Usable Security and Privacy

Program Code: 1885

Description of work:

Australian Centre for Cyber Security (ACCS) is a world-class internationally recognised interdisciplinary research and teaching centre, specialising in a broad range of areas in Cyber Security. ACCS is particularly interested in applicants who have background or interest in applying the methods of Human Computer Interaction (HCI) to the domain of computer security and privacy.

The projects are well-aligned with the intersection of computer security, human computer interaction (HCI), and on-line privacy, in an area known as usable security and privacy. Many aspects of computer security synthesize technical and human factors. If a highly secure system is unusable, users will try to by-pass the system or move entirely to less secure but more usable systems. Problems with usability contribute to many high-profile security failures today in the technology-filled world. Nevertheless, usable security is not well-aligned with traditional usability for some reasons. First, security is not very often the primary task of the user. In most cases, security is not the primary purpose of using a computer. People use computers to shop, socialize, communicate, and be educated and entertained. Many applications handle security issues through security alerts that interrupt users primary task. Therefore, users represent security as a secondary task. Whenever security is secondary, it opposes the usability of the primary task: users find it is distracting and therefore they would rather ignore, circumvent, or even defeat. Second, securing information is about understanding risk, threats, vulnerabilities and exploits. Such communication is most often unwelcome in the HCI community. Increasing unwelcome interaction is not a goal of usable security and privacy design. Third, discrete technical problems are all well-understood under the umbrella of on-line security and privacy (e.g., attacks such as phishing, malware, spyware, social engineering, Distributed Denial-of-Service or DDoS attack). A broader concept of both security and usability is therefore required for usable security. The projects investigate how users manage their security and privacy in existing systems in order to design new systems that achieve better privacy and security solutions by taking end users into account.

A number of projects available (but not limited to) in usable security and privacy are listed here:

• Improving usability of security APIs
• Improving the usability of security testing tools
• Bespoke fallback authentication mechanism as an extra layer of security
• Serious Games in Cyber Security Education (Usable Access Control Games)
• Serious Games in Cyber Security Education (phishing threat avoidance perspective)

Skills Required:

Prospective candidates will have a Bachelor's (First Class with Honours) or Master's degree (with Distinction) in Computer Science, Cyber Security or Human Computer Interaction (HCI) and a strong passion for study human factors in cyber security.

Good programming skills (such as rapid prototyping using programming tools, for example, Java, Android SDK, JavaScript or PhP) are mandatory and previous coding experience is a plus. Applicants who have hands-on experience and skill in HCI design, rapid prototyping and evaluation approaches are certainly welcome to apply.

Prospective candidates can forward their CV including GPA and discuss the particular projects or application process with Nalin Asanka on nalin.asanka@adfa.edu.au.

Contact:

Nalin Asanka nalin.asanka@adfa.edu.au