Skip to main content
SpringerLink
Log in

Democratizing Cybersecurity in Smart Environments: Investigating the Mental Models of Novices and Experts

  • Conference paper
  • First Online:
End-User Development (IS-EUD 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13917))

Included in the following conference series:

  • 596 Accesses

Abstract

As the Internet of Things (IoT) technology continues to grow, more and more people with no technical expertise are demanding the ability to get the most out of smart devices according to their level of knowledge. To meet user needs, task automation systems (TAS) are used to customize the behavior of IoT devices by defining trigger-action rules. However, while TASs allow different types of behavior to be defined, they do not address the aspects that can make smart devices vulnerable to security and privacy threats. To truly democratize cybersecurity in smart environments, TAS should enable end users (both experts and novices) to protect their devices from external threats. To design TASs that are effective for both types of users, it is necessary to investigate how they differ in the definition of rules in natural language. This research aims to contribute to this issue by investigating the mental models of cybersecurity novices and experts when faced with the need to protect their smart environment from security and privacy threats through the definition of security-oriented rules.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54, 2787–2805 (2010)

    Article  MATH  Google Scholar 

  2. Krishna, A., Le Pallec, M., Mateescu, R., Salaün, G.: Design and deployment of expressive and correct web of things applications. ACM Trans. Internet Things 3, 30 (2021)

    Google Scholar 

  3. Desolda, G., Ardito, C., Matera, M.: Empowering end users to customize their smart environments: model, composition paradigms, and domain-specific tools. ACM Trans. Comput.-Hum. Interact. 24, 58 (2017)

    Article  Google Scholar 

  4. Balducci, F., Buono, P., Desolda, G., Impedovo, D., Piccinno, A.: Improving smart interactive experiences in cultural heritage through pattern recognition techniques. Pattern Recogn. Lett. 131, 142–149 (2020)

    Article  Google Scholar 

  5. Zeng, E., Mare, S., Roesner, F.: End user security & privacy concerns with smart homes. In: Thirteen Symposium on Usable Privacy and Security, pp. 65–80. USENIX Association (2017)

    Google Scholar 

  6. Alqhatani, A., Lipford, H.R.: There is nothing that i need to keep secret: sharing practices and concerns of wearable fitness data. In: Proceedings of the Fifteenth USENIX Conference on Usable Privacy and Security, pp. 421–434. USENIX Association (2019)

    Google Scholar 

  7. Surbatovich, M., Aljuraidan, J., Bauer, L., Das, A., Jia, L.: Some recipes can do more than spoil your appetite: analyzing the security and privacy risks of IFTTT recipes. In: Proceedings of the 26th International Conference on World Wide Web, pp. 1501–1510. International World Wide Web Conferences Steering Committee (2017)

    Google Scholar 

  8. Breve, B., Cimino, G., Deufemia, V.: Identifying security and privacy violation rules in trigger-action IoT platforms with NLP models. IEEE Internet Things J. 10, 5607–5622 (2023)

    Article  Google Scholar 

  9. Wang, Q., Hassan, W., Bates, A., Gunter, C.: Fear and logging in the internet of things. In: Network and Distributed Systems Symposium, pp. Medium: X. The Internet Society (2018)

    Google Scholar 

  10. Xiao, D., Wang, Q., Cai, M., Zhu, Z., Zhao, W.: A3ID: an automatic and interpretable implicit interference detection method for smart home via knowledge graph. IEEE Internet Things J. 7, 2197–2211 (2020)

    Article  Google Scholar 

  11. Breve, B., Desolda, G., Deufemia, V., Greco, F., Matera, M.: An end-user development approach to secure smart environments. In: Fogli, D., Tetteroo, D., Barricelli, B.R., Borsci, S., Markopoulos, P., Papadopoulos, G.A. (eds.) IS-EUD 2021. LNCS, vol. 12724, pp. 36–52. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-79840-6_3

    Chapter  Google Scholar 

  12. Rizvi, S., Pipetti, R., McIntyre, N., Todd, J., Williams, I.: Threat model for securing internet of things (IoT) network at device-level. Internet of Things 11, 100240 (2020)

    Article  Google Scholar 

  13. Seeam, A., Ogbeh, O.S., Guness, S., Bellekens, X.: Threat modeling and security issues for the internet of things. In: Conference on Next Generation Computing Applications, pp. 1–8. IEEE (2019)

    Google Scholar 

  14. Alrawi, O., Lever, C., Antonakakis, M., Monrose, F.: SoK: security evaluation of home-based IoT deployments. In: 40th IEEE Symposium on Security and Privacy, San Francisco, CA, pp. 1362–1380. IEEE (2019)

    Google Scholar 

  15. Atamli, A.W., Martin, A.: Threat-based security analysis for the internet of things. In: International Workshop on Secure Internet of Things, Wroclaw, Poland, pp. 35–43. IEEE (2014)

    Google Scholar 

  16. Ion, I., Reeder, R., Consolv, S.: “...no one can hack my mind”: comparing expert and non-expert security practices. In: Eleventh Symposium on Usable Privacy and Security, pp. 327–346. USENIX Association (2015)

    Google Scholar 

  17. Busse, K., Schäfer, J., Smith, M.: Replication: no one can hack my mind revisiting a study on expert and non-expert security practices and advice. In: Fifteenth Symposium on Usable Privacy and Security, pp. 117–136. USENIX Association (2019)

    Google Scholar 

  18. He, W., Golla, M., Padhi, R., Ofek, J., Fernandes, E., Ur, B.: Rethinking access control and authentication for the home internet of things (IoT). In: USENIX Security Symposium, pp. 255–272. USENIX Association (2018)

    Google Scholar 

  19. Cobb, C., et al.: How risky are real users’ IFTTT applets? In: Sixteenth Symposium on Usable Privacy and Security, pp. 505–529. USENIX Association (2020)

    Google Scholar 

  20. Saeidi, M., Calvert, M., Au, A., Sarma, A., Bobba, R.: If this context then that concern: exploring users’ concerns with IFTTT applets. In: Privacy Enhancing Technologies Symposium, pp. 166–186 (2021)

    Google Scholar 

  21. Paci, F., Bianchin, D., Quintarelli, E., Zannone, N.: IFTTT privacy checker. In: Saracino, A., Mori, P. (eds.) ETAA 2020. LNCS, vol. 12515, pp. 90–107. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64455-0_6

    Chapter  Google Scholar 

  22. Wang, Q., Datta, P., Yang, W., Liu, S., Bates, A., Gunter, C.A.: Charting the attack surface of trigger-action IoT platforms. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1439–1453. ACM (2019)

    Google Scholar 

  23. Norman, D.A.: Some observations on mental models. In: Gentner, D., Stevens, A.L. (eds.) Mental Models, p. 8. Psychology Press, New York (1983)

    Google Scholar 

  24. Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3, 77–101 (2006)

    Article  Google Scholar 

  25. Etikan, I., Abubakar, S., Musa, R., Alkassim, S.: Comparison of convenience sampling and purposive sampling. Am. J. Theor. Appl. Stat. 5, 1–4 (2016)

    Article  Google Scholar 

  26. Olmstead, K., Smith, A.: U.S. Cybersecurity knowledge-what the public knows about cybersecurity. Pew Research Center (2017)

    Google Scholar 

  27. Wogalter, M.: Communication-human information processing (C-HIP) model. In: Forensic Human Factors and Ergonomics, pp. 33–49. CRC Press (2018)

    Google Scholar 

  28. Datta, P., Namin, A.S., Jones, K.S., Hewett, R.: Warning users about cyber threats through sounds. SN Appl. Sci. 3(7), 1–21 (2021). https://doi.org/10.1007/s42452-021-04703-4

    Article  Google Scholar 

  29. Walker, B.N., Nees, M.A.: Theory of sonification. In: Hermann, T., Hunt, A., Neuhof, J.G. (eds.) The Sonification Handbook, pp. 9–40. Logos Publishing House, Berlin (2011)

    Google Scholar 

  30. Fischer, G.: End-user development: empowering stakeholders with artificial intelligence, meta-design, and cultures of participation. In: Fogli, D., Tetteroo, D., Barricelli, B.R., Borsci, S., Markopoulos, P., Papadopoulos, G.A. (eds.) IS-EUD 2021. LNCS, vol. 12724, pp. 3–16. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-79840-6_1

    Chapter  Google Scholar 

  31. Barricelli, B.R., Fogli, D.: Exploring the reciprocal influence of artificial intelligence and end-user development. In: Sixth International Workshop on Cultures of Participation in the Digital Age (2022)

    Google Scholar 

  32. Paternò, F., Burnett, M., Fischer, G., Matera, M., Myers, B., Schmidt, A.: Artificial intelligence versus end-user development: a panel on what are the tradeoffs in daily automations? In: Ardito, C., Lanzilotti, R., Malizia, A., Petrie, H., Piccinno, A., Desolda, G., Inkpen, K. (eds.) INTERACT 2021. LNCS, vol. 12936, pp. 340–343. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85607-6_33

    Chapter  Google Scholar 

  33. Quiroga, L., Crosby, M., Iding, M.: Reducing cognitive load. In: Annual Hawaii International Conference on System Sciences, Big Island, HI, USA, vol. 37, p. 9. IEEE (2004)

    Google Scholar 

  34. Huang, T.-H.K., Azaria, A., Bigham, J.P.: InstructableCrowd: creating IF-THEN rules via conversations with the crowd. In: Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems, pp. 1555–1562. ACM (2016)

    Google Scholar 

  35. Corno, F., De Russis, L., Monge Roffarello, A.: HeyTAP: bridging the gaps between users’ needs and technology in IF-THEN rules via conversation. In: Proceedings of the International Conference on Advanced Visual Interfaces, p. 9. Association for Computing Machinery (2020)

    Google Scholar 

  36. Corno, F., Russis, L.D., Roffarello, A.M.: A high-level approach towards end user development in the IoT. In: CHI Conference Extended Abstracts on Human Factors in Computing Systems, Denver, Colorado, USA, pp. 1546–1552. ACM (2017)

    Google Scholar 

  37. Ardito, C., et al.: User-defined semantics for the design of IoT systems enabling smart interactive experiences. Pers. Ubiquit. Comput. 24(6), 781–796 (2020). https://doi.org/10.1007/s00779-020-01457-5

    Article  Google Scholar 

  38. Ardito, C., Desolda, G., Lanzilotti, R., Malizia, A., Matera, M.: Analysing trade-offs in frameworks for the design of smart environments. Behav. Inf. Technol. 39, 47–71 (2020)

    Google Scholar 

Download references

Acknowledgment

This work is partially supported by the Italian Ministry of University and Research (MIUR) under grant PRIN 2017 “EMPATHY: Empowering People in dAling with internet of Things ecosYstems” and with the co-funding of the European union - Next Generation EU: NRRP Initiative, Mission 4, Component 2, Investment 1.3 – Partnerships extended to universities, research centres, companies and research D.D. MUR n. 341 del 5.03.2022 – Next Generation EU (PE0000014 - “Security and Rights In the CyberSpace - SERICS” - CUP: H93C22000620001).

The research of Francesco Greco is funded by a PhD fellowship within the framework of the Italian “D.M. n. 352, April 9, 2022”- under the National Recovery and Resilience Plan, Mission 4, Component 2, Investment 3.3 - PhD Project “Investigating XAI techniques to help user defend from phishing attacks”, co-supported by “Auriga S.p.A.” (CUP H91I22000410007).

Author information

Authors and Affiliations

  1. Computer Science Department, University of Salerno, Fisciano, Italy

    Bernardo Breve & Vincenzo Deufemia

  2. Computer Science Department, University of Bari Aldo Moro, Bari, Italy

    Giuseppe Desolda & Francesco Greco

Authors
  1. Bernardo Breve
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giuseppe Desolda
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Francesco Greco
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vincenzo Deufemia
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Giuseppe Desolda .

Editor information

Editors and Affiliations

  1. University of Cagliari, Cagliari, Italy

    Lucio Davide Spano

  2. LMU Munich, Munich, Germany

    Albrecht Schmidt

  3. ISTI-CNR, Pisa, Italy

    Carmen Santoro

  4. University of Glasgow, Glasgow, UK

    Simone Stumpf

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Breve, B., Desolda, G., Greco, F., Deufemia, V. (2023). Democratizing Cybersecurity in Smart Environments: Investigating the Mental Models of Novices and Experts. In: Spano, L.D., Schmidt, A., Santoro, C., Stumpf, S. (eds) End-User Development. IS-EUD 2023. Lecture Notes in Computer Science, vol 13917. Springer, Cham. https://doi.org/10.1007/978-3-031-34433-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-34433-6_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-34432-9

  • Online ISBN: 978-3-031-34433-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation