features to hidden controls and insufficient knowledge on how to configure them. To cope with difficulties of finding controls, users employ various coping strategies, some of which are platform specific but most often applicable to both platforms. However, some of these coping strategies leave users vulnerable

"I feel stupid I can't delete..."::a study of users' cloud deletion practices and coping strategies

Deletion of data from cloud storage and services is an important aspect of privacy and security. But how easy or simple a task is it for users to complete? Cloud users' deletion practices, challenges and coping strategies have not been well studied to date. We undertook an exploratory study to better understand this issue. Through in-depth semi-structured interviews and use of deletion scenarios with 26 subjects, we explored several key questions: why and when cloud users would like to delete, why cloud users cannot delete, what causes such failures, what users do to work around these problems, and finally what do users want in terms of usable deletion in the cloud. We found that users' failure to delete arises from lack of information about deletion, incomplete mental models of the cloud and deletion within the cloud, and poorly designed user interfaces for deletion functions. Our results also show that users develop different coping strategies such as deleting from certain devices only, seeking help and changing service providers, to overcome such challenges. However, these strategies may not always produce desired results. We also discuss potential ways to improve the usability of deletion in the cloud