skip to main content
10.1145/2600176.2600200acmotherconferencesArticle/Chapter ViewAbstractPublication PageshotsosConference Proceedingsconference-collections
research-article

Building the security behavior observatory: an infrastructure for long-term monitoring of client machines

Published: 08 April 2014 Publication History

Abstract

We present an architecture for the Security Behavior Observatory (SBO), a client-server infrastructure designed to collect a wide array of data on user and computer behavior from hundreds of participants over several years. The SBO infrastructure had to be carefully designed to fulfill several requirements. First, the SBO must scale with the desired length, breadth, and depth of data collection. Second, we must take extraordinary care to ensure the security of the collected data, which will inevitably include intimate participant behavioral data. Third, the SBO must serve our research interests, which will inevitably change as collected data is analyzed and interpreted. This short paper summarizes some of our design and implementation benefits and discusses a few hurdles and trade-offs to consider when designing such a data collection system.

References

[1]
B. Berendt, O. Günther, and S. Spiekermann. Privacy in e-commerce: Stated preferences vs. actual behavior. Communications of the ACM, 48(4), April 2005.
[2]
M. Brewer. Research design and issues of validity. Handbook of research methods in social and personality psychology, pages 3--16, 2000.
[3]
A. De Luca, M. Langheinrich, and H. Hussmann. Towards understanding ATM security -- a field study of real world ATM use. In Symposium on Usable Privacy and Security (SOUPS). ACM, 2010.
[4]
A. Sotirakopoulos, K. Hawkey, and K. Beznosov. On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings. In Symposium on Usable Privacy and Security (SOUPS). ACM, 2011.

Cited By

View all
  • (2024)Challenges of Usable PrivacyThe Curious Case of Usable Privacy10.1007/978-3-031-54158-2_4(103-131)Online publication date: 20-Mar-2024
  • (2022)"Adulthood is trying each of the same six passwords that you use for everything": The Scarcity and Ambiguity of Security Advice on Social MediaProceedings of the ACM on Human-Computer Interaction10.1145/35551546:CSCW2(1-27)Online publication date: 11-Nov-2022
  • (2021)What breach? Measuring online awareness of security incidents by studying real-world browsing behaviorProceedings of the 2021 European Symposium on Usable Security10.1145/3481357.3481517(180-199)Online publication date: 11-Oct-2021
  • Show More Cited By

Index Terms

  1. Building the security behavior observatory: an infrastructure for long-term monitoring of client machines

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Other conferences
        HotSoS '14: Proceedings of the 2014 Symposium and Bootcamp on the Science of Security
        April 2014
        184 pages
        ISBN:9781450329071
        DOI:10.1145/2600176
        Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

        Sponsors

        • No. Carolina State Univeresity: North Carolina State University

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 08 April 2014

        Check for updates

        Qualifiers

        • Research-article

        Conference

        HotSoS '14
        Sponsor:
        • No. Carolina State Univeresity
        HotSoS '14: Symposium and Bootcamp on the Science of Security
        April 8 - 9, 2014
        North Carolina, Raleigh, USA

        Acceptance Rates

        HotSoS '14 Paper Acceptance Rate 12 of 21 submissions, 57%;
        Overall Acceptance Rate 34 of 60 submissions, 57%

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)7
        • Downloads (Last 6 weeks)0
        Reflects downloads up to 27 Jan 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2024)Challenges of Usable PrivacyThe Curious Case of Usable Privacy10.1007/978-3-031-54158-2_4(103-131)Online publication date: 20-Mar-2024
        • (2022)"Adulthood is trying each of the same six passwords that you use for everything": The Scarcity and Ambiguity of Security Advice on Social MediaProceedings of the ACM on Human-Computer Interaction10.1145/35551546:CSCW2(1-27)Online publication date: 11-Nov-2022
        • (2021)What breach? Measuring online awareness of security incidents by studying real-world browsing behaviorProceedings of the 2021 European Symposium on Usable Security10.1145/3481357.3481517(180-199)Online publication date: 11-Oct-2021
        • (2019)Better beware: comparing metacognition for phishing and legitimate emailsMetacognition and Learning10.1007/s11409-019-09197-5Online publication date: 20-Jul-2019
        • (2018)Away from prying eyesProceedings of the Fourteenth USENIX Conference on Usable Privacy and Security10.5555/3291228.3291242(159-175)Online publication date: 12-Aug-2018
        • (2018)Technological and Human Factors of Malware AttacksACM Transactions on Privacy and Security10.1145/321031121:4(1-30)Online publication date: 12-Jul-2018
        • (2018)Observation Measures to Profile User Security Behaviour2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)10.1109/CyberSecPODS.2018.8560686(1-6)Online publication date: Jun-2018
        • (2017)ReplicationProceedings of the Thirteenth USENIX Conference on Usable Privacy and Security10.5555/3235924.3235947(271-284)Online publication date: 12-Jul-2017
        • (2016)Do or do not, there is no tryProceedings of the Twelfth USENIX Conference on Usable Privacy and Security10.5555/3235895.3235904(97-111)Online publication date: 22-Jun-2016
        • (2015)Complex event processing for reactive security monitoring in virtualized computer systemsProceedings of the 9th ACM International Conference on Distributed Event-Based Systems10.1145/2675743.2771829(22-33)Online publication date: 24-Jun-2015
        • Show More Cited By

        View Options

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Figures

        Tables

        Media

        Share

        Share

        Share this Publication link

        Share on social media