Security awareness and affective feedback:categorical behaviour vs. reported behaviour

A lack of awareness surrounding secure online behaviour can lead to end-users, and their personal details becoming vulnerable to compromise. This paper describes an ongoing research project in the field of usable security, examining the relationship between end-user-security behaviour, and the use of affective feedback to educate end-users. Part of the aforementioned research project considers the link between categorical information users reveal about themselves online, and the information users believe, or report that they have revealed online. The experimental results confirm a disparity between information revealed, and what users think they have revealed, highlighting a deficit in security awareness. Results gained in relation to the affective feedback delivered are mixed, indicating limited short-term impact. Future work seeks to perform a long-term study, with the view that positive behavioural changes may be reflected in the results as end-users become more knowledgeable about security awareness

BlackWatch:increasing attack awareness within web applications

Web applications are relied upon by many for the services they provide. It is essential that applications implement appropriate security measures to prevent security incidents. Currently, web applications focus resources towards the preventative side of security. Whilst prevention is an essential part of the security process, developers must also implement a level of attack awareness into their web applications. Being able to detect when an attack is occurring provides applications with the ability to execute responses against malicious users in an attempt to slow down or deter their attacks. This research seeks to improve web application security by identifying malicious behaviour from within the context of web applications using our tool BlackWatch. The tool is a Python-based application which analyses suspicious events occurring within client web applications, with the objective of identifying malicious patterns of behaviour. This approach avoids issues typically encountered with traditional web application firewalls. Based on the results from a preliminary study, BlackWatch was effective at detecting attacks from both authenticated, and unauthenticated users. Furthermore, user tests with developers indicated BlackWatch was user friendly, and was easy to integrate into existing applications. Future work seeks to develop the BlackWatch solution further for public release

Reducing risky security behaviours:utilising affective feedback to educate users

Despite the number of tools created to help end-users reduce risky security behaviours, users are still falling victim to online attacks. This paper proposes a browser extension utilising affective feedback to provide warnings on detection of risky behaviour. The paper provides an overview of behaviour considered to be risky, explaining potential threats users may face online. Existing tools developed to reduce risky security behaviours in end-users have been compared, discussing the success rate of various methodologies. Ongoing research is described which attempts to educate users regarding the risks and consequences of poor security behaviour by providing the appropriate feedback on the automatic recognition of risky behaviour. The paper concludes that a solution utilising a browser extension is a suitable method of monitoring potentially risky security behaviour. Ultimately, future work seeks to implement an affective feedback mechanism within the browser extension with the aim of improving security awareness

Assessing the impact of affective feedback on end-user security awareness

A lack of awareness regarding online security behaviour can leave users and their devices vulnerable to compromise. This paper highlights potential areas where users may fall victim to online attacks, and reviews existing tools developed to raise users’ awareness of security behaviour. An ongoing research project is described, which provides a combined monitoring solution and affective feedback system, designed to provide affective feedback on automatic detection of risky security behaviour within a web browser. Results gained from the research conclude an affective feedback mechanism in a browser-based environment, can promote general awareness of online security

Practising safe sex(t):developing a serious game to tackle technology-facilitated sexual violence

Modern society relies on the Internet for socialisation, entertainment, and business, whilst the COVID-19 pandemic has expedited the digitalisation of many services. Heightened incidences of cybercrime have accompanied increased Internet usage, including acts of technology-facilitated sexual violence (TFSV). Mitigations to prevent further TFSV victims are limited, and growing pressures on law enforcement mean few support resources are available. This paper presents an innovative game-based mitigation for TFSV education. We developed a serious game in the form of an online visual novel, with each chapter revolving around an aspect of TFSV. Pre and post-game surveys were conducted with 45 participants to explore their experience with the game and understanding of TFSV. The findings highlight that games-based interventions have the potential to act as an effective tool against TFSV. The broader implications of the work focus on suggestions for law enforcement and the role of games-based mitigations to reduce victimisation

Practising safe sex(t):developing a serious game to tackle technology-facilitated sexual violence

Modern society relies on the Internet for socialisation, entertainment, and business, whilst the COVID-19 pandemic has expedited the digitalisation of many services. Heightened incidences of cybercrime have accompanied increased Internet usage, including acts of technology-facilitated sexual violence (TFSV). Mitigations to prevent further TFSV victims are limited, and growing pressures on law enforcement mean few support resources are available. This paper presents an innovative game-based mitigation for TFSV education. We developed a serious game in the form of an online visual novel, with each chapter revolving around an aspect of TFSV. Pre and post-game surveys were conducted with 45 participants to explore their experience with the game and understanding of TFSV. The findings highlight that games-based interventions have the potential to act as an effective tool against TFSV. The broader implications of the work focus on suggestions for law enforcement and the role of games-based mitigations to reduce victimisation

Developing a gamified peer-reviewed bug bounty programme

Bug bounty processes have remained broadly unchanged since their inception. Existing literature recognises that current methods generate intensive resource demands, impacting upon programme effectiveness. This paper proposes a novel implementation which aims to alleviate resource demands and mitigate inherent issues through gamification. This incorporates the use of additional crowdsourcing of vulnerability verification and reproduction by peers, allowing the client organisation to reduce overheads at the cost of rewarding participants. The system has the potential to be used in Higher Education Institutions which typically face resource and budget constraints

A taxonomy of approaches for integrating attack awareness in applications

Software applications are subject to an increasing number of attacks, resulting in data breaches and financial damage. Many solutions have been considered to help mitigate these attacks, such as the integration of attack-awareness techniques. In this paper, we propose a taxonomy illustrating how existing attack awareness techniques can be integrated into applications. This work provides a guide for security researchers and developers, aiding them when choosing the approach which best fits the needs of their application