Cori Faklaris gives a lecture on designing for usable security and privacy. They discuss the differences between security and privacy, noting that security focuses on confidentiality, integrity and availability while privacy relates to appropriate use of sensitive data. They also present a three-pronged approach to usable security and privacy that includes making protections invisible where possible, offering better user interfaces, and training users where necessary. Finally, they discuss the importance of threat modeling in security design.
Internet Ethics Issues and Action in the United StatesMichael Zimmer
Presentation for the International Symposium on Internet Ethics" hosted by the Korea Internet & Security (KISA) and Korea Society of Internet Ethics (KSIE)
This is the talk I gave at the CONSEGI 2011 conference in Brasilia, in May 2011, about Digital Citizenship Basic Education: an urgent social need of all contemporary societies, regardless of their industrializations. The talk also includes some proposals to achieve it.
Crowdsourcing & ethics: a few thoughts and refences. Matthew Lease
Extracts and addendums from an earlier talk, for those interested in ethics and related issues in regard to crowdsourcing, particularly research uses. Slides updated Sept. 2, 2013.
Internet Ethics Issues and Action in the United StatesMichael Zimmer
Presentation for the International Symposium on Internet Ethics" hosted by the Korea Internet & Security (KISA) and Korea Society of Internet Ethics (KSIE)
This is the talk I gave at the CONSEGI 2011 conference in Brasilia, in May 2011, about Digital Citizenship Basic Education: an urgent social need of all contemporary societies, regardless of their industrializations. The talk also includes some proposals to achieve it.
Crowdsourcing & ethics: a few thoughts and refences. Matthew Lease
Extracts and addendums from an earlier talk, for those interested in ethics and related issues in regard to crowdsourcing, particularly research uses. Slides updated Sept. 2, 2013.
Chuck brooks profile on cybersecurity, homeland security, and emerging techno...Chuck Brooks
Highlights of Chuck Brooks thought leadership writings, articles, and speeches on topics of cybersecurity, homeland security and emerging technologies.
Digital Curriculum, and the growth of BYOD and 1:1 learning: Is your mobile ...Bloxx
Levi Smith from Bloxx and Bob Walton, ITO at Worcester Public Schools discuss the challenges of finding an effective Web Filter – and why this is so important.
Slides to facilitate a conversation with school leaders & administrators around emerging issues related to Digital Citizenship. Both to raise awareness of the multifaceted nature of the subject and identify action items for schools moving forward.
The material here is taken from Mike Ribble's "Nine Elements of Digital Citizenship".
http://digitalcitizenship.net
Chuck Brooks thought leadership profile (cybersecurity, homeland security ,em...Chuck Brooks
Chuck Brooks; Subject Matter Expert & Thought leader:
• Cybersecurity & Homeland Security
• Emerging Technologies: Smart Cities, Artificial Intelligence, Quantum Computing, Big Data, and Internet of Things
• Government Relations & Marketing
2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...KKess
A new survey conducted by global IT association ISACA reveals how many employees will be shopping online at work this holiday season, and provides tips to help shoppers and IT departments minimize the risks.
In the era of algorithms and AI, codes of ethics should have an added sense of purpose. But do they? The codes of ethics for ACM, IEEE and ASQ are reviewed in light of these concerns. Several case studies are cited which have grabbed headlines over the past two years. An increasingly software / code-driven universe in which AI is insinuated seemingly everywhere is one in which ethics must be present, part of enterprise decision-making, and traceable.
According to the Pew Research Center's Cell Internet Use 2013 survey, 57% of all American adults use their cell phone to access the Internet or use e-mail. The International Data Corporation projects that tablets will outsell PCs overall by 2015. It is very likely that an increasing percentage of the visits to your business or practice website are originating from a mobile device. How can you build a web presence that meets the needs of all of your site visitors without breaking your budget? Learn about the latest trends in web development to answer that question.
Our research focuses on understanding how attitudes and social influences act on end users in the process of cybersecurity behavior adoption (or non-adoption). This talk discusses three expectancy-value models and two stage models that have been applied successfully in social psychology, marketing, and public health. We first introduce our project, then give an overview of these existing models. We then present the progress of our empirical mixed-methods research to craft a model specific to cybersecurity adoption that identifies the relevant (1) attitudes and (2) social influences acting at each step, along with (3) tech characteristics that are associated with sustained adoption. We conclude with remarks on how our work can be of use to cybersecurity teams tasked with boosting awareness and/or adoption.
This presentation was provided by Micah Vandergrift and Hannah Rainey of North Carolina State University, during the NISO event "Privacy in the Age of Surveillance: Everyone's Concern." The virtual conference was held on September 16, 2020.
Chuck brooks profile on cybersecurity, homeland security, and emerging techno...Chuck Brooks
Highlights of Chuck Brooks thought leadership writings, articles, and speeches on topics of cybersecurity, homeland security and emerging technologies.
Digital Curriculum, and the growth of BYOD and 1:1 learning: Is your mobile ...Bloxx
Levi Smith from Bloxx and Bob Walton, ITO at Worcester Public Schools discuss the challenges of finding an effective Web Filter – and why this is so important.
Slides to facilitate a conversation with school leaders & administrators around emerging issues related to Digital Citizenship. Both to raise awareness of the multifaceted nature of the subject and identify action items for schools moving forward.
The material here is taken from Mike Ribble's "Nine Elements of Digital Citizenship".
http://digitalcitizenship.net
Chuck Brooks thought leadership profile (cybersecurity, homeland security ,em...Chuck Brooks
Chuck Brooks; Subject Matter Expert & Thought leader:
• Cybersecurity & Homeland Security
• Emerging Technologies: Smart Cities, Artificial Intelligence, Quantum Computing, Big Data, and Internet of Things
• Government Relations & Marketing
2010 Shopping on the Job: ISACA's Online Holiday Shopping and Workplace Inten...KKess
A new survey conducted by global IT association ISACA reveals how many employees will be shopping online at work this holiday season, and provides tips to help shoppers and IT departments minimize the risks.
In the era of algorithms and AI, codes of ethics should have an added sense of purpose. But do they? The codes of ethics for ACM, IEEE and ASQ are reviewed in light of these concerns. Several case studies are cited which have grabbed headlines over the past two years. An increasingly software / code-driven universe in which AI is insinuated seemingly everywhere is one in which ethics must be present, part of enterprise decision-making, and traceable.
According to the Pew Research Center's Cell Internet Use 2013 survey, 57% of all American adults use their cell phone to access the Internet or use e-mail. The International Data Corporation projects that tablets will outsell PCs overall by 2015. It is very likely that an increasing percentage of the visits to your business or practice website are originating from a mobile device. How can you build a web presence that meets the needs of all of your site visitors without breaking your budget? Learn about the latest trends in web development to answer that question.
Our research focuses on understanding how attitudes and social influences act on end users in the process of cybersecurity behavior adoption (or non-adoption). This talk discusses three expectancy-value models and two stage models that have been applied successfully in social psychology, marketing, and public health. We first introduce our project, then give an overview of these existing models. We then present the progress of our empirical mixed-methods research to craft a model specific to cybersecurity adoption that identifies the relevant (1) attitudes and (2) social influences acting at each step, along with (3) tech characteristics that are associated with sustained adoption. We conclude with remarks on how our work can be of use to cybersecurity teams tasked with boosting awareness and/or adoption.
This presentation was provided by Micah Vandergrift and Hannah Rainey of North Carolina State University, during the NISO event "Privacy in the Age of Surveillance: Everyone's Concern." The virtual conference was held on September 16, 2020.
Presentation to the Three Rivers Information Security Symposium (TRISS 2018) on Oct. 19, 2018, in Monroeville, Pennsylvania. Based on ideas developed at Carnegie Mellon University.
In this talk for Cybersecurity Days at Ohio State University, I first discuss the urgent need for new solutions in the human side of cybersecurity, shown by the doubled increase in social attacks from 2013 to 2018 in the most recent Verizon data breach investigations report. I draw an analogy between health/wellness and cybersecurity, using the example of messaging around flu shots this time of year to point out individual and social factors that experts can leverage for awareness and behavior change. I then discuss our research at Carnegie Mellon to develop the SA-6 psychometric scale to measure security attitude and give examples of how to use it. I finish by outlining our research into cybersecurity in the workplace, in romantic relationships, and in the context of general social influence using consumer tools and apps. See our website at https://socialcybersecurity.org for more information about our research.
notes on a discussion regarding the use of third party applications in academic settings and the hurdles faculty needs to overcome in terms of standards and policies
Webinar: Learning Informatics Lab, University of Minnesota
Replay the talk: https://youtu.be/dcJZeDIMr2I
Learning Informatics
AI • Analytics • Accountability • Agency
Simon Buckingham Shum
Professor of Learning Informatics
Director, Connected Intelligence Centre
University of Technology Sydney
Abstract:
“Health Informatics”. “Urban Informatics”. “Social Informatics”. Informatics offers systemic ways of analyzing and designing the interaction of natural and artificial information processing systems. In the context of education, I will describe some Learning Informatics lenses and practices which we have developed for co-designing analytics and AI with educators and students. We have a particular focus on closing the feedback loop to equip learners with competencies to navigate a complex, uncertain future, such as critical thinking, professional reflection and teamwork. En route, we will touch on how we build educators’ trust in novel tools, our design philosophy of “embracing imperfection” in machine intelligence, and the ways that these infrastructures embody values. Speaking from the perspective of leading an institutional innovation centre in learning analytics, I hope that our experiences spark productive reflection around as the UMN Learning Informatics Lab builds its program.
Biography:
Simon Buckingham Shum is Professor of Learning Informatics at the University of Technology Sydney, where he serves as inaugural director of the Connected Intelligence Centre. CIC is a transdisciplinary innovation centre, using analytics to provide new insights for university teams, with particular expertise in educational data science. Simon’s career-long fascination with software’s ability to make thinking visible has seen him active in communities including Computer-Supported Cooperative Work, Hypertext, Design Rationale, Scholarly Publishing, Semantic Web, Computational Argumentation, Educational Technology and Learning Analytics. The challenge of visualizing contested knowledge has produced several books: Visualizing Argumentation, Knowledge Cartography, and Constructing Knowledge Art. He has been active over the last decade in shaping the field of Learning Analytics, co-founding the Society for Learning Analytics Research, and catalyzing several strands: Social Learning Analytics, Discourse Analytics, Dispositional Analytics and Writing Analytics. http://Simon.BuckinghamShum.net
Conference Presenation Cyber security and big data , Prof. Lili SaghafiProfessor Lili Saghafi
Cyber security and big data talks about the effect of all the data that every create in the globe and how it affects our lives, I will talk about , Big Data from Social Networking and its effect on Digital Marketing, INFORMATION Assurance, Cyber Crime Definition and Examples, Recent Research Results on Cyber crime and Social Media, Cyber War and finally if there is a solution, what is that Solutions?
B9_21_子供のプライバシー対策に必要なもの Speakers' slide deck for Privacy By Design Conference...Keiko Tanaka
Speakers' slide deck for Privacy By Design Conference 2023, session on Protecting Privacy of Children Through Data Governance.
Privacy by Design Conference 2023とは
プライバシーに関わる、文化、法律、テクノロジー、ビジネス、オペレーションなどのさまざまな立場の方が、多様な視点で対話を行うためのカンファレンスです。
15:20 ~ 16:20 「子供のプライバシー対策に必要なもの」
MyData Global Board Member 2020 & 2021 Dixon Siu
京都情報大学院大学 助教 田中恵子
EDDS創始者、ロンドン・スクール・オブ・エコノミクス客員研究員 ヴェリスラーバ・ヒルマン 氏
一般社団法人Privacy by Design Lab 代表理事 栗原宏平
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-decke-SIDES.eu
This is the slide-deck of the workshop held on April 2, 2019 in Brussels, titled "Towards Value-Centric Big Data". It includes the presentations given by the speakers.
Data fluency in today’s connected world has become a leverage point, inaccessible to many, leaving them unable to assess critical factors to act in their own or their communities’ interests. Data is a language that many people don’t speak, thus being conversant is becoming a societal “gap.” Data seed narratives. Powerful narratives can drive actions or they can distract and misinform. At a time with less institutional protection and fewer objective referees, those of us fluent in data need to help our communities understand data-driven systems and learn to speak the language.
PERSONAL INFORMATION PRIVACY SETTINGS OF ONLINE SOCIAL NETWORKS AND THEIR S...ijsptm
Protecting personal information privacy has become a controversial issue among online social network
providers and users. Most social network providers have developed several techniques to decrease threats
and risks to the users’ privacy. These risks include the misuse of personal information which may lead to
illegal acts such as identity theft. This study aims to measure the awareness of users on protecting their
personal information privacy, as well as the suitability of the privacy systems which they use to modify
privacy settings. Survey results show high percentage of the use of smart phones for web services but the
current privacy settings for online social networks need to be improved to support different type of mobile
phones screens. Because most users use their mobilephones for Internet services, privacy settings that are
compatible with mobile phones need to be developed. The method of selecting privacy settings should also
be simplified to provide users with a clear picture of the data that will be shared with others. Results of this
study can be used to develop a new privacy system which will help users control their personal information
easily from different devices, including mobile Internet devices and computers.
Working with data is a challenge for many organizations. Nonprofits in particular may need to collect and analyze sensitive, incomplete, and/or biased historical data about people. In this talk, Dr. Cori Faklaris of UNC Charlotte provides an overview of current AI capabilities and weaknesses to consider when integrating current AI technologies into the data workflow. The talk is organized around three takeaways: (1) For better or sometimes worse, AI provides you with “infinite interns.” (2) Give people permission & guardrails to learn what works with these “interns” and what doesn’t. (3) Create a roadmap for adding in more AI to assist nonprofit work, along with strategies for bias mitigation.
In this talk, Dr. Cori Faklaris gives an overview of important concepts in Human Factors engineering. She describes cognitive and social factors, interface factors, and task and environment factors that impact human performance. Importantly, she stresses that failures should be seen as normal and expected, and designers should endeavor to minimize them or prevent them. The two types of human failures - errors (inadvertent) and non-compliance (deliberate) - can be addressed through better interfaces and, sometimes, training. When human failures occur, the root cause usually can be traced to human decisions. This talk was given as a tutorial to the Center for Advanced Power Engineering Fall 2023 meeting, at Clemson University, SC, USA.
For this plenary talk at the Charlotte AI Institute for Smarter Learning, Dr. Cori Faklaris introduces her fellow college educators to the exciting world of generative AI tools. She gives a high-level overview of the generative AI landscape and how these tools use machine learning algorithms to generate creative content such as music, art, and text. She then shares some examples of generative AI tools and demonstrate how she has used some of these tools to enhance teaching and learning in the classroom and to boost her productivity in other areas of academic life.
Talk for the Cylab Partners Conference on Sept. 23, 2020. (1) Unintentional insider threat (UIT) can arise because security tools or infrastructure does not account for social needs.
(2) Social influences can be used to motivate security behaviors.
We present SA-6, a six-item psychometric scale for assessing people’s security attitudes that we developed by following best practices. We identify six scale items based on theoretical and empirical research with sufficient response variance, reliability, and validity in a combined sample (N = 478) from Amazon Mechanical Turk and a university-based study pool. We validate the resulting measure with a U.S. Census-tailored Qualtrics panel (N = 209). SA-6 significantly associates with self-report measures of behavior intention and recent secure behaviors. Our work contributes a lightweight method for (1) quantifying and comparing people’s attitudes toward using recommended security tools and practices, and (2) improving predictive modeling of who will adopt security behaviors. Presentation to the Usenix Symposium on Usable Privacy and Security (SOUPS 2019), Aug. 12, 2019, Santa Clara, CA, USA.
Presentation at the 2018 USENIX Symposium on Usable Privacy and Security (SOUPS 2018) in Baltimore, Md., USA. (https://www.usenix.org/conference/soups2018/presentation/park) Security design choices often fail to take into account users' social context. Our work is among the first to examine security behavior in romantic relationships. We surveyed 195 people on Amazon Mechanical Turk about their relationship status and account sharing behavior for a cross-section of popular websites and apps (e.g., Netflix, Amazon Prime). We examine differences in account sharing behavior at different stages in a relationship and for people in different age groups and income levels. We also present a taxonomy of sharing motivations and behaviors based on the iterative coding of open-ended responses. Based on this taxonomy, we present design recommendations to support end users in three relationship stages: when they start sharing access with romantic partners; when they are maintaining that sharing; and when they decide to stop. Our findings contribute to the field of usable privacy and security by enhancing our understanding of security and privacy behaviors and needs in intimate social relationships.
Presented July 15, 2018 to the 2018 Organizational Science and Cybersecurity Workshop, George Mason University, Fairfax, VA, USA. In this talk, I present the Transtheoretical Model (TTM) of Behavior Change for use in an organizational context as part of a larger reframing of end-user cybersecurity as a problem of organization health and wellness. I explain a visual diagram of six TTM Stages of Change and associated intervention strategies, as adapted from medical and wellness literature, and relate these to examples of security interventions currently in use, such as password strength indicators and Facebook Trusted Contacts. I conclude with my view that this framing can help researchers and practitioners approach “wicked problems” of organizational security that are not “tame” or one-and-done engineering problems but socio-cultural conditions that call for sustained, empowered action.
Slides for a presentation on what works in social media for academics, given Oct. 24, 2017 to the CHIMPS Lab at Carnegie Mellon University's Human Computer Interaction Institute in the School of Computer Science.
You have reached that point in your life where a change is needed. Perhaps you have been contemplating an upgrade to your skill set, a new degree or certificate, additional credentials or even a completely new career.
This special session at InWIC is designed to offer insights, practical tips and encouragement to anyone who is thinking about – or in the process of – pursing additional education. The co-presenters will offer their personal experiences in navigating the financial, logistical and emotional/psychological issues involved in being an adult/returning student and will provide a number of useful resources for addressing these issues. The session will include time for participants to share their own experiences and to form a network for support in the future.
Success is within your grasp, but in order to have smooth sailing, enjoy the view on the way down and not crash to the ground, you need a parachute – a plan for how you will address the risks, meet the challenges and maximize the opportunities and experiences that higher education presents. This InWIC session is intended to help you begin to prepare your plan.
Presentation prepared by Cori Faklaris of the Viégas et al. 2006 paper on the "Themail" email visualization tool for H565 Collaborative and Social Computing, Fall 2015, in the Department of Human-Centered Computing at IUPUI's School of Informatics and Computing.
Presentation for a UX design and development project authored by myself, Melissa Dryer and Joe Dara for H541 Interaction Design Practice, Fall 2015, in the graduate program in Human-Computer Interaction at Indiana University-Purdue University Indianapolis.
Presentation by Cori Faklaris and Sara Anne Hook on Sept. 18, 2015. An overview of case law, articles and key findings as to how electronic discovery in U.S. legal system is affected by the rise of Snapchat, WhatsApp and other mobile messaging apps in the face of the pending update to the Federal Rules of Civil Procedure. This presentation was originally prepared for the ATINER 2015 International Conference on Law in Athens, Greece. These revised slides were used during a Brown Bag talk to the Department of Human-Centered Computing, School of Informatics and Computing, Indiana University-Purdue University Indianapolis.
It's exciting to enter graduate school and return to college life again. But my first concern upon getting my acceptance letter was: Great, now how will I pay for it? As an adult returning student, I have more options than I did as a teenager for paying for college -- even though I'm leaving my full-time job. I detail five methods I'm focusing on to make my finances work.
Cori Faklaris, known as @heycori on Twitter and on Facebook, LinkedIn, Pinterest, Instagram and other social media platforms, offers her lessons from years curating a her online brand as a news personality and in managing social media accounts for the IndyStar.com news website.
More from University of North Carolina at Charlotte (15)
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
2. About
me
@heycori
● 3rd
-year PhD researcher at Carnegie Mellon
Univ. Human-Computer Interaction Institute,
advised by Laura Dabbish and Jason I. Hong
○ M.S., Human-Computer Interaction, Indiana University
School of Informatics and Computing
● Industry career in news + design, mainly at
Indianapolis Star / IndyStar.com / Gannett
○ Engagement Producer, News Designer, Systems
Analyst, Software Trainer, Copy Editor, Reporter,
“Doer of Things No One Else Wants to Do” (IT, UX)
● Social Media Editor and Consultant
Cori Faklaris - Carnegie Mellon University - Page 2
3. My research at Carnegie Mellon HCII
3Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 3
4. Agenda for this lecture
4
● Why care about designing for usable security + privacy
● Differences between security and privacy
○ Pessimistic vs. optimistic orientation to security
○ Data privacy vs. personal privacy
● Three-pronged approach to usable security + privacy
○ Make it invisible (where possible)
○ Offer better user interfaces (affordances, mappings, mental models, etc)
○ Train users (where necessary)
● Research that makes use of this approach
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 4
��
Slides largely based on materials from Prof. Jason I. Hong - many thanks to him!
5. Agenda for this lecture
5
● Why care about designing for usable security + privacy
● Differences between security and privacy
○ Pessimistic vs. optimistic orientation to security
○ Data privacy vs. personal privacy
● Three-pronged approach to usable security + privacy
○ Make it invisible (where possible)
○ Offer better user interfaces (affordances, mappings, mental models, etc)
○ Train users (where necessary)
● Research that makes use of this approach
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 5
��
Slides largely based on materials from Prof. Jason I. Hong - many thanks to him!
6. ‘Unusable’ security + privacy is all around us ...
6Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 6
What are some examples
that you can think of?
7. ‘Unusable’ security + privacy is all around us ...
7Cori Faklaris - Designing for Usable Privacy and Security, April 15, 2020 - Carnegie Mellon University - Page 7
Taylor Lorenz. 2020.
“Zoombombing”: When
Video Conferences Go
Wrong. The New York
Times. Retrieved April
13, 2020 from
https://www.nytimes.co
m/2020/03/20/style/zoo
mbombing-zoom-trolling.
html
8. ‘Unusable’ security + privacy is all around us ...
8Cori Faklaris - Designing for Usable Privacy and Security, April 15, 2020 - Carnegie Mellon University - Page 8
Also see
https://www.bogleheads.
org/forum/viewtopic.php
?t=278973
9. ‘Unusable’ security + privacy is all around us ...
9Cori Faklaris - Designing for Usable Privacy and Security, April 15, 2020 - Carnegie Mellon University - Page 9
https://www.extremetech.com/extreme/262
166-hawaiis-missile-scare-driven-terrible-ui
-fcc-launches-investigation
10. ‘Unusable’ security + privacy is all around us ...
10Cori Faklaris - Designing for Usable Privacy and Security, April 15, 2020 - Carnegie Mellon University - Page 10
https://www.extremetech.com/extreme/262
166-hawaiis-missile-scare-driven-terrible-ui
-fcc-launches-investigation
11. Norman’s Gulfs of Evaluation + Execution
11
● “Mismatch between our internal
goals on the one side, and, on
the other side, the expectations
and the availability of information
specifying the state of the world
(or an artifact) and how we may
change it.”
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 11
https://www.interaction-design.org/literature/book/the-glossary
-of-human-computer-interaction/gulf-of-evaluation-and-gulf-of-
execution
https://medium.com/@gazdgabr/the-gulf-of-execution-and-eva
luation-890fca716bb7
12. ‘You are not the user’ - experts vs. nonexperts
12Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 12
Iulia Ion, Rob Reeder, and
Sunny Consolvo. 2015. “...
No one Can Hack My
Mind”: Comparing Expert
and Non-Expert Security
Practices. In Symposium
on Usable Privacy and
Security (SOUPS) 2015,
1–20. Retrieved from
https://www.usenix.org/site
s/default/files/soups15_full
_proceedings.pdf#page=34
9
What do you do to keep your
data and accounts safe?
13. Security actions differ for experts vs. nonexperts
13Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 13
Iulia Ion, Rob Reeder, and
Sunny Consolvo. 2015. “...
No one Can Hack My
Mind”: Comparing Expert
and Non-Expert Security
Practices. In Symposium
on Usable Privacy and
Security (SOUPS) 2015,
1–20. Retrieved from
https://www.usenix.org/site
s/default/files/soups15_full
_proceedings.pdf#page=34
9
14. Designers must address laws + regulations
14Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 14
15. IoT security + privacy tensions are multiplying
15Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 15
16. Consumers growing more wary about privacy
16
2015 Pew Research survey found:
● 60% of people chose not to
install an app when they
discovered how much personal
info it required
● 43% uninstalled app after
download, for the same reason
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 16
2015. Apps Permissions in the Google Play Store. Pew Research Center:
Internet, Science & Tech. Retrieved April 14, 2020 from
https://www.pewresearch.org/internet/2015/11/10/apps-permissions-in-the
-google-play-store/
17. ‘Social’ cyberattacks rising with mobile usage
17
● Verizon data: from 2013 to 2018, the
number of cybersecurity breaches in
which attackers used “social” methods
increased from 17% to 35%.
● The involvement of human assets in
these breaches rose from 19% to 39%
over the same time period.
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 17
Results and Analysis, 2019 Verizon Data Breach Investigations Report, available at
https://enterprise.verizon.com/resources/reports/dbir/2019/results-and-analysis/
18. Agenda for this lecture
18
● Why care about designing for usable security + privacy
● Differences between security and privacy
○ Pessimistic vs. optimistic orientation to security
○ Data privacy vs. personal privacy
● Three-pronged approach to usable security + privacy
○ Make it invisible (where possible)
○ Offer better user interfaces (affordances, mappings, mental models, etc)
○ Train users (where necessary)
● Research that makes use of this approach
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 18
��
19. Security vs. Privacy - Different but intertwined
19Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 19
What do you think is the
difference between them?
20. Security vs. Privacy - Different but intertwined
20
● Security
○ “CIA” model:
confidentiality,
integrity,
availability -
originally, for
guarding information
○ New desired
properties emerging
(ex. safety)
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 20
https://cryptiot.de/iot/security/security-solution-iot-com-protocol/
21. Security vs. Privacy - Different but intertwined
21
● Security
○ Nowadays, many
people talk about
security more as a
process or in a
certain use context
(workgroups vs.
publics), that it’s not
a binary state
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 21
https://cryptiot.de/iot/security/security-solution-iot-com-protocol/
Still might
not be
secure?
22. Security vs. Privacy - Different but intertwined
22
● Security
○ Nowadays, many
people talk about
security more as a
process or in a
certain context
(workgroups vs.
publics), that it’s not
a binary state
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 22
https://cryptiot.de/iot/security/security-solution-iot-com-protocol/
Still might
not be
secure?
Users’ Security Attitudes
+ Recalled Security Actions
● Cori Faklaris, Laura Dabbish and Jason I.
Hong. 2019. A Self-Report Measure of
End-User Security Attitudes (SA-6). In
Proceedings of the Fifteenth Symposium
on Usable Privacy and Security (SOUPS
2019). USENIX Association, Berkeley, CA,
USA. Available at:
https://www.usenix.org/system/files/soups
2019-faklaris.pdf
Users’ Security
Behavior Intentions
● Serge Egelman and Eyal Peer. 2015.
Scaling the Security Wall: Developing a
Security Behavior Intentions Scale
(SeBIS). In Proceedings of the 33rd
Annual ACM Conference on Human
Factors in Computing Systems (CHI ’15).
Association for Computing Machinery,
New York, NY, USA, 2873–2882. DOI:
https://doi.org/10.1145/2702123.2702249
23. Security vs. Privacy - Different but intertwined
23
● Privacy
○ Security necessary but not sufficient for privacy
○ Generally, appropriate use of sensitive data (&
same data could also be used inappropriately,
which makes this tricky!)
■ Personal privacy: Perception, how users feel,
manage their data and devices
■ Data privacy: How orgs handle personal data
○ Subjectively defined, difficult to measure
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 23
https://support.apple.com/
en-us/HT208650
24. Security vs. Privacy - Different but intertwined
24
● Privacy
○ Security necessary but not sufficient for privacy
○ Generally, appropriate use of sensitive data (&
same data could also be used inappropriately,
which makes this tricky!)
■ Personal privacy: Perception, how users feel,
manage
■ Data privacy: How orgs handle personal data
○ Subjectively defined, difficult to measure
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 24
https://support.apple.com/
en-us/HT208650
Very Short Primer for Conceptualizing Tech + Privacy
● Brandeis’ “right to be left alone” from time of photography’s introduction, established US
privacy standard (https://en.wikipedia.org/wiki/The_Right_to_Privacy_(article) )
● Altman’s Privacy Regulation Theory articulates five dimensions, such as desired vs. actual
privacy, bi-directional nature (https://en.wikipedia.org/wiki/Privacy_regulation_theory )
● Altman’s work is adapted for HCI in Leysia Palen and Paul Dourish. 2003. Unpacking
“privacy” for a networked world. In Proceedings of the SIGCHI Conference on Human
Factors in Computing Systems (CHI ’03), 129–136. https://doi.org/10.1145/642611.642635
25. Threat modeling is important in security design
25
● What are you trying to protect?
● How important is it to you?
● How much are you willing to spend
to protect it?
● Who are you concerned about?
○ Honest but curious, prankers,
ex-partners, ex-coworkers, script
kiddies, cybercriminals, insider
attack, nation state
● How will they attack you?
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 25
https://www.microsoft.com/en-us/securityengineering/
sdl/threatmodeling
26. Threat modeling is important in security design
26
● What are you trying to protect?
● How important is it to you?
● How much are you willing to spend
to protect it?
● Who are you concerned about?
○ Honest but curious, prankers,
ex-partners, ex-coworkers, script
kiddies, cybercriminals, insider
attack, nation state
● How will they attack you?
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 26
https://www.microsoft.com/en-us/securityengineering/
sdl/threatmodeling
27. Threat modeling is important in security design
27
● What are you trying to protect?
● How important is it to you?
● How much are you willing to spend
to protect it?
● Who are you concerned about?
○ Honest but curious, prankers,
ex-partners, ex-coworkers, script
kiddies, cybercriminals, insider
attack, nation state
● How will they attack you?
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 27
https://www.microsoft.com/en-us/securityengineering/
sdl/threatmodeling
28. Security practices - Experts vs. nonexperts
28Cori Faklaris - Designing for Usable Privacy and Security, April 15, 2020 - Carnegie Mellon University - Page 28
29. Threat model will help determine your approach
29
● Prevent problems from
happening
○ Ex. Access control, firewalls,
IP blocking, blacklists
○ Ex. Better programming tools,
better OS
○ Ex. Require strong passwords
or 2FA, user training
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 29
● Detect + respond to problems
after the fact
○ Ex. Intrusion detection
systems (machine learning)
○ Ex. Takedown of malicious
posts, call the FBI
○ Ex. Notifying users of logins
on new devices
PESSIMISTIC OPTIMISTIC
30. Tradeoff - ‘wall out’ harm vs. ‘open door’ policy
30
● Choose prevention when
possible if needs high enough
○ Ex. CMU payroll system
● Can be hard to figure out all cases
beforehand
● (-) Cost can be high to make
sure you got it right
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 30
● Choose when access is
paramount & you trust people
○ Ex. Hospitals need access to
supplies, assume wise usage
● Cost to fix problems is cheap
○ Ex. Wikipedia revert
○ (-) User frustration/trauma
● Configuration costs can be lower
PESSIMISTIC OPTIMISTIC
31. Security practices - Experts vs. nonexperts
31Cori Faklaris - Designing for Usable Privacy and Security, April 15, 2020 - Carnegie Mellon University - Page 31
32. Data privacy is different than personal privacy
32
● Primarily about how orgs
collect, use, and protect
sensitive data, beyond a
single product or service
● Focuses on Personally
Identifiable Information (PII)
○ Ex. Name, address,
unique IDs, pictures
● Rules about data use,
privacy notices
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 32
https://www.trulioo.com/blog/managing-personally-identifiable-information/
33. Data privacy is different than personal privacy
33
● Even more procedurally
oriented than personal
privacy
○ Did you follow this
set of rules?
○ Did you check off all
of the boxes?
● Contrast to outcome-
oriented, hard to measure
too (Better? Worse?)
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 33
https://www.trulioo.com/blog/managing-personally-identifiable-information/
34. Fair Information Practices (FIPs) - FTC version
34
1. Notice /
Awareness
2. Choice / Consent
3. Access /
Participation
4. Integrity / Security
5. Enforcement /
Redress
https://en.wikipedia.org/wiki/FTC_fair_
information_practice#cite_note-FIPNot
ice-10
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 34
35. Fair Information Practices (FIPs), continued
35
● Many laws embody the Fair
Information Practices
○ GDPR, CCPA, HIPAA, Financial
Privacy Act, COPPA, FERPA
● But, enforcement is a weakness
here
○ If an org violates, can be hard to
detect
○ In practice, limited resources for
enforcement
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 35
36. IoT security + privacy tensions multiplying …
36Cori Faklaris - Designing for Usable Privacy and Security, April 15, 2020 - Carnegie Mellon University - Page 36
Keyword Team. 2020. Apple and
Google partner on COVID-19
contact tracing technology. Google.
Retrieved April 14, 2020 from
https://blog.google/inside-google/co
mpany-announcements/apple-and-
google-partner-covid-19-contact-tra
cing-technology/
38. Agenda for this lecture
38
● Why care about designing for usable security + privacy
● Differences between security and privacy
○ Pessimistic vs. optimistic orientation to security
○ Data privacy vs. personal privacy
● Three-pronged approach to usable security + privacy
○ Make it invisible (where possible)
○ Offer better user interfaces (affordances, mappings, mental models, etc)
○ Train users (where necessary)
● Research that makes use of this approach
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 38
��
39. 3-prong approach to usable security + privacy
39Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 39
1. Make it invisible (where
possible)
2. Offer better user
interfaces (affordances,
mappings, mental models,
etc)
3. Train users (where
necessary)
https://www.yo
utube.com/wat
ch?v=p03TIGq
Ec8o
40. 3-prong approach to usable security + privacy
40Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 40
1. Make it invisible (where
possible)
2. Offer better user
interfaces (affordances,
mappings, mental models,
etc)
3. Train users (where
necessary)
My
Work
41. Good ‘invisible’ security means user is weak pt
41Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 41
42. Security focus shifts to UX solutions and training
42Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 42
43. User education is a challenge (pessimistic view)
43
● Users are not motivated to learn about security
● Security is a secondary task
● Difficult to teach people to make right online trust decision without increasing
false positives
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 43
“User education is a complete waste of time. It is about as
much use as nailing jelly to a wall…. They are not
interested…they just want to do their job.”
Martin Overton, IBM security specialist
http://news.cnet.com/21007350_361252132.html
44. User education is a challenge in this work
44
● Users are not motivated to learn about security
● Security is a secondary task
● Difficult to teach people to make right online trust decision without increasing
false positives
● “User education is a complete waste of time. It is about as much use as
nailing jelly to a wall…. They are not interested…they just want to do
their job.” - Martin Overton, IBM security specialist
http://news.cnet.com/21007350_361252132.html
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 44
45. Actually, users ARE trainable (optimistic view)
45
● Users want to keep themselves - and those they care
about - safe
● Users can learn to protect themselves from phishing…
if you can get them to pay attention to training
○ Create “teachable moments”
○ Make training fun
○ Use learning science principles
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 45
Ponnurangam Kumaraguru, Steve Sheng, Alessandro Acquisti, Lorrie Faith Cranor, and Jason Hong. 2010. Teaching Johnny not to fall
for phish. ACM Trans. Internet Technol. 10, 2, Article 7 (June 2010), 31 pages. DOI: https://doi.org/10.1145/1754393.1754396
46. Nova
Cybersecurity
Lab and Game
46Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 46
https://www.pbs.org/wgbh/nova/labs/l
ab/cyber/
Great example of creating
“teachable moments” and
also injecting light-hearted
humor and design with the
simple game mechanics and
lessons.
47. Apps vs.
Hackers
(Ongoing
research)
47Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 47
https://apps-vs-hacker
s.firebaseapp.com/cla
ssic
Adapting “Plants
vs. Zombies”
game to a
cybersecurity
context
48. Hacked
Time
(Ongoing
research)
48Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 48
http://www.tianyingch
en.com/hackedtime/
Choose Your
Own Adventure,
based in Self
Efficacy Theory,
narrative
immersion
49. These make use of principles to boost learning
49
● Learning by doing – like our labs, get hands on practice
● Immediate feedback – better quickly than later
● Conceptual-procedural – Interleave abstract principles with concrete
examples (like we’re doing right now!) Help people understand the principle,
and offer examples to help people understand specifics, then back to
principle to generalize
● Reflection – thinking about why you did something helps with retention
(which is why we have this for homeworks)
● Multimedia – images, text, sound
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 49
50. User studies help evaluate learning outcomes
50
● Evaluation of PhishGuru system - is embedded training effective?
○ Study 1: Lab study, 30 participants
○ Study 2: Lab study, 42 participants
○ Study 3: Field trial at company, ~300 participants
○ Study 4: Field trial at CMU, ~500 participants
● Studies showed statistically significant decrease in falling for phish, increased
ability to retain what they learned
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 50
Ponnurangam Kumaraguru, Yong Rhee, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, and Elizabeth Nunge. 2007. Protecting
people from phishing: the design and evaluation of an embedded training email system. In Proceedings of the SIGCHI Conference on
Human Factors in Computing Systems (CHI ’07). Association for Computing Machinery, New York, NY, USA, 905–914.
DOI:https://doi.org/10.1145/1240624.1240760
51. Good interfaces for security + privacy are hard!
51
● Lots of security terminology
○ Ex. You have digital keys to “encrypt” things
○ Ex. You can also use digital keys to sign things
● Lots of complexity
○ Ex. Might have multiple sharing policies
○ Ex. Some tasks might need to be harder to prevent attacks (account
creation)
● Security is a secondary task
○ Ex. You don’t go to Dropbox to do security
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 51
53. 53
Sauvik Das, Gierad Laput, Chris Harrison, and Jason
I. Hong. 2017. Thumprint: Socially-Inclusive Local
Group Authentication Through Shared Secret Knocks.
In Proceedings of the 2017 CHI Conference on
Human Factors in Computing Systems (CHI ’17).
Association for Computing Machinery, New York, NY,
USA, 3764–3774. DOI:
https://doi.org/10.1145/3025453.3025991
54. Communication-Human
Information Processing Model
54
● See the warning?
● Understand?
● Believe it?
● Motivated?
● Can and will act?
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 54
Serge Egelman, Lorrie Faith Cranor, and Jason Hong. 2008. You’ve been warned: an
empirical study of the effectiveness of web browser phishing warnings. In
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems,
1065–1074. https://doi.org/10.1145/1357054.1357219
Make a
recommendation,
but leave it to
the user to act
55. Agenda for this lecture
55
● Why care about designing for usable security + privacy
● Differences between security and privacy
○ Pessimistic vs. optimistic orientation to security
○ Data privacy vs. personal privacy
● Three-pronged approach to usable security + privacy
○ Make it invisible (where possible)
○ Offer better user interfaces (affordances, mappings, mental models, etc)
○ Train users (where necessary)
● Research that makes use of this approach
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 55
��
56. Communication-Human
Information Processing Model
56
● See the warning?
● Understand?
● Believe it?
● Motivated?
● Can and will act?
Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 56
Serge Egelman, Lorrie Faith Cranor, and Jason Hong. 2008. You’ve been warned: an
empirical study of the effectiveness of web browser phishing warnings. In
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems,
1065–1074. https://doi.org/10.1145/1357054.1357219
57. SA-6 Measures a User’s Security Attitude
57Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 57
Cori Faklaris, Laura Dabbish and Jason I. Hong. 2019. A Self-Report Measure of End-User Security Attitudes (SA-6). In Proceedings of the Fifteenth Symposium
on Usable Privacy and Security (SOUPS 2019). USENIX Association, Berkeley, CA, USA. Available at: https://www.usenix.org/system/files/soups2019-faklaris.pdf
On a scale of 1=Strongly Disagree to 5=Strongly Agree, rate your level of agreement with the following:
● Generally, I diligently follow a routine about security practices.
● I always pay attention to experts’ advice about the steps I need to take to keep my online data
and accounts safe.
● I am extremely knowledgeable about all the steps needed to keep my online data and accounts
safe.
● I am extremely motivated to take all the steps needed to keep my online data and accounts
safe.
● I often am interested in articles about security threats.
● I seek out opportunities to learn about security measures that are relevant to me.
58. SA-6 Measures a User’s Security Attitude
58Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 51
Cori Faklaris, Laura Dabbish and Jason I. Hong. 2019. A Self-Report Measure of End-User Security Attitudes (SA-6). In Proceedings of the Fifteenth Symposium
on Usable Privacy and Security (SOUPS 2019). USENIX Association, Berkeley, CA, USA. Available at: https://www.usenix.org/system/files/soups2019-faklaris.pdf
On a scale of 1=Strongly Disagree to 5=Strongly Agree, rate your level of agreement with the following:
● Generally, I diligently follow a routine about security practices.
● I always pay attention to experts’ advice about the steps I need to take to keep my online data
and accounts safe.
● I am extremely knowledgeable about all the steps needed to keep my online data and accounts
safe.
● I am extremely motivated to take all the steps needed to keep my online data and accounts
safe.
● I often am interested in articles about security threats.
● I seek out opportunities to learn about security measures that are relevant to me.
TAKE THE QUIZ AT
http://bit.ly/sa6quiz
59. SA-6 Measures a User’s Security Attitude
59Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 51
Cori Faklaris, Laura Dabbish and Jason I. Hong. 2019. A Self-Report Measure of End-User Security Attitudes (SA-6). In Proceedings of the Fifteenth Symposium
on Usable Privacy and Security (SOUPS 2019). USENIX Association, Berkeley, CA, USA. Available at: https://www.usenix.org/system/files/soups2019-faklaris.pdf
On a scale of 1=Strongly Disagree to 5=Strongly Agree, rate your level of agreement with the following:
● Generally, I diligently follow a routine about security practices.
● I always pay attention to experts’ advice about the steps I need to take to keep my online data
and accounts safe.
● I am extremely knowledgeable about all the steps needed to keep my online data and accounts
safe.
● I am extremely motivated to take all the steps needed to keep my online data and accounts
safe.
● I often am interested in articles about security threats.
● I seek out opportunities to learn about security measures that are relevant to me.
SEE RESPONSES AT
http://bit.ly/sa6charts
60. How to Use the SA-6 Psychometric Scale
60Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 51
Cori Faklaris, Laura Dabbish and Jason I. Hong. 2019. A Self-Report Measure of End-User Security Attitudes (SA-6). In Proceedings of the Fifteenth Symposium
on Usable Privacy and Security (SOUPS 2019). USENIX Association, Berkeley, CA, USA. Available at: https://www.usenix.org/system/files/soups2019-faklaris.pdf
Answer practical research questions such as:
● How attentive to security advice is a certain user group likely to be?
● Does a new awareness campaign or usability tool help or hurt a user’s
attitude toward security compliance?
Conduct theory-motivated research on human factors:
● Measure attitude in Elaboration Likelihood Model
● Measure motivation in Self-Determination Theory
● Measure coping appraisal in Protection Motivation Theory
61. Social Contexts of Security Behavior
61Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 51
Yunpeng Song, Cori Faklaris, Zhongmin Cai, Jason I. Hong, and Laura Dabbish. 2019. Normal and Easy: Account Sharing
Practices in the Workplace. In Proceedings of the ACM: Human-Computer Interaction, Vol. 3, Issue CSCW, November 2019.
ACM, New York, NY, USA. Available at: https://drive.google.com/file/d/17xb07vuKjPrgoKNzBSGouTgqNNEeACF0/view
Workplace cybersecurity: Sharing accounts and
devices to collaborate on tasks and to keep costs down.
● Workarounds are norm (ex: password taped to PC)
● Difficult to share and to control access with systems
that presume one user at a time
● Lack of accountability and awareness of one
person’s activities by others
62. Social Contexts of Security Behavior
62Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 51
Cheul Young Park, Cori Faklaris, Siyan Zhao, Alex Sciuto, Laura Dabbish and Jason I. Hong. 2018. Share and Share Alike?
An Exploration of Secure Behaviors in Romantic Relationships. In Proceedings of the Fourteenth Symposium on Usable
Privacy and Security (SOUPS 2018). USENIX Association, Berkeley, CA, USA. Available at:
https://www.usenix.org/system/files/conference/soups2018/soups2018-park.pdf
Romantic cybersecurity: Sharing accounts and
devices as relationships and households form and while
working through the end of a relationship.
● Account sharing is both functional and emotional
● Usability challenges for romantic couples that share
accounts and devices (such as 2FA tied to only one
person’s device, breakups lead to data breaches)
63. 63Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 51
Safesea browser plugin for
Google Chrome
● Helps Facebook users navigate
privacy and security settings.
● Displays crowd and expert
suggestions for settings.
Social Contexts of
Security Behavior
64. Social Contexts of Security Behavior
64Cori Faklaris - Designing for Usable Security and Privacy, April 15, 2020 - Carnegie Mellon University - Page 51
‘Fitness’ Tracking for cybersecurity: Could be used for contests or for sharing
and displaying behavior changes, just like with physical fitness tracking
65. Key
takeaways
for design
● Threat modeling - pay attention to “who”
○ Prevent Problems vs. Detect + Respond
○ Personal privacy vs. data privacy
● Fair Information Practices
● 3-pronged approach to usable security +
privacy
○ Make it invisible, Better UIs, Train
● Learning science principles
● C-HIP model for warnings
○ Also useful for non-security warnings too!
Cori Faklaris - Carnegie Mellon University - Page 65
66. Key
takeaways
for YOU
● Use a password manager & install all legit
software updates
● Sense of urgency is probably fake
● You’re not too smart to get fooled
● DON’T CLICK ANYTHING (google)
● Choose not easily guessable security
questions
● No free lunch
Cori Faklaris - Carnegie Mellon University - Page 66