SlideShare a Scribd company logo

OTO: Online Trust Oracle for User-Centric Trust Establishment, at CCS 2012

Download as PPTX, PDF
Jason Hong
Jason Hong

Malware continues to thrive on the Internet. Besides auto-mated mechanisms for detecting malware, we provide users with trust evidence information to enable them to make in-formed trust decisions. To scope the problem, we study the challenge of assisting users with judging the trustworthiness of software downloaded from the Internet. Through expert elicitation, we deduce indicators for trust evidence, then analyze these indicators with respect to scal-ability and robustness. We design OTO, a system for com-municating these trust evidence indicators to users, and we demonstrate through a user study the effectiveness of OTO, even with respect to IE’s SmartScreen Filter (SSF). The results from the between-subjects experiment with 58 par-ticipants confirm that the OTO interface helps people make correct trust decisions compared to the SSF interface regard-less of their security knowledge, education level, occupation, age, or gender. Authors are Tiffany Hyun-Jin Kim, Payas Gupta, Jun Han, Emmanuel Owusu, Jason Hong, Adrian Perrig, and Debin Gao

Technology
1 of 41
OTO: Online Trust Oracle for User-Centric Trust Establishment Tiffany Hyun-Jin Kim, Jun Han, Emmanuel Owusu, Jason Hong, Adrian Perrig Carnegie Mellon University Payas Gupta, Debin Gao Singapore Management University 19th International Conference on Computer and Communication Security (CCS) October 17, 2012 1
WHEN DOWNLOADING SOFTWARE…  Challenge: gauging authenticity & legitimacy of software  Novice users  Don’t understand dangers  Lack ability to validate  Security-conscious users  Often frustrated by their inability to judge 2
EXAMPLE OF SOFTWARE DOWNLOAD 3
TRUST INFO FROM THE INTERNET  Challenging for end-users  Cumbersome information gathering  Being unaware of existing evidence  Assessing the quality of evidence  Contradicting evidence  Automate trust decisions for users?  Delays in identifying new & evolving threats  Malware authors can circumvent the automated system  Users are still left alone to make trust decisions! 4
PROBLEM DEFINITION  Design a dialog box with robust trust evidence indicators  Help novice users make correct trust decisions  Avoid malware  Even if underlying OS fails to correctly label legitimacy  Desired properties  Correct  Users can still make correct trust decisions given conflicting info  Usable  Indicators are useful to novice users  Indicators should not disturb users 5
ASSUMPTION  Malware cannot interfere with dialog box operations  Display of the dialog box  Detection of software downloads  Gathering trust evidence  Adversary model  Malware distributors manipulate trust evidence  Provide falsifying info  Hide crucial info 6
DESIGN RATIONALE 7
DESIGN RATIONALE  Prevalent security threats  85% malware from web  Drive-by downloads  Fake antivirus  Keyloggers  45% success from user actions  Common pitfalls  Lack of security knowledge  Visual deception  Reliance on prior experience  Bounded attention 8  Effective design principle  Grayed-out background  Mimicked UI of OS vendor  Detailed explanation  Non-uniform UIs
Suppose your friend is bored at home and wants to watch some movie. Next
He searches on Google for “batman begins.” After looking through several options, he decides to watch this video and clicks. Click on the link
While waiting for the video to load, a dialog box appears. Would you recommend your friend to continue?
AT THE END OF EACH SCENARIO  Questions  Would you recommend that your friend proceeds and downloads the software [Yes/No/Not sure]  [If Yes or No] Why?  [If Not sure] What would you do to find out the legitimacy of this software?  What evidence would you present to your friend to convince him/her of the legitimacy of this software?  How well do you know this software? [1:don’t know at all – 5: know very well] 12
RESULTS OF EXPERTS’ USER STUDY 13 PROCESSING OPERATION # EXPERTS SOFTWARE REVIEW Are reviews available from reputable sources, experts, or friends? 9 Are the reviews good? 3 HOSTING SITE Is the hosting site reputable? 8 What is the corporate parameter (e.g., # employees, age of company)? 2 USER INTENTION Did you search for that specific software? 1 Are you downloading from a pop-up? 1 SECURING MACHINE Do you run an updated antivirus? 2 Is your machine trusted? 1
OTO: ONLINE TRUST ORACLE 14  User interface displaying safety of downloading file Summary & clickable link
3 COLOR MODES  Similar to Windows User Account Control framework  Blue: highly likely to be legitimate  Red: highly likely to be malicious  Yellow: system cannot determine the legitimacy 15
EVALUATION  Experiment with 2 conditions  IE9 SmartScreen Filter (SSF): base condition  Current state-of-the-art technology[1]  Widely used on browser  Checks software against a known blacklist  If flagged  red warning banner  No reputation  yellow warning banner 16 [1] M. Hachman. Microsoft’s IE9 Blocks Almost All Social Malware, Study Finds. http://www.pcmag.com/article2/0,2817,2391164,00.asp
 Same 10 scenarios for experts’ user study  End of each scenario: display SSF or OTO warning dialog box Legitimate Malicious System detection outcome Groundtruth Legitimate Malicious TN Kaspersky SPAMfighter Ahnlab MindMaple Adobe flash ActiveX codec Windows activation Privacy violation HDD diagnostics Rkill FP FN TP PROCEDURE 17
END OF EACH SCENARIO 18 While waiting for the video to load, a dialog box appears. Your friend clicks the “Continue” button.Click on the link
When he clicks “Continue," your friend's computer prevents him from proceeding and instead displays this interface. Please help your friend make a decision.
EFFECTIVENESS OF OTO  Demographics  58 participants  30 male and 28 female  Age 18—59  Between-subjects study: 29 for each condition  Compensation  $15 for participating  Additional $1 for each correct answer  $25 max 22
RESULTS  Repeated Measures ANOVA test  Did participants answer each scenario correctly?  OTO helps people make more correct decisions than SSF does regardless of gender, age, occupation, education level, or background security knowledge! 23
TIMING ANALYSIS  N = 13 for SSF, N = 11 for OTO  Overall, time(OTO) < time(SSF)  Participants relied on evidence to make trust decisions 24
WHAT IF OS MISCATEGORIZES?  OTO >> SSF  5-pt Likert scale questions  OTO is as useful as SSF  OTO is more comfortable to use 25 Legitimate Malicious System detection outcome Groundtruth Legitimate Malicious TN Kaspersky SPAMfighter Ahnlab MindMaple Adobe flash ActiveX codec Windows activation Privacy violation HDD diagnostics Rkill FP FN TP
SCOPE OF THIS PAPER  Main objective of this paper  Whether providing extra pieces of evidence helps users  Outside the scope of this paper  How each piece of evidence is gathered  How each piece of evidence is authenticated  How malware cannot interfere with OTO operations  Existence of system-level trusted path for input and output  Helping people who don’t care about security 26
CONCLUSIONS  OTO: download dialog box  Displays robust & scalable trust evidence to users  Based on interview results of security experts  Goal: do users find additional trust evidence useful?  People actually read the evidence  Empowers users to make better trust decisions  Even if underlying OS misdetects 27
Thank you  hyunjin1@ece.cmu.edu 28
BACKUP SLIDES 29
SCENARIOS FOR USER STUDY 30
PRE-STUDY QUESTIONS 31
RETRIEVING EVIDENCE  Robust & scalable evidence 32
DEMOGRAPHICS 33
MEAN & MAX TIME TAKEN (SEC)  N = 13 for SSF, N = 11 for OTO 34
SUMMARY OF ANOVA RESULTS 35
SECURITY ANALYSIS  Malware detection  Zero-day: lack of enough evidence  Well-known malware: likely to have more negative than positive  False alarms  Users examine and compare  Evidence is what users would have gathered from Internet  Manipulation attack  Creating fake positive evidence  OTO’s evidence is robust  E.g., by considering temporal aspect  Need to forge multiple pieces of evidence  Hiding harmful evidence  Challenging to prevent authorative resources from serving negative evidence  Impersonation of legitimate software  Can associate each piece of software with cryptographic hash 36
USEFULNESS OF EVIDENCE 37
RELATED WORK  User mental models  Responses to SSL warning messages [Sunshine et al. 2009]  Psychological responses to warnings [Bravo-Lillo et al., 2011]  Folk models of security threats [Wash, 2010]  Information Content for Microsoft UAC warning [Motiee, 2011]  Habituation  Effectiveness of browser warnings [Egelman et al. 2008]  Polymorphic and audited dialogs [Brustoloni et al. 2007]  Assessing credibility online  Augmenting search results with credibility visualizations [Schwarz and Morris, 2011]  Prominence-Interpretation theory [Fogg et al. 2003] 38
RELATED WORK  User mental models  Responses to SSL warning messages [Sunshine et al. 2009]  Warnings in general do not prevent users from unsafe behavior  Psychological responses to warnings [Bravo-Lillo et al., 2011]  Users have wrong mental model for computer warnings  Most users don’t understand SSL warnings without background knowledge  Warnings should not be the main way of defense  Folk models of security threats [Wash, 2010]  Security should focus on both actionable advice and potential threats  Information Content for Microsoft UAC warning [Motiee, 2011]  Let users assess risk and correctly respond to warnings  Information can still be easily spoofed 39
RELATED WORK  Microsoft SmartScreen Filter  current state-of-the-art technology widely used on browsers  Checks the software against a known blacklist of malicious software  If flagged -> red-banner warning appears, hiding options to make users download  Information Content for Microsoft UAC warning [Motiee, 2011]  Let users assess risk and correctly respond to warnings  Information can still be easily spoofed  Psychological responses to warnings [Bravo-Lillo et al., 2011]  Users have wrong mental model for computer warnings  Most users don’t understand SSL warnings without background knowledge  Warnings should not be the main way of defense 40
DESIGN RATIONALE  Prevalent security threats  85% malware from web  Drive-by downloads  Fake antivirus  Keyloggers  45% success from user actions  Common pitfalls  Lack of security knowledge  Visual deception  Psychological pressure  Reliance on prior experience  Bounded attention 41  Effective design principle  Grayed-out background  Mimicked UI of OS vendor  Detailed explanation  Non-uniform UIs

Recommended

Intranet Usability Testing
Intranet Usability TestingIntranet Usability Testing
Intranet Usability Testing
John Sorflaten, PhD, CUXP
 
Thesis presentation 1: Learning 2.0 with special needs
Thesis presentation 1: Learning 2.0 with special needsThesis presentation 1: Learning 2.0 with special needs
Thesis presentation 1: Learning 2.0 with special needs
Glennvin
 
Technology staff development survey web 2
Technology staff development survey web 2Technology staff development survey web 2
Technology staff development survey web 2vgsantacroce
 
Cis 375 Education Redefined - snaptutorial.com
Cis 375 Education Redefined - snaptutorial.comCis 375 Education Redefined - snaptutorial.com
Cis 375 Education Redefined - snaptutorial.com
DavisMurphyC76
 
Requirement analysis
Requirement analysisRequirement analysis
Requirement analysis
Prof.Dharmishtha R. Chaudhari
 
HCI LAB MANUAL
HCI LAB MANUAL HCI LAB MANUAL
HCI LAB MANUAL
Um e Farwa
 
Examus pitch
Examus pitchExamus pitch
Examus pitch
Dmitriy Istomin
 
Stay Up To Date on the Latest Happenings in the Boardroom: Recommended Summer...
Stay Up To Date on the Latest Happenings in the Boardroom: Recommended Summer...Stay Up To Date on the Latest Happenings in the Boardroom: Recommended Summer...
Stay Up To Date on the Latest Happenings in the Boardroom: Recommended Summer...
Stanford GSB Corporate Governance Research Initiative
 

Recommended

Intranet Usability Testing
Intranet Usability TestingIntranet Usability Testing
Intranet Usability Testing
John Sorflaten, PhD, CUXP
 
Thesis presentation 1: Learning 2.0 with special needs
Thesis presentation 1: Learning 2.0 with special needsThesis presentation 1: Learning 2.0 with special needs
Thesis presentation 1: Learning 2.0 with special needs
Glennvin
 
Technology staff development survey web 2
Technology staff development survey web 2Technology staff development survey web 2
Technology staff development survey web 2vgsantacroce
 
Cis 375 Education Redefined - snaptutorial.com
Cis 375 Education Redefined - snaptutorial.comCis 375 Education Redefined - snaptutorial.com
Cis 375 Education Redefined - snaptutorial.com
DavisMurphyC76
 
Requirement analysis
Requirement analysisRequirement analysis
Requirement analysis
Prof.Dharmishtha R. Chaudhari
 
HCI LAB MANUAL
HCI LAB MANUAL HCI LAB MANUAL
HCI LAB MANUAL
Um e Farwa
 
Examus pitch
Examus pitchExamus pitch
Examus pitch
Dmitriy Istomin
 
Stay Up To Date on the Latest Happenings in the Boardroom: Recommended Summer...
Stay Up To Date on the Latest Happenings in the Boardroom: Recommended Summer...Stay Up To Date on the Latest Happenings in the Boardroom: Recommended Summer...
Stay Up To Date on the Latest Happenings in the Boardroom: Recommended Summer...
Stanford GSB Corporate Governance Research Initiative
 
Avcomparatives Survey 2011
Avcomparatives Survey 2011Avcomparatives Survey 2011
Avcomparatives Survey 2011Anatoliy Tkachev
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UK
Kim Jensen
 
Security survey2013 en
Security survey2013 enSecurity survey2013 en
Security survey2013 enAnatoliy Tkachev
 
1.Security Overview And Patching
1.Security Overview And Patching1.Security Overview And Patching
1.Security Overview And Patchingphanleson
 
Usabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OSUsabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OS
Rajiv Ranjan Singh
 
Discussion Question & Peer Responses Grading RubricDiscussion Qu.docx
Discussion Question & Peer Responses Grading RubricDiscussion Qu.docxDiscussion Question & Peer Responses Grading RubricDiscussion Qu.docx
Discussion Question & Peer Responses Grading RubricDiscussion Qu.docx
elinoraudley582231
 
2011 Social Media Malware Trends
2011 Social Media Malware Trends2011 Social Media Malware Trends
2011 Social Media Malware Trends
Lumension
 
Vulnerability Analyst interview Questions.pdf
Vulnerability Analyst interview Questions.pdfVulnerability Analyst interview Questions.pdf
Vulnerability Analyst interview Questions.pdf
infosec train
 
Effective risk communication for android apps
Effective risk communication for android appsEffective risk communication for android apps
Effective risk communication for android appsJPINFOTECH JAYAPRAKASH
 
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docxRyan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
jeffsrosalyn
 
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docxRyan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
rtodd599
 
How can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesHow can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data losses
Abhishek BV
 
(In)security in Open Source
(In)security in Open Source(In)security in Open Source
(In)security in Open Source
Shane Coughlan
 
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docx
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docxMeltdown and Spectre Haunt the World’s Computers”In early Janua.docx
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docx
roushhsiu
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
ESET Middle East
 
Alice in warningland: A Large Scale Study of Browser Security Warnings
Alice in warningland: A Large Scale Study of Browser Security WarningsAlice in warningland: A Large Scale Study of Browser Security Warnings
Alice in warningland: A Large Scale Study of Browser Security Warnings
Meghna Singhal
 
The Aspects of Choosing Open Source Versus Closed Source
The Aspects of Choosing Open Source Versus Closed SourceThe Aspects of Choosing Open Source Versus Closed Source
The Aspects of Choosing Open Source Versus Closed SourceJeet Prakash
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Falgun Rathod
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
Sean Whalen
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Jorge Orchilles
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 

More Related Content

Similar to OTO: Online Trust Oracle for User-Centric Trust Establishment, at CCS 2012

Avcomparatives Survey 2011
Avcomparatives Survey 2011Avcomparatives Survey 2011
Avcomparatives Survey 2011Anatoliy Tkachev
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UK
Kim Jensen
 
1.Security Overview And Patching
1.Security Overview And Patching1.Security Overview And Patching
1.Security Overview And Patchingphanleson
 
Usabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OSUsabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OS
Rajiv Ranjan Singh
 
Discussion Question & Peer Responses Grading RubricDiscussion Qu.docx
Discussion Question & Peer Responses Grading RubricDiscussion Qu.docxDiscussion Question & Peer Responses Grading RubricDiscussion Qu.docx
Discussion Question & Peer Responses Grading RubricDiscussion Qu.docx
elinoraudley582231
 
2011 Social Media Malware Trends
2011 Social Media Malware Trends2011 Social Media Malware Trends
2011 Social Media Malware Trends
Lumension
 
Vulnerability Analyst interview Questions.pdf
Vulnerability Analyst interview Questions.pdfVulnerability Analyst interview Questions.pdf
Vulnerability Analyst interview Questions.pdf
infosec train
 
Effective risk communication for android apps
Effective risk communication for android appsEffective risk communication for android apps
Effective risk communication for android appsJPINFOTECH JAYAPRAKASH
 
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docxRyan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
jeffsrosalyn
 
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docxRyan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
rtodd599
 
How can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesHow can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data losses
Abhishek BV
 
(In)security in Open Source
(In)security in Open Source(In)security in Open Source
(In)security in Open Source
Shane Coughlan
 
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docx
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docxMeltdown and Spectre Haunt the World’s Computers”In early Janua.docx
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docx
roushhsiu
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
ESET Middle East
 
Alice in warningland: A Large Scale Study of Browser Security Warnings
Alice in warningland: A Large Scale Study of Browser Security WarningsAlice in warningland: A Large Scale Study of Browser Security Warnings
Alice in warningland: A Large Scale Study of Browser Security Warnings
Meghna Singhal
 
The Aspects of Choosing Open Source Versus Closed Source
The Aspects of Choosing Open Source Versus Closed SourceThe Aspects of Choosing Open Source Versus Closed Source
The Aspects of Choosing Open Source Versus Closed SourceJeet Prakash
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Falgun Rathod
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
Sean Whalen
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
Jorge Orchilles
 

Similar to OTO: Online Trust Oracle for User-Centric Trust Establishment, at CCS 2012 (20)

Avcomparatives Survey 2011
Avcomparatives Survey 2011Avcomparatives Survey 2011
Avcomparatives Survey 2011
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UK
 
Security survey2013 en
Security survey2013 enSecurity survey2013 en
Security survey2013 en
 
1.Security Overview And Patching
1.Security Overview And Patching1.Security Overview And Patching
1.Security Overview And Patching
 
Usabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OSUsabiltyvs Security Case study of SmartPhone OS
Usabiltyvs Security Case study of SmartPhone OS
 
Discussion Question & Peer Responses Grading RubricDiscussion Qu.docx
Discussion Question & Peer Responses Grading RubricDiscussion Qu.docxDiscussion Question & Peer Responses Grading RubricDiscussion Qu.docx
Discussion Question & Peer Responses Grading RubricDiscussion Qu.docx
 
2011 Social Media Malware Trends
2011 Social Media Malware Trends2011 Social Media Malware Trends
2011 Social Media Malware Trends
 
Vulnerability Analyst interview Questions.pdf
Vulnerability Analyst interview Questions.pdfVulnerability Analyst interview Questions.pdf
Vulnerability Analyst interview Questions.pdf
 
Effective risk communication for android apps
Effective risk communication for android appsEffective risk communication for android apps
Effective risk communication for android apps
 
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docxRyan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
 
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docxRyan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
Ryan ArcherTopic Panic AttacksSpecific Purpose To inform my.docx
 
How can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data lossesHow can we predict vulnerabilities to prevent them from causing data losses
How can we predict vulnerabilities to prevent them from causing data losses
 
(In)security in Open Source
(In)security in Open Source(In)security in Open Source
(In)security in Open Source
 
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docx
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docxMeltdown and Spectre Haunt the World’s Computers”In early Janua.docx
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docx
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
 
Alice in warningland: A Large Scale Study of Browser Security Warnings
Alice in warningland: A Large Scale Study of Browser Security WarningsAlice in warningland: A Large Scale Study of Browser Security Warnings
Alice in warningland: A Large Scale Study of Browser Security Warnings
 
The Aspects of Choosing Open Source Versus Closed Source
The Aspects of Choosing Open Source Versus Closed SourceThe Aspects of Choosing Open Source Versus Closed Source
The Aspects of Choosing Open Source Versus Closed Source
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

OTO: Online Trust Oracle for User-Centric Trust Establishment, at CCS 2012

  • 1. OTO: Online Trust Oracle for User-Centric Trust Establishment Tiffany Hyun-Jin Kim, Jun Han, Emmanuel Owusu, Jason Hong, Adrian Perrig Carnegie Mellon University Payas Gupta, Debin Gao Singapore Management University 19th International Conference on Computer and Communication Security (CCS) October 17, 2012 1
  • 2. WHEN DOWNLOADING SOFTWARE…  Challenge: gauging authenticity & legitimacy of software  Novice users  Don’t understand dangers  Lack ability to validate  Security-conscious users  Often frustrated by their inability to judge 2
  • 3. EXAMPLE OF SOFTWARE DOWNLOAD 3
  • 4. TRUST INFO FROM THE INTERNET  Challenging for end-users  Cumbersome information gathering  Being unaware of existing evidence  Assessing the quality of evidence  Contradicting evidence  Automate trust decisions for users?  Delays in identifying new & evolving threats  Malware authors can circumvent the automated system  Users are still left alone to make trust decisions! 4
  • 5. PROBLEM DEFINITION  Design a dialog box with robust trust evidence indicators  Help novice users make correct trust decisions  Avoid malware  Even if underlying OS fails to correctly label legitimacy  Desired properties  Correct  Users can still make correct trust decisions given conflicting info  Usable  Indicators are useful to novice users  Indicators should not disturb users 5
  • 6. ASSUMPTION  Malware cannot interfere with dialog box operations  Display of the dialog box  Detection of software downloads  Gathering trust evidence  Adversary model  Malware distributors manipulate trust evidence  Provide falsifying info  Hide crucial info 6
  • 8. DESIGN RATIONALE  Prevalent security threats  85% malware from web  Drive-by downloads  Fake antivirus  Keyloggers  45% success from user actions  Common pitfalls  Lack of security knowledge  Visual deception  Reliance on prior experience  Bounded attention 8  Effective design principle  Grayed-out background  Mimicked UI of OS vendor  Detailed explanation  Non-uniform UIs
  • 9. Suppose your friend is bored at home and wants to watch some movie. Next
  • 10. He searches on Google for “batman begins.” After looking through several options, he decides to watch this video and clicks. Click on the link
  • 11. While waiting for the video to load, a dialog box appears. Would you recommend your friend to continue?
  • 12. AT THE END OF EACH SCENARIO  Questions  Would you recommend that your friend proceeds and downloads the software [Yes/No/Not sure]  [If Yes or No] Why?  [If Not sure] What would you do to find out the legitimacy of this software?  What evidence would you present to your friend to convince him/her of the legitimacy of this software?  How well do you know this software? [1:don’t know at all – 5: know very well] 12
  • 13. RESULTS OF EXPERTS’ USER STUDY 13 PROCESSING OPERATION # EXPERTS SOFTWARE REVIEW Are reviews available from reputable sources, experts, or friends? 9 Are the reviews good? 3 HOSTING SITE Is the hosting site reputable? 8 What is the corporate parameter (e.g., # employees, age of company)? 2 USER INTENTION Did you search for that specific software? 1 Are you downloading from a pop-up? 1 SECURING MACHINE Do you run an updated antivirus? 2 Is your machine trusted? 1
  • 14. OTO: ONLINE TRUST ORACLE 14  User interface displaying safety of downloading file Summary & clickable link
  • 15. 3 COLOR MODES  Similar to Windows User Account Control framework  Blue: highly likely to be legitimate  Red: highly likely to be malicious  Yellow: system cannot determine the legitimacy 15
  • 16. EVALUATION  Experiment with 2 conditions  IE9 SmartScreen Filter (SSF): base condition  Current state-of-the-art technology[1]  Widely used on browser  Checks software against a known blacklist  If flagged  red warning banner  No reputation  yellow warning banner 16 [1] M. Hachman. Microsoft’s IE9 Blocks Almost All Social Malware, Study Finds. http://www.pcmag.com/article2/0,2817,2391164,00.asp
  • 17.  Same 10 scenarios for experts’ user study  End of each scenario: display SSF or OTO warning dialog box Legitimate Malicious System detection outcome Groundtruth Legitimate Malicious TN Kaspersky SPAMfighter Ahnlab MindMaple Adobe flash ActiveX codec Windows activation Privacy violation HDD diagnostics Rkill FP FN TP PROCEDURE 17
  • 18. END OF EACH SCENARIO 18 While waiting for the video to load, a dialog box appears. Your friend clicks the “Continue” button.Click on the link
  • 19. When he clicks “Continue," your friend's computer prevents him from proceeding and instead displays this interface. Please help your friend make a decision.
  • 20.
  • 21.
  • 22. EFFECTIVENESS OF OTO  Demographics  58 participants  30 male and 28 female  Age 18—59  Between-subjects study: 29 for each condition  Compensation  $15 for participating  Additional $1 for each correct answer  $25 max 22
  • 23. RESULTS  Repeated Measures ANOVA test  Did participants answer each scenario correctly?  OTO helps people make more correct decisions than SSF does regardless of gender, age, occupation, education level, or background security knowledge! 23
  • 24. TIMING ANALYSIS  N = 13 for SSF, N = 11 for OTO  Overall, time(OTO) < time(SSF)  Participants relied on evidence to make trust decisions 24
  • 25. WHAT IF OS MISCATEGORIZES?  OTO >> SSF  5-pt Likert scale questions  OTO is as useful as SSF  OTO is more comfortable to use 25 Legitimate Malicious System detection outcome Groundtruth Legitimate Malicious TN Kaspersky SPAMfighter Ahnlab MindMaple Adobe flash ActiveX codec Windows activation Privacy violation HDD diagnostics Rkill FP FN TP
  • 26. SCOPE OF THIS PAPER  Main objective of this paper  Whether providing extra pieces of evidence helps users  Outside the scope of this paper  How each piece of evidence is gathered  How each piece of evidence is authenticated  How malware cannot interfere with OTO operations  Existence of system-level trusted path for input and output  Helping people who don’t care about security 26
  • 27. CONCLUSIONS  OTO: download dialog box  Displays robust & scalable trust evidence to users  Based on interview results of security experts  Goal: do users find additional trust evidence useful?  People actually read the evidence  Empowers users to make better trust decisions  Even if underlying OS misdetects 27
  • 30. SCENARIOS FOR USER STUDY 30
  • 32. RETRIEVING EVIDENCE  Robust & scalable evidence 32
  • 34. MEAN & MAX TIME TAKEN (SEC)  N = 13 for SSF, N = 11 for OTO 34
  • 35. SUMMARY OF ANOVA RESULTS 35
  • 36. SECURITY ANALYSIS  Malware detection  Zero-day: lack of enough evidence  Well-known malware: likely to have more negative than positive  False alarms  Users examine and compare  Evidence is what users would have gathered from Internet  Manipulation attack  Creating fake positive evidence  OTO’s evidence is robust  E.g., by considering temporal aspect  Need to forge multiple pieces of evidence  Hiding harmful evidence  Challenging to prevent authorative resources from serving negative evidence  Impersonation of legitimate software  Can associate each piece of software with cryptographic hash 36
  • 38. RELATED WORK  User mental models  Responses to SSL warning messages [Sunshine et al. 2009]  Psychological responses to warnings [Bravo-Lillo et al., 2011]  Folk models of security threats [Wash, 2010]  Information Content for Microsoft UAC warning [Motiee, 2011]  Habituation  Effectiveness of browser warnings [Egelman et al. 2008]  Polymorphic and audited dialogs [Brustoloni et al. 2007]  Assessing credibility online  Augmenting search results with credibility visualizations [Schwarz and Morris, 2011]  Prominence-Interpretation theory [Fogg et al. 2003] 38
  • 39. RELATED WORK  User mental models  Responses to SSL warning messages [Sunshine et al. 2009]  Warnings in general do not prevent users from unsafe behavior  Psychological responses to warnings [Bravo-Lillo et al., 2011]  Users have wrong mental model for computer warnings  Most users don’t understand SSL warnings without background knowledge  Warnings should not be the main way of defense  Folk models of security threats [Wash, 2010]  Security should focus on both actionable advice and potential threats  Information Content for Microsoft UAC warning [Motiee, 2011]  Let users assess risk and correctly respond to warnings  Information can still be easily spoofed 39
  • 40. RELATED WORK  Microsoft SmartScreen Filter  current state-of-the-art technology widely used on browsers  Checks the software against a known blacklist of malicious software  If flagged -> red-banner warning appears, hiding options to make users download  Information Content for Microsoft UAC warning [Motiee, 2011]  Let users assess risk and correctly respond to warnings  Information can still be easily spoofed  Psychological responses to warnings [Bravo-Lillo et al., 2011]  Users have wrong mental model for computer warnings  Most users don’t understand SSL warnings without background knowledge  Warnings should not be the main way of defense 40
  • 41. DESIGN RATIONALE  Prevalent security threats  85% malware from web  Drive-by downloads  Fake antivirus  Keyloggers  45% success from user actions  Common pitfalls  Lack of security knowledge  Visual deception  Psychological pressure  Reliance on prior experience  Bounded attention 41  Effective design principle  Grayed-out background  Mimicked UI of OS vendor  Detailed explanation  Non-uniform UIs

Editor's Notes

  1. Clearly see whether interface is legit or not based on the answers, especially if they want to get the answer correctly.
  2. Factors we took into account in our designUnderstand prevalent security threatsAccording to industry reports, 85%...comes from the web, especially by luring people to sites with malicious codeRecurring popular threat is fake antivirus and using keyloggers. 45% malware attacks succeedWe also considered common pitfalls when users make security decisions online that we wanted to avoidMisinterpreting indicators: broken image, from line of emailVisual deception: typejacking homograph attacksBounded attention: pay insufficient attention to existing security indicators and lack of them.