Conservation of Limited Resources: Design Principles for Security and Usability on Mobile Devices

Horcher, Ann-Marie

01 January 2018

Mobile devices have evolved from an accessory to the primary computing device for an increasing portion of the general population. Not only is mobile the primary device, consumers on average have multiple Internet-connected devices. The trend towards mobile has resulted in a shift to “mobile-first” strategies for delivering information and services in business organizations, universities, and government agencies. Though principles for good security design exist, those principles were formulated based upon the traditional workstation configuration instead of the mobile platform. Security design needs to follow the shift to a “mobile-first” emphasis to ensure the usability of the security interface. The mobile platform has constraints on resources that can adversely impact the usability of security. This research sought to identify design principles for usable security for mobile devices that address the constraints of the mobile platform. Security and usability have been seen as mutually exclusive. To accurately identify design principles, the relationship between principles for good security design and usability design must be understood. The constraints for the mobile environment must also be identified, and then evaluated for their impact on the interaction of a consumer with a security interface. To understand how the application of the proposed mobile security design principles is perceived by users, an artifact was built to instantiate the principles. Through a series of guided interactions, the importance of proposed design principles was measured in a simulation, in human-computer interaction, and in user perception. The measures showed a resounding difference between the usability of the same security design delivered on mobile vs. workstation platform. It also reveals that acknowledging the constraints of an environment and compensating for the constraints yields mobile security that is both usable and secure. Finally, the hidden cost of security design choices that distract the user from the surrounding environment were examined from both the security perspective and public safety perspective.

cybersecurity

design principles

location-based security

mobile devices

progressive security

usable security

Computer Sciences

Search Rank Fraud Prevention in Online Systems

Rahman, Md Mizanur

31 October 2018

The survival of products in online services such as Google Play, Yelp, Facebook and Amazon, is contingent on their search rank. This, along with the social impact of such services, has also turned them into a lucrative medium for fraudulently influencing public opinion. Motivated by the need to aggressively promote products, communities that specialize in social network fraud (e.g., fake opinions and reviews, likes, followers, app installs) have emerged, to create a black market for fraudulent search optimization. Fraudulent product developers exploit these communities to hire teams of workers willing and able to commit fraud collectively, emulating realistic, spontaneous activities from unrelated people. We call this behavior “search rank fraud”. In this dissertation, we argue that fraud needs to be proactively discouraged and prevented, instead of only reactively detected and filtered. We introduce two novel approaches to discourage search rank fraud in online systems. First, we detect fraud in real-time, when it is posted, and impose resource consuming penalties on the devices that post activities. We introduce and leverage several novel concepts that include (i) stateless, verifiable computational puzzles that impose minimal performance overhead, but enable the efficient verification of their authenticity, (ii) a real-time, graph based solution to assign fraud scores to user activities, and (iii) mechanisms to dynamically adjust puzzle difficulty levels based on fraud scores and the computational capabilities of devices. In a second approach, we introduce the problem of fraud de-anonymization: reveal the crowdsourcing site accounts of the people who post large amounts of fraud, thus their bank accounts, and provide compelling evidence of fraud to the users of products that they promote. We investigate the ability of our solutions to ensure that fraud does not pay off.

Usable security and social aspects

Anonymity

Machine learning

Web security and privacy

Other Computer Engineering

Pwm: A Secure Webmail System Designed for Easy Adoption

Burgon, Benjamin W.

07 March 2014

None of the three largest webmail service providers (serving over 1 billion users) support end-to-end message encryption. Encrypted email has never seen mass adoption because it is prohibitive for non-experts to use. Private WebMail (Pwm) is our extension to popular webmail systems that lets users easily encrypt sensitive messages without having to first contact the recipient and share information. It is designed to spread quickly in a grassroots fashion so that a user receiving their first encrypted message can quickly and easily start using the system. This thesis describes the design and implementation of Pwm, then measures its usability through analysis and a user study.

secure email

webmail

end-to-end encryption

usable security

Computer Sciences

Browser-Based Manual Encryption

Song, Yuanzheng

08 August 2014

Billions of web-based email and chat messages are sent over the Internet every day. However, very few service providers support end-to-end privacy protection. While providing security for these messages is technically feasible, usability remains a challenge in this field. Recent research attempts to hide security details like key management and encryption in order to make the system more usable. However usability studies demonstrated that hiding these details may confuse the user and contribute to mistakes (e.g., sending out an email in plaintext when the user thought it would be encrypted). In an effort to increase trust and eliminate mistakes, this thesis presents the design of a browser-based manual encryption mechanism that supports automatic key-management and manual encryption. It also describes the Message Protector (MP) prototype. An evaluations of MP is presented based on a user study conducted on the campus of BYU.

Usable security

secure email

manual encryption

end-to-end encryption

Computer Sciences

<b>USER-CENTERED DATA ACCESS CONTROL TECHNIQUES FOR SECURE AND PRIVACY-AWARE MOBILE SYSTEMS</b>

Reham Mohamed Sa Aburas (18857674)

25 June 2024

<p dir="ltr">The pervasive integration of mobile devices in today’s modern world, e.g., smartphones, IoT, and mixed-reality devices, has transformed various domains, enhancing user experiences, yet raising concerns about data security and privacy. Despite the implementation of various measures, such as permissions, to protect user privacy-sensitive data, vulnerabilities persist. These vulnerabilities pose significant threats to user privacy, including the risk of side-channel attacks targeting low-permission sensors. Additionally, the introduction of new permissions, such as the App Tracking Transparency framework in iOS, seeks to enhance user transparency and control over data sharing practices. However, these framework designs are accompanied by ambiguous developer guidelines, rendering them susceptible to deceptive patterns. These patterns can influence user perceptions and decisions, undermining the intended purpose of these permissions. Moreover, the emergence of new mobile technologies, e.g., mixed-reality devices, presents novel challenges in ensuring secure data sharing among multiple users in collaborative environments, while preserving usability.</p><p dir="ltr">In this dissertation, I focus on developing user-centered methods for enhancing the security and privacy of mobile system, navigating through the complexities of unsolicited data access strategies and exploring innovative approaches to secure device authentication and data sharing methodologies.</p><p dir="ltr">To achieve this, first, I introduce my work on the iStelan system, a three-stage side-channel attack. This method exploits the low-permission magnetometer sensor in smartphones to infer user sensitive touch data and application usage patterns. Through an extensive user study, I demonstrate the resilience of iStelan across different scenarios, surpassing the constraints and limitations of prior research efforts.</p><p dir="ltr">Second, I present my analysis and study on the App Tracking Transparency permission in iOS. Specifically, my work focuses on analyzing and detecting the dark patterns employed by app developers in the permission alerts to obtain user consent. I demonstrate my findings on the dark patterns observed in permission alerts on a large-scale of apps collected from Apple’s store, using both static and dynamic analysis methods. Additionally, I discuss the application of a between-subject user study to evaluate users’ perceptions and understanding when exposed to different alert patterns.</p><p dir="ltr">Lastly, I introduce StareToPair, a group pairing system that leverages multi-modal sensing technologies in mixed-reality devices to enable secure data sharing in collaborative settings. StareToPair employs a sophisticated threat model capable of addressing various real-world scenarios, all while ensuring high levels of scalability and usability.</p><p dir="ltr">Through rigorous investigation, theoretical analysis and user studies, my research endeavors enhance the field of security and privacy for mobile systems. The insights gained from these studies offer valuable guidance for future developments in mobile systems, ultimately contributing to the design of user-centered secure and privacy-aware mobile ecosystems.</p>

Data security and protection

System and network security

Mobile computing

Mobile Security & Privacy

Usable Security

Stopping Launch Vehicle Failures Using Telemetry to Measure Equipment Usable Life

Losik, Len

10 1900

ITC/USA 2011 Conference Proceedings / The Forty-Seventh Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2011 / Bally's Las Vegas, Las Vegas, Nevada / Launch vehicle equipment reliability is driven by infant mortality failures, which can be eliminated using a prognostic analysis prior, during and/or after the exhaustive and comprehensive dynamic environmental factory acceptance testing. Measuring and confirming equipment performance is completed to increase equipment reliability by identifying equipment that fails during test for repair/replacement. To move to the 100% reliability domain, equipment dynamic environmental factory testing should be followed by a prognostic analysis to measure equipment usable life and identify the equipment that will fail prematurely. During equipment testing, only equipment performance is measured and equipment performance is unrelated to equipment reliability making testing alone inadequate to produce equipment with 100% reliability. A prognostic analysis converts performance measurements into an invasive usable life measurement by sharing test data used to measure equipment performance. Performance data is converted to usable life data provides a time-to-failure (TTF) in minutes/hours/days/months for equipment that will fail within the first year of use, allowing the production of equipment with 100% reliability.

Predicting Failures

Telemetry Analysis

Prognostic Analysis

Failure Analysis

Prognostic Technology

Calculating Remaining Usable Life

Mission Life

Measuring Reliability

Usability and security of human-interactive security protocols

Kainda, Ronald

January 2011

We investigate the security and usability of Human-Interactive Security Protocols (HISPs); specifically, how digests of 4 or more digits can be compared between two or more sys- tems as conveniently as possible while ensuring that issues such as user complacency do not compromise security. We address the research question: given different association scenarios and modes of authentication in HISPs, how can we improve on existing, or design new, empirical channels that suit human and contextual needs to achieve acceptable effective security? We review the literature of HISPs, proposed empirical channels,and usability studies of HISPs; we follow by presenting the methodology of the research reported in this thesis. We then make a number of contributions discussing the effectiveness of empirical channels and address the design, analysis, and evaluation of these channels. In Chapter 4 we present a user study of pairwise device associations and discuss the factors affecting effective security of empirical channels in single-user scenarios. In Chapter 5 we present a user study of group device associations and discuss the factors affecting effective security of empirical channels in multi-user scenarios. In Chapter 7 we present a framework designed for researchers and system designers to reason about empirical channels in HISPs. The framework is grounded in experimental data, related research, and validated by experts. In Chapter 8 we present a methodology for analysing and evaluating the security and usability of HISPs. We validate the methodology by applying it in laboratory experiments of HISPs. Finally, in Chapter 6 we present a set of principles for designing secure and usable empirical channels. We demonstrate the effectiveness of these principles by proposing new empirical channels.

621.382

Algumas extensões do problema de corte de estoque com sobras de material aproveitáveis / Some extensions of the cutting stock problem with usable leftovers

Nicola, Adriana Cristina Cherri

15 May 2009

Os problemas de corte de estoque consistem em cortar um conjunto de objetos dispon´veis em estoque para produzir um conjunto de itens em quantidades e tamanhos especificados, de modo a otimizar uma fun¸cao objetivo. Tais problemas tem in´umeras aplica¸coes industriais e tem sido bastante estudados na literatura. Tipicamente, problemas de corte tem como principal objetivo a minimiza¸cao das sobras. Entretanto, como a qualidade dos padroes de corte depende diretamente dos tamanhos e quantidades dos itens a serem produzidos, nesta tese, consideramos que se a demanda presente gerar sobras indesej´aveis (nem tao grandes para serem aproveit´aveis, nem tao pequenas para serem perdas aceit´aveis), entao conv´em gerar retalhos (nao comput´aveis como perda) que serao utilizados para produzir itens de demandas futuras. Desta forma, algumas caracter´sticas desej´aveis para uma boa solu¸cao sao definidas e altera¸coes em m´etodos heur´sticos cl´assicos sao apresentadas, de modo que os padroes de corte com sobras indesej´aveis sao alterados. Para os problemas de corte unidimensionais, desenvolvemos procedimentos heur´sticos que consideram o aproveitamento de sobras, mantendo como o principal objetivo a minimiza ¸cao das perdas. Outra abordagem para este problema, considera o caso em que al´em da minimiza¸cao das perdas, os retalhos dispon´veis em estoque devem ter prioridade de uso em rela¸cao aos demais objetos durante o processo de corte. A an´alise do desempenho dos procedimentos heur´sticos propostos quando somente a minimiza¸cao das perdas ´e considerada, ´e realizada com base em exemplos da literatura, exemplos pr´aticos e exemplares gerados aleatoriamente. Para os procedimentos heur´sticos que priorizam o corte dos retalhos do estoque, al´em de exemplares da literatura, simulamos uma situa¸cao em m´ultiplos per´odos na qual problemas de corte de estoque em sucessivos per´odos sao resolvidos. A cada per´odo, um problema para o per´odo seguinte ´e gerado considerando atualiza¸coes do estoque, os retalhos gerados nos per´odos anteriores e uma nova demanda de itens que ´e v gerada aleatoriamente. No caso bidimensional, tamb´em consideramos problemas em que, al´em da perda m´nima, os retalhos dispon´veis em estoque devem ter prioridade de corte em rela¸cao aos demais objetos. Para resolver este problema, altera¸coes foram realizadas na abordagem grafo E/OU e em procedimentos heur´sticos da literatura. A an´alise do desempenho dos procedimentos heur´sticos propostos considera problemas pr´aticos retirados da carteira de pedidos de uma pequena empresa de esquadrias met´alicas. Devido `a dificuldade na an´alise dos procedimentos heur´sticos desenvolvidos que consideram o aproveitamento de sobras (as solu¸coes apresentam caracter´sticas importantes e conflitantes), tamb´em apresentamos neste trabalho uma estrat´egia fuzzy para facilitar a analise das solu¸coes obtidas. Os testes computacionais sao realizados considerando os procedimentos heur´sticos desenvolvidos para os problemas de corte unidimensionais com sobras aproveit´aveis e problemas gerados aleatoriamente / Cutting stock problems consist of cutting a set of available objects in order to produce ordered items in specified amounts and sizes, in such way to optimize an objective function. Such problems have a great number of industrial applications and are widely studied in the literature. Typically, cutting problems have as main objective the minimization of the leftovers. However, since the cutting patterns quality depends directly of the sizes and amounts of the items that will be produced, in this tesis, we consider that if the present demand to generate undesirable waste (not large enough to be used, nor too small to be acceptable waste), then it is better to generate retails (not computed as waste) that will be used to produce items to meet future demands. In this way, some desirable characteristics for a good solution are defined and alterations in classical heuristic methods are presented, such that the cutting patterns with undesirable waste are altered. To the one-dimensional cutting stock problems, we developed heuristic procedures that consider the usable leftovers and preserve as main objective the minimization of the waste. Other approach for this problem considers the case in witch, beside minimal waste, the available retails in stock must be used with priority in relation to the other objects during the cutting process. The performance of the modified heuristics procedures, when only the minimal waste is considered, is observed by solving instances from the literature, practical instances and randomly generated instances. For heuristic procedures that prioritize the cut of retails of the stock, beside the instances from the literature, we simulated a situation in multiple periods in that cutting stock problems in successive periods are solved. In each period, a problem to the next period is generated considering updating of the stock, the retails generated in previous periods and a new demand of items that is randomly generated. For the two-dimensional cutting problems, we also consider problems in that, beside minimization of the waste, the available retails in stock must be used with priority vii in relation to the other objects. To solve this problem, alterations were realized in an AND/OR graph approach and in heuristic procedures of the literature. The performance of the proposed heuristics procedures is observed by solving practical instances provided by a small metallic frameworks industry. Due to difficulty in analyze the heuristic procedures developed for the cutting stock problem with usable leftover (the solutions present important and conflicting characteristics), we also present a fuzzy strategy to facilitate the analysis of the obtained solutions. The computational results are realized considering the developed heuristic procedures to the one-dimensional cutting stock problem with usable leftover and randomly generated instances

Aproveiitamento das sobras de material

Usable leftovers

Problemas de corte com sobras aproveitáveis e eliminação de simetrias / Cutting stock problems with usable leftover and symmetry breaking

Abrantes, Ricardo Luiz de Andrade

20 September 2012

No presente trabalho estudamos duas variações do problema de empacotamento de itens retangulares idênticos, permitindo rotações de 90 graus, em um poliedro. Uma variação consiste em encontrar a maior quantidade de itens retangulares idênticos que podem ser empacotados em um poliedro. A outra consiste em encontrar o poliedro de um determinado tipo com menor área para empacotar uma quantidade fixa de itens retangulares idênticos. Desenvolvemos restrições de eliminação de simetrias para estes problemas, o que tornou a resolução dos mesmos mais eficiente, por métodos do tipo branch-&-bound. Estudamos também o problema de corte no qual há uma determinada demanda (de itens) a ser cortada e um conjunto de objetos disponíveis. Desejamos satisfazer a demanda minimizando o custo dos objetos utilizados e, dentre as diferentes possibilidades de se fazer isso, desejamos aquela que maximize as sobras aproveitáveis. De forma geral, sobras aproveitáveis podem ser entendidas como regiões retangulares de um objeto que possuem altura e largura iguais ou superiores a de um item de referência e representam sobras do processo de corte que podem se tornar objetos e serem reaproveitadas em um novo procedimento de corte. Apresentamos modelos de otimização em dois níveis para duas variações do problema de corte com sobras aproveitáveis a saber: o problema de corte de itens retangulares em dois estágios e o problema de corte de itens retangulares não guilhotinado. Como formas de resolver os modelos propostos, apresentamos reformulações destes modelos de programação em dois níveis em modelos de programação inteira mista. Lidamos também com uma variação do problema de corte com sobras aproveitáveis considerando a minimização da quantidade de sobras. Aplicamos restrições de eliminação de simetrias aos modelos desenvolvidos para o problema de corte de itens retangulares com sobras aproveitáveis, a fim de resolver instâncias maiores, e desenvolvemos uma estratégia de solução alternativa para os modelos. Os modelos desenvolvidos foram implementados computacionalmente e fomos capazes de resolver instâncias pequenas dos problemas em questão. / In this work we study two variations of the packing problem where identical rectangular items must be packed into a polyhedron. One of the variations consists in finding the largest amount of rectangular items that can fit in a polyhedron. The other one consists in finding a minimal area polyhedron of a certain type that packs a set of rectangular identical items. We present some symmetry-breaking constraints that reduce the computational effort in solving those problems through a branch-&-bound method. We also studied the cutting stock problem where there are some items to be cut from a set of rectangular objects and we need to satisfy the demand of items to be cut minimizing the cost of the used objects and, among the different ways of doing this, we want that which maximize the usable leftovers. Loosely speaking,usable leftovers can be understood as rectangular regions in an object that has the width and the height greater than or equal to the ones of a reference item. These leftovers can be seen as leftovers from a cutting process that will become items in a new cutting process. We present bilevel programming models to two variations of this problem with usable leftovers: the two-stage cutting stock problem of rectangular items and the non-guillotine cutting stock problem of rectangular items. In order to solve the proposed models we present also MIP reformulations of these bilevel programming problem models. We also developed some symmetry breaking constraints in order to accelerate the solving process of those models. The developed models were computationally programmed and we were able to solve small instances of the proposed problems

cutting problems

eliminação de simetrias

optimization

otimização

packing problems

problemas de corte de estoque

problemas de empacotamento

sobras aproveitáveis

symmetry breaking constraints

usable leftover

Usable Firewall Rule Sets

Voronkov, Artem

January 2017

Correct functioning is the most important requirement for any system. Nowadays there are a lot of threats to computer systems that undermine confidence in them and, as a result, force a user to abandon their use. Hence, a system cannot be trusted if there is no proper security provided. Firewalls are an essential component of network security and there is an obvious need for their use. The level of security provided by a firewall depends on how well it is configured. Thus, to ensure the proper level of network security, it is necessary to have properly configured firewalls. However, setting up the firewall correctly is a very challenging task. These configuration files might be hard to understand even for system administrators. This is due to the fact that these configuration files have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is being added to the set, and a proper position, where to place it, needs to be found. Misconfiguration might sooner or later be made and that will lead to an inappropriate system's security. This brings us to the usability problem associated with the configuration of firewalls. The overall aim of this thesis is to identify existing firewall usability gaps and to mitigate them. To achieve the first part of the objective, we conducted a series of interviews with system administrators. In the interviews, system administrators were asked about the problems they face when dealing with firewalls. After having ascertained that the usability problems exist, we turned to literature to get an understanding on the state-of-the-art of the field and therefore conducted a systematic literature review. This review presents a classification of available solutions and identifies open challenges in this area. To achieve the second part of the objective, we started working on one identified challenge. A set of usability metrics was proposed and mathematically formalized. A strong correlation between our metrics and how system administrators describe usability was identified. / Network security is an important aspect that must be taken into account. Firewalls are systems that are used to make sure that authorized network traffic is allowed and unauthorized traffic is prohibited. However, setting up a firewall correctly is a challenging task. Their configuration files might be hard to understand even for system administrators. The overall aim of this thesis is to identify firewall usability gaps and to mitigate them. To achieve the first part of the objective, we conduct a series of interviews with system administrators. In the interviews, system administrators are asked about the problems they face when dealing with firewalls. After having ascertained that the usability problems exist, we conduct a systematic literature review to get an understanding on the state of the art of the field. This review classifies available solutions and identifies open challenges. To achieve the second part of the objective, a set of usability metrics is proposed and mathematically formalized. A strong correlation between our metrics and how system administrators describe usability is identified. / HITS, 4707

Network Security

Usable Security

Firewall Configuration

Systematic Literature Review

Usability Metrics

User Studies

Computer Sciences

Datavetenskap (datalogi)