Visible to the public Characterizing user behavior and anticipating its effects on computer security with a Security Behavior Observatory - July 2022Conflict Detection Enabled

Submitted by Jamie Presken on Thu, 07/07/2022 - 9:02am

PI(s), Co-PI(s), Researchers:

Lorrie Cranor, Nicolas Christin

Researchers: Sarah Pearman, Jeremy Thomas

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

The Security Behavior Observatory addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild". This data is the closest to the ground truth of the users' everyday security and privacy challenges that the research community has ever collected. We expect the insights discovered by analyzing this data will profoundly impact multiple research domains, including but not limited to behavioral sciences, computer security & privacy, economics, and human-computer interaction.

PUBLICATIONS

N/A this quarter

PUBLIC ACCOMPLISHMENT HIGHLIGHTS

The SBO addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild."

Paper Accepted: On recruiting and retaining users for security-sensitive longitudinal measurement panels. Akira Yamada, Kyle Crichton, Yukiko Sawaya, Jin-Dong Dong, Sarah Pearman, Ayumu Kubota, and Nicolas Christin. To appear at SOUPS 2022 (August 2022).

  • Long-term measurement studies, like the SBO, which collect highly-detailed information about user behavior can be quite intrusive to the participant, making recruitment and retention difficult for researchers.
  • Comparing three different longitudinal studies; the SBO, data collected through a browser security toolbar, and a mobile application similar to the SBO; we assess (1) how the incentives offered to participants affects the sample recruited and (2) what factors influence user retention.
  • We find that minimizing interference with the user's device, finding the right balance of communication with participants, following up with inactive users, and providing tangible benefits for participation help retain participants.

Paper Published: Adulthood is trying each of the same six passwords that you use for everything: The scarcity and ambiguity of security advice on social media. Sruti Bhagavatula, Lujo Bauer, and Apu Kapadia. Appeared in CSCW 2022 (April 2022).

  • In this project, we study the extent to which security- and privacy-related information is presented to users through their social media or "friends".
  • This relates to the hard problem of understanding and accounting for real human behavior. By analyzing the actual social media logs of participants, we study the extent to which this information is exposed to users and how different aspects of this information impacts people's security behaviors measured across the type of browsing they do, password use habits, and other system-related behaviors.

COMMUNITY ENGAGEMENTS

EDUCATIONAL ADVANCES (If Applicable)

Groups: