Search results

As an emerging tool for data discovery, data retrieval systems fail to effectively support users' cognitive processes during data search and access. To uncover the relationship between data search and access and the cognitive mechanisms underlying this relationship, this paper examines the associations between affective memories, perceived value, search effort and the intention to access data during users' interactions with data retrieval systems.

This study conducted a user experiment for which 48 doctoral students from different disciplines were recruited. The authors collected search logs, screen recordings, questionnaires and eye movement data during the interactive data search. Multiple linear regression was used to test the hypotheses.

The results indicate that positive affective memories positively affect perceived value, while the effects of negative affective memories on perceived value are nonsignificant. Utility value positively affects search effort, while attainment value negatively affects search effort. Moreover, search effort partially positively affects the intention to access data, and it serves a full mediating role in the effects of utility value and attainment value on the intention to access data.

Through the comparison between the findings of this study and relevant findings in information search studies, this paper reveals the specificity of behaviour and cognitive processes during data search and access and the special characteristics of data discovery tasks. It sheds light on the inhibiting effect of attainment value and the motivating effect of utility value on data search and the intention to access data. Moreover, this paper provides new insights into the role of memory bias in the relationships between affective memories and data searchers' perceived value.

The purpose of this paper is to analyse the problem of privacy disclosure of third party applications in online social networks (OSNs) through Facebook, investigate the limitations in the existing models to protect users privacy and propose a permission-based access control (PBAC) model, which gives users complete control over users’ data when accessing third party applications.

A practical model based on the defined permission policies is proposed to manage users information accessed by third party applications and improve user awareness in sharing sensitive information with them. This model is a combination of interfaces and internal mechanisms which can be adopted by any OSN having similar architecture to Facebook in managing third party applications, without much structural changes. The model implemented in Web interface connects with Facebook application programming interface and evaluates its efficacy using test cases.

The results show that the PBAC model can facilitate user awareness about privacy risks of data passed on to third party applications and allow users who are more concerned about their privacy from releasing such information to those applications.

The study provides further research in protecting users’ privacy in OSNs and thus avoid the risks associated with that, thereby increasing users’ trust in using OSNs.

The research has proven to be useful in improving user awareness on the risk associated with sharing private information on OSNs, and the practically implemented PBAC model guarantees full user privacy from unwanted disclosure of personal information to third party applications.

The interoperability of cloud data between web applications and mobile devices has vastly improved over recent years. The popularity of social media, smartphones and cloud-based web services have contributed to the level of integration that can be achieved between applications. This paper investigates the potential security issues of OAuth, an authorisation framework for granting third-party applications revocable access to user data. OAuth has rapidly become an interim de facto standard for protecting access to web API data. Vendors have implemented OAuth before the open standard was officially published. To evaluate whether the OAuth 2.0 specification is truly ready for industry application, an entire OAuth client server environment was developed and validated against the speciation threat model. The research also included the analysis of the security features of several popular OAuth integrated websites and comparing those to the threat model. High-impacting exploits leading to account hijacking were identified with a number of major online publications. It is hypothesised that the OAuth 2.0 specification can be a secure authorisation mechanism when implemented correctly.

To analyse the security of OAuth implementations in industry a list of the 50 most popular websites in Ireland was retrieved from the statistical website Alexa (Noureddine and Bashroush, 2011). Each site was analysed to identify if it utilised OAuth. Out of the 50 sites, 21 were identified with OAuth support. Each vulnerability in the threat model was then tested against each OAuth-enabled site. To test the robustness of the OAuth framework, an entire OAuth environment was required. The proposed solution would compose of three parts: a client application, an authorisation server and a resource server. The client application needed to consume OAuth-enabled services. The authorisation server had to manage access to the resource server. The resource server had to expose data from the database based on the authorisation the user would be given from the authorisation server. It was decided that the client application would consume emails from Google’s Gmail API. The authorisation and resource server were modelled around a basic task-tracking web application. The client application would also consume task data from the developed resource server. The client application would also support Single Sign On for Google and Facebook, as well as a developed identity provider “MyTasks”. The authorisation server delegated authorisation to the client application and stored cryptography information for each access grant. The resource server validated the supplied access token via public cryptography and returned the requested data.

Two sites out of the 21 were found to be susceptible to some form of attack, meaning that 10.5 per cent were vulnerable. In total, 18 per cent of the world’s 50 most popular sites were in the list of 21 OAuth-enabled sites. The OAuth 2.0 specification is still very much in its infancy, but when implemented correctly, it can provide a relatively secure and interoperable authentication delegation mechanism. The IETF are currently addressing issues and expansions in their working drafts. Once a strict level of conformity is achieved between vendors and vulnerabilities are mitigated, it is likely that the framework will change the way we access data on the web and other devices.

OAuth is flexible, in that it offers extensions to support varying situations and existing technologies. A disadvantage of this flexibility is that new extensions typically bring new security exploits. Members of the IETF OAuth Working Group are constantly refining the draft specifications and are identifying new threats to the expanding functionality. OAuth provides a flexible authentication mechanism to protect and delegate access to APIs. It solves the password re-use across multiple accounts problem and stops the user from having to disclose their credentials to third parties. Filtering access to information by scope and giving the user the option to revoke access at any point gives the user control of their data. OAuth does raise security concerns, such as defying phishing education, but there are always going to be security issues with any authentication technology. Although several high impacting vulnerabilities were identified in industry, the developed solution proves the predicted hypothesis that a secure OAuth environment can be built when implemented correctly. Developers must conform to the defined specification and are responsible for validating their implementation against the given threat model. OAuth is an evolving authorisation framework. It is still in its infancy, and much work needs to be done in the specification to achieve stricter validation and vendor conformity. Vendor implementations need to become better aligned in order to provider a rich and truly interoperable authorisation mechanism. Once these issues are resolved, OAuth will be on track for becoming the definitive authentication standard on the web.

This study/ paper aims to empirically examine the user attitude on perceived security of enterprise systems (ES) mobility. Organizations are adopting mobile technologies for various business applications including ES to increase the flexibility and to gain sustainable competitive advantage. At the same time, end-users are exposed to security issues when using mobile technologies. The ES have seen breaches and malicious intrusions thereby more sophisticated recreational and commercial cybercrimes have been witnessed. ES have seen data breaches and malicious intrusions leading to more sophisticated cybercrimes. Considering the significance of security in ES mobility, the research questions in this study are: What are the security issues of ES mobility? What are the influences of users’ attitude towards those security issues? What is the impact of users’ attitude towards security issues on perceived security of ES mobility?

These questions are addressed by empirically testing a security model of mobile ES by collecting data from users of ES mobile systems. Hypotheses were evolved and tested by data collected through a survey questionnaire. The questionnaire survey was administered to 331 users from Chinese small and medium-sized enterprises (SME). The data was statistically analysed by tools such as correlation, factor analysis, regression and the study built a structural equation model (SEM) to examine the interactions between the variables.

The study results have identified the following security issues: users’ attitude towards mobile device security issues; users’ attitude towards wireless network security issues; users’ attitude towards cloud computing security issues; users’ attitude towards application-level security issues; users’ attitude towards data (access) level security issues; and users’ attitude towards enterprise-level security issues.

The study results are based on a sample of users from Chinese SMEs. The findings may lack generalizability. Therefore, researchers are encouraged to examine the model in a different context. The issues requiring further investigation are the role of gender and type of device on perceived security of ES mobile systems.

The results show that the key security issues are related to a mobile device, wireless network, cloud computing, applications, data and enterprise. By understanding these issues and the best practices, organizations can maintain a high level of security of their mobile ES.

Apart from understanding the best practices and the key issues, the authors suggest management and end-users to work collaboratively to achieve a high level of security of the mobile ES.

This is an empirical study conducted from the users’ perspective for validating the set of research hypotheses related to key security issues on the perceived security of mobile ES.

In the Web 2.0 era, users massively communicate through social networking services (SNS), often under false expectations that their communications and personal data are private. This paper aims to analyze privacy requirements of personal communications over a public medium.

This paper systematically analyzes SNS services as communication models and considers privacy as an attribute of users’ communication. A privacy threat analysis for each communication model is performed, based on misuse scenarios, to elicit privacy requirements per communication type.

This paper identifies all communication attributes and privacy threats and provides a comprehensive list of privacy requirements concerning all stakeholders: platform providers, users and third parties.

Elicitation of privacy requirements focuses on the protection of both the communication’s message and metadata and takes into account the public–private character of the medium (SNS platform). The paper proposes a model of SNS functionality as communication patterns, along with a method to analyze privacy threats. Moreover, a comprehensive set of privacy requirements for SNS designers, third parties and users involved in SNS is identified, including voluntary sharing of personal data, the role of the SNS platforms and the various types of communications instantiating in SNS.

The purpose of this study is to understand user perceptions and misconceptions regarding security tools. Security and privacy-preserving tools (for brevity, the authors term them as “security tools” in this paper, unless otherwise specified) are designed to protect the security and privacy of people in the digital environment. However, inappropriate use of these tools can lead to unexpected consequences that are preventable. Hence, it is significant to examine why users do not understand the security tools.

The authors conducted a qualitative study with 40 participants in the USA to investigate the prevalent misconceptions of people regarding security tools, their perceptions of data access and the corresponding impact on their usage behavior and data protection strategies.

While security vulnerabilities are often rooted in people’s internet usage behavior, this study examined user’s mental models of the internet and unpacked how the misconceptions about security tools relate to those mental models.

Based on the findings, this study offers recommendations highlighting the design aspects of security tools that need careful attention from researchers and industry practitioners, to alleviate users’ misconceptions and provide them with accurate conceptual models toward the desired use of security tools.

Customer identity and access management (CIAM) is a sub-genre of traditional identity and access management (IAM) that has emerged in the past few years to meet evolving business requirements. CIAM focuses on the connectivity with the customer when accessing any type of systems, on-premises and in the cloud, from registration to track. The purpose of this study is to introduce different dimensions of CIAM toward exploiting them in organizations.

Based on a thorough review of the relevant literature and semi-structured interview with six experts in the field of digital IAM the necessary data were gathered. Then through the use of content analysis technique, analytic codes and also categories and sub-categories of the data were generated.

Results indicate that four categories, namely, customer identity management, customer access management and information technology and business management are the most important factors affecting the identification of CIAM dimensions.

Organizations could avail of the proposed conceptual model toward identification and offering customized products and services solutions to their customers.

This article explores the recent turn within academic publishing towards ‘seamless access’, an approach to content provision that ensures users do not have to continually authenticate in order to access journal content.

Through a critical exploration of Get Full Text Research, a service developed collaboratively by five of the world's largest academic publishers to provide such seamless access to academic research, the article shows how publishers are seeking to control the ways in which readers access publications in order to trace, control and ultimately monetise user interactions on their platforms.

Theorised as a process of individuation through infrastructure, the article reveals how publishers are attempting an ontological shift to position the individual, quantifiable researcher, rather than the published content, at the centre of the scholarly communication universe.

The implications of the shift towards individuation are revealed as part of a broader trend in scholarly communication infrastructure towards data extraction, mirroring a trend within digital capitalism more generally.

Mobile devices (smartphones, tables etc.) have become the de facto means of accessing the internet. While traditional Web browsing is still quite popular, significant interaction takes place via native mobile apps that can be downloaded either freely or at a cost. This has opened the door to a number of issues related to privacy protection since the smartphone stores and processes personal data. The purpose of this paper is to examine the extent of access to personal data, required by the most popular mobile apps available in Google Play store. In addition, it is examined whether the relevant procedure is in accordance with the provisions of the new EU Regulation.

The paper examines more than a thousand mobile apps, available from the Google Play store, with respect to the extent of the requests for access to personal data. In particular, for each available category in Google Play store, the most popular mobile apps have been examined both for free and paid apps. In addition, the permissions required by free and paid mobile apps are compared. Furthermore, a correlation analysis is carried out aiming to reveal any correlation between the extent of required access to personal data and the popularity and the rating of each mobile app.

The findings of this paper suggest that the majority of examined mobile apps require access to personal data to a high extent. In addition, it is found that free mobile apps request access to personal data in a higher extent compared to the relevant requests by paid apps, which indicates strongly that the business model of free mobile apps is based on personal data exploitation. The most popular types of access permissions are revealed for both free and paid apps. In addition, important questions are raised in relation to user awareness and behavior, data minimization and purpose limitation for free and paid mobile apps.

In this study, the process and the extent of access to personal data through mobile apps are analyzed. Although several studies analyzed relevant issues in the past, the originality of this research is mainly based on the following facts: first, this work took into account the recent Regulation of the EU in relation to personal data (GDPR); second, the authors analyzed a high number of the most popular mobile apps (more than a thousand); and third, the authors compare and analyze the different approaches followed between free and paid mobile apps.

Each of the agencies participating in GCDIS will play a role appropriate to its agency mission and consistent with the funds available to it. Descriptions of each agency's resources follow. Each agency will implement the GCDIS at its own pace.