Title :
Role-playing game for studying user behaviors in security: A case study on email secrecy
Author :
Kui Xu ; Danfeng Yao ; Perez-Quinones, Manuel A. ; Link, Christoph ; Geller, E. Scott
Author_Institution :
Dept. of Comput. Sci., Virginia Tech, Blacksburg, VA, USA
Abstract :
Understanding the capabilities of adversaries (e.g., how much the adversary knows about a target) is important for building strong security defenses. Computing an adversary´s knowledge about a target requires new modeling techniques and experimental methods. Our work describes a quantitative analysis technique for modeling an adversary´s knowledge about private information at workplace. Our technical enabler is a new emulation environment for conducting user experiments on attack behaviors. We develop a role-playing cyber game for our evaluation, where the participants take on the adversary role to launch ID theft attacks by answering challenge questions about a target. We measure an adversary´s knowledge based on how well he or she answers the authentication questions about a target. We present our empirical modeling results based on the data collected from a total of 36 users.
Keywords :
Internet; behavioural sciences computing; computer games; data privacy; message authentication; unsolicited e-mail; ID theft attack; email secrecy; quantitative analysis technique; role-playing cyber game; security defenses; user behavior; Authentication; Educational institutions; Electronic mail; Games; Privacy; Servers; Social network services;
Conference_Titel :
Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2014 International Conference on
Conference_Location :
Miami, FL
