Public Service Announcement
The only place to order your free credit report is AnnualCreditReport.com. The other services will either charge you, or keep the information you have authorized them to view and resell it.
A useful document for recent graduates is What To Ask which includes pointers to ways to get involved, job listings and conference ratings.
My Information Security Economics Website.
Ethical Technologies in the Homes of Seniors, ETHOS; and here is a video overview
I have office hours only during the academic year.
901 E 10th St. Room 200
Mondays 1:00 - 3:00 pm
Fridays 10:00 - 11:00 am
Risk Communication Videos
Target for Behavior Change not Education Is the goal is to ensure that individuals respond appropriately, or to have them exhibit a correct understanding of the mechanics of the risk. If this makes no sense to you, then you probably have some expertise in computer security.
Access control - http://www.youtube.com/watch?v=F9m6A4gWKX8
Keylogger - http://www.youtube.com/watch?v=6zHJoZqrCB0
Phishing - http://www.youtube.com/watch?v=4ZQ9pFTCdy4
To reference please use either
L. Jean Camp,
Mental models of privacy and security IEEE Technology
And Society Magazine (2009) No 3:28, IEEE, Pages: 37-46.
J. Blythe, L. Jean Camp & V. Garg,
Targeted risk Communication for
Computer Security, 2011 International Conference on Intelligent User
Interfaces, (Palo Alto, CA) 13-16 February 2011.
J. Blythe, L. Jean Camp & V. Garg, .Targeted risk Communication for Computer Security., 2011 International Conference on Intelligent User Interfaces, (Palo Alto, CA) 13-16 February 2011.
user click traces to determine user expertise and risk profile and generate timely, narrative warnings .
Incentive-Based Access Control Working with doctoral graduate Debin Liu we have first paper on incentive-based access control, entitled Mitigating Inadvertent Insider Threas.
Future work from this paper now
work in progress.
Net Trust: Informing Trust Decisions
Description:The Tech Talk Overview describes how Net Trust works. Current trust mechanisms are built for computers, not humans, despite the reams of available research on human trust decisions. In fact, the most common trust devices (e.g., seals, domain names) require the cooperation of the malicious to function. We have developed a system to use social networks to inform trust decisions. Initial users tests show that Net Trust alters trust behaviors, providing information to people that makes them more trusting of some sites and less trusting of others. Alex Tsow, Camilo Viecco, and L. Jean Camp,
Privacy-Aware Architecture for Sharing Web Histories, IBM Journal of Research & Development - or - L. Jean Camp,
Reliable, Usable Signaling to Defeat Masquerade Attacks, IS A Journal of Law and Policy in the Information Society, 2007, Vol. 3, No 2: 211-235.
Private social networking, information-sharing with security; perfect forward secrecy after de-friending; highly customized interactions
Computer Security is Risk Communication
Want Technically Naive People to Adopt Security Technology? Talk to them in their own terms...
Individual security solutions have not been adopted even when individuals have expressed their desire to do so. Our experiment suggests one contributing factor is that the rich array of metaphors used by computer security professionals fail to align with individual's mental models. Speaking of
infections is not helpful risk communication.
Is the exhaustion of IPv4 an inevitable train wreck? In this paper we generate historical data using whois and compare three policies. The first is prohibition of allocation to those already well-endowed with IPv4. The second is limiting allocations to the minimal allocation that can reasonably expected to be in the routing tables. The third is picking a cut-off date and allocating fractions until that date.
Want Security? Build Privacy.
There is some question as to why end users do not adopt security technologies. We argue that this is typical of users to behave as human beings in the domain of risk and uncertainty. That is, there are consistent biases that determine if risks are acceptable or not. Responses to risk are determined more by the perception of benevolence of the creator of the risk than by the magnitude of the risk. Here is Trust on the Web, a Tale of User Deceit.
Other work available here.