developer
play

Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI - PowerPoint PPT Presentation

Feb 19, 2023 •245 likes •490 views

Technology Usability Lab in Privacy and Security Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA {FIRSTNAME.LASTNAME}@ED.AC.UK End users requirement of usability is starting to be acknowledged as a serious market

  1. Technology Usability Lab in Privacy and Security Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA {FIRSTNAME.LASTNAME}@ED.AC.UK

  3. End users’ requirement of usability is starting to be acknowledged as a serious market differentiator Kami Vaniea – A Survey on Developer-Centered Security – EuroUSEC 2019 3

  4. Good usability isn’t just about convenience REDUCE SELF-HARM ERRORS EFFICIENCY OF USAGE Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 4

  5. Recent realization: developers are users too Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 5

  6. Even worse, everyone now thinks they can code Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 6

  7. Technology Usability Lab in Privacy and Security Mohammad Tahaei Click icon to A Survey on add picture Developer- Centered Kami Vaniea Security

  8. Security Tool Adoption (17) Education Identified Research Themes NFRs Organisations and Context (10) Dedicated Security Team Communication Around Fixing etc. 1922 papers reviewed Considering Options 49 fit all criteria Application Programming Interfaces (9) Testing the Usability of Security APIs Security Design Patterns Software Development Structuring Software Development (7) Methodologies Information Sources Testing Assumptions (2) Security Privacy and Data (2) DCS Programming Languages (1) Software User Study Development Third Party Updates (1) Kami Vaniea – A Survey on Developer-Centered Security – EuroUSEC 2019 8 8 Technology Usability Lab in Privacy and Security

  9. When to interrupt the user? Are students similar to professional developers? Comparing tools and evaluating a wider breadth of available tools. Gaps Education support for developers learning about secure coding practices. Privacy support for decision making and providing good options for developers. How to best support team-based development? Kami Vaniea – A Survey on Developer-Centered Security – EuroUSEC 2019 9 9 Technology Usability Lab in Privacy and Security

  10. Technology Usability Lab in Privacy and Security Mohammad Tahaei Understanding Privacy-Related Kami Vaniea Questions on Stack Overflow Naomi Saphra

  11. Stack Overflow • Question and answer site for software developers • Over 50 million unique visitors a month • “Watering hole” where many people go to learn from, so potential source of information spread • Q&A produces “shadow documentation” where documentation for code-related tools ends up copied to the site Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 13

  12. Research questions What topics do Stack Overflow users associate with the word “privacy”? What or who is pushing Stack Overflow users to engage with privacy-related topics? Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 14

  13. 15 Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 15

  14. 16 Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 16

  15. Use of “privacy” in SO tags and titles (1,733) As of August 17 Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 17

  16. 18 Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 18

  17. Qualitative coding • 315 randomly selected questions • 21 questions excluded for being vague or not about privacy • 2 coders • Looked at three aspects: • Question type • Driver • Privacy aspect Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 19

  18. Question type How: instructions, solutions Errors 16% 63% “I still get privacy error with I’ve used my personal address for ‘NET::ERR_CERT_AUTHORITY_INVALID’ [git] commits and I’m trying to set it in the browser when I hit the ELB url to another one before I make the using https” repository public.” Abstract or conceptual Unexpected behavior 17% 63% “What is the hidden cost of using these “I set microphone permission in CDN services? If the script is not cached info.plist file so record audion by the browser and it loads the script permission alert displaying in iOS from google what could google 10.3.2 but its not appearing in IOS potentially do with this information?” 10.3.3 devices.” Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 20

  19. Drivers ■ Platforms • 49% Personal or unstated drivers “I am submitting my app on App Store • Clients requesting a feature Connect\My App page and when I submit • Users wanting something for review, it shows error on App Information: " You must provide a • The developer themselves thinking that Privacy Policy URL ." even I have pasted something should be done the link to the website show the privacy • 46% Platform (e.g. Apple app store, Google policy there. I have checked the link using https://developers.facebook.com/tools/d Play…) ebug/sharing/ and they show no error. • Requirements for posting Do you know what could be the reason and how to fix it ?” [53097654 - 2018]. • UI elements added by platforms • 2% Laws and regulations (e.g. GDPR) • Speculation if a behavior is allowed or legal Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 21

  20. Privacy aspects 22 Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 22

  21. LDA topic analysis 23 Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 23

  22. Key findings • Platforms have a large influence on privacy at a developer level • Platform (46%) – Usually errors such as “you need a privacy policy to publish the app because it uses sensitive permissions”. • Legal and policy (2%) – GDPR or requests for speculation about if something was legal or not. • Privacy policy writing and hosting is challenging. Including knowing what permissions are used and what they are used for (ad libraries). • Automating privacy settings, such as uploading a YouTube video and setting its access control as part of the upload, confuse developers. • Handoff between OS and apps for permission granting is challenging. • Developers want to control the user experience. • Handling “no” answers to permission requests. 24 • Surprisingly few questions ask for help breaking privacy (6%). Kami Vaniea -- Understanding privacy-related questions on Stack Overflow -- CHI2020 24

  23. Technology Usability Lab in Privacy and Security Thank you! KAMI VANIEA @KANIEA KVANIEA@INF.ED.AC.UK TULIPSLAB.ORG @TULIPSLAB 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hello Im Carlos Im Brad Full Stack Drupal Developer Web Designer & Developer Who Are

Hello Im Carlos Im Brad Full Stack Drupal Developer Web Designer & Developer Who Are

Hello Im Carlos Im Brad Full Stack Drupal Developer Web Designer & Developer Who Are These Guys? Whats the Problem? DEVELOPER STRAIN NO CMS MORE EVENTS Increasing number of hosted Developers were required for Historically

1.17k views • 28 slides
How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED BY Eduardo Telaya Software arquitect Whats Inside What does it mean to be proactive 7 developer? How to find opportunities to be 14

587 views • 21 slides
Karl-Johan Dahlstrm Head of Developer Relations developer world sonymobile.com/developer

Karl-Johan Dahlstrm Head of Developer Relations developer world sonymobile.com/developer

Karl-Johan Dahlstrm Head of Developer Relations developer world sonymobile.com/developer @sonyxperiadev 2 2013-02-21 PA1 Confidential Developers Custom ROM Developers Application and Game Developers Tools Tools Support

982 views • 34 slides
Who are we? Blazej Pindelski Douglas Russell OME Core Software Developer OME Software Developer

Who are we? Blazej Pindelski Douglas Russell OME Core Software Developer OME Software Developer

Who are we? Blazej Pindelski Douglas Russell OME Core Software Developer OME Software Developer University of Dundee University of Oxford Collage of Life Sciences Department of Biochemistry Working on the server code and Embedded developer

489 views • 19 slides
Introduction to G Introduction to GATE Developer ATE Developer Ian Roberts University of

Introduction to G Introduction to GATE Developer ATE Developer Ian Roberts University of

Introduction to G Introduction to GATE Developer ATE Developer Ian Roberts University of Sheffield NLP Overview verview The GATE component model (CREOLE) Documents, annotations and corpora Processing components and applications

644 views • 21 slides
Web Developer Internship Ralph Mehitang 2 Todd Smith Web Communications Manager Andrew

Web Developer Internship Ralph Mehitang 2 Todd Smith Web Communications Manager Andrew

Web Developer Internship Ralph Mehitang 2 Todd Smith Web Communications Manager Andrew Coulbourne Web Developer Nicole Bennett Assistant Web Developer William Romansky Intern Web Developer Ralph Mehitang Intern Web Developer 3

121 views • 9 slides
Miko Matsumura SVP Developer Relations Web: http://developer.kii.com Twitter:

Miko Matsumura SVP Developer Relations Web: http://developer.kii.com Twitter:

CAPITAL DISTRIBUTION TECHNOLOGY Miko Matsumura SVP Developer Relations Web: http://developer.kii.com Twitter: @mikojava Email: miko@kii.com Last weeks theme: OmniChannel Retail Me and Multi

719 views • 54 slides
2018 QAP & Developer Guide Highlight s QAP & Developer Guide Notes Previous QAP

2018 QAP & Developer Guide Highlight s QAP & Developer Guide Notes Previous QAP

2018 QAP & Developer Guide Highlight s QAP & Developer Guide Notes Previous QAP important changes still applicable 50 Affordable Unit Cap Site Control Option Projects with market units and non-contiguous sites

344 views • 15 slides
GeoWEPP ArcGIS 10.1 Development Team Haoyi Xiong Application leading developer

GeoWEPP ArcGIS 10.1 Development Team Haoyi Xiong Application leading developer

GeoWEPP ArcGIS 10.1 Development Team Haoyi Xiong Application leading developer (haoyixio@buffalo.edu) Jonathan Goergen - Application co-lead developer Misa Yasumiishi - Webpage developer Martin Minkowski - GeoWEPP ArcGIS 9.x developer

1.46k views • 24 slides
GETTING THE MOST FROM GTC AND THE NVIDIA DEVELOPER PROGRAM Greg Estes, VP Developer Programs,

GETTING THE MOST FROM GTC AND THE NVIDIA DEVELOPER PROGRAM Greg Estes, VP Developer Programs,

GETTING THE MOST FROM GTC AND THE NVIDIA DEVELOPER PROGRAM Greg Estes, VP Developer Programs, NVIDIA WELCOME TO GTC! From autonomous driving, ... robots, If you are interested in AI and ML, GTC is and drones to the move to general AI,

368 views • 17 slides
A. Job Title: Junior Full Stack Developer The Junior Full Stack Developer will be advised by the

A. Job Title: Junior Full Stack Developer The Junior Full Stack Developer will be advised by the

Job Description - Jr. Full Stack Developer 7/23/2020 A. Job Title: Junior Full Stack Developer The Junior Full Stack Developer will be advised by the Full Stack Developer - a professional who works on both client-side and server-side software

525 views • 4 slides
FINAL PRESENTATION Meet the Team David Purdum Team Leader, Lead Developer Travis Miller Front

FINAL PRESENTATION Meet the Team David Purdum Team Leader, Lead Developer Travis Miller Front

FINAL PRESENTATION Meet the Team David Purdum Team Leader, Lead Developer Travis Miller Front End Developer Davis Botta Front End Developer Kenny Burton Front End Developer Catherine Bain Back End Developer, Database Ryan Graham Back

401 views • 17 slides
Rogier Spoor (project leader) Jan van Lith (developer) Kees Trippelvitz (developer) Amsterdam

Rogier Spoor (project leader) Jan van Lith (developer) Kees Trippelvitz (developer) Amsterdam

SURFnet I DS a Distributed I ntrusion Detection System Rogier Spoor (project leader) Jan van Lith (developer) Kees Trippelvitz (developer) Amsterdam 24-1-2006 High-quality I nternet for higher education and research Goals Understanding:

565 views • 11 slides
PTC DEVELOPER TOOLS ADA EUROPE 2019 Marie Daub PTC Developer Tools Sales Representative

PTC DEVELOPER TOOLS ADA EUROPE 2019 Marie Daub PTC Developer Tools Sales Representative

PTC DEVELOPER TOOLS ADA EUROPE 2019 Marie Daub PTC Developer Tools Sales Representative (Europe, UK and RoW) Chantal Duplenne Principal Software Development Engineer PTC Developer Tools Ada Europe 2019 Warsaw Poland June 2019 ABOUT

689 views • 25 slides
JRNY begin your journey to a new career grace qiu - team organizer jonathan oh - developer joe

JRNY begin your journey to a new career grace qiu - team organizer jonathan oh - developer joe

JRNY begin your journey to a new career grace qiu - team organizer jonathan oh - developer joe santino - developer austin meyers - designer bruce wen - developer overall problem 8 million individuals are currently unemployed in the US 1 62%

602 views • 26 slides
Public/Private Partnerships 226 Contents Application Selection of a Developer and/or

Public/Private Partnerships 226 Contents Application Selection of a Developer and/or

16 CHAPTER Public/Private Partnerships 226 Contents Application Selection of a Developer and/or Development Partner Procurement Requirements of the Selected Developer Procurement by Parties Other Than the PHA or the Developer

335 views • 14 slides
Federal Computer Security Managers Forum Quarterly Meeting October 28, 2020 Administrative

Federal Computer Security Managers Forum Quarterly Meeting October 28, 2020 Administrative

Federal Computer Security Managers Forum Quarterly Meeting October 28, 2020 Administrative Reminders This meeting is NOT recorded. Slides will be available within 7 business days, with speaker permission. CEU Form is available:

624 views • 9 slides
Towards Privacy Policy Conceptual Modeling Katsiaryna Krasnashchok Majd Mustapha Anas Al Bassit

Towards Privacy Policy Conceptual Modeling Katsiaryna Krasnashchok Majd Mustapha Anas Al Bassit

Towards Privacy Policy Conceptual Modeling Katsiaryna Krasnashchok Majd Mustapha Anas Al Bassit Sabri Skhiri Katsiaryna Krasnashchok, R&D Engineer @EURA NOVA 1 EURA NOVA A R&D-fueled consultancy company Customers challenges WE

497 views • 47 slides
Future directions in computer science research John Hopcroft Cornell University IMPA-Rio Time

Future directions in computer science research John Hopcroft Cornell University IMPA-Rio Time

Future directions in computer science research John Hopcroft Cornell University IMPA-Rio Time of change The information age is a revolution that is changing all aspects of our lives. Those individuals, institutions, and nations who

1.23k views • 77 slides
Community Structure in Large Community Structure in Large Social and Information Networks Social

Community Structure in Large Community Structure in Large Social and Information Networks Social

Community Structure in Large Community Structure in Large Social and Information Networks Social and Information Networks Michael W. Mahoney Stanford University (For more info, see: http://cs.stanford.edu/people/mmahoney) Lots and lots of

587 views • 40 slides
Microscope Slide Holder (10 slides fl at) R Robert VIEW IN BROWSER updated 22. 3. 2020 |

Microscope Slide Holder (10 slides fl at) R Robert VIEW IN BROWSER updated 22. 3. 2020 |

Microscope Slide Holder (10 slides fl at) R Robert VIEW IN BROWSER updated 22. 3. 2020 | published 22. 3. 2020 Summary Inspired by the recent push by Prusa research to design and manufacture useful items in the fi ght against coronavirus, I

239 views • 3 slides
Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees: Content

491 views • 14 slides
Message-Passing Programming with MPI Message-Passing Concepts Overview This lecture will

Message-Passing Programming with MPI Message-Passing Concepts Overview This lecture will

Message-Passing Programming with MPI Message-Passing Concepts Overview This lecture will cover message passing model SPMD communication modes collective communications Programming Models Message-Passing Serial Programming

406 views • 28 slides
Cryptography, quantum computing, and evolutionary computation Thijs Laarhoven mail@thijs.com

Cryptography, quantum computing, and evolutionary computation Thijs Laarhoven mail@thijs.com

Cryptography, quantum computing, and evolutionary computation Thijs Laarhoven mail@thijs.com http://www.thijs.com/ CFMAI 2019, Bangkok, Thailand (December 13, 2019) Cryptography History Cryptography Classical cryptography Some operations

371 views • 36 slides

More recommend