Surrey cyber security researchers won Best Paper Award at HCII 2017
Dr Haiyue Yuan, Dr Shujun Li and Nouf Aljaffan from the Department of Computer Science and Surrey Centre for Cyber Security (SCCS), and Dr Patrice Rusconi of the School of Psychology, have won the Best Paper Award of the 5th International Conference on Human Aspects of Information Security, Privacy and Trust (HAS 2017), held as part of the 19th International Conference on Human-Computer Interaction (HCII 2017/HCI International 2017), Vancouver, Canada, July 9-14, 2017.
The paper is joint work between the Department of Computer and the School of Psychology, as part of the Singapore-UK research project COMMANDO-HUMANS, jointly funded by UK's EPSRC (Engineering and Physical Science Research Council) and Singapore's National Research Foundation (NRF). The main goal of the COMMANDO-HUMANS project is to develop advanced cognitive modelling tools for supporting automated analysis of security and usability of cyber security systems especially user authentication systems. The paper winning the Best Paper Award reports the project team's work on using eye-tracking data to facilitate the cognitive modelling tasks of user authentication systems.
Abstract of the paper
Human cognitive modelling techniques and related software tools have been widely used by researchers and practitioners to evaluate the effectiveness of user interface (UI) designs and related human performance. However, they are rarely used in the cyber security field despite the fact that human factors have been recognized as a key element for cyber security systems.
For a cyber security system involving a relatively complicated UI, it could be difficult to build a cognitive model that accurately captures the different cognitive tasks involved in all user interactions. Using a moderately complicated user authentication system as an example system and CogTool as a typical cognitive modelling tool, this paper aims to provide insights into the use of eye-tracking data for facilitating human cognitive modelling of cognitive tasks more effectively and accurately.
We used visual scan paths extracted from an eye-tracking user study to facilitate the design of cognitive modelling tasks. This allowed us to reproduce some insecure human behavioural patterns observed in some previous lab-based user studies on the same system, and more importantly, we also found some unexpected new results about human behaviour. The comparison between human cognitive models with and without eye-tracking data suggests that eye-tracking data can provide useful information to facilitate the process of human cognitive modelling as well as to achieve a better understanding of security-related human behaviours. In addition, our results demonstrated that cyber security research can benefit from a combination of eye-tracking and cognitive modelling to study human behaviour related security problems.