Noura Alomar

Smartphone users: Understanding how security mechanisms are perceived and new persuasive methods

Protecting smartphones against security threats is a multidimensional problem involving human and technological factors. This study investigates how smartphone users’ security- and privacy-related decisions are influenced by their attitudes, perceptions, and understanding of various security threats. In this work, we seek to provide quantified insights into smartphone users’ behavior toward multiple key security features including locking mechanisms, application repositories, mobile instant messaging, and smartphone location services. To the best of our knowledge, this is the first study that reveals often unforeseen correlations and dependencies between various privacy- and security-related behaviors. Our work also provides evidence that making correct security decisions might not necessarily correlate with individuals’ awareness of the consequences of security threats. By comparing participants’ behavior and their motives for adopting or ignoring certain security practices, we suggest implementing additional persuasive approaches that focus on addressing social and technological aspects of the problem. On the basis of our findings and the results presented in the literature, we identify the factors that might influence smartphone users’ security behaviors. We then use our understanding of what might drive and influence significant behavioral changes to propose several platform design modifications that we believe could improve the security levels of smartphones.

Social Authentication Applications, Attacks, Defense Strategies and Future Research Directions: A Systematic Review

The ever-increasing volumes of social knowledge shared in online social networks, the establishment of trustworthy social relationships over these platforms, and the emergence of technologies that allow friendship networks to be inferred from data exchanged in communication networks have motivated researchers to build socially aware authentication schemes. We conduct the first study that surveys the literature related to social authentication. In this paper, we not only created a taxonomy for classifying all social authentication schemes deployed in online or physical social contexts and extensively analyzed their authentication features, but also built a novel framework for evaluating the effectiveness of all social authentication schemes, identified all the practical and theoretical attacks that may be mounted against such schemes, addressed possible defense strategies, and identified challenges, open questions, and future research opportunities. To measure their accuracy, strengths, weaknesses, and limitations, as well as to identify the potential of knowledge-based and trust-based social authentication schemes, a comprehensive comparative assessment of the security, usability, and deployability was conducted. We hope, by providing a solid foundation for gaining sufficient understanding of the manners in which users’ social interactions have been utilized in user authentication schemes and their corresponding security implications, we will guide future research in this domain.

SECDEP: Software engineering curricula development and evaluation process using SWEBOK

Abstract Context: Software engineering (SE) has a multidisciplinary and dynamic nature that makes it challenging to design its educational material. Guide to the software engineering body of knowledge (SWEBOK) which has evolved to become ISO/IEC 19759 standard has identified various knowledge areas to be part of any SE curricula. Although there is a number of studies that address the gap between SE curricula and software industry, the literature lacks defining a process that can be leveraged for continuously improving SE curricula to fulfill the software development market demands. Objective: In this paper, we propose a Software Engineering Curricula Development and Evaluation Process (SECDEP) that takes advantage of the SWEBOK guidelines to improve the quality of SE programs based on objective and subjective evidences. Method: Our process consists of multi-steps in which the local software market needs and the target SE program objectives and constraints are all taken into consideration. As a case study, we follow our process to investigate the core SE courses delivered as part of the SE curricula in a set of universities in our region. Results: The conducted case study identifies the factors that might contribute to mitigating the skills shortages in the target software market. We demonstrate the effectiveness of our process by identifying the weaknesses of the studied SE curricula and presenting recommendations to align the studied curricula with the demands of the target software market, which assists SE educators in the design and evaluation of their SE curricula. Conclusion: Based on the obtained results, the studied SE curricula can be enhanced by incorporating latest SE technologies, covering most of the SWEBOK knowledge areas, adopting SE curricula standards, and increasing the level of industrial involvement in SE curricula. We believe that achieving these enhancements by SE educators will have a positive impact on the SE curricula in question.

A model for evaluating the security and usability of e-banking platforms

Convenience and the ability to perform advanced transactions encourage banks clients to use e-banking systems. As security and usability are two growing concerns for e-banking users, banks have invested heavily in improving their web portals security and user experience and trust in them. Despite considerable efforts to evaluate particular security and usability features in e-banking systems, a dedicated security and usability evaluation model that can be used as a guide in the development of e-banking assets remains much less explored. To build a comprehensive security and usability evaluation framework, we first extract security and usability evaluation metrics from the conducted literature review and then include several other evaluation metrics that were not previously identified in the literature. We then propose a structured inspection model for thoroughly evaluating the usability and security of internal and external e-banking assets. We argue that the proposed e-banking security and usability evaluation frameworks in the literature in addition to the existing standards of security best practices (e.g., NIST and ISO) are by no means comprehensive and lack some essential and key evaluation metrics that are of particular interest to e-banking portals. In order to demonstrate the inadequacy of existing models, we use the proposed framework to evaluate five major banks. The evaluation reveals several shortcomings in identifying both missing or incorrectly implemented security and privacy features. Our goal is to encourage other researchers to build upon our work.

Usability Engineering of Agile Software Project Management Tools

The successful management of software projects requires taking human and managerial factors into consideration. Agile software project management methodologies have made their way into the mainstream culture of software development and have gotten the attention of software engineers and researchers due to their rapid growth. The aim of this research effort is to comprehensively evaluate the usability of four software project management tools based on experimental findings as well as heuristic assessment. We focus on evaluating widely known tools based on rigorous usability assessment criteria and subjective and objective evaluation techniques. By utilizing the capabilities of a usability testing software solution, Morea, and considering the subjective views of five Human Computer Interaction experts, we believe that our findings can inspire the design of more effective agile software project management tools that allow development teams to manage their work efficiently while helping decision makers to base their tool selection on a trusted usability evaluation approach that addresses the needs of software development teams. We also believe that our findings will have promising implications for task management activities performed throughout all the phases of the software development lifecycle.

Assessment of visual function and Vision-related Quality of Life in female contact lens wearers with Dry Eye Syndrome

Purpose To assess visual function and Vision-related Quality of Life (VRQOL) in female contact lens wearers with Dry Eye Syndrome in Riyadh city, Saudi Arabia. Methods This was a cross sectional study. Saudi Females subjects with and without DES (contact lens wearer [CLW] and Non-contact lens wearers [NCLW]) aged between 16 and 35 years were included in this study. Subjects were recruited from female campus at King Saud University (KSU), Riyadh, KSA. Measurements include corneal topography, visual acuity (VA), autorefraction, contrast sensitivity (CS), Schirmers test and Tear breakup test (TBUT) were performed on all subjects. In addition, corneal thickness was measured using Pentacam HR to compare between the total corneal thickness (TCT) in DES and Non-DES groups. Contact Lens Impact on Quality of Life (CLIQ) Questionnaire was used to assess VRQOL. Visual functions and VRQOL were compared between groups (contact lens (CL) and NCLW) using SPSS program version 23 (SPSS Inc, Chicago, Illinois, USA). Results A total of 100 subjects with DES (n = 44 including 25 CLW and 19 NCLW), and non-DES (n = 56 including 17 CLW and 39 NCLW) were included in this study. The mean age of participants with DES was 21.39 years and was 20.96 years of participants Non-DES. There were no significant different in VA, CS, and TCT between subjects DES and Non-DES (P > 0.05), which indicates that dryness have no effect on the visual function and TCT. Contact lens wearers had higher score on convince, economic and psychological items than NCLW. Within CL group, subjects with DES had higher score on convince and psychological items. Similarly, within DES group, subjects who wore CL had higher score on convince and psychological items. Conclusion This study provides evidence that dryness may has no effect on visual function in both CLW and NCLW. Psychological and convenience domains of VRQOL were negatively affect in Saudi female patients with DES specially who wear CL.

The Collective Impression of Saudis’ Perceptions of Entertainment

The diversity of human perceptions of entertainment coupled with the continuous emergence of new modes of entertainment have raised a challenge in offering the entertainment environment that is properly aligned with the public interest. Entertainment preferences are known to be shaped by a combination of individuals’ social and cultural background, instability in economic situation, and generational differences. In the Saudi context, many cultural considerations have created a multitude of preferences with regards to accepting newly emerged or imported entertainment methods, particularly due to the distinctive nature of the Saudi cultural context and the complexity of perceptual factors that contribute to shaping individuals’ preferences in the Saudi community. In this paper we propose to utilize visual surveys as a mean for collecting and quantifying urban perceptions of entertainment, with the hope of revealing the current challenges and envisioning the potential directions of improvement. We employ visual surveys as a data collection tool to understand how people’s defined expectations, prior experiences and demographic variables relate to their perceptions with regards to preferred entertainment modes. It is our hope that this research work will open the door toward utilizing the availability of crowdsourcing techniques for comparing and contrasting urban perceptions in other different cultures and contexts.

Performance-Based Comparative Assessment of Open Source Web Vulnerability Scanners

The widespread adoption of web vulnerability scanners and the differences in the functionality provided by these tool-based vulnerability detection approaches increase the demand for testing their detection effectiveness. Despite the advantages of dynamic testing approaches, the literature lacks studies that systematically evaluate the performance of open source web vulnerability scanners. The main objectives of this study are to assess the performance of open source scanners from multiple perspectives and to examine their detection capability. This paper presents the results of a comparative evaluation of the security features as well as the performance of four web vulnerability detection tools. We followed this comparative assessment with a case study in which we evaluate the level of agreement between the results reported by two open source web vulnerability scanners. Given that the results of our comparative evaluation did not show significant performance differences among the scanners while the results of the conducted case study revealed high level of disagreement between the reports generated by different scanners, we conclude that the inconsistencies between the reports generated by different scanners might not necessarily correlate with their performance properties. We also present some recommendations for helping developers of web vulnerabilities scanners to improve their tools’ capabilities.

Someone in Your Contact List: Cued Recall-Based Textual Passwords

Textual passwords remain the most commonly employed user authentication mechanism, and potentially will continue to be so for years to come. Despite the well-known security and usability issues concerning textual passwords, none of the numerous proposed authentication alternatives appear to have achieved a sufficient level of adoption to dominate in the foreseeable future. Password hints, consisting of a user generated text saved at the account setup stage, are employed in several authentication systems to help users to recall forgotten passwords. However, users are often unable to create hints that jog the memory without revealing too much information regarding the passwords themselves. We propose a rethink of password hints by introducing SỲNTHIMA, a novel cued recall-based textual password method that reveals no information regarding the password, requires no modifications to authentication servers, and requires no additional setup or registration steps. SỲNTHIMA makes use of users’ contact lists, so that mapped password hints extracted from a user’s contacts are automatically generated while the user is typing the password. We create formal models for relevant aspects of the password hint mechanism, define its threat model, and analyze the security and usability of SỲNTHIMA. We also present the results of an in-lab user study of SỲNTHIMA on 30 participants to evaluate its effectiveness and usability. The results demonstrate that SỲNTHIMA minimizes the number of incorrect login attempts and improves long-term password recall, with acceptable login times and positive user feedback. We summarize the lessons learned from the user study, with the hope of provoking further insights regarding the design of effective cued recall-based textual password schemes.