References of "Ferreira, Ana 50001780"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailCan Transparency Enhancing Tools support patient's accessing Electronic Health Records?
Lenzini, Gabriele UL; Ferreira, Ana UL

in Advances in Intelligent Systems and Computing (2015)

Patients that access their health records take more care of their health and, when in therapy, commit more seriously to improve their condition. This leads to a more effective and more efficient ... [more ▼]

Patients that access their health records take more care of their health and, when in therapy, commit more seriously to improve their condition. This leads to a more effective and more efficient healthcare management, and is also in agreement with European directives on data protection. However, accessing medical data can be risky. Security should be assured and it should be evident to the patients, who has access to what data and any violation to patient's privacy requirements should be reported. We call this property transparency. Precisely this work looks into the Transparency Enhancing Tools that have been proposed to increase people's awareness about security and privacy on the Internet, and discusses to which extent these tools can empower transparency in healthcare. [less ▲]

Detailed reference viewed: 135 (8 UL)
Full Text
Peer Reviewed
See detailDo graphical cues effectively inform users? A socio-technical security study in accessing wifi networks.
Ferreira, Ana UL; Huynen, Jean-Louis UL; Koenig, Vincent UL et al

in Lecture Notes in Computer Science (2015), 9190

We study whether the padlock and the signal strength bars, two visual cues shown in network managers, convey their intended messages. Since users often choose insecure networks when they should not ... [more ▼]

We study whether the padlock and the signal strength bars, two visual cues shown in network managers, convey their intended messages. Since users often choose insecure networks when they should not, finding the answer is not obvious; in our study we clarify whether the problem lies in uninformative and ambiguous cues or in the user who, despite understanding the cues, chooses otherwise. This paper describes experiments and comments the results that bring evidence to our study. [less ▲]

Detailed reference viewed: 245 (92 UL)
Full Text
Peer Reviewed
See detailIn Cyber-Space No One Can Hear You S·CREAM, A Root Cause Analysis for Socio-Technical Security
Ferreira, Ana UL; Huynen, Jean-Louis UL; Koenig, Vincent UL et al

in Foresti, Sara (Ed.) Security and Trust Management (2015)

Inspired by the root cause analysis techniques that in the field of safety research and practice help investigators understand the reasons of an incident, this paper investigates the use of root cause ... [more ▼]

Inspired by the root cause analysis techniques that in the field of safety research and practice help investigators understand the reasons of an incident, this paper investigates the use of root cause analysis in security. We aim at providing a systematic method for the security analyst to identify the socio-technical attack modes that can potentially endanger a system’s security. [less ▲]

Detailed reference viewed: 156 (12 UL)
Full Text
Peer Reviewed
See detailPrinciples of Persuasion in Social Engineering and Their Use in Phishing
Ferreira, Ana UL; Lenzini, Gabriele UL; Conventry, Lynne

in T. Tryfonas, I. Askoxylakis (Ed.) Human Aspects of Information Security, Privacy, and Trust Third International Conference, HAS 2015 (2015)

Research on marketing and deception has identified principles of persuasion that in influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different ... [more ▼]

Research on marketing and deception has identified principles of persuasion that in influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different taxonomies. In regard to frauds and scams, three taxonomies are often referred in the literature: Cialdini's principles of influence, Gragg's psychological triggers, and Stajano et al. principles of scams. It is unclear whether these relate but clearly some of their principles seem overlapping whereas others look complementary. We propose a way to connect those principles and present a merged and reviewed list for them. Then, we analyse various phishing emails and show that our principles are used therein in specific combinations. Our analysis of phishing is based on peer review and further research is needed to make it automatic, but the approach we follow, together with principles we propose, can be applied more consistently and more comprehensively than the original taxonomies. [less ▲]

Detailed reference viewed: 293 (13 UL)
Full Text
Peer Reviewed
See detailEnvisioning secure and usable access control for patients
Ferreira, Ana UL; Lenzini, Gabriele UL; Santos-Pereira, Cátia et al

in IEEE 3rd International Conference on Serious Games and Applications in Healthcare (2014, May)

It has been observed in pilot tests that patients who are able to access their Electronic Health Records (EHR), become more responsible and involved in the maintenance of their health. Patients accessing ... [more ▼]

It has been observed in pilot tests that patients who are able to access their Electronic Health Records (EHR), become more responsible and involved in the maintenance of their health. Patients accessing their EHR can commit more faithfully to therapies, thus increasing their treatments’ success rate. However, despite technologically feasible and legally possible, there is no validated or standardized toolset available yet, for patients to review and manage their EHR. Many privacy, security and usability issues must be solved first before this practice can be made mainstream. This paper proposes and discusses the design of an access control visual application that addresses most of these issues, and offers patients a secure, controlled and easy access to their EHR. [less ▲]

Detailed reference viewed: 156 (33 UL)
Full Text
Peer Reviewed
See detailAnalysis of composite plates through cell-based smoothed finite element and 4-noded mixed interpolation of tensorial components techniques
Rodrigues, J. D.; Natarajan, S.; Ferreira, Ana UL et al

in Computers & Structures (2014), 135

The static bending and the free vibration analysis of composite plates are performed with Carrera's Unified Formulation (CUF). We combine the cell-based smoothed finite element method (CSFEM) and the 4 ... [more ▼]

The static bending and the free vibration analysis of composite plates are performed with Carrera's Unified Formulation (CUF). We combine the cell-based smoothed finite element method (CSFEM) and the 4-noded mixed interpolation of tensorial components approach (MITC4). The smoothing method is used for the approximation of the bending strains, whilst the mixed interpolation allows the calculation of the shear transverse stress in a different manner. With a few numerical examples, the accuracy and the efficiency of the approach is demonstrated. The insensitiveness to shear locking is also demonstrated. © 2014 Elsevier Ltd. All rights reserved. [less ▲]

Detailed reference viewed: 560 (35 UL)
Full Text
Peer Reviewed
See detailSocio-technical Security Analysis of Wireless Hotspots
Ferreira, Ana UL; Huynen, Jean-Louis UL; Koenig, Vincent UL et al

in Lecture Notes in Computer Science (2014)

We present a socio-technical analysis of security of Hotspot and Hotspot 2.0. The analysis focuses is user-centric, and aim at understanding which user action can compromise security in presence of a ... [more ▼]

We present a socio-technical analysis of security of Hotspot and Hotspot 2.0. The analysis focuses is user-centric, and aim at understanding which user action can compromise security in presence of a attacker. We identify research questions about possible factors that may affect user’s security decisions, and propose experiments to answer them. [less ▲]

Detailed reference viewed: 221 (26 UL)
Full Text
Peer Reviewed
See detailA Conceptual Framework to Study Socio-Technical Security
Ferreira, Ana UL; Huynen, Jean-Louis UL; Koenig, Vincent UL et al

in Lecture Notes in Computer Science (2014)

We propose an operational framework for a social, technical and contextual analysis of security. The framework provides guidelines about how to model a system as a layered set of interacting elements, and ... [more ▼]

We propose an operational framework for a social, technical and contextual analysis of security. The framework provides guidelines about how to model a system as a layered set of interacting elements, and proposes two methodologies to analyse technical and social vulnerabilities. We show how to apply the framework in a use case scenario. [less ▲]

Detailed reference viewed: 235 (46 UL)
Full Text
Peer Reviewed
See detailLog analysis of human computer interactions regarding Break The Glass accesses to genetic reports
Ferreira, Ana UL

Scientific Conference (2013, July)

Patients’ privacy is critical in healthcare but users of Electronic Health Records (EHR) frequently circumvent existing security rules to perform their daily work. Users are so-called the weakest link in ... [more ▼]

Patients’ privacy is critical in healthcare but users of Electronic Health Records (EHR) frequently circumvent existing security rules to perform their daily work. Users are so-called the weakest link in security but they are, many times, part of the solution when they are involved in systems’ design. In the healthcare domain, the focus is to treat patients (many times with scarce technological, time and human resources) and not to secure their information. Therefore, security must not interfere with this process but be present, nevertheless. Security usability issues must also be met with interdisciplinary knowledge from human-computer-interaction, social sciences and psychology. The main goal of this paper is to raise security and usability awareness with the analysis of users’ interaction logs of a BreakTheGlass (BTG) feature. This feature is used to restrict access to patient reports to a group of healthcare professionals within an EHR but also permit access control override in emergency and/or unexpected situations. The analysis of BTG user interaction logs allows, in a short time span and transparently to the user, revealing security and usability problems. This log analysis permits a better choice of methodologies to further apply in the investigation and resolution of the encountered problems. [less ▲]

Detailed reference viewed: 96 (3 UL)
Full Text
Peer Reviewed
See detailOn Tools for Socio-Technical Security Analysis
Ferreira, Ana UL; Giustolisi, Rosario UL; Huynen, Jean-Louis UL et al

Scientific Conference (2013, April 12)

Detailed reference viewed: 97 (26 UL)
Full Text
Peer Reviewed
See detailSocio-Technical Study On the Effect of Trust and Context when Choosing WiFi Names
Ferreira, Ana UL; Huynen, Jean-Louis UL; Koenig, Vincent UL et al

in Lecture Notes in Computer Science (2013), 8203

We study trust and context as factors influencing how people choose wireless network names. Our approach imagines the mindset of a hypothetical attacker whose goal is to ensnare unsuspecting victims into ... [more ▼]

We study trust and context as factors influencing how people choose wireless network names. Our approach imagines the mindset of a hypothetical attacker whose goal is to ensnare unsuspecting victims into accessing dishonest WiFi access points. For this purpose, we conducted an online survey. We used two separate forms. The first form asked a random group of participants to rate a list of wireless names according to their preferences (some real and others purposely made-up) and afterwards with implied trust in mind. The second form was designed to assess the effect of context and it asked a different set of respondents to rate the same list of wireless names in relation to four different contexts. Our results provide some evidence confirming the idea that trust and context can be exploited by an attacker by purposely, or strategically, naming WiFi access points with reference to trust or within certain contexts. We suggest, in certain cases, possible defence strategies. [less ▲]

Detailed reference viewed: 249 (20 UL)
Full Text
Peer Reviewed
See detailAnalysis of composite plates by a unified formulation-cell based smoothed finite element method and field consistent elements
Natarajan, S.; Ferreira, Ana UL; Bordas, Stéphane UL et al

in Composite Structures (2013), 105

In this article, we combine Carrera's Unified Formulation (CUF) [13,7] and cell based smoothed finite element method [28] for studying the static bending and the free vibration of thin and thick laminated ... [more ▼]

In this article, we combine Carrera's Unified Formulation (CUF) [13,7] and cell based smoothed finite element method [28] for studying the static bending and the free vibration of thin and thick laminated plates. A 4-noded quadrilateral element based on the field consistency requirement is used for this study to suppress the shear locking phenomenon. The combination of cell based smoothed finite element method and field consistent approach with CUF allows a very accurate prediction of field variables. The accuracy and efficiency of the proposed approach are demonstrated through numerical experiments. © 2013 Elsevier Ltd. [less ▲]

Detailed reference viewed: 309 (10 UL)
Full Text
Peer Reviewed
See detailStudies in Socio-Technical Security Analysis: Authentication of Identities with TLS Certificates
Ferreira, Ana UL; Giustolisi, Rosario UL; Huynen, Jean-Louis UL et al

in IEEE TrustCom (2013)

Authenticating web identities with TLS certificates is a typical problem whose security depends on both technical and human aspects, and that needs, to be fully grasped, a socio-technical analysis. We ... [more ▼]

Authenticating web identities with TLS certificates is a typical problem whose security depends on both technical and human aspects, and that needs, to be fully grasped, a socio-technical analysis. We performed such an analysis, and in this paper we comment on the tools and methodology we found appropriate. We first analysed the interaction ceremonies between users and the most used browsers in the market. Then we looked at user's understanding of those interactions. Our tools and our methodology depend on whether the user model has a non-deterministic or a realistic behaviour. We successfully applied formal methods in the first case. In the second, we had to define a security framework consistent with research methods of experimental cognitive science. [less ▲]

Detailed reference viewed: 126 (33 UL)