Session:「Trust and Security in Practice」

What Did I Really Vote For?

論文URL: http://dl.acm.org/citation.cfm?doid=3173574.3173750

論文アブストラクト: E-voting has been embraced by a number of countries, delivering benefits in terms of efficiency and accessibility. End-to-end verifiable e-voting schemes facilitate verification of the integrity of individual votes during the election process. In particular, methods for cast-as-intended verification enable voters to confirm that their cast votes have not been manipulated by the voting client. A well-known technique for effecting cast-as-intended verification is the Benaloh Challenge. The usability of this challenge is crucial because voters have to be actively engaged in the verification process. In this paper, we report on a usability evaluation of three different approaches of the Benaloh Challenge in the remote e-voting context. We performed a comparative user study with 95 participants. We conclude with a recommendation for which approaches should be provided to afford verification in real-world elections and suggest usability improvements.

日本語のまとめ:

現実の選挙で電子投票を採用する際、正しく投票されたかを検証するアプローチが必要である。本稿では、よく知られた検証技術であるベナロチャレンジの3つの異なるアプローチのユーザビリティ評価を、参加者95人の比較により調査した。

Security During Application Development: an Application Security Expert Perspective

論文URL: http://dl.acm.org/citation.cfm?doid=3173574.3173836

論文アブストラクト: Many of the security problems that people face today, such as security breaches and data theft, are caused by security vulnerabilities in application source code. Thus, there is a need to understand and improve the experiences of those who can prevent such vulnerabilities in the first place - software developers as well as application security experts. Several studies have examined developers' perceptions and behaviors regarding security vulnerabilities, demonstrating the challenges they face in performing secure programming and utilizing tools for vulnerability detection. We expand upon this work by focusing on those primarily responsible for application security - security auditors. In an interview study of 32 application security experts, we examine their views on application security processes, their workflows, and their interactions with developers in order to further inform the design of tools and processes to improve application security.

日本語のまとめ:

アプリケーションセキュリティプロセスの改善を目的として、本稿では、アプリケーションセキュリティ専門家32人へのインタビュー調査を通して、ワークフローや開発者と専門家との相互作用などに関する意見を調べる。

An Experience Sampling Study of User Reactions to Browser Warnings in the Field

論文URL: http://dl.acm.org/citation.cfm?doid=3173574.3174086

論文アブストラクト: Web browser warnings should help protect people from malware, phishing, and network attacks. Adhering to warnings keeps people safer online. Recent improvements in warning design have raised adherence rates, but they could still be higher. And prior work suggests many people still do not understand them. Thus, two challenges remain: increasing both comprehension and adherence rates. To dig deeper into user decision making and comprehension of warnings, we performed an experience sampling study of web browser security warnings, which involved surveying over 6,000 Chrome and Firefox users in situ to gather reasons for adhering or not to real warnings. We find these reasons are many and vary with context. Contrary to older prior work, we do not find a single dominant failure in modern warning design---like habituation---that prevents effective decisions. We conclude that further improvements to warnings will require solving a range of smaller contextual misunderstandings.

日本語のまとめ:

本稿では、Webブラウザのセキュリティ警告の理解度及び遵守率の向上を目的として、6000人以上のChromeユーザーとFirefoxユーザーへの体験サンプリング調査を行い、その結果から、警告の更なる改善方法を考察した。

Forgotten But Not Gone: Identifying the Need for Longitudinal Data Management in Cloud Storage

論文URL: http://dl.acm.org/citation.cfm?doid=3173574.3174117

論文アブストラクト: Users have accumulated years of personal data in cloud storage, creating potential privacy and security risks. This agglomeration includes files retained or shared with others simply out of momentum, rather than intention. We presented 100 online-survey participants with a stratified sample of 10 files currently stored in their own Dropbox or Google Drive accounts. We asked about the origin of each file, whether the participant remembered that file was stored there, and, when applicable, about that file's sharing status. We also recorded participants' preferences moving forward for keeping, deleting, or encrypting those files, as well as adjusting sharing settings. Participants had forgotten that half of the files they saw were in the cloud. Overall, 83% of participants wanted to delete at least one file they saw, while 13% wanted to unshare at least one file. Our combined results suggest directions for retrospective cloud data management.

日本語のまとめ:

クラウドストレージに保存されたデータは、潜在的なセキュリティリスクを生み出す。本稿では、クラウドストレージを利用している100人のユーザーのファイルの把握状態や設定を調査し、遡及的なファイル管理の必要性を主張している。