Demonstrating The Application And Usability Of Security And Privacy Software Assets

Romy General News

09 February 2022

Demonstrating The Application And Usability Of Security And Privacy Software Assets

One of the key goals of CyberSec4Europe is to promote collaboration between industrial and academic participants by fostering research and development to identify and analyse cybersecurity challenges in several selected application areas and to develop innovative cybersecurity solutions that address them.

sortware usabilty

One work package drives the design and development of demonstrators in those application domains, and targets the production of prototypes for cybersecurity solutions, products or services that are secure by design. Another work package is responsible for the definition of a common research, development and innovation programme for the next generation of cybersecurity technologies, applications and services. In one case, it has used and further developed several software assets that go beyond the state of the art on the usability of security and privacy policies. The close coordination involved in the practical application of these research outputs is reported in the recently published document, Integration to Demonstration Cases, which highlights the integration of the software assets dealing with the usability of security and privacy policies with the application use cases.

This document presents the systematic approach applied to selecting the most relevant integration opportunities as well as the implementation of the software assets in the use case demonstrators. The main outcomes were:

  • a set of conclusions on how privacy notifications can enhance usability transparency in the context of privacy and identity management and to what extent the cultural context and other parameters – such as demographics, usage characteristics, the option for intervenability and modality of privacy notifications – can have an impact on their perceived usefulness;
  • a proposal for the combination of the authentication methods TATIS[1], AuthGuide, Keycloak and EEVEHAC[2] to protect the MISP[3] incident reporting platform;
  • an extension of the MITIGATE maritime risk management methodology to identify additional threats by including task modelling in the risk assessment process;
  • a usable identity management user interface for smartphone users in smart cities, and a user centered tool to support the security analysis of smart cities.

Moreover, to show the relevance of the integration of all the software assets that deal with the usability of security and privacy policies, the document describes a unified smart campus scenario,  where there are many people, with different on security and privacy mindsets, and yet all of them need usable solutions for their everyday tasks. Some parts of the campus are public spaces, accessible to everyone, upstanding citizens and malicious actors alike. Other parts are restricted to authorised personnel only. This unified scenario features several security and privacy policies and in so doing  highlights the synergy of the assets in addressing the usability and user experience associated with  the policies. The scenario also provides the opportunity to go deeper in the understanding of the interplay of the assets by demonstrating how the assets inter-connect and inter-execute in an application domain, and this for different types of users. In particular, the use case exemplifies how the assets can support both end user as well as IT system administrator tasks.

The integration of the project’s software assets within the application use cases is one of the significant objectives of CyberSec4Europe. The effort expended with integrating these software assets has had the benefit of not only consolidating collaboration between consortium partners, but also of initiating additional collaboration with other parties.

Célia Martinie, IRIT – Université Toulouse III – Paul Sabatier

[1]     Trustworthy APIs for threat sharing

[2]     End-to-end visualizably encrypted and human authenticated channel

[3]     Malware information sharing platform