Edward Sobiesk

Malicious interface design: exploiting the user

In an ideal world, interface design is the art and science of helping users accomplish tasks in a timely, efficient, and pleasurable manner. This paper studies the inverse situation, the vast emergence of deliberately constructed malicious interfaces that violate design best practices in order to accomplish goals counter to those of the user. This has become a commonplace occurrence both on and off the desktop, particularly on the web. A primary objective of this paper is to formally define this problem, including construction of a taxonomy of malicious interface techniques and a preliminary analysis of their impact on users. Findings are presented that gauge the self-reported tolerance and expectation levels of users with regard to malicious interfaces as well as the effectiveness and ease of use of existing countermeasures. A second objective of this paper is to increase awareness, dialogue, and research in a domain that we consider largely unexplored but critical to future usability of the WWW. Our results were accomplished through significant compilation of malicious interface techniques based on review of thousands of web sites and by conducting three surveys. Ultimately, this paper concludes that malicious interfaces are a ubiquitous problem that demands intervention by the security and human computer interaction communities in order to reduce the negative impact on the global user population.

Cyber Education: A Multi-Level, Multi-Discipline Approach

The purpose of this paper is to contribute to the emerging dialogue on the direction, content, and techniques involved in cyber education. The principle contributions of this work include a discussion on the definition of cyber and then a description of a multi-level, multi-discipline approach to cyber education with the goal of providing all educated individuals a level of cyber education appropriate for their role in society. Our work assumes cyber education includes technical and non-technical content at all levels. Our model formally integrates cyber throughout an institutions entire curriculum including within the required general education program, cyber-related electives, cyber threads, cyber minors, cyber-related majors, and cyber enrichment opportunities, collectively providing the foundational knowledge, skills, and abilities needed to succeed in the 21st Century Cyber Domain. To demonstrate one way of instantiating our multi-level, multi-discipline approach, we describe how it is implemented at our institution. Overall, this paper serves as a call for further discussion, debate, and effort on the topic of cyber education as well as describing our innovative model for cyber pedagogy.

Demand response with photovoltaic energy source and Time-of-Use pricing

Several utilities are offering, or plan to offer, customers the choice between standard and “Time-of-Use” (ToU) rates for electricity. ToU rates for energy are based on a tiered pricing structure as opposed to standard flat rates. ToU rates are typically less than the standard rate during off-peak times and higher than the standard rate at peak times. This pricing structure can incentivize combining demand response (DR) with photovoltaic (PV) generation which can shift a customers net demand from peak to off-peak times. This paper presents a demand response scheme designed for implementation with photovoltaic generation within a ToU pricing environment. The DR algorithm is designed to require minimal sensors, does not require forecasting, and is suitable for automation. Simulation results validating the DR algorithm and quantifying potential savings based on the level of DR are presented based on PV generation data and residential load consumption data in New York.

Designing an interdisciplinary information technology program

We examine key factors in the design and implementation of an Information Technology (IT) major and discuss the limitations encountered in creating a new program in a resource constrained environment. The focus is on four factors. First, we discuss a learning model appropriate for IT majors who need to be prepared for graduate study in IT, the military IT environment, and the civilian IT world. Second, we examine the strengths and weaknesses of implementing the learning model by using existing courses offered by an existing organization. Third, we discuss ways to mitigate potential weaknesses of this approach. Finally, we discuss a continuous assessment and improvement process to evaluate and improve the success of the implementation.

Tracking multiple objects in terrain

The digitized battlefield of the 21st Century will revolutionize the methods used to maintain military command and control. The tremendous amount of data available will necessitate the use of intelligent automated systems that augment, and in some cases replace, the human structures currently in place. One aspect of such systems is terrain-based tracking. We discuss an intelligent terrain-based system for tracking multiple vehicles moving across terrain. Specifically, our system extracts and utilizes knowledge about groups to improve the performance of a discrete state-space motion model. Parallel programming techniques are utilized to compute probability densities for the vehicles. A learning component allows for real-time adjustment based on performance.

Self-monitoring of web-based information disclosure

Free online tools such as search, email and mapping come with a cost. Web users obtain such services by making micropayments of personal and organizational information to the web service providers. Web companies use this information to create customized advertising and tailored user experiences. Individually, each transaction appears innocuous, but when aggregated, the result is often highly sensitive. The impact of AOL.s inadvertent disclosure of 20 million nominally anonymized search queries underscores the pressing need for increasing web privacy and raising user awareness of the problem. Rather than advocate extreme legal and policy measures to address the dilemma, this paper proposes an equitable self-monitoring solution. Self-monitoring allows individual users and large enterprises to regulate their web-based interactions intelligently and still allow online companies to innovate and flourish. The primary contributions of our work includes exploration of visualization techniques that support self-monitoring, a human-centric evaluation and the results of a user requirements survey.

Information Technology as a Cyber Science

Emerging technologies are proliferating and the computing profession continues to evolve to embrace the many opportunities and solve the many challenges this brings. Among the challenges is identifying and describing the competencies, responsibilities, and curriculum content needed for cybersecurity. As part of addressing these issues, there are efforts taking place that both improve integration of cybersecurity into the established computing disciplines while other efforts are developing and articulating cybersecurity as a new meta-discipline. The various individual computing disciplines, such as Computer Science, Information Technology, and Information Systems, have increased and improved the amount of cybersecurity in their model curricula. In parallel, organizations such as the Cyber Education Project, an ACM/IEEE Joint Task Force, and the accrediting body ABET are producing such artifacts as a multi-disciplinary Body of Knowledge and accreditation program criteria for cybersecurity writ large. This paper explores these various cybersecurity initiatives from the perspective of the Information Technology discipline, and it addresses the degree to which cybersecurity and Information Technology are both similar and different.

Should IT2008 be revised

Five years have passed since the final publication of the ACM-IEEE information technology (IT) four-year curricula guidelines (IT2008) [1]. In September of 2012, the ACM Education Board initiated an exploratory invitation to Special Interest Group for Information Technology Education (SIGITE) to determine the efficacy of the current IT curricula guidelines and to suggest recommendations, if any. In this panel the group members will report on its current progress and will solicit input from participants on what aspects of the model curriculum need to be revisited.

Automated webpage evaluation

Webpage evaluation and metrics have historically focused on page-level characteristics or on key words. We introduce an automated technique for graphically measuring specific elements on a webpage. Our technique provides a means to increase the fidelity of webpage analysis and introduces a novel metric focused on the number of pixels that certain elements occupy in a browser window. We implemented the technique as a Firefox extension and successfully tested it on Alexa?s top 25 U.S. websites. The technique is fully automatable and consistently measures a customizable set of elements as they appear to users in the Firefox web browser. Importantly, the application allows for communication with and the incorporation of other browser-based tools or extensions. We discuss design considerations and creative solutions to technical implementation challenges. The application provides for a wide range of research opportunities that may require a new level of fidelity in webpage analysis and comparison.

Developing ABET criteria for undergraduate cybersecurity programs

This special session will introduce current work on program criteria currently being developed for use by ABET in accrediting undergraduate cybersecurity programs. It will provide a status report on current efforts in this area, along with expectations for future development and deployment of these criteria.