Background
The Open Tool Portal is one of the results of collaboration of CyberSec4Europe, in an effort led by Masaryk University. CyberSec4Europe is a European research pilot project focused on delivering solutions to enhance the security and privacy of EU citizens in several sectors and cybersecurity domains.
This portal contains recommendations for open-source tools focused on regular end-users. Within the portal, regular users are divided into two categories: beginner and intermediate. These user types are precisely described in Section User definitions.
The set of open-source tools and operating systems in the Open Tool Portal forms a secure and usable desktop environment for the defined user types. A beginner or an intermediate user should be able to perform desired tasks within the environment effectively and securely.
The portal contains following sections:
- Data-at-rest encryption – disk and filesystem encryption,
- Password management – password managers and suggestions for secure password management,
- Email communication – email encryption,
- Web browsing – an ideal web browser with a set of privacy-enhancing plugins,
- Operating systems – suitable operating systems for deploying the tools.
These sections include specifications of ideal candidate traits and test evaluations for each individual tool category. The core of each section describes only recommended tools. Other tools were evaluated as inappropriate and their descriptions can be found in appendices of the section.
The tool categories were selected according to the Open tool taxonomy [13], created by Václav Matyáš, Lydia Kaus, Alexandre le Clanche, Antonio Skarmeta and Lukáš Němec. Some members of this team then also worked with Irene Cocco on the evaluation of the selected web browser and its set of browser plugins from April 2020. The selection was based on Firefox taxonomy.
The rest of the results on this portal were supported by previous research of Maxime Faure and Flavien Ehret in 2019. This research was conducted during their internship in cooperation with the CRoCS laboratory research group at the Faculty of Informatics, Masaryk University. Faure and Ehret searched for available security-focused open tools and operating systems and provided a list of potential candidates for further testing. Milan Brož reviewed and summarized their results regarding open-source operating systems as of May, 2022. Other supporting materials were also provided by Daniel Pecuch [11] and Andrej Hulina [12] in their bachelor theses.
The final suggestions for this portal were provided by Tamara Čierniková as results of her bachelor thesis in May 2022 [86], with cooperation of Václav Matyáš and Milan Brož. This thesis updated and extended previous research with direct focus on the specific user types.
Methodology
The final delivery of suggested tools for the Open Tool Portal was preceded by several steps:
- Previous work on the CyberSec4Europe project was collected and other related information sources were analyzed.
- We defined the beginner and intermediate categories precisely for the scope of the Open Tool Portal since previous definitions within the CyberSec4Europe internal working documents were too informal and vague.
- We conducted extensive research on available tools to select candidates for further testing. A possible candidate should be issued under a license approved by the Open Source Initiative [4]. The development of the tool should be active with regular releases and security patches. The selection criteria were also influenced by the specific needs and skills of the custom user types.
- We described the ideal properties and features for each tool category with respect to the custom user types.
- The candidates were tested with the focus on usable security and compliance with the latest best security practices.
- We evaluated the candidates by comparing previously defined ideal properties and features to populate the final set of suggested tools. The conclusions for each tool category include recommendations on configuration to yield secure settings where necessary.
Testing of these categories was realized by the cognitive walkthrough method. The cognitive walkthrough method is a technique based on cognitive theory of exploratory learning used for evaluation of software usability.
We managed to select at least one solution for each user type from all candidate sets, including basic comparative reviews of tested applications. Additional results of the testing show persisting problems with usable security and insufficient focus on inexperienced audiences in the documentation of open-source projects.
- The overview of internship results can be found at Linux distributions for security and privacy. ↑