Filters








50 Hits in 1.6 sec

Towards measuring warning readability

Marian Harbach, Sascha Fahl, Thomas Muders, Matthew Smith
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
Security systems frequently rely on warning messages to convey important information, especially when a machine is not able to assess a situation automatically. For a long time, researchers have investigated the effects of warning messages to optimise their reception by a user. Design guidelines and best practises help the developer or interaction designer to adequately channel urgent information. In this poster, we investigate the application of readability measures to assess the difficulty of
more » ... the descriptive text in warning messages. Adapting such a measure to fit the needs of warning message design allows objective feedback on the quality of a warning's descriptive text. An automated process will be able to assist software developers and designers in creating more readable and hence more understandable security warning messages. We present an initial exploration of the use of readability measures on the descriptive text of warning messages. Existing measures were evaluated on warning messages extracted from current browsers using an experimental study with 15 undergrad students. While our data did not yield conclusive results yet, we argue that readability measures can provide valuable assistance when implementing security systems.
doi:10.1145/2382196.2382301 dblp:conf/ccs/HarbachFMS12 fatcat:e46wpwzobjdjhm6za6l56nwcri

Quantifying Users' Beliefs about Software Updates [article]

Arunesh Mathur, Nathan Malkin, Marian Harbach, Eyal Peer, Serge Egelman
2018 arXiv   pre-print
Software updates are critical to the performance, compatibility, and security of software systems. However, users do not always install updates, leaving their machines vulnerable to attackers' exploits. While recent studies have highlighted numerous reasons why users ignore updates, little is known about how prevalent each of these beliefs is. Gaining a better understanding of the prevalence of each belief may help software designers better target their efforts in understanding what specific
more » ... r concerns to address when developing and deploying software updates. In our study, we performed a survey to quantify the prevalence of users' reasons for not updating uncovered by previous studies. We used this data to derive three factors underlying these beliefs: update costs, update necessity, and update risks. Based on our results, we provide recommendations for how software developers can better improve users' software updating experiences, thereby increasing compliance and, with it, security.
arXiv:1805.04594v1 fatcat:6iyqpoastzcnzk33hxlzasclei

Location privacy revisited

Benjamin Henne, Marian Harbach, Matthew Smith
2013 CHI '13 Extended Abstracts on Human Factors in Computing Systems on - CHI EA '13  
The privacy problems associated with disclosing location information have repeatedly been the subject of research during the past decade. Yet, only the increasing adoption of smartphones today unveils real world implications, since a large number of users currently use location-based services and GPS-enabled devices for a multitude of purposes. Recently, research suggested that location privacy is not a relevant problem for today's users. However, a study we conducted indicates that it might be
more » ... too early to call off investigations of location privacy: In a survey of 414 users on online media sharing behavior, we found that location was rated as the type of photo metadata that poses the highest risk to privacy. Therefore, we revisit the discussion on location privacy in this paper and propose factors that can explain the conflicting views.
doi:10.1145/2468356.2468500 dblp:conf/chi/HenneHS13 fatcat:olwynrrvm5dh7ljldvqv53b3g4

Balancing Bicycle Sharing Systems: A Variable Neighborhood Search Approach [chapter]

Marian Rainer-Harbach, Petrina Papazek, Bin Hu, Günther R. Raidl
2013 Lecture Notes in Computer Science  
We consider the necessary redistribution of bicycles in public bicycle sharing systems in order to avoid rental stations to run empty or entirely full. For this purpose we propose a general Variable Neighborhood Search (VNS) with an embedded Variable Neighborhood Descent (VND) that exploits a series of neighborhood structures. While this metaheuristic generates candidate routes for vehicles to visit unbalanced rental stations, the numbers of bikes to be loaded or unloaded at each stop are
more » ... ently derived by one of three alternative methods based on a greedy heuristic, a maximum flow calculation, and linear programming, respectively. Tests are performed on instances derived from real-world data and indicate that the VNS based on a greedy heuristic represents the best compromise for practice. In general the VNS yields good solutions and scales much better to larger instances than two mixed integer programming approaches.
doi:10.1007/978-3-642-37198-1_11 fatcat:mp4qtipr3vfbrfjo3ohev5ft5i

The Anatomy of Smartphone Unlocking

Marian Harbach, Alexander De Luca, Serge Egelman
2016 Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems - CHI '16  
In order to fill this gap, Harbach et al.  ...  The number of activations and unlocks per day align with the findings of Harbach et al. [12] .  ... 
doi:10.1145/2858036.2858267 dblp:conf/chi/HarbachLE16 fatcat:6lamfzzhvbb4vmx53mzo33uwz4

Visual access control for research ecosystems

Marian Harbach, Matthew Smith
2011 5th IEEE International Conference on Digital Ecosystems and Technologies (IEEE DEST 2011)  
Research ecosystems and the interactions of the participating entities can be complex. It has been shown that visualisation and network analysis can be used to provide insights into the system and the results can be utilised to facilitate management activities. Taking this approach in digital ecosystem research a step further, we propose to instrument the visualisations of a system's structure to operationalise this information for securing access to resources in research ecosystems. To this
more » ... , we present the concept of a visual approach to manage access control for distributed research ecosystems, based on a multi-purpose collaborative graph structure. Individuals are enabled to visually interact with the graph and contribute to access control decisions by jointly modelling the environment's structures and policies. Additionally, other administrative tasks can be instrumented to benefit from the explicit information contained in the structure. Using our approach, the burden of project management can be lightened by facilitating an integrated view of an inherently intricate environment.
doi:10.1109/dest.2011.5936606 fatcat:33wnxxk2ibbitkoswf2g2pxhgy

Sorry, I Don't Get It: An Analysis of Warning Message Texts [chapter]

Marian Harbach, Sascha Fahl, Polina Yakovleva, Matthew Smith
2013 Lecture Notes in Computer Science  
Security systems frequently rely on warning messages to convey important information, especially when a machine is not able to assess a situation automatically. There is a significant body of work studying the effects of warning message design on users with numerous suggestions on how to optimise their effectiveness. Design guidelines and best practises help the developer to display urgent information. In this paper, we present the first empirical analysis on the extent of the influence of
more » ... istic properties on the perceived difficulty of the descriptive text in warning messages. We evaluate warning messages extracted from current browsers and present linguistic properties that can improve a warning message text's perceived difficulty. Our results confirm that, while effects of attention, attitude and beliefs are at least as important as the linguistic complexity of the text, several steps can be taken to improve the text's difficulty perceived by the user.
doi:10.1007/978-3-642-41320-9_7 fatcat:u5kbxpuw7bhpndsgtkim3pw7v4

All our messages are belong to us

Marian Harbach, Sascha Fahl, Thomas Muders, Matthew Smith
2012 Proceedings of the 21st international conference companion on World Wide Web - WWW '12 Companion  
Current online social networking (OSN) sites pose severe risks to their users' privacy. Facebook in particular is capturing more and more of a user's past activities, sometimes starting from the day of birth. Instead of transiently passing on information between friends, a user's data is stored persistently and therefore subject to the risk of undesired disclosure. Traditionally, a regular user of a social network has little awareness of her privacy needs in the Web or is not ready to invest a
more » ... onsiderable effort in securing her online activities. Furthermore, the centralised nature of proprietary social networking platforms simply does not cater for end-to-end privacy protection mechanisms. In this paper, we present a non-disruptive and lightweight integration of a confidentiality mechanism into OSNs. Additionally, direct integration of visual security indicators into the OSN UI raise the awareness for (un)protected content and thus their own privacy. We present a fully-working prototype for Facebook and an initial usability study, showing that, on average, untrained users can be ready to use the service in three minutes.
doi:10.1145/2187980.2188106 dblp:conf/www/HarbachFMS12 fatcat:tqqs47votzhzhaxnzkumiiseyu

Rethinking SSL development in an appified world

Sascha Fahl, Marian Harbach, Henning Perl, Markus Koetter, Matthew Smith
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
The Secure Sockets Layer (SSL) is widely used to secure data transfers on the Internet. Previous studies have shown that the state of non-browser SSL code is catastrophic across a large variety of desktop applications and libraries as well as a large selection of Android apps, leaving users vulnerable to Man-in-the-Middle attacks (MITMAs). To determine possible causes of SSL problems on all major appified platforms, we extended the analysis to the walled-garden ecosystem of iOS, analyzed
more » ... e developer forums and conducted interviews with developers of vulnerable apps. Our results show that the root causes are not simply careless developers, but also limitations and issues of the current SSL development paradigm. Based on our findings, we derive a proposal to rethink the handling of SSL in the appified world and present a set of countermeasures to improve the handling of SSL using Android as a blueprint for other platforms. Our countermeasures prevent developers from willfully or accidentally breaking SSL certificate validation, offer support for extended features such as SSL Pinning and different SSL validation infrastructures, and protect users. We evaluated our solution against 13,500 popular Android apps and conducted developer interviews to judge the acceptance of our approach and found that our solution works well for all investigated apps and developers.
doi:10.1145/2508859.2516655 dblp:conf/ccs/FahlHPKS13 fatcat:rwgkzjafuzcmzdxoqduzqlmz6m

Helping Johnny 2.0 to encrypt his Facebook conversations

Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith, Uwe Sander
2012 Proceedings of the Eighth Symposium on Usable Privacy and Security - SOUPS '12  
Several billion Facebook messages are sent every day. While there are many solutions to email security whose usability has been extensively studied, little work has been done in the area of message security for Facebook and even less on the usability aspects in this area. To evaluate the need for such a mechanism, we conducted a screening study with 514 participants, which showed a clear desire to protect private messages on Facebook. We therefore proceeded to analyse the usability of existing
more » ... pproaches and extracted key design decisions for further evaluation. Based on this analysis, we conducted a laboratory study with 96 participants to analyse different usability aspects and requirements of a Facebook message encryption mechanism. Two key findings of our study are that automatic key management and key recovery capabilities are important features for such a mechanism. Following on from these studies, we designed and implemented a usable service-based encryption mechanism for Facebook conversations. In a final study with 15 participants, we analysed the usability of our solution. All participants were capable of successfully encrypting their Facebook conversations without error when using our service, and the mechanism was perceived as usable and useful. The results of our work suggest that in the context of the social web, new security/usability trade-offs can be explored to protect users more effectively.
doi:10.1145/2335356.2335371 dblp:conf/soups/FahlHMSS12 fatcat:ilti5vgkevhxjgkgplv4xtelte

Why eve and mallory love android

Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith, Lars Baumgärtner, Bernd Freisleben
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
Many Android apps have a legitimate need to communicate over the Internet and are then responsible for protecting potentially sensitive data during transit. This paper seeks to better understand the potential security threats posed by benign Android apps that use the SSL/TLS protocols to protect data they transmit. Since the lack of visual security indicators for SSL/TLS usage and the inadequate use of SSL/TLS can be exploited to launch Man-in-the-Middle (MITM) attacks, an analysis of 13,500
more » ... ular free apps downloaded from Google's Play Market is presented. We introduce MalloDroid, a tool to detect potential vulnerability against MITM attacks. Our analysis revealed that 1,074 (8.0%) of the apps examined contain SSL/TLS code that is potentially vulnerable to MITM attacks. Various forms of SSL/TLS misuse were discovered during a further manual audit of 100 selected apps that allowed us to successfully launch MITM attacks against 41 apps and gather a large variety of sensitive data. Furthermore, an online survey was conducted to evaluate users' perceptions of certificate warnings and HTTPS visual security indicators in Android's browser, showing that half of the 754 participating users were not able to correctly judge whether their browser session was protected by SSL/TLS or not. We conclude by considering the implications of these findings and discuss several countermeasures with which these problems could be alleviated.
doi:10.1145/2382196.2382205 dblp:conf/ccs/FahlHMSBF12 fatcat:i65axas35nfrdmocpajtv4n4ae

Towards a translational medical research ecosystem

Matthew Smith, Marian Harbach, Andrew Lewis, Susanne Mertins, Lyn Griffiths
2011 5th IEEE International Conference on Digital Ecosystems and Technologies (IEEE DEST 2011)  
In this paper we introduce a novel design for a translational medical research ecosystem. Translational medical research is an emerging field of work with the aim to bridge the gap between basic medical science research and clinical research/patient care. We analyze the key challenges for digital ecosystems for translational research, based on real world scenarios posed by the Lab for Translational Research at the Harvard Medical School and the Genomics Research Centre of the Griffith
more » ... , and show how traditional IT approaches fail to fulfill these challenges. We then introduce our novel translational research ecosystem. Several key contributions are made: A novel approach to managing ad-hoc research ecosystems is introduced; a new security model for translational research is developed which allows each participating cite to retain control over it's data and define it's own policies to ensure legal and ethical compliance; a novel interactive access control framework allows users to easily share data while adhering to their organization's policies.
doi:10.1109/dest.2011.5936609 fatcat:maf254giozhqnoczfvhbqkfqqu

On the ecological validity of a password study

Sascha Fahl, Marian Harbach, Yasemin Acar, Matthew Smith
2013 Proceedings of the Ninth Symposium on Usable Privacy and Security - SOUPS '13  
The ecological validity of password studies is a complex topic and difficult to quantify. Most researchers who conduct password user studies try to address the issue in their study design. However, the methods researchers use to try to improve ecological validity vary and some methods even contradict each other. One reason for this is that the very nature of the problem of ecological validity of password studies is hard to study, due to the lack of ground truth. In this paper, we present a
more » ... on the ecological validity of password studies designed specifically to shed light on this issue. We were able to compare the behavior of 645 study participants with their real world password choices. We conducted both online and laboratory studies, under priming and non-priming conditions, to be able to evaluate the effects of these different forms of password studies. While our study is able to investigate only one specific password environment used by a limited population and thus cannot answer all questions about ecological validity, it does represent a first important step in judging the impact of ecological validity on password studies.
doi:10.1145/2501604.2501617 dblp:conf/soups/FahlHAS13 fatcat:ohbiyld3ejcbbgdsy7wpl6wphi

Who's Afraid of Which Bad Wolf? A Survey of IT Security Risk Awareness

Marian Harbach, Sascha Fahl, Matthew Smith
2014 2014 IEEE 27th Computer Security Foundations Symposium  
The perception of risk has been established as an important part of the study of human aspects of security research. Similarly, risk awareness is often considered a central precursor for the adoption of security mechanisms and how people use them and interact with them. However, the state of risk awareness in users during their everyday use of the modern Internet has not been studied in detail. While it is well known that users have a limited "budget" for security behavior and that trying to
more » ... rce them into considering additional risks does not work well, it remains unclear which risks are on users' minds and therefore already accounted for in terms of their budget. Hence, assessing which risks and which consequences users currently perceive when using information technology is an important and currently overlooked foundation to shape usability aspects of IT security mechanisms. In this paper, we present a survey of risk and consequence awareness in users, analyze how this may influence the current lack of adoption for improved security measures, and make recommendations how this situation can be alleviated.
doi:10.1109/csf.2014.15 dblp:conf/csfw/HarbachFS14 fatcat:sfkzipla3rc5vjmhlmzeuclz7u

Balancing Bicycle Sharing Systems: Improving a VNS by Efficiently Determining Optimal Loading Operations [chapter]

Günther R. Raidl, Bin Hu, Marian Rainer-Harbach, Petrina Papazek
2013 Lecture Notes in Computer Science  
Public bike sharing systems are important alternatives to motorized individual traffic and are gaining popularity in larger cities worldwide. In order to maintain user satisfaction, operators need to actively rebalance the systems so that there are enough bikes available for rental as well as sufficient free slots for returning them at each station. This is done by a vehicle fleet that moves bikes among the stations. In a previous work we presented a variable neighborhood search metaheuristic
more » ... r finding effective vehicle routes and three different auxiliary procedures to calculate loading operations for each candidate solution. For the most flexible auxiliary procedure based on LP, the current work provides a new, practically more efficient method for calculating proven optimal loading operations based on two maximum flow computations. The different strategies for determining loading operations are further applied in combination controlled by an additional neighborhood structure. Experimental results indicate that this combined approach yields significantly better results than the original variable neighborhood search.
doi:10.1007/978-3-642-38516-2_11 fatcat:r7hztbnevjegjbpiobqu5bi5dm
« Previous Showing results 1 — 15 out of 50 results