1,721,122 research outputs found
Empowering end-users in the specification of security rules
No full textWith the rapid growth of Internet-of-Things (IoT) devices, especially in the context of smart homes, enduser programming is becoming increasingly common to easily create new functionalities by connecting IoT devices and online services using simple rules, such as event-condition-action (ECA) rules. Unfortunately, IoT devices and platforms are vulnerable under security terms, and the possible countermeasures to security threats are completely hidden to end-users. This position paper presents the idea of involving end-users in the management of security risks. In particular, we describe how existing ECA rules could be expanded to deal with security aspects, and possible strategies to support end-users in the definition and customization of security rules
Towards a Classification Model for Identifying Risky IFTTT Applets
No full textWith the rapid growth of Internet-of-Things (IoT) devices, especially in the context of smart homes, we witnessed the rise of different services aimed at providing end-users with tools for the definition of custom behaviors. Among these, If-This-Than-That (IFTTT) became the most used end-user programming tool for creating event-condition-action (ECA) rules. However, while defining such rules, end-users might expose both their smart devices and personal information to security and privacy threats. This paper presents the progress achieved in the definition of a classification model based on neural networks for the identification of possible security and privacy issues within an IFTTT applet
Towards Explainable Security for ECA Rules
No full textWith the rise in popularity of smart objects and online services, the use of Trigger-Action Platforms for the definition of custom behaviors is growing significantly. These platforms enable end-users to create Event-Condition-Action (ECA) rules for triggering actions upon event occurrences on physical devices or online services in different domains. ECA rules could easily expose end-users to security risks mainly due to their low level of knowledge and awareness. To alleviate this problem, classification models can be used for identifying possible security issues that ECA rules could inflict when triggered. However, the results produced by these classifiers may not be understood by end-users. This position paper provides first insights concerning the application of AI models for generating natural language explanations according to the identified risks of ECA rules
Towards a Classification Model for Identifying Risky IFTTT Applets
No full textWith the rapid growth of Internet-of-Things (IoT) devices, especially in the context of smart homes, we witnessed the rise of different services aimed at providing end-users with tools for the definition of custom behaviors. Among these, If-This-Than-That (IFTTT) became the most used end-user programming tool for creating event-condition-action (ECA) rules. However, while defining such rules, end-users might expose both their smart devices and personal information to security and privacy threats. This paper presents the progress achieved in the definition of a classification model based on neural networks for the identification of possible security and privacy issues within an IFTTT applet
Towards Explainable Security for ECA Rules
No full textWith the rise in popularity of smart objects and online services, the use of Trigger-Action Platforms for the definition of custom behaviors is growing significantly. These platforms enable end-users to create Event-Condition-Action (ECA) rules for triggering actions upon event occurrences on physical devices or online services in different domains. ECA rules could easily expose end-users to security risks mainly due to their low level of knowledge and awareness. To alleviate this problem, classification models can be used for identifying possible security issues that ECA rules could inflict when triggered. However, the results produced by these classifiers may not be understood by end-users. This position paper provides first insights concerning the application of AI models for generating natural language explanations according to the identified risks of ECA rules
CHRAVAT - Chronology Awareness Visual Analytic Tool
No full textNowadays, the amount of information spread over networks is extremely large, and many sensible data are granted by legitimate owners aiming to exploit different networking services. In particular, the majority of people give their own consent for processing personal data without understanding how network providers will manage them, and if they will be shared among different network providers. In this paper, we propose a tool exploiting visualization techniques in order to make a user aware of how his/her personal data are exchanged and shared during daily web browsing activities. In particular, the proposed tool enables a user to interactively visualize the communication flows during the aforesaid browsing process, and to discover possibly hidden network providers involved in it. Moreover, the graphical interface also provides real-time summary graphs, which show the amount of information acquired from the network. Finally, we performed several users studies aiming to analyse how the tool can improve the user's perception on the privacy issues that s/he is exposed to. Results demonstrate the effectiveness of the proposed tool
Empowering end-users in the specification of security rules
No full textWith the rapid growth of Internet-of-Things (IoT) devices, especially in the context of smart homes, enduser programming is becoming increasingly common to easily create new functionalities by connecting IoT devices and online services using simple rules, such as event-condition-action (ECA) rules. Unfortunately, IoT devices and platforms are vulnerable under security terms, and the possible countermeasures to security threats are completely hidden to end-users. This position paper presents the idea of involving end-users in the management of security risks. In particular, we describe how existing ECA rules could be expanded to deal with security aspects, and possible strategies to support end-users in the definition and customization of security rules
Investigating the COVID-19 vaccine discussions on Twitter through a multilayer network-based approach
No full textModeling discussions on social networks is a challenging task, especially if we consider sensitive topics, such as politics or healthcare. However, the knowledge hidden in these debates helps to investigate trends and opinions and to identify the cohesion of users when they deal with a specific topic. To this end, we propose a general multilayer network approach to investigate discussions on a social network. In order to prove the validity of our model, we apply it on a Twitter dataset containing tweets concerning opinions on COVID-19 vaccines. We extract a set of relevant hashtags (i.e., gold-standard hashtags) for each line of thought (i.e., pro-vaxxer, neutral, and anti-vaxxer). Then, thanks to our multilayer network model, we figure out that the anti-vaxxers tend to have ego networks denser (+14.39%) and more cohesive (+64.2%) than the ones of pro-vaxxer, which leads to a higher number of interactions among anti-vaxxers than pro-vaxxers (+393.89%). Finally, we report a comparison between our approach and one based on single networks analysis. We prove the effectiveness of our model to extract influencers having ego networks with more nodes (+40.46%), edges (+39.36%), and interactions with their neighbors (+28.56%) with respect to the other approach. As a result, these influential users are much more important to analyze and can provide more valuable information
Task Automation Systems to Secure Smart Environments
No full textTask automation systems (TAS) allow users to customize the behaviour of their smart devices according to their daily and personal needs. However, they do not address the security and privacy threats that can arise from the use and composition of smart devices. To democratize cybersecurity in smart environments, TASs should enable both experts and novices to protect their devices from external threats. This paper reports a study that investigated the mental models of cybersecurity novices and experts when defining security policies using the trigger-action paradigm provided by TAS. The results of this study guided the design of prototype solutions that extend a TAS, called EFESTO-5W, to allow both experts and lay users to define the security policies for IoT devices
Dependency Visualization in Data Stream Profiling
No full textData stream profiling concerns the automatic extraction of metadata from a data stream, without having the possibility to store it. Among the metadata of interest, functional dependencies (FDs), and their extensions relaxed functional dependencies (RFDs), represent an important semantic property of data. Nowadays, there are many algorithms for automatically discovering them from static datasets, and some are being proposed for data streams. However, one of the main problems is that the stream nature of data requires a different paradigm of monitoring, since the “big” number of (R)FDs that might hold on a given dataset continuously change as new data are read from the stream. In this paper, we present a tool for visualizing RFDs discovered from a data stream. The tool permits to explore results for different types of RFDs, and uses quantitative measures to monitor how discovery results evolve. Moreover, the tool enables the comparison among RFDs discovered across several executions, also proving visual manipulation operators to dynamically compose and filter results. A user study has been conducted to assess the effectiveness of the proposed visualization tool
- …
