Users need useful mechanisms for sharing their Web 2.0 content with each other in a controlled manner across boundaries of content-hosting and service providers (CSPs). In this paper, we discuss open problems and research opportunities in the domain of Web 2.0 content sharing among users. We explore issues in the categories of user needs, current sharing solutions provided by CSPs, and distributed access-control related technologies. For each open problem, we discuss existing and potential solutions, and point out areas for future work.
Open problems in Web 2.0 user content sharing
↧
↧
Analysis of ANSI RBAC Support in COM+
We analyze access control mechanisms of the COM+ architecture and define a configuration of the COM+ protection system in more precise and less ambiguous language than the COM+ documentation. Using this configuration, we suggest an algorithm that formally specifies the semantics of authorization decisions in COM+. We analyze the level of support for the American National Standard Institute's (ANSI) specification of role-based access control (RBAC) components and functional specification in COM+. Our results indicate that COM+ falls short of supporting even Core RBAC. The main limitations exist due to the tight integration of the COM+ architecture with the underlying operating system, which prevents support for session management and role activation, as specified in ANSI RBAC.
↧
Do Windows Users Follow the Principle of Least Privilege? Investigating User Account Control Practices
The principle of least privilege requires that users and their programs be granted the most restrictive set of privileges possible to perform required tasks in order to limit the damages caused by security incidents. Low-privileged user accounts (LUA) and user account control (UAC) in Windows Vista and Windows 7 are two practical implementations of this principle. To be successful, however, users must apply due diligence, use appropriate accounts, and respond correctly to UAC prompts. With a user study and contextual interviews, we investigated the motives, understanding, behaviour, and challenges users face when working with user accounts and the UAC. Our results show that 69% of participants did not apply the UAC approach correctly. All 45 participants used an administrator user account, and 91% were not aware of the benefits of low-privilege user accounts or the risks of high-privilege ones. Their knowledge and experience were limited to the restricted rights of low-privilege accounts. Based on our findings, we offer recommendations to improve the UAC and LUA approaches.
↧
"I did it because I trusted you": Challenges with the Study Environment Biasing Participant Behaviours
We recently replicated and extended a 2009 study that investigated the effectiveness of SSL warnings. Our experimental design aimed to mitigate some of the limitations of that prior study, including allowing participants to use their web browser of choice and recruiting a more representative user sample. However, during this study we observed and measured a strong bias in participants’ behaviour due to the laboratory environment. In this paper we discuss the challenges of observing natural behaviour in a study environment, as well as the challenges of replicating previous studies, given the rapid changes in web technology. Finally, we propose alternatives to traditional laboratory study methodologies that can be considered by the usable security research community when investigating research questions involving sensitive data where trust may influence behaviour.
↧
Poster: Validating and Extending a Study on the Effectiveness of SSL Warnings
We recently replicated and extended a 2009 study that investigated the effectiveness of SSL warnings. The original study was conducted at CMU by Sunshine et al. [2], and we will refer to it as the CMU study. As in the CMU study, we required participants to perform a series of tasks; and we observed their reactions to SSL warnings that were presented to them. After they completed the tasks, we asked them to complete an online questionnaire where we asked about their reasoning behind their actions during the study’s tasks. We designed our experiment in such a way so as to mitigate some of the limitations of the prior work, including allowing participants to use their web browser of choice and recruiting a more representative user population. Our research is a work in progress, thus data collection and analysis are still underway. However, our preliminary analysis indicates interesting findings and differences with the findings of the CMU study. We have observed an impact of components we introduced in the study (i.e., broader population and usage of the browser of participant’s choice) on the results. We plan to have completed data collection and analysis by the time the poster session will be held.
↧
↧
Poster: OpenIDemail Enabled Browser, Towards Fixing the Broken Web Single Sign-On Triangle
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). We propose a browser-based Web SSO solution that requires minimal user interaction and provide RPs with clear value propositions to motivate their adoption. Our approach builds OpenID support into web browsers, hides OpenID identifiers from users by using their existing email accounts, extends the OpenID protocol to perform authentication directly by browsers, and introduces an OpenIDAuth HTTP access authentication scheme to convey authenticated identities automatically into websites that support OpenID for authentication. Based on our approach, web users authenticate with their existing email accounts/passwords directly within a browser. With the users' consent, their identities transparently flow into OpenID-enabled websites without additional log-on steps. Our approach embeds an intuitive and consistent login experience for web users in the browser and provides RPs with instant marketable leads and the potential for gradual engagement to motivate their adoption.
↧
Expectations, Perceptions, and Misconceptions of Personal Firewalls
In this research, our goal is to better understand users' knowledge, expectations, perceptions, and misconceptions of personal firewalls. We conducted interviews with 30 participants and analyzed the data using qualitative description. In this paper we present our results and examine their implications for the design of personal firewalls.
↧
The Challenges of Understanding Users’ Security-related Knowledge, Behaviour, and Motivations
In order to improve current security solutions or devise novel ones, it is important to understand users' knowledge, behaviour, motivations and challenges in using a security solution. However, achieving this understanding is challenging because of the limitations of current research methodologies. We have been investigating the experiences of users with two practical implementations of the principle of least privilege (PLP) Windows Vista and Windows 7. PLP requires that users be granted the most restrictive set of privileges possible for performing the task at hand; in other words, they should not use accounts with administrator privileges. By following this principle, users will be better protected from malware, security attacks, accidental or intentional modifications to system configurations, and accidental or intentional unauthorized access to confidential data. To obtain an understanding of their knowledge, behaviour, motivations and challenges in following PLP, we had participants complete realistic tasks during a lab study that would raise user account control prompts and then performed a contextual interview to probe their behaviours. We faced numerous challenges during our study, including reflecting the realistic behaviour of participants, understanding their knowledge and challenges managing their user accounts and dealing with security warnings, and generalizing our results to a wider community. We discuss how we addressed these challenges, how well our methodological design decisions worked, and the ongoing challenges.
↧
Challenges in evaluating complex IT security management systems
Performing ecologically valid user studies for IT security management (ITSM) systems is challenging. The users of these systems are security professionals who are difficult to recruit for interviews, let alone controlled user studies. Furthermore, evaluation of ITSM systems inherits the difficulties of studying collaborative and complex systems. During our research, we have encountered many challenges in studying ITSM systems in their real context of use. This has resulted in us investigating how other usability evaluation methods could be viable components for identifying usability problems in ITSM tools. However, such methods need to be evaluated and proven to be effective before their use. This paper provides an overview of the challenges of performing controlled user studies for usability evaluation of ITSM systems and proposes heuristic evaluation as a component of usability evaluations of these tools. We also discuss our methodology for evaluating a new set of usability heuristics for ITSM and the unique challenges of running user studies for evaluating usability evaluation methods.
↧
↧
A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On
OpenID and InfoCard are two mainstream Web single sign-on (SSO) solutions intended for Internet-scale adoption. While they are technically sound, the business model of these solutions does not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). In addition, the pressure from users and identity providers (IdPs) is not strong enough to drive CSPs toward adopting Web SSO. As a result, there are currently over one billion OpenID-enabled user accounts provided by major CSPs, but only a few relying parties. In this paper, we discuss the problem of Web SSO adoption for RPs and argue that solutions in this space must offer RPs sufficient business incentives and trustworthy identity services in order to succeed. We suggest future Web SSO development should investigate RPs' business needs, identify IdP business models, and build trust frameworks. Moreover, we propose that Web SSO technology should shift from its current shared-identity paradigm to a true Web single sign-on and sign-out experience in order to function as a platform to motivate RPs' adoption.
↧
OpenIDemail Enabled Browser: Towards Fixing the Broken Web Single Sign-On Triangle
Current Web single sign-on (SSO) solutions impose a cognitive burden on web users and do not provide content-hosting and service providers (CSPs) with sufficient incentives to become relying parties (RPs). We propose a browser-based Web SSO solution that requires minimal user interaction and provide RPs with clear value propositions to motivate their adoption. Our approach builds OpenID support into web browsers, hides OpenID identifiers from users by using their existing email accounts, extends the OpenID protocol to perform authentication directly by browsers, and introduces an OpenIDAuth HTTP access authentication scheme to convey authenticated identities automatically into websites that support OpenID for authentication. Our solution embeds an intuitive and consistent login experience for web users in the browser; to motivate adoption by RPs, it provides them with instant marketable leads and the potential for gradual engagement of site visitors.
↧
It's Too Complicated, So I Turned It Off! Expectations, Perceptions, and Misconceptions of Personal Firewalls
Even though personal firewalls are an important aspect of security for the users of personal computers, little attention has been given to their usability. We conducted semi-structured interviews with a diverse set of participants to gain an understanding of their knowledge, requirements, perceptions, and misconceptions of personal firewalls. Through a qualitative analysis of the data, we found that most of our participants were not aware of the functionality of personal firewalls and their role in protecting computers. Most of our participants required different levels of protection from their personal firewalls in different contexts. The most important factors that affect their requirements are their activity, the network settings, and the people in the network. The requirements and preferences for their interaction with a personal firewall varied based on their levels of security knowledge and expertise. We discuss implications of our results for the design of personal firewalls. We recommend integrating the personal firewall with other security applications, adjusting its behavior based on users' levels of security knowledge, and providing different levels of protection based on context. We also provide implications for automating personal firewall decisions and designing better warnings and notices.
↧
Toward Understanding Distributed Cognition in IT Security Management: The Role of Cues and Norms
Information technology security management (ITSM) entails significant challenges, including the distribution of tasks and stakeholders across the organization, the need for security practitioners to cooperate with others, and technological complexity. We investigate the organizational processes in ITSM using qualitative analysis of interviews with ITSM practitioners. To account for the distributed nature of ITSM, we utilized and extended a distributed cognition framework that includes as key aspects the themes of cues and norms. We show how ITSM challenges foster under-use of cues and norms, which comprises a type of risk that may result in outcomes that are adverse to the organization's interests. Throughout, we use scenarios told by our participants to illustrate the various concepts related to cues and norms as well as ITSM breakdowns.
↧
↧
OpenID Security Analysis and Evaluation
OpenID is a promising user-centric Web single sign-on protocol. According to the OpenID Foundation, there are currently more than one billion OpenID-enabled user accounts provided by major service providers such as Google, Yahoo and AOL. In this presentation, I will present OpenID security analysis and the evaluation results on 200 OpenID-enabled websites. Our preliminary result shows that more than 50% of OpenID-enabled websites are vulnerable to cross-site request forgery attack (CSRF) that allow an attacker to modify the victim's account profile information directly; and 75% of evaluated websites allow an attacker to force the victim to login their websites as the attacker stealthily. With additional practical adversary capabilities (e.g., trick users to use a malicious wireless access point or install a malicious browser extension) that enable an attacker to intercept the authentication response from the identity provider, the attacker can impersonate the victim on 65% of OpenID-enabled websites and re-masquerade the victim on 6% of the websites by simply applying the intercepted authentication responses. To the end, I will demonstrate the attack vectors employed in the evaluation process and discuss our proposed countermeasure for the current OpenID-enabled websites and future OpenID specification.
↧
Towards Improving the Performance of Enterprise Authorization Systems using Speculative Authorization
With the emergence of tighter corporate policies and government regulations, access control has become an integral part of business requirements in enterprises. The authorization process in enterprise systems follow the request-response model, where a policy enforcement point intercepts application requests, obtains authorization decisions from a remote policy decision point, and enforces those decisions. The two advantages of this model are (1) the separation between the application and authorization logic (2) reduction of authorization policy administration. However, the authorization process adds to the already existing latency for accessing resources, affecting enterprises negatively in terms of responsiveness of their systems. This dissertation presents an approach to reduce latency introduced by the authorization process. We present Speculative Authorization (SPAN), a prediction technique to address the problem of latency in enterprise authorization systems. SPAN predicts the possible future requests that could be made by a client, based on the present and past behavior of the client. Authorization decisions to the predicted requests are fetched even before the requests are made by the client, thus reducing the latency. SPAN is designed using a clustering technique that combines information about requests made by different clients in order to make predictions for a particular client. We present our results in terms of hit rate and precision, and demonstrate that SPAN improves the performance of authorization infrastructures. We also calculate the additional load incurred by the system to compute responses to the predicted requests, and provide measures to reduce the unnecessary load. Caching is a simple and inexpensive technique, popularly used to improve the latency of enterprise authorization systems. On the other hand, we have not seen any implementation of techniques like SPAN to reduce latency. To demonstrate the effectiveness of such techniques, we implement caching and SPAN in the same system, and show that combining the two techniques can further improve the performance of access control systems.
↧
Speculative Authorization
As enterprises aim towards achieving zero latency for their systems, latency introduced by authorization process can act as an obstacle towards achieving their goal. We present \emph{\underline{Sp}eculative \underline{A}uthorizatio\underline{n}} (SPAN), a prediction technique to address the problem of latency in enterprise authorization systems. SPAN predicts the possible future requests that could be made by a client, based on the present and past behavior of the client. Authorization decisions to the predicted requests are fetched even before the requests are made by the client, thus reducing the authorization latency virtually to zero. Our implementation indicates that systems deploying SPAN can obtain zero authorization latency for almost $60\%$ of the requests made by the client. We discuss the additional load incurred by the systems to compute responses to the predicted requests, and provide measures to reduce the unnecessary load. We also compare the benefits of deploying caching and SPAN in the same system, and find that SPAN can effectively improve the performance of systems with smaller sizes of cache.
↧
OpenID-Enabled Browser: Towards Usable and Secure Web Single Sign-On
OpenID is an open and promising Web single sign-on solution; however, the interaction flows provided by OpenID are inconsistent and counter-intuitive, and vulnerable to phishing attacks. In this work, we investigated the challenges web users face when using OpenID for authentication, and designed a phishing-resistant, privacy-preserving browser add-on to provide a consistent and intuitive single sign-on user experience for the average web users.
↧
↧
Promoting A Physical Security Mental Model For Personal Firewall Warnings
We used an iterative process to design personal firewall warnings in which the functionality of a firewall is visualized based on a physical security mental model. We performed a study to determine the degree to which our proposed warnings are understandable for our participants, and the degree to which they convey the risks and encourage safe behavior as compared to warnings based on those from a popular personal firewall. Initial results show that our warnings facilitate the comprehension of warning information, better communicate risk, and increase the likelihood of safe behavior. Moreover, they provided participants with a better understanding of both the functionality of a personal firewall and the consequences of their actions.
↧
Heuristics for Evaluating IT Security Management Tools
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. However, ITSM occurs within a complex and collaborative context that involves diverse stakeholders; this makes standard usability heuristics difficult to apply. We propose a set of ITSM usability heuristics that are based on activity theory and supported by prior research. We performed a study to compare the use of the ITSM heuristics to Nielsen's heuristics for the evaluation of a commercial identity management system. Our preliminary results show that our new ITSM heuristics performed well in finding usability problems. However, we need to perform the study with more participants and perform more detailed analysis to precisely show the differences in applying the ITSM heuristics as compared to Nielsen’s heuristics.
↧
Towards Improving the Usability of Personal Firewalls
Even though personal firewalls are an important aspect of security for the users of personal computers, little attention has been given to their usability. An initial series of usability studies on the Windows Vista firewall that we performed revealed that the participants' lack of an accurate mental model about the firewall's system model significantly contributed to their errors when configuring the firewall. The goal of this thesis research was to build upon these findings and improve the usability of personal firewalls. To do so, we redesigned the user interface of the Vista firewall to more accurately reflect its system model. The results of a laboratory study showed that the modified interface design helped participants to develop more effective mental models of the firewall and improve their understanding of the firewall's configuration, resulted in fewer potentially dangerous errors. However, participants' comments about personal firewalls revealed that it was important to better understand the users' knowledge, expectations, perceptions, and misconceptions of personal firewalls in order to successfully manage design tradeoffs. We performed a follow-up study, where we conducted semi-structured interviews with a diverse set of participants. Through a qualitative analysis of the data, we found that most of the participants were unaware of the functionality of firewalls and their role in protecting computers. More interestingly, we found that the interaction of most participants with firewalls was limited to responding to warnings, which ask them to allow or block a connection. Therefore, it is crucial to design firewall warnings that are understandable for users, which should result in fewer errors in allowing unwanted connections. We proposed a novel firewall warning design in which the functionality of a personal firewall is visualized based on a physical security mental model. The results of a laboratory study showed that the new warnings facilitated the comprehension of warning information, better communicated the risk, and increased the likelihood of safe behavior compared to warnings based on those from a popular personal firewall. Moreover, the new warnings provided participants with a better understanding of both the functionality of a personal firewall and the consequences of their actions.
↧
More Pages to Explore .....
