Visible to the public Characterizing user behavior and anticipating its effects on computer security with a Security Behavior Observatory - April 2021Conflict Detection Enabled

Submitted by Jamie Presken on Tue, 03/09/2021 - 1:38pm

PI(s), Co-PI(s), Researchers:

Lorrie Cranor, Nicolas Christin

Researchers: Sarah Pearman, Jeremy Thomas

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

The Security Behavior Observatory addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild". This data is the closest to the ground truth of the users' everyday security and privacy challenges that the research community has ever collected. We expect the insights discovered by analyzing this data will profoundly impact multiple research domains, including but not limited to behavioral sciences, computer security & privacy, economics, and human-computer interaction.

PUBLICATIONS

N/A this quarter

PUBLIC ACCOMPLISHMENT HIGHLIGHTS

The purpose is to give our immediate sponsors a body of evidence that the funding they are providing is delivering results that "more than justify" the investment they are making.

The SBO addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild."

Accepted paper: What breach? Measuring online awareness of security incidents by studying real-world browsing behavior. Sruti Bhagavatula, Lujo Bauer, and Apu Kapadia. To appear at the IEEE Workshop on Technology and Consumer Protection (ConPro 2021).

    • In this analysis, we used the SBO dataset to study how people come to learn about breaches online and the actions people take in the aftermath of breaches.
    • This relates to the hard problem of understanding and accounting for real human behavior: in particular, we seek to understand what influences people to learn about breaches and to take actions to protect the security of their accounts and information.

We also have a paper under review for a conference in 2021 that uses our in-situ data to explore home users' web browsing patterns, including patterns that expose them to riskier content, which may have implications for future security research.

COMMUNITY ENGAGEMENTS

EDUCATIONAL ADVANCES (If Applicable)

Groups: