Surfaces for Cyber-Security Awareness
Cyber-security poses a number of significant challenges, and we are interested in how surface technology can help. Some challenges must be addressed by professionals who specialize in the area. That subject is the focus of another SurfNet project: “Surfaces for Collaborative Security Analysis”.
Other challenges, however, involve people for whom cyber-security is only a secondary concern. For these challenges, we propose that surface technology can also help, because large interactive surfaces can serve as an often-present reminder of the issues, and the interactivity can be used to provide timely information, and allow exploration: this in turn can built strong mental models.
In this project, we address two secondary-task challenges for quite different audiences. First, we are addressing the general population of Internet users, and we use large-scale interactive displays to help user understanding of current cyber-security issues, especially “Phishing” (the use of fraudulent alerts and websites to trick users into divulging credentials). Second, we are addressing softare developers. Developers often have better knowledge of cyber-security risks, but their focus is on the arhcitecture and functionality of their software, and so they can easily miss details that cause vulnerailities that can be leveraged by attackers. For example, the 2014 “HeartBleed” vulneratity was caused by this, and affected thousands of servers across the world, including the Canada Revenue Agency. We are developing software large-scale interactive surfaces to facilitate security code reviews, to help build cross-team awareness of potential vulnerabilites, and track how they are resolved.