Surrey cyber security researchers won Best Paper Award at HCII 2017
The paper is joint work between the Department of Computer and the School of Psychology, as part of the Singapore-UK research project COMMANDO-HUMANS, jointly funded by UK's EPSRC (Engineering and Physical Science Research Council) and Singapore's National Research Foundation (NRF). The main goal of the COMMANDO-HUMANS project is to develop advanced cognitive modelling tools for supporting automated analysis of security and usability of cyber security systems especially user authentication systems. The paper winning the Best Paper Award reports the project team's work on using eye-tracking data to facilitate the cognitive modelling tasks of user authentication systems.
Abstract of the paper: Human cognitive modeling techniques and related software tools have been widely used by researchers and practitioners to evaluate the effectiveness of user interface (UI) designs and related human performance. However, they are rarely used in the cyber security field despite the fact that human factors have been recognized as a key element for cyber security systems. For a cyber security system involving a relatively complicated UI, it could be difficult to build a cognitive model that accurately captures the different cognitive tasks involved in all user interactions. Using a moderately complicated user authentication system as an example system and CogTool as a typical cognitive modeling tool, this paper aims to provide insights into the use of eye-tracking data for facilitating human cognitive modeling of cognitive tasks more effectively and accurately. We used visual scan paths extracted from an eye-tracking user study to facilitate the design of cognitive modeling tasks. This allowed us to reproduce some insecure human behavioral patterns observed in some previous lab-based user studies on the same system, and more importantly, we also found some unexpected new results about human behavior. The comparison between human cognitive models with and without eye-tracking data suggests that eye-tracking data can provide useful information to facilitate the process of human cognitive modeling as well as to achieve a better understanding of security-related human behaviors. In addition, our results demonstrated that cyber security research can benefit from a combination of eye-tracking and cognitive modeling to study human behavior related security problems.