Human Aspects

The goal of our work is to (a) capture people's expectations and surprises in using mobile apps in a scalable manner, and to (b) summarize these perceptions in a simple format to help people make better trust decisions. Our main idea is analyzing privacy in the form of people's expectations about what an app will and won't do, focusing on where an app breaks people's expectations. We are building an App Scanner that combines automated scanning techniques with crowdsourcing.

Coercion attacks that compel an authorized user to reveal his or her secret authentication credentials can give attackers access to restricted systems. The PIs are developing a new approach to preventing coercion attacks using the concept of implicit learning from cognitive psychology. Implicit learning refers to learning of patterns without any conscious knowledge of the learned pattern. Using a carefully crafted keyboard-based computer game the PIs plant a secret password in the participant's brain without the participant having any conscious knowledge of the trained password.

Computers and people live in a world governed by policy. At the lowest level, policies determine how information flows within networks; at the highest level, they describe how users' personal information is shared across applications. Of course, end-users, as policy authors, make mistakes: rules can have unintended consequences and multiple policies can interact in ways that their authors didn't intend. Users can benefit from tools to help them understand the policies they write and maintain. Policy analysis refers to rigorous methods for detecting these situations before they cause harm.

The objective of this project is to gather empirical evidence on the tradeoffs between security and usability in programming language and library design. Although it is well known that poorly-designed interfaces can lead to increased defect rates and software vulnerabilities, there is currently little specific guidance to designers on what precise language and library features make programmers more or less likely to write vulnerable code. Furthermore, little of the existing guidance is empirically based. The project will develop empirically-based guidance on two issues.

This research focuses on understanding the digital security and privacy needs of journalists and their sources to evaluate and design communication technologies that better support the fundamental operations of a globally free and unfettered press. Journalists -- along with their organizations and sources -- are known to be high-risk targets for cyberattack. This community can serve as a privacy and security bellwether, motivated to use new technologies, but requiring flexibility and ease-of-use. Many existing secure tools are too cumbersome for journalists to use on a regular basis.