Security in HCI

会議の名前
CHI 2025
Exploring the Privacy and Security Challenges Faced by Migrant Domestic Workers in Chinese Smart Homes
要旨

The growing use of smart home devices poses considerable privacy and security challenges, especially for individuals like migrant domestic workers (MDWs) who may be surveilled by their employers. This paper explores the privacy and security challenges experienced by MDWs in multi-user smart homes through in-depth semi-structured interviews with 26 MDWs and 5 staff members of agencies that recruit and/or train domestic workers in China. Our findings reveal power imbalances in the relationships between MDWs and their employers and agencies, influenced by Chinese cultural and social factors (such as Confucianism and collectivism) as well as legal ones. Furthermore, the widespread and normalized use of surveillance technologies in China, particularly in public spaces, exacerbates these power imbalances, reinforcing a sense of constant monitoring and control. Drawing on our findings, we provide recommendations for domestic worker agencies and policymakers to address the privacy and security challenges faced by MDWs in Chinese smart homes.

著者
Shijing He
King's College London, London, United Kingdom
Xiao Zhan
King's College London, London, United Kingdom
Yaxiong Lei
University of St Andrews, St Andrews, United Kingdom
Yueyan Liu
China Academy of Art, Hangzhou, China
Ruba Abu-Salma
King's College London, London, United Kingdom
Jose Such
King's College London, London, United Kingdom
DOI

10.1145/3706598.3713616

論文URL

https://dl.acm.org/doi/10.1145/3706598.3713616

動画
Of Secrets and Seedphrases: Conceptual misunderstandings and security challenges for seed phrase management among cryptocurrency users
要旨

Cryptocurrency adoption has surged dramatically, with over 500 million global users. Despite the appeal of self-custodial wallets, which grant users control over their assets, these users often struggle with the complexities of securing seed phrases, leading to substantial financial losses. This paper investigates the behaviors, challenges, and security practices of cryptocurrency users regarding seed phrase management. We conducted a mixed-methods study comprising semi-structured interviews with 20 participants and a comprehensive survey of 643 respondents. Our findings reveal significant gaps in users' understanding and practices around seed phrase security and the circumstances under which users share their seed phrases. We also explore users' mental models of shared accounts and strategies for handling cryptocurrency assets in the event of death. We found that the majority of our participants harbored significant misconceptions about seed phrases that could expose them to significant security risks --- e.g., only 43% could correctly identify an image of a seed phrase, many believed they could reset their seed phrase if they lost them. Moreover, only a minority have engaged in any estate planning for their crypto assets. By identifying these challenges and behaviors, we provide actionable insights for the design of more secure and user-friendly cryptocurrency wallets, ultimately aiming to enhance user confidence in managing their crypto assets reduce their exposure to scams and accidental loss of assets, and simplify the creation of bequeathment plans.

著者
Farida Eleshin
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Qi Sun
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Mengzhe Ye
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Sauvik Das
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
Jason I. Hong
Carnegie Mellon University, Pittsburgh, Pennsylvania, United States
DOI

10.1145/3706598.3713209

論文URL

https://dl.acm.org/doi/10.1145/3706598.3713209

動画
"Perfect is the Enemy of Good": The CISO's Role in Enterprise Security as a Business Enabler
要旨

Chief Information Security Officers (CISOs) are responsible for setting and executing organizations' information security strategies. This role has only grown in importance as a result of today's increasingly high-stakes threat landscape. To understand these key decision-makers, we interviewed 16 current and former CISOs to understand how they build a security strategy and the day-to-day obstacles that they face. Throughout, we find that the CISO role is strongly shaped by a business enablement perspective, driven by broad organizational goals beyond solely technical protection. Within that framing, we describe the most salient concerns for CISOs, isolate key decision-making factors they use when prioritizing security investments, and surface practical complexities and pain points that they face in executing their strategy. Our results surface opportunities to help CISOs better navigate the complex task of managing organizational risk, as well as lessons for how security tools can be made more deployable in practice.

著者
Kimberly Ruth
Stanford University, Stanford, California, United States
Veronica A.. Rivera
Stanford University, Stanford, California, United States
Gautam Akiwate
Stanford University, Stanford, California, United States
Aurore Fass
CISPA Helmholtz Center for Information Security, Saarbrucken, Germany
Patrick Gage Kelley
Google, New York City, New York, United States
Kurt Thomas
Google, Mountain View, California, United States
Zakir Durumeric
Stanford University, Stanford, California, United States
DOI

10.1145/3706598.3713895

論文URL

https://dl.acm.org/doi/10.1145/3706598.3713895

動画
Beyond Deterrence: A Systematic Review of the Role of Autonomous Motivation in Organizational Security Behavior Studies
要旨

What drives employees to ensure security when handling information assets in organizations? There is growing interest from the security behavior community in how autonomous motivators shape employees’ security-related behaviors. To reconcile the scattered viewpoints on autonomous motivation and synthesize findings from studies utilizing various theoretical frameworks, we systematically reviewed relevant publications. We present a preregistered literature review that investigated (a) what forms of autonomous motivation have been examined in organizational security contexts, (b) which behaviors/behavioral intentions are related to autonomous motivators, and (c) how autonomous motivation affects employees’ security behaviors. Based on an initial set of 432 papers, filtered down to 45 studies, we identified 17 unique autonomous motivators and three types of related security behaviors. This review not only develops a refined taxonomy of autonomous motivation related to security behaviors but also charts a path forward for future research on autonomous motivation in human-centered security.

受賞
Honorable Mention
著者
Xiaowei Chen
University of Luxembourg, Esch-sur-Alzette, Luxembourg
Lorin Schöni
ETH Zurich, Zurich, Switzerland
Verena Distler
Aalto University , Espoo, Finland
Verena Zimmermann
ETH Zürich, Zürich, Switzerland
DOI

10.1145/3706598.3713122

論文URL

https://dl.acm.org/doi/10.1145/3706598.3713122

動画
Permission Rationales in the Web Ecosystem: An Exploration of Rationale Text and Design Patterns
要旨

Modern web applications use features like camera and geolocation for personalized experiences, requiring user permission via browser prompts. To explain these requests, applications provide rationales—contextual information on why permissions are needed. Despite their importance, little is known about how often rationales appear on the web or their influence on user decisions. This paper presents the first large-scale study of how the web ecosystem handles permission rationales, covering three areas: (i) identifying webpages that use permissions, (ii) detecting and classifying permission rationales, and (iii) analyzing their attributes to understand their impact on user decisions. We examined over 770K webpages from Chrome telemetry, finding 3.6K unique rationale texts and 749 rationale UIs across 85K pages. We extracted key rationale attributes and assessed their effect on user behavior by cross-referencing them with Chrome telemetry data. Our findings reveal nine key insights, providing the first evidence of how different rationales affect user decisions.

受賞
Best Paper
著者
Yusra Elbitar
CISPA Helmholtz Center for Information Security, Saarbruecken, Germany
Soheil Khodayari
CISPA Helmholtz Center for Information Security, Saarbruecken, Germany
Marian Harbach
Google, Munich, Germany
Gianluca De Stefano
CISPA Helmholtz Center for Information Security, Saarbruecken, Germany
Balazs Csaba. Engedy
Google, Munich, Germany
Giancarlo Pellegrino
CISPA Helmholtz Center for Information Security, Saarbruecken, Germany
Sven Bugiel
CISPA Helmholtz Center for Information Security, Saarbruecken, Germany
DOI

10.1145/3706598.3713547

論文URL

https://dl.acm.org/doi/10.1145/3706598.3713547

動画
Using Anonymous Discussion Platforms to Support Open Conversations about Cybersecurity in Organisations
要旨

People-centred security is critical for the security of an organisation, but we know that it comes at a cost. Recently the academic literature base has started to focus on how security might be understood and promoted as a facet of the overall culture of an organisation. This work sets out to understand the experiences of employees and management when using an anonymous online discussion platform to discuss cybersecurity policies. Following a 2-week deployment in a large UK educational institution, we found that anonymity helped individuals share their experiences, and that these experiences helped others understand more about the rationale for security policies. However, we also found that anonymity negatively impacted on individuals’ ability to discuss specific problems and follow up on incidents. We discuss the opportunities and challenges of using anonymous discussion platforms in organisations for improving the security culture through social participation and a more transparent listening culture.

著者
Eve Jenkins
Northumbria University, Newcastle, United Kingdom
Dinislam Abdulgalimov
Monash University, Melbourne, Victoria, Australia
Pamela Briggs
Northumbria University, Newcastle upon Tyne, United Kingdom
Patrick Olivier
Monash University, Melbourne, VIC, Australia
James Nicholson
Northumbria University, Newcastle upon Tyne, United Kingdom
DOI

10.1145/3706598.3713290

論文URL

https://dl.acm.org/doi/10.1145/3706598.3713290

動画
The TaPSI Research Framework - A Systematization of Knowledge on Tangible Privacy and Security Interfaces
要旨

This paper presents a comprehensive Systematization of Knowledge on tangible privacy and security interfaces (TaPSI). Tangible interfaces provide physical forms for digital interactions. They can offer significant benefits for privacy and security applications by making complex and abstract security concepts more intuitive, comprehensible, and engaging. Through a literature survey, we collected and analyzed 80 publications. We identified terminology used in these publications and addressed usable privacy and security domains, contributions, applied methods, implementation details, and opportunities or challenges inherent to TaPSI. Based on our findings, we define TaPSI and propose the TaPSI Research Framework, which guides future research by offering insights into when and how to conduct research on privacy and security involving TaPSI as well as a design space of TaPSI.

著者
Sarah Delgado Rodriguez
University of the Bundeswehr Munich, Munich, Germany
Maximiliane Windl
LMU Munich, Munich, Germany
Florian Alt
LMU Munich, Munich, Germany
Karola Marky
Ruhr University Bochum, Bochum, Germany
DOI

10.1145/3706598.3713968

論文URL

https://dl.acm.org/doi/10.1145/3706598.3713968

動画