Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Utilizing user centered design to mitigate security threats

Edfors, Emmy LU and Sverreson, Albin LU (2022) MAMM01 20222
Ergonomics and Aerosol Technology
Certec - Rehabilitation Engineering and Design
Abstract
As technology advances and is more and more intertwined with our everyday
lives, the security of these systems becomes very important. Abraham Maslow
famously put safety needs as the second level of his hierarchy of needs, its importance second only to physical needs such as air, food and sleep. To make sure technological systems are as safe as possible there exists threat modeling frameworks and processes. These are made to find possible threats and make sure they are mitigated to a wanted extent. The mitigations realized during these processes often involve code related and cryptographical solutions as they are carried out by software development teams. However, some threats stem from human error and can be hard or impossible to... (More)
As technology advances and is more and more intertwined with our everyday
lives, the security of these systems becomes very important. Abraham Maslow
famously put safety needs as the second level of his hierarchy of needs, its importance second only to physical needs such as air, food and sleep. To make sure technological systems are as safe as possible there exists threat modeling frameworks and processes. These are made to find possible threats and make sure they are mitigated to a wanted extent. The mitigations realized during these processes often involve code related and cryptographical solutions as they are carried out by software development teams. However, some threats stem from human error and can be hard or impossible to develop code based solutions to. An example of this, which is discussed in this thesis, is the threat of phishing where an adversary tricks a user into performing some harmful action.

This thesis aims to explore the possibility to use design and user centered design process to mitigate threats found in one of these threat modeling processes. A threat modeling process was performed on the Homepal data platform and a threat was chosen with possible design related mitigations to focus on. A literature study was conducted to find mitigation alternatives and a survey was made to investigate the user base’s opinions on them. After the requirements were set, lo-fi alternatives where then created and evaluated and the results turned into hi-fi prototypes. The hi-fi prototypes were then subject to a more extensive evaluation, resulting in one poster being recommended as well as several guidelines for how to effectively convey security tips on posters. (Less)
Abstract (Swedish)
I takt med att teknologin blir en större och större del av vårt vardagsliv ökar även vikten av att säkerställa att dessa system har en hög säkerhet. Säkerheten blir en större del av vår vardag och har alltid varit viktigt för människan. Abraham Maslow placerade säkerhet på andra steget i hans hierarki av behov för en människa, precis under fysiska nödvändigheter som luft att andas, mat att äta och sömn. För att säkerställa att teknologiska system är så säkra som möjligt används olika modeller för att hitta, analysera och hitta lösningar för att mildra potentiella säkerhetshot. De lösningar som hittas innefattar ofta kodbaserade eller kryptografiska lösningar då säkerhetshoten ofta är kopplade till själva utvecklandet av produkten. Dock är... (More)
I takt med att teknologin blir en större och större del av vårt vardagsliv ökar även vikten av att säkerställa att dessa system har en hög säkerhet. Säkerheten blir en större del av vår vardag och har alltid varit viktigt för människan. Abraham Maslow placerade säkerhet på andra steget i hans hierarki av behov för en människa, precis under fysiska nödvändigheter som luft att andas, mat att äta och sömn. För att säkerställa att teknologiska system är så säkra som möjligt används olika modeller för att hitta, analysera och hitta lösningar för att mildra potentiella säkerhetshot. De lösningar som hittas innefattar ofta kodbaserade eller kryptografiska lösningar då säkerhetshoten ofta är kopplade till själva utvecklandet av produkten. Dock är det viktigt att poängtera att det ibland inte går att koppla en lösning till kod eller kryptografi, utan att säkerhetshot ibland har en relation till mänskliga utförda fel. Ett exempel på detta är phishing, ett hot som diskuteras i detta examensarbete, där användaren luras att utföra en skadlig handling.

Detta examensarbete utforskar möjligheterna att använda design och en användarcentrerad process för att mildra konsekvenserna av funna säkerhetshot efter genomförandet av en säkerhetsanalys. Säkerhetsanalysen gjordes på Homepals dataplattform och ett av säkerhetshoten valdes att fokusera på, då detta visade potential att kunna ha designrelaterade åtgärder. Även en litteraturstudie genomfördes för att hitta alternativ på åtgärder, samt två enkäter skickades ut för att förstå användarnas åsikter gällande dessa alternativa åtgärder. Efter att kraven på produkten var satta skapades en lågnivåprototyp, som sedan utvärderades och itererades till en högnivåprototyp. Högnivåprototypen genomgick sedan en omfattande utvärdering som resulterade i att en affisch rekommenderades som en potentiell lösning på åtgärder för säkerhetshotet, samt några riktlinjer kring hur man effektivt kan förmedla säkerhetstips genom att använda affischer. (Less)
Please use this url to cite or link to this publication:
author
Edfors, Emmy LU and Sverreson, Albin LU
supervisor
organization
course
MAMM01 20222
year
type
H2 - Master's Degree (Two Years)
subject
keywords
Educational reminders, Posters, Phishing, Security Education, STRIDE, Threat Modeling, User Centered Design
language
English
id
9101319
date added to LUP
2022-10-05 09:18:54
date last changed
2022-10-05 09:18:54
@misc{9101319,
  abstract     = {{As technology advances and is more and more intertwined with our everyday
lives, the security of these systems becomes very important. Abraham Maslow
famously put safety needs as the second level of his hierarchy of needs, its importance second only to physical needs such as air, food and sleep. To make sure technological systems are as safe as possible there exists threat modeling frameworks and processes. These are made to find possible threats and make sure they are mitigated to a wanted extent. The mitigations realized during these processes often involve code related and cryptographical solutions as they are carried out by software development teams. However, some threats stem from human error and can be hard or impossible to develop code based solutions to. An example of this, which is discussed in this thesis, is the threat of phishing where an adversary tricks a user into performing some harmful action.

This thesis aims to explore the possibility to use design and user centered design process to mitigate threats found in one of these threat modeling processes. A threat modeling process was performed on the Homepal data platform and a threat was chosen with possible design related mitigations to focus on. A literature study was conducted to find mitigation alternatives and a survey was made to investigate the user base’s opinions on them. After the requirements were set, lo-fi alternatives where then created and evaluated and the results turned into hi-fi prototypes. The hi-fi prototypes were then subject to a more extensive evaluation, resulting in one poster being recommended as well as several guidelines for how to effectively convey security tips on posters.}},
  author       = {{Edfors, Emmy and Sverreson, Albin}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Utilizing user centered design to mitigate security threats}},
  year         = {{2022}},
}