Abstract
As the Internet of Things (IoT) technology continues to grow, more and more people with no technical expertise are demanding the ability to get the most out of smart devices according to their level of knowledge. To meet user needs, task automation systems (TAS) are used to customize the behavior of IoT devices by defining trigger-action rules. However, while TASs allow different types of behavior to be defined, they do not address the aspects that can make smart devices vulnerable to security and privacy threats. To truly democratize cybersecurity in smart environments, TAS should enable end users (both experts and novices) to protect their devices from external threats. To design TASs that are effective for both types of users, it is necessary to investigate how they differ in the definition of rules in natural language. This research aims to contribute to this issue by investigating the mental models of cybersecurity novices and experts when faced with the need to protect their smart environment from security and privacy threats through the definition of security-oriented rules.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54, 2787–2805 (2010)
Krishna, A., Le Pallec, M., Mateescu, R., Salaün, G.: Design and deployment of expressive and correct web of things applications. ACM Trans. Internet Things 3, 30 (2021)
Desolda, G., Ardito, C., Matera, M.: Empowering end users to customize their smart environments: model, composition paradigms, and domain-specific tools. ACM Trans. Comput.-Hum. Interact. 24, 58 (2017)
Balducci, F., Buono, P., Desolda, G., Impedovo, D., Piccinno, A.: Improving smart interactive experiences in cultural heritage through pattern recognition techniques. Pattern Recogn. Lett. 131, 142–149 (2020)
Zeng, E., Mare, S., Roesner, F.: End user security & privacy concerns with smart homes. In: Thirteen Symposium on Usable Privacy and Security, pp. 65–80. USENIX Association (2017)
Alqhatani, A., Lipford, H.R.: There is nothing that i need to keep secret: sharing practices and concerns of wearable fitness data. In: Proceedings of the Fifteenth USENIX Conference on Usable Privacy and Security, pp. 421–434. USENIX Association (2019)
Surbatovich, M., Aljuraidan, J., Bauer, L., Das, A., Jia, L.: Some recipes can do more than spoil your appetite: analyzing the security and privacy risks of IFTTT recipes. In: Proceedings of the 26th International Conference on World Wide Web, pp. 1501–1510. International World Wide Web Conferences Steering Committee (2017)
Breve, B., Cimino, G., Deufemia, V.: Identifying security and privacy violation rules in trigger-action IoT platforms with NLP models. IEEE Internet Things J. 10, 5607–5622 (2023)
Wang, Q., Hassan, W., Bates, A., Gunter, C.: Fear and logging in the internet of things. In: Network and Distributed Systems Symposium, pp. Medium: X. The Internet Society (2018)
Xiao, D., Wang, Q., Cai, M., Zhu, Z., Zhao, W.: A3ID: an automatic and interpretable implicit interference detection method for smart home via knowledge graph. IEEE Internet Things J. 7, 2197–2211 (2020)
Breve, B., Desolda, G., Deufemia, V., Greco, F., Matera, M.: An end-user development approach to secure smart environments. In: Fogli, D., Tetteroo, D., Barricelli, B.R., Borsci, S., Markopoulos, P., Papadopoulos, G.A. (eds.) IS-EUD 2021. LNCS, vol. 12724, pp. 36–52. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-79840-6_3
Rizvi, S., Pipetti, R., McIntyre, N., Todd, J., Williams, I.: Threat model for securing internet of things (IoT) network at device-level. Internet of Things 11, 100240 (2020)
Seeam, A., Ogbeh, O.S., Guness, S., Bellekens, X.: Threat modeling and security issues for the internet of things. In: Conference on Next Generation Computing Applications, pp. 1–8. IEEE (2019)
Alrawi, O., Lever, C., Antonakakis, M., Monrose, F.: SoK: security evaluation of home-based IoT deployments. In: 40th IEEE Symposium on Security and Privacy, San Francisco, CA, pp. 1362–1380. IEEE (2019)
Atamli, A.W., Martin, A.: Threat-based security analysis for the internet of things. In: International Workshop on Secure Internet of Things, Wroclaw, Poland, pp. 35–43. IEEE (2014)
Ion, I., Reeder, R., Consolv, S.: “...no one can hack my mind”: comparing expert and non-expert security practices. In: Eleventh Symposium on Usable Privacy and Security, pp. 327–346. USENIX Association (2015)
Busse, K., Schäfer, J., Smith, M.: Replication: no one can hack my mind revisiting a study on expert and non-expert security practices and advice. In: Fifteenth Symposium on Usable Privacy and Security, pp. 117–136. USENIX Association (2019)
He, W., Golla, M., Padhi, R., Ofek, J., Fernandes, E., Ur, B.: Rethinking access control and authentication for the home internet of things (IoT). In: USENIX Security Symposium, pp. 255–272. USENIX Association (2018)
Cobb, C., et al.: How risky are real users’ IFTTT applets? In: Sixteenth Symposium on Usable Privacy and Security, pp. 505–529. USENIX Association (2020)
Saeidi, M., Calvert, M., Au, A., Sarma, A., Bobba, R.: If this context then that concern: exploring users’ concerns with IFTTT applets. In: Privacy Enhancing Technologies Symposium, pp. 166–186 (2021)
Paci, F., Bianchin, D., Quintarelli, E., Zannone, N.: IFTTT privacy checker. In: Saracino, A., Mori, P. (eds.) ETAA 2020. LNCS, vol. 12515, pp. 90–107. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64455-0_6
Wang, Q., Datta, P., Yang, W., Liu, S., Bates, A., Gunter, C.A.: Charting the attack surface of trigger-action IoT platforms. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1439–1453. ACM (2019)
Norman, D.A.: Some observations on mental models. In: Gentner, D., Stevens, A.L. (eds.) Mental Models, p. 8. Psychology Press, New York (1983)
Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3, 77–101 (2006)
Etikan, I., Abubakar, S., Musa, R., Alkassim, S.: Comparison of convenience sampling and purposive sampling. Am. J. Theor. Appl. Stat. 5, 1–4 (2016)
Olmstead, K., Smith, A.: U.S. Cybersecurity knowledge-what the public knows about cybersecurity. Pew Research Center (2017)
Wogalter, M.: Communication-human information processing (C-HIP) model. In: Forensic Human Factors and Ergonomics, pp. 33–49. CRC Press (2018)
Datta, P., Namin, A.S., Jones, K.S., Hewett, R.: Warning users about cyber threats through sounds. SN Appl. Sci. 3(7), 1–21 (2021). https://doi.org/10.1007/s42452-021-04703-4
Walker, B.N., Nees, M.A.: Theory of sonification. In: Hermann, T., Hunt, A., Neuhof, J.G. (eds.) The Sonification Handbook, pp. 9–40. Logos Publishing House, Berlin (2011)
Fischer, G.: End-user development: empowering stakeholders with artificial intelligence, meta-design, and cultures of participation. In: Fogli, D., Tetteroo, D., Barricelli, B.R., Borsci, S., Markopoulos, P., Papadopoulos, G.A. (eds.) IS-EUD 2021. LNCS, vol. 12724, pp. 3–16. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-79840-6_1
Barricelli, B.R., Fogli, D.: Exploring the reciprocal influence of artificial intelligence and end-user development. In: Sixth International Workshop on Cultures of Participation in the Digital Age (2022)
Paternò, F., Burnett, M., Fischer, G., Matera, M., Myers, B., Schmidt, A.: Artificial intelligence versus end-user development: a panel on what are the tradeoffs in daily automations? In: Ardito, C., Lanzilotti, R., Malizia, A., Petrie, H., Piccinno, A., Desolda, G., Inkpen, K. (eds.) INTERACT 2021. LNCS, vol. 12936, pp. 340–343. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85607-6_33
Quiroga, L., Crosby, M., Iding, M.: Reducing cognitive load. In: Annual Hawaii International Conference on System Sciences, Big Island, HI, USA, vol. 37, p. 9. IEEE (2004)
Huang, T.-H.K., Azaria, A., Bigham, J.P.: InstructableCrowd: creating IF-THEN rules via conversations with the crowd. In: Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems, pp. 1555–1562. ACM (2016)
Corno, F., De Russis, L., Monge Roffarello, A.: HeyTAP: bridging the gaps between users’ needs and technology in IF-THEN rules via conversation. In: Proceedings of the International Conference on Advanced Visual Interfaces, p. 9. Association for Computing Machinery (2020)
Corno, F., Russis, L.D., Roffarello, A.M.: A high-level approach towards end user development in the IoT. In: CHI Conference Extended Abstracts on Human Factors in Computing Systems, Denver, Colorado, USA, pp. 1546–1552. ACM (2017)
Ardito, C., et al.: User-defined semantics for the design of IoT systems enabling smart interactive experiences. Pers. Ubiquit. Comput. 24(6), 781–796 (2020). https://doi.org/10.1007/s00779-020-01457-5
Ardito, C., Desolda, G., Lanzilotti, R., Malizia, A., Matera, M.: Analysing trade-offs in frameworks for the design of smart environments. Behav. Inf. Technol. 39, 47–71 (2020)
Acknowledgment
This work is partially supported by the Italian Ministry of University and Research (MIUR) under grant PRIN 2017 “EMPATHY: Empowering People in dAling with internet of Things ecosYstems” and with the co-funding of the European union - Next Generation EU: NRRP Initiative, Mission 4, Component 2, Investment 1.3 – Partnerships extended to universities, research centres, companies and research D.D. MUR n. 341 del 5.03.2022 – Next Generation EU (PE0000014 - “Security and Rights In the CyberSpace - SERICS” - CUP: H93C22000620001).
The research of Francesco Greco is funded by a PhD fellowship within the framework of the Italian “D.M. n. 352, April 9, 2022”- under the National Recovery and Resilience Plan, Mission 4, Component 2, Investment 3.3 - PhD Project “Investigating XAI techniques to help user defend from phishing attacks”, co-supported by “Auriga S.p.A.” (CUP H91I22000410007).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Breve, B., Desolda, G., Greco, F., Deufemia, V. (2023). Democratizing Cybersecurity in Smart Environments: Investigating the Mental Models of Novices and Experts. In: Spano, L.D., Schmidt, A., Santoro, C., Stumpf, S. (eds) End-User Development. IS-EUD 2023. Lecture Notes in Computer Science, vol 13917. Springer, Cham. https://doi.org/10.1007/978-3-031-34433-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-34433-6_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-34432-9
Online ISBN: 978-3-031-34433-6
eBook Packages: Computer ScienceComputer Science (R0)