CAE Tech Talk - Oct 21: Understanding How People with Impairment Authenticate and A User-Oriented Approach for Security and Privacy Protection

Posted on 10/14/21 11:05 AM

Mark your calendars and come join your friends in the CAE community for a Tech Talk. CAE
Tech Talks are free and conducted live in real-time over the Internet so no travel is required.
Capitol Technology University (CTU) hosts the presentations using Zoom which employs slides,
VOIP, and chat for live interaction. Just log in as “Guest” and enjoy the presentation(s).

 

Topic One: Understanding How People with Upper Extremity Impairment Authenticate on their Personal
Computing Devices

Date: October 21, 2021

Time: 1:00 p.m.-1:50 p.m. EST

Location: Zoom Meeting
Just log in as "Guest" and enter your name. No password required.

Audience: Students, professors, government

Presenters:  Brittany Lewis, University of Rhode Island  

Description: Authentication has become increasingly ubiquitous for controlling access to
personal computing devices (e.g., laptops, tablets, and smartphones). However, current ways of
authenticating to these devices often require users to perform complex actions with their arms,
hands or fingers (e.g., typing complex passwords or positioning a camera for facial recognition).
This can create barriers for people with upper extremity impairment (UEI). A person with UEI lacks range of motion, strength, endurance, speed, and/or accuracy associated with arms,
hands, or fingers. My research focuses on creating more accessible personal computing device
authentication for people with UEI. In this talk, I will be discussing my work which explores the
experiences people with UEI have when authenticating to their personal computing devices,
what future research is necessary to make authentication accessible to them, and what impact
the COVID-19 pandemic has had on their computing device use.

 

Topic Two: A User-Oriented Approach and Tool for Security and Privacy Protection on the Web

Date: October 21, 2021

Time: 2:00 p.m.-2:50 p.m. EST

Location: Zoom Meeting
Just log in as "Guest" and enter your name. No password required.

Audience: Students, professors, government

Presenters:  Dr. Phu Phung, University of Dayton  

Description: We introduce a novel approach to protecting the privacy of web users. We
propose to monitor the behaviors of JavaScript code within a web origin based on the source of
the code, i.e., code origin, to detect and prevent malicious actions that would compromise
users’ privacy. Our code-origin policy enforcement approach not only advances the
conventional same-origin policy standard but also goes beyond the “all-or-nothing”
contemporary ad-blockers and tracker-blockers. In particular, our monitoring mechanism does
not rely on browsers’ network request interception and blocking as in existing blockers. In
contrast, we monitor the code that reads or sends user data sent out of the browser to enforce
fine-grained and context-aware policies based on the origin of the code. We implement a
proof-of-concept prototype and perform practical evaluations to demonstrate the effectiveness
of our approach. Our experimental results evidence that the proposed method can detect and
prevent data leakage channels not captured by the leading tools such as Ghostery and uBlock
Origin. We show that our prototype is compatible with major browsers and popular real-world
websites with promising runtime performance. Although implemented as a browser extension,
our approach is browser-agnostic and can be integrated into the core of a browser as it is based
on standard JavaScript  

 

Download the talk flyer

A recording of the live presentation will be available soon via this link.

Contact us at CAETechTalk@nsa.gov

IUP Institute for Cyber Security