USE: User Security Behavior (CMU/Berkeley/University of Pittsburgh Collaborative Proposal) July 2014

Public Audience
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

PI(s): A. Acquisti, L.F. Cranor, N. Christin, R. Telang
Researchers: Alain Forget (CMU), Serge Egelman (Berkeley), and Scott Beach (Univ of Pittsburgh)

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

5. Understanding and Accounting for Human Behavior

PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

We have given an invited presentation of our project, as well as an archival poster presentation, at the IEEE Symposium and Bootcamp on the Science of Security 2014 (HotSoS, http://www.csc2.ncsu.edu/conferences/hotsos/index.html).

By its very nature - building infrastructure to collect data, then collecting, and eventually analyzing the data - the project has a long set up phase. As a result, it will likely be much more publication-centered toward the second half of its projected duration. However, we are confident that the greater number and quality of sensors we are building, and the more secure, reliable, and robust infrastructure we continue to build will provide more and better data, resulting in more and stronger publications.

However, now that we are launching our data collection pilot study, we hope to compile the lessons learnt about building and launching such a large-scale field study into an early publication. We also hope the pilot will go smoothly enough that we could submit a paper with early results from the short-term data collected.

ACCOMPLISHMENT HIGHLIGHTS

1. Our project's dedicated server infrastructure is now completely set up, which effectively but affordably provides us with:

a. Expandable storage
b. Reliable and secure data storage through end-to-end encryption
c. Rapidly and reliably download data from over a dozen clients at once
d. Provide researchers with secure access to the encrypted data, minimising risk of confidential data leakage

2. The following additional data collection sensors have been integrated into the client software installation package and are ready for deployment:

a. A process sensor that logs periodic snapshots of the currently running processes on the client machine.
b. A security log sensor which captures data on security-related events captured by the operating system.
c. A Windows update sensor that detects the current settings and list of installed or pending updates.

3. Our data collection system and architecture is ready and sufficiently stable that we are currently launching a pilot study (e.g. beta test) of our data collection system with 5 participants from the general population.