Do graphical cues effectively inform users? A socio-technical security study in accessing wifi networks.

in Lecture Notes in Computer Science (2015), 9190

We study whether the padlock and the signal strength bars, two visual cues shown in network managers, convey their intended messages. Since users often choose insecure networks when they should not ... [more ▼]

We study whether the padlock and the signal strength bars, two visual cues shown in network managers, convey their intended messages. Since users often choose insecure networks when they should not, finding the answer is not obvious; in our study we clarify whether the problem lies in uninformative and ambiguous cues or in the user who, despite understanding the cues, chooses otherwise. This paper describes experiments and comments the results that bring evidence to our study. [less ▲]

Can Transparency Enhancing Tools support patient's accessing Electronic Health Records?

in Advances in Intelligent Systems and Computing (2015)

Patients that access their health records take more care of their health and, when in therapy, commit more seriously to improve their condition. This leads to a more effective and more efficient ... [more ▼]

Patients that access their health records take more care of their health and, when in therapy, commit more seriously to improve their condition. This leads to a more effective and more efficient healthcare management, and is also in agreement with European directives on data protection. However, accessing medical data can be risky. Security should be assured and it should be evident to the patients, who has access to what data and any violation to patient's privacy requirements should be reported. We call this property transparency. Precisely this work looks into the Transparency Enhancing Tools that have been proposed to increase people's awareness about security and privacy on the Internet, and discusses to which extent these tools can empower transparency in healthcare. [less ▲]

Envisioning secure and usable access control for patients

in IEEE 3rd International Conference on Serious Games and Applications in Healthcare (2014, May)

It has been observed in pilot tests that patients who are able to access their Electronic Health Records (EHR), become more responsible and involved in the maintenance of their health. Patients accessing ... [more ▼]

It has been observed in pilot tests that patients who are able to access their Electronic Health Records (EHR), become more responsible and involved in the maintenance of their health. Patients accessing their EHR can commit more faithfully to therapies, thus increasing their treatments’ success rate. However, despite technologically feasible and legally possible, there is no validated or standardized toolset available yet, for patients to review and manage their EHR. Many privacy, security and usability issues must be solved first before this practice can be made mainstream. This paper proposes and discusses the design of an access control visual application that addresses most of these issues, and offers patients a secure, controlled and easy access to their EHR. [less ▲]

Socio-technical Security Analysis of Wireless Hotspots

in Lecture Notes in Computer Science (2014)

We present a socio-technical analysis of security of Hotspot and Hotspot 2.0. The analysis focuses is user-centric, and aim at understanding which user action can compromise security in presence of a ... [more ▼]

We present a socio-technical analysis of security of Hotspot and Hotspot 2.0. The analysis focuses is user-centric, and aim at understanding which user action can compromise security in presence of a attacker. We identify research questions about possible factors that may affect user’s security decisions, and propose experiments to answer them. [less ▲]

Log analysis of human computer interactions regarding Break The Glass accesses to genetic reports

Scientific Conference (2013, July)

Patients’ privacy is critical in healthcare but users of Electronic Health Records (EHR) frequently circumvent existing security rules to perform their daily work. Users are so-called the weakest link in ... [more ▼]

Patients’ privacy is critical in healthcare but users of Electronic Health Records (EHR) frequently circumvent existing security rules to perform their daily work. Users are so-called the weakest link in security but they are, many times, part of the solution when they are involved in systems’ design. In the healthcare domain, the focus is to treat patients (many times with scarce technological, time and human resources) and not to secure their information. Therefore, security must not interfere with this process but be present, nevertheless. Security usability issues must also be met with interdisciplinary knowledge from human-computer-interaction, social sciences and psychology. The main goal of this paper is to raise security and usability awareness with the analysis of users’ interaction logs of a BreakTheGlass (BTG) feature. This feature is used to restrict access to patient reports to a group of healthcare professionals within an EHR but also permit access control override in emergency and/or unexpected situations. The analysis of BTG user interaction logs allows, in a short time span and transparently to the user, revealing security and usability problems. This log analysis permits a better choice of methodologies to further apply in the investigation and resolution of the encountered problems. [less ▲]

Analysis of composite plates by a unified formulation-cell based smoothed finite element method and field consistent elements

in Composite Structures (2013), 105

In this article, we combine Carrera's Unified Formulation (CUF) [13,7] and cell based smoothed finite element method [28] for studying the static bending and the free vibration of thin and thick laminated ... [more ▼]

In this article, we combine Carrera's Unified Formulation (CUF) [13,7] and cell based smoothed finite element method [28] for studying the static bending and the free vibration of thin and thick laminated plates. A 4-noded quadrilateral element based on the field consistency requirement is used for this study to suppress the shear locking phenomenon. The combination of cell based smoothed finite element method and field consistent approach with CUF allows a very accurate prediction of field variables. The accuracy and efficiency of the proposed approach are demonstrated through numerical experiments. © 2013 Elsevier Ltd. [less ▲]

Socio-Technical Study On the Effect of Trust and Context when Choosing WiFi Names

in Lecture Notes in Computer Science (2013), 8203

We study trust and context as factors influencing how people choose wireless network names. Our approach imagines the mindset of a hypothetical attacker whose goal is to ensnare unsuspecting victims into ... [more ▼]

We study trust and context as factors influencing how people choose wireless network names. Our approach imagines the mindset of a hypothetical attacker whose goal is to ensnare unsuspecting victims into accessing dishonest WiFi access points. For this purpose, we conducted an online survey. We used two separate forms. The first form asked a random group of participants to rate a list of wireless names according to their preferences (some real and others purposely made-up) and afterwards with implied trust in mind. The second form was designed to assess the effect of context and it asked a different set of respondents to rate the same list of wireless names in relation to four different contexts. Our results provide some evidence confirming the idea that trust and context can be exploited by an attacker by purposely, or strategically, naming WiFi access points with reference to trust or within certain contexts. We suggest, in certain cases, possible defence strategies. [less ▲]