skip to main content
10.1145/3411763.3451731acmconferencesArticle/Chapter ViewAbstractPublication PageschiConference Proceedingsconference-collections
poster

Participatory Threat Modelling: Exploring Paths to Reconfigure Cybersecurity

Published: 08 May 2021 Publication History

Abstract

We present “participatory threat modelling” as a feminist cybersecurity practice which allows technology research to centre traditionally marginalized and excluded experiences. We facilitated a series of community workshops in which we invited participants to define their own cybersecurity threats, implement changes to defend themselves, and reflect on the role cybersecurity plays in their lives. In doing so, we contest both hierarchical approaches to users in cybersecurity—which seek to ‘solve’ the problems of human behavior—and a tendency in HCI to equate action research with the development of novel technology solutions. Our findings draw highlight barriers to engaging with cybersecurity, the role of personal experiences (for instance of gender, race or sexuality) in shaping this engagement, and the benefits of communal approaches to cybersecurity.

References

[1]
A. Shostack, Threat Modeling: Designing for Security. Wiley, 2014.
[2]
S. Bardzell, “Feminist HCI : Taking Stock and Outlining an Agenda for Design,” CHI, 2010.
[3]
S. Kindon, R. Pain, and M. Kesby, “Participatory Action Research: Origins, approaches and methods,” in Participatory Action Research Approaches and Methods: Connecting People, Participation and Place, 2007.
[4]
G. R. Hayes, “The relationship of action research to human-computer interaction,” ACM Trans. Comput. Interact., 2011.
[5]
S. Kemmis, R. McTaggart, and R. Nixon, The action research planner: Doing critical participatory action research. 2014.
[6]
S. Costanza-Chock, “Design Justice: towards an intersectional feminist framework for design theory and practice,” in DRS2018: Catalyst, 2018.
[7]
G. UK, “The Ripple Effect: Covid-19 and the Epidemic of Online Abuse,” 2020.
[8]
(ISC)2, “(ISC)2 Cybersecurity Workforce Study: Women in Cybersecurity,” 2019.
[9]
NCSC, “Decrypting diversity: Diversity and inclusion in cyber security,” 2020.
[10]
D. Fujs, A. Mihelič, and S. L. R. Vrhovec, “The power of interpretation: Qualitative methods in cybersecurity research,” in ACM International Conference Proceeding Series, 2019.
[11]
M. Katell, “Toward situated interventions for algorithmic equity: Lessons from the field,” in FAT* 2020 - Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency, 2020.
[12]
A. Strohmayer, J. Clamen, and M. Laing, “Technologies for Social Justice,” 2019.
[13]
C. P. R. Heath, P. A. Hall, and L. Coles-Kemp, “Holding on to dissensus: Participatory interactions in security design,” Strateg. Des. Res. J., 2018.
[14]
D. Haraway, “Situated Knowledges: The Science Question in Feminism and the Privilege of Partial Perspective,” Fem. Stud., 1988.
[15]
Y. Yao, J. R. Basdeo, S. Kaushik, and Y. Wang, “Defending my castle: A co-design study of privacy mechanisms for smart homes,” in Conference on Human Factors in Computing Systems - Proceedings, 2019.
[16]
R. Leitão, “Anticipating Smart Home Security and Privacy Threats with Survivors of Intimate Partner Abuse,” ACM Conf. Des. Interact. Syst., pp. 527–539, 2019.
[17]
S. Fox, N. Merrill, R. Wong, and J. Pierce, “Differential vulnerabilities and a diversity of tactics: What toolkits teach us about cybersecurity,” Proc. ACM Human-Computer Interact., 2018.
[18]
S. L. Jones, K. Muir, E. I. M. Collins, A. Joinson, and A. Levordashka, “What is ‘cyber security’?: Differential language of cyber security across the lifespan,” in Conference on Human Factors in Computing Systems - Proceedings, 2019.
[19]
C. McMahon, “In Defence of the Human Factor,” Front. Psychol., vol. 11, no. 1390, 2020.
[20]
L. Hadlington, “Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours,” Heliyon, 2017.
[21]
V. Zimmermann and K. Renaud, “Moving from a ‘human-as-problem” to a ‘human-as-solution” cybersecurity mindset,” Int. J. Hum. Comput. Stud., 2019.
[22]
A. Whitten and J. D. Tygar, “Why Johnny can't encrypt: A usability evaluation of PGP 5.0,” in 8th USENIX Security Symposium, 1999.
[23]
Z. Benenson, G. Lenzini, D. Oliveira, S. Parkin, and S. Uebelacker, “Maybe poor johnny really cannot encrypt - The case for a complexity theory for usable security,” in ACM International Conference Proceeding Series, 2015.
[24]
S. McKenna, D. Staheli, and M. Meyer, “Unlocking user-centered design methods for building cyber security visualizations,” in 2015 IEEE Symposium on Visualization for Cyber Security, VizSec 2015, 2015.
[25]
K. M. Ramokapane, A. Rashid, and J. M. Such, “‘I feel stupid I can't delete...’: A study of users’ cloud deletion practices and coping strategies,” in Proceedings of the 13th Symposium on Usable Privacy and Security, SOUPS 2017, 2019.
[26]
U. D. Ani, H. He, and A. Tiwari, “Human factor security: evaluating the cybersecurity capacity of the industrial workforce,” J. Syst. Inf. Technol., 2019.
[27]
B. Friedman, P. H. Kahn, and A. Borning, “Value Sensitive Design and Information Systems,” in The Handbook of Information and Computer Ethics, 2009.
[28]
B. Friedman and P. Kahn, “Value sensitive design: Theory and methods,” Univ. Washingt. Tech., 2002.
[29]
S. U. Noble, Algorithms of oppression: How search engines reinforce racism. 2018.
[30]
R. Benjamin, “Race After Technology: Abolitionist Tools for the New Jim Code,” Soc. Forces, 2019.
[31]
J. Wajcman, “Feminist theories of technology,” Cambridge J. Econ., 2009.
[32]
S. Harding, “Feminist Standpoint Epistemology,” Gend. Sci. Read., 2001.
[33]
P. H. Collins, Black Feminist Thought: Knowledge, Consciousness, and the Politics of Empowerment. Routledge, 1990.
[34]
V. Braun, V. Clarke, N. Hayfield, and G. Terry, “Thematic analysis,” in Handbook of Research Methods in Health Social Sciences, 2019.
[35]
N. Gould, “Reflexivity,” in International Encyclopedia of the Social & Behavioral Sciences: Second Edition, 2015.
[36]
S. Eckert and J. Metzger‐Riftkin, “Doxxing,” in The International Encyclopedia of Gender, Media, and Communication, 2020.
[37]
L. Lucero, “Safe spaces in online places: social media and LGBTQ youth,” Multicult. Educ. Rev., 2017.
[38]
M. Wong-Villacres, “Decolonizing learning spaces for sociotechnical research and design,” in Proceedings of the ACM Conference on Computer Supported Cooperative Work, CSCW, 2020.
[39]
D. Pencheva, J. Hallett, and A. Rashid, “Bringing cyber to school: Integrating cybersecurity into secondary school education,” IEEE Secur. Priv., 2020.
[40]
J. Slupska, “Safe at Home: Towards a Feminist Critique of Cybersecurity,” St. Anthony's St Antony's Int. Rev., no. Whose Security is Cybersecurity? Authority, Responsibility and Power in Cyberspace, 2019.
[41]
Becky Kazansky, “‘It depends on your threat model’: the anticipatory dimensions of resistance to data-driven surveillance,” Big Data Soc., vol. 8, no. 1, 2021.
[42]
S. Akiwowo, “Digital Self Care,” Fix the Glitch, 2020. [Online]. Available: https://fixtheglitch.org/digitalselfcare/.

Cited By

View all
  • (2025)Doing cybersecurity at homeComputers and Security10.1016/j.cose.2024.104112148:COnline publication date: 1-Jan-2025
  • (2024)Abusive Partner Perspectives on Technology Abuse: Implications for Community-based Violence PreventionProceedings of the ACM on Human-Computer Interaction10.1145/36372928:CSCW1(1-25)Online publication date: 26-Apr-2024
  • (2024)A Critical Analysis of the Prevalence of Technology-Facilitated Abuse in US College StudentsExtended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3652036(1-12)Online publication date: 11-May-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CHI EA '21: Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems
May 2021
2965 pages
ISBN:9781450380959
DOI:10.1145/3411763
This work is licensed under a Creative Commons Attribution-NonCommercial International 4.0 License.

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 May 2021

Check for updates

Author Tags

  1. Cybersecurity
  2. action research
  3. community engagement
  4. feminism
  5. gender
  6. privacy
  7. race
  8. sexuality

Qualifiers

  • Poster
  • Research
  • Refereed limited

Conference

CHI '21
Sponsor:

Acceptance Rates

Overall Acceptance Rate 6,164 of 23,696 submissions, 26%

Upcoming Conference

CHI 2025
ACM CHI Conference on Human Factors in Computing Systems
April 26 - May 1, 2025
Yokohama , Japan

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)130
  • Downloads (Last 6 weeks)7
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)Doing cybersecurity at homeComputers and Security10.1016/j.cose.2024.104112148:COnline publication date: 1-Jan-2025
  • (2024)Abusive Partner Perspectives on Technology Abuse: Implications for Community-based Violence PreventionProceedings of the ACM on Human-Computer Interaction10.1145/36372928:CSCW1(1-25)Online publication date: 26-Apr-2024
  • (2024)A Critical Analysis of the Prevalence of Technology-Facilitated Abuse in US College StudentsExtended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3652036(1-12)Online publication date: 11-May-2024
  • (2024)AI in Health and Social Care: A Methodology for Privacy Risk Modeling and SimulationCompanion Proceedings of the ACM Web Conference 202410.1145/3589335.3651453(1150-1153)Online publication date: 13-May-2024
  • (2024)SoK: Safer Digital-Safety Research Involving At-Risk Users2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00071(635-654)Online publication date: 19-May-2024
  • (2023)"Employees who don't accept the time security takes are not aware enough"Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620367(2311-2328)Online publication date: 9-Aug-2023
  • (2023)Gender Nuances in Human-Computer Interaction ResearchProceedings of the XXII Brazilian Symposium on Human Factors in Computing Systems10.1145/3638067.3638077(1-12)Online publication date: 16-Oct-2023
  • (2023)A Scalable Inclusive Security Intervention to Center Marginalized & Vulnerable Populations in Security & Privacy DesignProceedings of the 2023 New Security Paradigms Workshop10.1145/3633500.3633508(102-115)Online publication date: 18-Sep-2023
  • (2023)"“My sex-related data is more sensitive than my financial data and I want the same level of security and privacy\": User Risk Perceptions and Protective Actions in Female-oriented Technologies"Proceedings of the 2023 European Symposium on Usable Security10.1145/3617072.3617100(1-14)Online publication date: 16-Oct-2023
  • (2023)Co-creating a Transdisciplinary Map of Technology-mediated Harms, Risks and Vulnerabilities: Challenges, Ambivalences and OpportunitiesProceedings of the ACM on Human-Computer Interaction10.1145/36101797:CSCW2(1-21)Online publication date: 4-Oct-2023
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media