cybersecurity and people: challenges in predicting user actions
DESCRIPTION
Cybersecurity and People: Challenges in Predicting User Actions. Joachim Meyer Dept. of Industrial Engineering Fleischman School of Engineering Tel Aviv University. Humans. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Cybersecurity and People: Challenges in Predicting User Actions](https://reader035.vdocument.in/reader035/viewer/2022072013/56812a5d550346895d8dc83d/html5/thumbnails/1.jpg)
Cybersecurity and People: Challenges in Predicting User Actions
Joachim MeyerDept. of Industrial Engineering
Fleischman School of EngineeringTel Aviv University
![Page 2: Cybersecurity and People: Challenges in Predicting User Actions](https://reader035.vdocument.in/reader035/viewer/2022072013/56812a5d550346895d8dc83d/html5/thumbnails/2.jpg)
Humans“Humans are incapable of securely storing high-quality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.)”
−− C. Kaufman, R. Perlman, and M. Speciner. Network Security: PRIVATE Communication in a PUBLIC World.
2nd edition. Prentice Hall, page 237, 2002.
![Page 3: Cybersecurity and People: Challenges in Predicting User Actions](https://reader035.vdocument.in/reader035/viewer/2022072013/56812a5d550346895d8dc83d/html5/thumbnails/3.jpg)
Some topics we study …
• Risk taking in system use– There are several interrelated behaviors
• Adjusting of system settings – People aren’t good at it
• Responses to alerts and advice – Alerts are often ignored
• Authentication
![Page 4: Cybersecurity and People: Challenges in Predicting User Actions](https://reader035.vdocument.in/reader035/viewer/2022072013/56812a5d550346895d8dc83d/html5/thumbnails/4.jpg)
Model
Controlled Experiments
Observations in the Field
![Page 5: Cybersecurity and People: Challenges in Predicting User Actions](https://reader035.vdocument.in/reader035/viewer/2022072013/56812a5d550346895d8dc83d/html5/thumbnails/5.jpg)
Reinforcement Learning
Cost
Ben
efit A
naly
ses
System Dynamics
Control T
heory
Etc.
???
![Page 6: Cybersecurity and People: Challenges in Predicting User Actions](https://reader035.vdocument.in/reader035/viewer/2022072013/56812a5d550346895d8dc83d/html5/thumbnails/6.jpg)
Bank = b3aYZ
Amazon = aa66x!
Phonebill = p$2$ta1
The Challenge of Access Control
![Page 7: Cybersecurity and People: Challenges in Predicting User Actions](https://reader035.vdocument.in/reader035/viewer/2022072013/56812a5d550346895d8dc83d/html5/thumbnails/7.jpg)
![Page 8: Cybersecurity and People: Challenges in Predicting User Actions](https://reader035.vdocument.in/reader035/viewer/2022072013/56812a5d550346895d8dc83d/html5/thumbnails/8.jpg)
What affects authentication behavior?• Authentication method
– (password, graphic, biometric)• Authentication complexity
– (e.g., password length, required accuracy of movements)
• Authentication frequency• Importance of protection
– (likelihood and severity of threats)• Situation
– (stress, time pressure, etc.)
![Page 9: Cybersecurity and People: Challenges in Predicting User Actions](https://reader035.vdocument.in/reader035/viewer/2022072013/56812a5d550346895d8dc83d/html5/thumbnails/9.jpg)
![Page 10: Cybersecurity and People: Challenges in Predicting User Actions](https://reader035.vdocument.in/reader035/viewer/2022072013/56812a5d550346895d8dc83d/html5/thumbnails/10.jpg)
The big problem – matters are messy.Intentions, feedback, learning, communication