121 research outputs found
Mass surveillance in cyberspace and the lost art of keeping a secret:Policy Lessons for Government After the Snowden Leaks
Global security concerns, acts of terrorism and organised crime activity have motivated nation states to delve into implementing measures of mass surveillance in cyberspace, the breadth of which was partly revealed by the whistleblower Edward Snowden. But are modern nation states fighting a battle in the wrong space? Is mass surveillance of cyberspace effective and are the conventional metaphors of technology control appropriate for it? Can algorithms detect, classify and decide effectively on what constitutes suspicious activity? We argue that as cyberspace is a construct that has only recently been viewed strategically, let alone indoctrinated (the UKs cyber-security strategy is only four years old), the societal impact of such bulk measures is yet much unclear – as are the assumptions about the fitness of state organisations that are charged with their oversight and the potential for unintended consequences. Recent experiences highlight the role of multiple forms of intelligence inputs, especially human- and community-based, and the need for application of such intrusive measures in a targeted manner. We believe that intrusive measures, where necessary, must be used decoupled from the seductive promises of advanced technology and ought to go hand-in-hand with means that strengthen the affected communities to identify, report and battle extremism and organised crime, in ways that safeguard the fundamental principles of our contemporary democratic Western states
Supporting data for "Rapid Deployment of a WSN on the Clifton Suspension Bridge, UK"
Data record contains data required to produce the plots shown in figures 4, 6, 7 and 8 from: Gunner, S, Vardanega, P. J., Tryfonas, T., Macdonald, J. H. G and Wilson, R. E. (2017) Rapid Deployment of a WSN on the Clifton Suspension Bridge, UK. 'Proceedings of the Institution of Civil Engineers - Smart Infrastructure and Construction
Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method
One of the most popular contemporary graphical password approaches is the Pattern-Lock authentication mechanism that comes integrated with the Android mobile operating system. In this paper we investigate the impact of password strength meters on the selection of a perceivably secure pattern. We first define a suitable metric to measure pattern strength, taking into account the constraints imposed by the Pattern-Lock mechanism's design. We then implement an app via which we conduct a survey for Android users, retaining demographic information of responders and their perceptions on what constitutes a pattern complex enough to be secure. Subsequently, we display a pattern strength meter to the participant and investigate whether this additional prompt influences the user to change their pattern to a more effective and complex one. We also investigate potential correlations between our findings and results of a previous pilot study in order to detect any significant biases on setting a Pattern-Lock
Compositional security modelling: structure, economics, and behaviour
Security managers face the challenge of formulating and implementing policies that deliver their desired system security postures --- for example, their preferred balance of confidentiality, integrity, and availability --- within budget (monetary and otherwise). In this paper, we describe a security modelling methodology, grounded in rigorous mathematical systems modelling and economics, that captures the managers' policies and the behavioural choices of agents operating within the system. Models are executable, so allowing systematic experimental exploration of the system-policy co-design space, and compositional, so managing the complexity of large-scale systems
Reminding Users of their Privacy at the Point of Interaction: The Effect of Privacy Salience on Disclosure Behaviour
A comparative study of android users’ privacy preferences under the runtime permission model
Android users recently were given the ability to selectively grant access to sensitive resources of their mobile devices when apps request them at runtime. The Android fine-grained runtime permission model has been gracefully accepted by the majority of users, who also seem to be consistent regarding their privacy and security preferences. In this paper we analyse permission data collected by Android devices that were utilising the runtime permission model. The reconstructed data represent apps’ settings snapshots. We compare behavioural insights extracted from the acquired data with users’ privacy preferences reported in our previous work. In addition, compared with the responses received from another group of mobile device users, users’ privacy settings seem to be affected by the functionality of apps. Furthermore, we advise visual schemata that describe users’ privacy settings and point out a usability issue regarding the installation process of Android apps under the runtime permission model
Towards a conceptualisation of cloud (Cyber) crime
The term ‘Cloud’ is a misnomer that diverts attention from the level of conceptual clarification that is needed to understand the implications of cloud technologies upon criminal behavior, crime analysis and also law enforcement. Cloud technologies have increased computing power and storage capacity whilst reducing the cost of computing; all are qualities that have not been lost on criminals who have been using them to commit DDoS attacks, Data theft, mass spam attacks and other mass cyber-dependent crimes. This paper offers a framework for conceptualising cybercrimes in the cloud (cloud crimes) and for understanding how they drive offenders and affect victims. It also outlines the key challenges for law enforcement
A Generic Cognitive Dimensions Questionnaire to Evaluate the Usability of Security APIs
Programmers use security APIs to embed security into the applications they develop. Security vulnerabilities get introduced into those applications, due to the usability issues that exist in the security APIs. Improving usability of security APIs would contribute to improve the security of applications that programmers develop. However, currently there is no methodology to evaluate the usability of security APIs. In this study, we attempt to improve the Cognitive Dimensions framework based API usability evaluation methodology, to evaluate the usability of security APIs
No Good Reason to Remove Features: Expert Users Value Useful Apps over Secure Ones
Application sandboxes are an essential security mechanism to contain malware. Yet, they are seldom used on Desktops. We hypothesise this is because sandboxes are incompatible with plugins, and with APIs used to implement a wide variety of Desktop features. To verify this, we interviewed 13 expert users about their app appropriation decisions, and illustrate how they recruit values like usefulness, productivity or reliability in their decisions. We found that (a) security is an unimportant factor for appropriation; (b) plugins considerably support productivity needs and (c) users may abandon apps that remove a feature, especially for feature removals justified by security. Productivity-oriented expert Desktop users place more value in a stable user experience and in having flexible apps than in security benefits. Sandboxing thus conflicts with their values. We conclude that for sandboxed apps to be systematically adoptable by expert users, sandboxes must no longer require the sacrifice of plugins and features found in Desktop apps
- …
