A pragmatic approach to the formal specification of interactive systems

Doherty, Gavin John

January 1999

No description available.

005

Improving intrusion prevention, detection and response

Ibrahim, Tarik Mohamed Abdel-Kader

January 2011

In the face of a wide range of attacks, Intrusion Detection Systems (IDS) and other Internet security tools represent potentially valuable safeguards to identify and combat the problems facing online systems. However, despite the fact that a variety of commercial and open source solutions are available across a range of operating systems and network platforms, it is notable that the deployment of IDS is often markedly less than other well-known network security countermeasures and other tools may often be used in an ineffective manner. This thesis considers the challenges that users may face while using IDS, by conducting a web-based questionnaire to assess these challenges. The challenges that are used in the questionnaire were gathered from the well-established literature. The participants responses varies between being with or against selecting them as challenges but all the listed challenges approved that they are consider problems in the IDS field. The aim of the research is to propose a novel set of Human Computer Interaction-Security (HCI-S) usability criteria based on the findings of the web-based questionnaire. Moreover, these criteria were inspired from previous literature in the field of HCI. The novelty of the criteria is that they focus on the security aspects. The new criteria were promising when they were applied to Norton 360, a well known Internet security suite. Testing the alerts issued by security software was the initial step before testing other security software. Hence, a set of security software were selected and some alerts were triggered as a result of performing a penetration test conducted within a test-bed environment using the network scanner Nmap. The findings reveal that four of the HCI-S usability criteria were not fully addressed by all of these security software. Another aim of this thesis is to consider the development of a prototype to address the HCI-S usability criteria that seem to be overlooked in the existing security solutions. The thesis conducts a practical user trial and the findings are promising and attempt to find a proper solution to solve this problem. For instance, to take advantage of previous security decisions, it would be desirable for a system to consider the user‟s previous decisions on similar alerts, and modify alerts accordingly to account for the user‟s previous behaviour. Moreover, in order to give users a level of flexibility, it is important to enable them to make informed decisions, and to be able to recover from them if needed. It is important to address the proposed criteria that enable users to confirm / recover the impact of their decision, maintain an awareness of system status all the time, and to offer responses that match users‟ expectations. The outcome of the current study is a set of a proposed 16 HCI-S usability criteria that can be used to design and to assess security alerts issued by any Internet security suite. These criteria are not equally important and they vary between high, medium and low.

621.382

Security : Usability : HCI : HCI-S : IDS

Usability in a clinical context: Redesigning the user interface of a gait analysis system

Lindberg, Lena

January 2017

Gait analysis can be described as a study of human walking patterns. This is very useful in health care, since gait analysis can reveal important information about a patient, and be an aid in diagnosis and rehabilitation. Today gait analysis is done either by qualitative visual observation of the patient, or in resource demanding and advanced laboratory settings. Many studies have been done in the search for new technical solutions that enables quantitative gait analysis outside of the laboratory. The goal of this thesis was to evaluate the usability of a new gait analysis system and to find out how the user interface could be better adapted to the end user’s needs and goals. This was done by defining and using suitable methods for learning about the users, evaluating the system and by defining usability in a clinical setting. A redesigned prototype was then developed and tested. It was found that the original user interface had many usability issues and was in need of better adaption to the intended user group. Through user research personas and key user needs could be determined that became the basis for the design work, along with guidelines from previous studies within the field. The redesigned prototype was tested on potential end users. It was in this study determined that semi-structured interviews are suitable for learning about the users. Usability evaluation should preferably be done using a combination of evaluation that involves real end users and evaluation by usability experts. Guidelines for usability in clinical systems could also be defined. Considering the redesigned prototype, the users saw a great potential, and could see themselves using it in the future. The testing determined that the redesigned prototype managed to solve many of the usability issues found in the original design.

interaction design

usability

Interaction Technologies

Interaktionsteknik

Everyday Online Sharing

Sleeper, Manya

01 July 2016

People make a range of everyday decisions about how and whether to share content with different people, across different platforms and services, during a variety of tasks. These sharing decisions can encompass complex preferences and a variety of access-control dimensions. In this thesis I examine potential methods for improving sharing mechanisms by better understanding the everyday online sharing environment and evaluating a potential sharing tool. I first present two studies that explore how current sharing mechanisms may fall short on social networking sites, leading to suboptimal outcomes such as regret or self censorship. I discuss the implications of these suboptimal outcomes for the design of behavioral nudging tools and the potential for improving the design of selective-sharing mechanisms. I then draw on a third study to explore the broader “ecosystem” of available channels created by the services and platforms people move between and combine to share content in everyday contexts. I examine the role of selective-sharing features in the broader audience-driven and task-driven dynamics that drive sharing decisions in this environment. I discuss the implications of channel choice and dynamics for the design of selective-sharing mechanisms. Using insights from current shortfalls and ecosystem-level dynamics I then present a fourth study examining the potential for adding topic-driven sharing mechanisms to Facebook. I use design mockups and a lab-based interview to explore participants’ hypothetical use cases for such mechanisms. I find that these mechanisms could potentially be useful in a variety of situations, but successful implementation would require accounting for privacy requirements and users’ sharing strategies.

usability

privacy

social networking sites

access control

Modeling the Adversary to Evaluate Password Strength With Limited Samples

Komanduri, Saranga

01 March 2016

In an effort to improve security by preventing users from picking weak passwords, system administrators set password-composition policies, sets of requirements that passwords must meet. Guidelines for such policies have been published by various groups, including the National Institute of Standards and Technology (NIST) in the United States, but this guidance has not been empirically verified. In fact, our research group and others have discovered it to be inaccurate. In this thesis, we provide an improved metric for evaluating the security of password-composition policies, compared to previous machine-learning approaches. We make several major contributions to passwords research. First, we develop a guess-calculator framework that automatically learns a model of adversary guessing from a training set of prior data mixed with samples, and applies this model to a set of test passwords. Second, we find several enhancements to the underlying grammar that increase the power of the learning algorithm and improve guessing efficiency over previous approaches. Third, we use the guesscalculator framework to study the guessability of passwords under various policies and provide methodological and statistical guidance for conducting these studies and analyzing the results. While much of this thesis focuses on an offline-attack threat model in which an adversary can make trillions of guesses, we also provide guidance on evaluating policies under an online-attack model, where the user can only make a small number of guesses before being locked out by the authentication system.

passwords

security

usability

policy

modeling

statistics

Usability engineering for code-based multi-factor authentication

Roy, Graeme Stuart

January 2013

The increase in the use of online banking and other alternative banking channels has led to improved flexibility for customers but also an increase in the amount of fraud across these channels. The industry recommendation for banks and other financial institutions is to use multi-factor customer authentication to reduce the risk of identity theft and fraud for those choosing to use such banking channels. There are few multi-factor authentication solutions available for banks to use that offer a convenient security procedure across all banking channels. The CodeSure card presented in this research is such a device offering a convenient, multi-channel, two-factor code-based security solution based on the ubiquitous Chip-and-PIN bank card. In order for the CodeSure card to find acceptance as a usable security solution, it must be shown to be easy to use and it must also be easy for customers to understand what they are being asked to do, and how they can achieve it. This need for a usability study forms the basis of the research reported here. The CodeSure card is also shown to play a role in combating identity theft. With the growing popularity of online channels, this research also looks at the threat of phishing and malware, and awareness of users about these threats. Many banks have ceased the use of email as a means to communicate with their customers as a result of the phishing threat, and an investigation into using the CodeSure card's reverse (sender) authentication mode is explored as a potential solution in regaining trust in the email channel and reintroducing it as a means for the bank to communicate with its customers. In the 8 experiments presented in this study the CodeSure card was rated acceptably high in terms of mean usability. Overall, the research reported here is offered in support of the thesis that a usable security solution predicated on code-based multi-factor authentication will result in tangible improvements to actual security levels in banking and eCommerce services, and that the CodeSure card as described here can form the basis of such a usable security solution.

364.16

Security Design Flaws that Affect Usability in Online Banking

Gurlen, Stephanie

01 January 2013

As the popularity of online banking Websites has increased, the security of these sites has become increasingly critical as attacks against these sites are on the rise. However, the design decisions made during construction of the sites could make usability more difficult, where the user has difficulty making good security decisions. This study analyzed 6 design flaws of this nature: (a) a break in the chain of trust, (b) providing a secure login method on an unsecure page, (c) providing bank contact information or security advice on an unsecure page, (d) having policies that are insufficient for userids and passwords, (e) generating e-mails containing sensitive information that are sent in an unsecure manner, and (f) the multi-factor authentication solution consisting of the presentation of an image in combination with the userid and password. Each of these flaws can lead to security and usability issues. Analysis of 80 banking sites was performed to determine the frequency of the flaws. The sampling of banking institutions was determined from banking institution lists available from the Federal Deposit Insurance Corporation (FDIC). Banking institutions were selected from 5 bank charter classes. The banking sites were downloaded for static analysis. The analysis was performed through a combination of automated programs and manual review. The results found instances of all 6 design flaws. The most prevalent issue found was insufficient policies for userids and passwords. The second most prevalent design flaw was the break in the chain of trust. The design flaw with the smallest number of occurrences was emailing sensitive information in an unsecure manner. The banking charter class of the banking institution did not appear to have a relationship to the frequency of the flaws. However, it appears that banking institutions with a smaller asset size have a higher frequency of the flaws than those with a larger asset size. It is recommended that banking institutions address these design flaws to improve usability for their customers while improving security.

Online Banking

Security

Usability

Computer Sciences

Comparing Different Levels of Interactivity in the Visualization of Spatio-Temporal Data

Ebinger, Samara

10 August 2005

The Internet and other advances in technology have dramatically affected cartography in recent decades and yet these new capabilities have not been adequately evaluated for effectiveness. Are dynamic maps more effective than traditional static paper maps in allowing users to visualize spatio-temporal patterns? How important is a higher level of interactivity in visualizing data? Which format is preferred? To examine these questions, human subject tests were conducted to evaluate different levels of interactivity as represented by 1) a static paper map series; 2) an animated map with 'VCR'-type controls; and 3) a toggle map featuring an interactive temporal legend. Results indicate that while the level of interactivity did not affect accuracy of answers to questions regarding spatio-temporal patterns, the total amount of time in which these questions were answered lessened as the level of interactivity increased. Overall, test subjects were more enthusiastic towards the tools featuring greater interactivity.

Interactivity

Geovisualization

Cartographic animation

French Quarter

Usability

Multimedia profiles as external personalities to support people with dementia and their carers

Webster, Gemma

January 2011

Dementia is a growing problem with prevalence rapidly increasing. It is a progressive and eventually severe disease that affects many areas of the person’s life. Often, as a result of this disease, individuals reside in care homes. Care staff can find it difficult to get to know a person with dementia as they have limited time to spend with each person. In addition, communication difficulties can make it difficult to learn important social information and preferences. This lack of knowledge about an individual with dementia can make social interactions very difficult and can often contribute to repetitive social interactions. This research aimed to establish if technology could be used to support care staff within their care environment to get to know people with late-stage dementia. The goal was to develop software that can act as an external communication bridge between carers and people with dementia through the creation of simple but effective ‘Portraits’. This thesis investigates the creation and use of multimedia ‘Portraits’ of individuals with dementia that are immediately and easily accessible to care staff. This thesis describes the development of a software tool called Portrait, designed to help staff in care homes quickly get to know a person with dementia as a person. It is intended to be used by the staff in their care environment to gain an initial understanding of that person’s life prior to entering care and to learn more personal information about their needs and habits. The Portrait system contains important but limited personal and social information about the people with dementia. Five key studies were conducted during this research. The first study evaluated the usability of the Portrait system. The second and third were conducted with care managers and staff in the care home setting to assess usefulness and usability of the Portrait system and to compare it to current methods used in the care home environment. The fourth study conducted case studies with families of people with dementia to investigate the Portrait creation process and the final study investigated the placement of these Portraits in the care environment. The results of this research are promising, with Portrait being very positively received by care managers, care staff and the families of people with dementia. This research highlights the potential benefits of technology in the care environment to assist care staff. A number of key areas for future research have been identified including the possibility of expanding the use of the system and using alternative state of the art devices.

004

Re-designing Greenstone for Seniors

Bennett, Erin Kay

January 2008

The golden generation have a wealth of experience and knowledge from throughout their lifetimes that younger generations wish to retain. In our technology filled world an obvious means of collecting this information is electronically. Digital library col- lections are increasingly used by libraries and large institutions to record their large amounts of information but they can also be used for personal collections. Seniors are often willing and keen to impart their years of experience upon people of the younger generation but time is not always on their side as they grow older. Throughout a lifetime a person could collect large amounts of papers, diaries, pho- tos and media but the time it takes to organise these documents can be long and exhausting and the person's health is not always at its best in old age. Greenstone is a suite of software for creating digital libraries, which are organised collections of documents. Greenstone has the ability to distribute collections either using a server or CD-ROM, and provides advanced searching and organization tools. While Greenstone is a versatile and useful tool in creating digital collections, its in- terface is not designed for senior users. Seniors are commonly perceived to have more physical and mental disadvantages as they get older. These disadvantages can dramatically affect how usable seniors find a piece of software. The aim of this thesis is to investigate how usable the current Greenstone interface is for use by seniors and to re-design the interface so that Greenstone may be more easily used by senior users. This thesis focuses upon what types of documents and descriptive data seniors would like to include in a collection about their life. This is to ascertain exactly what parts of the interface must be improved when it comes to metadata and classifiers. The results of this investigation also helped in the creation of a customised metadata set for senior users use.

Greenstone

Seniors

Usability

Human Computer Interaction