Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security

ion In general, but also especially in the context of TRESPASS, abstraction is important in relation to the goal of mitigating what can be an overriding complexity in some scenarios, that may confront the user of TRESPASS tools. It is also worth stating that risk assessment itself is a form of abstraction that enables a security practitioner to order contextual data and spotlight particular facets of the context before analysing it. The ways in which abstraction can be used are: • Initially in relation to formal modelling, for example, abstraction is needed to organise a view of the relevant infrastructure items, as well as to present a view of all of the actors and their behaviours. Simplifying these for the purposes of visualisation also tackles the more subtle features of these behaviours during iterative stages of modelling; secondly, • In the visualisations abstraction can be used to mitigate complexity and information densities in a constrained visual space. 3.2 Using standard interaction techniques to respond to complexity within the ANM The abstraction techniques are manifested in standard interaction techniques and these techniques have been deployed in the ANM in order to reduce the visual complexity of a particular aspect of a complex risk scenario. Possible approaches to tackle the visualisation of complex systems include: Filtering/highlighting/sorting filtering and/or highlighting and focusing can be used to select a subset of elements to reduce visual clutter; similarly, sorting of elements enables the focus to be confined to a subset, utilising a metric for the purposes of ranking Exploiting visual form and representative functions utilise visual form and well-known representative functions to allow quick and high-level recognition, e.g., the hover function to foreground virtual machines involved in a specific flow of information (see Figure 4.4) Using abstractions use abstractions in the set of elements to allow grouping ‘similar’ elements and combine into fewer elements in order to visualise effectively 2016-10-31 ICT-318003 11 3.2 Interaction techniques within the ANM D4.3.2 v1.0 Overview and drill-down give an overview of the total system, possibly starting with higher-level abstractions of subsystems, while allowing drill-down into individual subsystems to show more detail. This approach is explored for example with the “alluvial” view of relations between physical and virtual servers in TiCoVis (see Figure 4.3) Multiple views show multiple views of the system from different viewpoints or ‘gazes’ to highlight different aspects of the system at the same time in a coordinated-visualisation (North & Shneiderman, 2000) Some of these approaches can be combined for additional benefits, e.g., multiple views of the system are especially helpful when selections in one view are coordinated with all other visible views to see the selected entities in the different contexts and perspectives. In the remainder of this deliverable we report on two prototypes that deploy these techniques to visualise two particular aspects of advanced information security risk assessment in the cyber realm. 2016-10-31 ICT-318003 12 4 Visualising complexity in the Cloud scenario D4.3.2 v1.0 4 Visualising complexity in the Cloud scenario The Cloud use case in TRESPASS task T7.2 enables us to use our general approach to visualising complexity and to specifically develop some new tools. The cloud represents the three spheres that we use within TRESPASS visualisations, namely social, technological and physical: • a physical setting with rooms, doors and windows where, e.g., physical infrastructure pieces of a cloud environment are situated and where the different actors have access and can move, • software-defined virtual parts, like virtual machines, virtual network and storage, situated in an abstract and completely separate space, and • the social space where a distance between actors defines weak or strong relationships. At the same time, the physical elements (e.g., servers, network) can range in the tens of thousands, the virtual, software-defined components (e.g., virtual machines) can range in hundreds of thousands. In addition, there is typically a very large number of users of the cloud infrastructure and rather few, but very powerful, administrators. All these elements will interact (cooperating or interacting maliciously) leading to a complex behaviour over time, which leads in effect to a Complex Adaptive System—compare the discussion in The TRESPASS Project, D4.2.1 (2014). In the following, we show our work to represent a cloud environment as an example for a complex environment in a visually understandable way. Section 4.1 makes the start by showing work earlier during the project depicting a live cloud environment in real-time as a general graph. During this work we found that there is still a lack of visualisation making changes over time understandable in the current state of the art. Current software for managing cloud environments, like VMware vCenter or the Horizon dashboard of OpenStack, focus on the current state of the infrastructure and the ways to configure and manage the system. Corresponding monitoring tools, although showing the time aspect, are focused on technical details like memory or CPU utilisation, rather than changes of the structure or access control role. These changes are hardly visualised at all and mainly contained in text-based log files. Identifying changes in a complex and highly dynamic system is difficult but is a necessary aspect of cloud risk assessment. Missing relevant changes may lead to failure identifying violations of required policies, or missing steps indicating an intrusion (from the outside or 2016-10-31 ICT-318003 13 4.1 Live Visualisation of a cloud environment – SAVE D4.3.2 v1.0 by an insider). We can therefore see that failure to identify the changes that have taken place over time is a significant risk vulnerability in cloud administration. If we refer back to the visualisation challenges for TRESPASS that we stated earlier in this deliverable, we can see that our work in this deliverable responds to these challenges in a particular way: • The visualisation prototypes presented here identify the visualisation principles that enable the social (in this case cloud actors), technical, physical and organisational (particularly the administrative) changes to the cloud environment to be visualised both as an integrated whole and within their individual dimensions; • Develop visualisation techniques to respond to the challenges of change over time based on the visualisation principles identified; and • Develop general and specific techniques for visualising the inter-relationships between the social, technical, physical and organisational components and thereby enabling cloud administrators to identify potential vulnerabilities in the cloud environment resulting from system and configuration changes. As cloud systems, be it private or public, are highly attractive targets for intruders there is a high risk for attacks that might occur in smaller steps over a long period of time (e.g., in Advanced Persistent Threats (see for example (Fernandes, Soares, Gomes, Freire, & Inácio, 2014) and (Five, 2011)). Making changes of a cloud system more easily understandable by visualisation therefore is a means to handle such advanced risks. For this reason we have put our efforts into prototypes looking especially into visualisations to make changes of the system understandable. The two following prototypes, TiCoVis described in Section 4.2 and CEAV in Section 4.3, aim to give on the one hand a direct representation of change over time for a specific type of relation (in TiCoVis) and on the other hand a more complex structural representation of the cloud environment for selected time intervals, both focusing on change occuring over time. 4.1 Live Visualisation of a cloud environment – SAVE SAVE is a data extraction and policy analysis tool that was developed by IBM as part of the EU FP7 TClouds project (TClouds, 2013). The policy analysis required a simple network topology that the SAVE data collection engine built from information extracted from a number of cloud operating systems. During the TRESPASS project the data collection engine was extended to capture a richer set of information better suited to the requirements of the TRESPASS modelling language developed in WP1 (see The TRESPASS Project, D2.2.2 (2015)). The extended data extraction capabilities, in particular the ability to capture a consistent snapshot of a virtualised infrastructure were later transferred to an IBM product. As part of these extensions, work in the TRESPASS project on the visualisation of the status of the cloud environment focused on visualising the detailed system state in a live graph presentation (see Figure 4.1) for exploration and real-time highlighting of policy 2016-10-31 ICT-318003 14 4.1 Live Visualisation of a cloud environment – SAVE D4.3.2 v1.0 violations (see Figure 4.2). Detailed description of the work on security analysis and policy checking can be found in Bleikertz, Vogel, and Groß (2014) and Bleikertz, Vogel, Groß, and Mödersheim (2015). Figure 4.1: Graph visualisation of the live cloud environment state (using Gephi1). Different colors indicate different component types like physical servers, virtual machines, storage, network. The interface allows zooming and selecting components for a more detailed exploration. Following on from this work, we investigated how the changes in a complex cloud environment could be visually represented, to allow understanding in a visual way of the history of the system and some of the associated risks in that history. This lead to the prototypes described in the next two sections. Gephi The Open Graph Viz Platform at https://gephi.org 2016-10-31 ICT-318003 15 4.1 Live Visualisation of a cloud environment – SAVE D4.3.2 v1.0 Figure 4.2: SAVE Visualisation

[1]  Pieter H. Hartel,et al.  Portunes: Representing Attack Scenarios Spanning through the Physical, Digital and Social Domain , 2010, ARSPA-WITS.

[2]  Timoleon Kipouros,et al.  Visual analytics for evaluation of value impact in engineering design , 2016 .

[3]  Y. P. Breukers,et al.  The Vulnerability Ecosystem: Exploring vulnerability discovery and the resulting cyberattacks through agent-based modelling , 2016 .

[4]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[5]  Bjørnar Solhaug,et al.  Model-driven risk analysis of evolving critical infrastructures , 2014, J. Ambient Intell. Humaniz. Comput..

[6]  Nancy R. Mead Computer security: Art and science [Book Review] , 2003, IEEE Security & Privacy Magazine.

[7]  Jaap Gordijn,et al.  Business Modelling Is Not Process Modelling , 2000, ER.

[8]  Lorrie Faith Cranor,et al.  Lessons from a real world evaluation of anti-phishing training , 2008, 2008 eCrime Researchers Summit.

[9]  Ketil Stølen,et al.  Risk Analysis of Changing and Evolving Systems Using CORAS , 2011, FOSAD.

[10]  F. Grey,et al.  Playing seriously with strategy , 2004 .

[11]  Johan Roos,et al.  Strategy as Practice: From metaphor to practice in the crafting of strategy , 2005 .

[12]  Samir Ouchani,et al.  Security analysis of socio-technical physical systems , 2015, Comput. Electr. Eng..

[13]  O. Reiser,et al.  Principles Of Gestalt Psychology , 1936 .

[14]  Bjørnar Solhaug,et al.  Tool-Supported Risk Modeling and Analysis of Evolving Critical Infrastructures , 2012, CD-ARES.

[15]  Ravi Jhawar,et al.  A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees , 2016, STM.

[16]  K. Koffka Perception: an introduction to the Gestalt-Theorie. , 1922 .

[17]  Roy S. Kalawsky,et al.  Gaining Greater Insight through Interactive Visualization: A Human Factors Perspective , 2009 .

[18]  Florian Kammüller,et al.  Invalidating Policies using Structural Information , 2013, 2013 IEEE Security and Privacy Workshops.

[19]  Colin Ware,et al.  Information Visualization: Perception for Design , 2000 .

[20]  Benjamin Fry,et al.  Visualizing data - exploring and explaining data with the processing environment , 2008 .

[21]  Hennie Boeije,et al.  Analysis in qualitative research , 2010 .

[22]  Lorrie Faith Cranor,et al.  School of phish: a real-world evaluation of anti-phishing training , 2009, SOUPS.

[23]  Eleanor Singer Confidentiality, Risk Perception, and Survey Participation , 2004 .

[24]  Benjamin B. Bederson,et al.  A review of overview+detail, zooming, and focus+context interfaces , 2009, CSUR.

[25]  T. Ingold The perception of the environment : essays on livelihood, dwelling and skill , 2000 .

[26]  Mariëlle Stoelinga,et al.  A Rigorous, Compositional, and Extensible Framework for Dynamic Fault Tree Analysis , 2010, IEEE Transactions on Dependable and Secure Computing.

[27]  Hai Jin,et al.  A hybrid ranking approach to estimate vulnerability for dynamic attacks , 2011, Comput. Math. Appl..

[28]  Carlo Batini,et al.  Data Quality: Concepts, Methodologies and Techniques , 2006, Data-Centric Systems and Applications.

[29]  Robert L. Harris,et al.  Information Graphics: A Comprehensive Illustrated Reference , 1996 .

[30]  Shane Sendall,et al.  Model Transformation: The Heart and Soul of Model-Driven Software Development , 2003, IEEE Softw..

[31]  Melanie Mitchell,et al.  Complexity - A Guided Tour , 2009 .

[32]  N. Goodman,et al.  Languages of Art: An Approach to a Theory of Symbols , 1971 .

[33]  J. R. Landis,et al.  The measurement of observer agreement for categorical data. , 1977, Biometrics.

[34]  Ronald D. Williams,et al.  Taxonomies of attacks and vulnerabilities in computer systems , 2008, IEEE Communications Surveys & Tutorials.

[35]  T. Marteau,et al.  The Place of Inter-Rater Reliability in Qualitative Research: An Empirical Study , 1997 .

[36]  Trajce Dimkov,et al.  Alignment of organizational security policies: Theory and Practice , 2012 .

[37]  Ben Shneiderman,et al.  The eyes have it: a task by data type taxonomy for information visualizations , 1996, Proceedings 1996 IEEE Symposium on Visual Languages.

[38]  G. Ramunno,et al.  Trustworthy Clouds – Privacy and Resilience for Internet-scale Critical Infrastructure , 2011 .

[39]  Elizabeth Sillence,et al.  It won't happen to me: Promoting secure behaviour among internet users , 2010, Comput. Hum. Behav..

[40]  InduShobha N. Chengalur-Smith,et al.  An overview of social engineering malware: Trends, tactics, and implications , 2010 .

[41]  Jan Willemson,et al.  The Attack Navigator , 2015, GraMSec@CSF.

[42]  Mário M. Freire,et al.  Security issues in cloud environments: a survey , 2014, International Journal of Information Security.

[43]  Muaz A. Niazi,et al.  Multidisciplinary applications of complex networks modeling, simulation, visualization, and analysis , 2013, Complex Adapt. Syst. Model..

[44]  Steve Howard,et al.  Methods & tools: the rich picture: a tool for reasoning about work context , 1998, INTR.

[45]  Ben Shneiderman,et al.  Designing The User Interface , 2013 .

[46]  Viktor Mikhaĭlovich Glushkov,et al.  An Introduction to Cybernetics , 1957, The Mathematical Gazette.

[47]  Giovanni De Micheli,et al.  Design Space Exploration , 1992 .

[48]  J. Arditti,et al.  Intergenerational Transmission , 1992 .

[49]  Paul Dourish,et al.  What we talk about when we talk about context , 2004, Personal and Ubiquitous Computing.

[50]  Matt Bishop,et al.  A Critical Analysis of Vulnerability Taxonomies , 1996 .

[51]  Ketil Stølen,et al.  Evolution in Relation to Risk and Trust Management , 2010, Computer.

[52]  Ruth Breu,et al.  Evolution of Security Engineering Artifacts: A State of the Art Survey , 2014, Int. J. Secur. Softw. Eng..

[53]  T. Schatzki Social Practices: A Wittgensteinian Approach to Human Activity and the Social , 1996 .

[54]  Edward R. Tufte,et al.  Envisioning Information , 1990 .

[55]  Martin J. Eppler,et al.  A systematic framework for risk visualization in risk management and communication , 2009 .

[56]  E. Ostrom A Behavioral Approach to the Rational Choice Theory of Collective Action: Presidential Address, American Political Science Association, 1997 , 1998, American Political Science Review.

[57]  남영우 [서평] Urban Geography: a global perspective (Michael Pacione, 2001, Routledge, London, 663p.) , 2003 .

[58]  Matthew Phillips,et al.  Integrated Visualisation and Description of Complex Systems , 1999 .

[59]  Thomas Groß,et al.  Cloud radar: near real-time detection of security failures in dynamic virtualized infrastructures , 2014, ACSAC.

[60]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[61]  J. A. Robinson,et al.  A Machine-Oriented Logic Based on the Resolution Principle , 1965, JACM.

[62]  Erland Jonsson,et al.  How to systematically classify computer security intrusions , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[63]  Christopher Hadnagy,et al.  Social Engineering: The Art of Human Hacking , 2010 .

[64]  Flemming Nielson,et al.  Automated Generation of Attack Trees , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[65]  Jaap Gordijn,et al.  Value-based requirements engineering: exploring innovative e-commerce ideas , 2003, Requirements Engineering.

[66]  Chris North,et al.  Snap-together visualization: can users construct and operate coordinated visualizations? , 2000, Int. J. Hum. Comput. Stud..

[67]  R. Slangen Understanding Cyber-risk by Investigating the Behaviour of Defender and Threat Agent Organisations: Why a Complex Adaptive Systems Perspective Contributes to Further Understanding Cyber-risk , 2016 .

[68]  Christian W. Probst,et al.  Reachability-based Impact as a Measure for Insiderness , 2013, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[69]  M. Worthy,et al.  Self-disclosure as an exchange process. , 1969 .

[70]  Monique W. M. Jaspers,et al.  The think aloud method: a guide to user interface design , 2004, Int. J. Medical Informatics.

[71]  Jaap Gordijn,et al.  Using Value Models for Business Risk Analysis in e-Service Networks , 2015, PoEM.

[72]  Meng-Chow Kang Responsive Security: Be Ready to Be Secure , 2013 .

[73]  Jaap Gordijn,et al.  A Value-Oriented Approach to E-business Process Design , 2003, CAiSE.

[74]  Kim G. Larsen,et al.  Modelling Attack-defense Trees Using Timed Automata , 2016, FORMATS.

[75]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[76]  D. J. Huistra Automated generation of attack trees by unfolding graph transformation systems , 2016 .

[77]  Prince Mayurank Singh,et al.  Integrating business value in enterprise architecture modeling and analysis , 2013 .

[78]  Stephen Wolfram,et al.  A New Kind of Science , 2003, Artificial Life.

[79]  Christian W. Probst,et al.  The Risk of Risk Analysis-And its relation to the Economics of Insider Threats , 2009, WEIS.

[80]  Pieter Jan Stappers,et al.  DesignX: Complex Sociotechnical Systems , 2016 .

[81]  Stefano Zanero,et al.  A social-engineering-centric data collection initiative to study phishing , 2011, BADGERS '11.

[82]  Sebastian Mödersheim,et al.  Proactive Security Analysis of Changes in Virtualized Infrastructures , 2015, ACSAC.

[83]  Letizia Tanca,et al.  What you Always Wanted to Know About Datalog (And Never Dared to Ask) , 1989, IEEE Trans. Knowl. Data Eng..

[84]  N. Lavie Attention, Distraction, and Cognitive Control Under Load , 2010 .

[85]  Elizabeth Geary Henri Michaux – Experimentation with Signs , 2007 .

[86]  W. Weaver Science and complexity. , 1948, American scientist.

[87]  Roel Wieringa,et al.  Argumentation-based security requirements elicitation: The next round , 2014, 2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE).

[88]  Kim G. Larsen,et al.  Modelling Social-Technical Attacks with Timed Automata , 2015, MIST@CCS.

[89]  L. Faulkner Beyond the five-user assumption: Benefits of increased sample sizes in usability testing , 2003, Behavior research methods, instruments, & computers : a journal of the Psychonomic Society, Inc.

[90]  Jenifer Tidwell,et al.  Designing interfaces - patterns for effective interaction design , 2019 .

[91]  Florian Kammüller,et al.  Attack Tree Generation by Policy Invalidation , 2015, WISTP.

[92]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[93]  Mathias Frisch Visualization and interaction techniques for node-link diagram editing and exploration , 2012 .

[94]  Henk Jonkers,et al.  The Architecture of the ArchiMate Language , 2009, BMMDS/EMMSAD.

[95]  Bill Mcsweeney Security, Identity and Interests: A Sociology of International Relations , 1999 .

[96]  Alamgir Hossain,et al.  Awareness Program and AI based Tool to Reduce Risk of Phishing Attacks , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[97]  A. Hargadon Organizations in Action:Social Science Bases of Administrative Theory (Book) , 2003 .

[98]  Riccardo Mazza,et al.  Introduction to Information Visualization , 2009 .

[99]  John M. Flach,et al.  Complexity: learning to muddle through , 2011, Cognition, Technology & Work.

[100]  Stewart Kowalski,et al.  ST(CS)2 - Featuring socio-technical cyber security warning systems , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[101]  Rocco De Nicola,et al.  KLAIM: A Kernel Language for Agents Interaction and Mobility , 1998, IEEE Trans. Software Eng..

[102]  I. Mann Hacking the Human: Social Engineering Techniques and Security Countermeasures , 2008 .

[103]  Reza Pulungan,et al.  Time-Dependent Analysis of Attacks , 2014, POST.

[104]  Ketil Stølen,et al.  Security risk analysis of system changes exemplified within the oil and gas domain , 2014, International Journal on Software Tools for Technology Transfer.

[105]  Daniel L. Moody,et al.  The “Physics” of Notations: Toward a Scientific Basis for Constructing Visual Notations in Software Engineering , 2009, IEEE Transactions on Software Engineering.

[106]  Ketil Stølen,et al.  Model-Driven Risk Analysis - The CORAS Approach , 2010 .

[107]  Olga Gadyatskaya How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems , 2015, GraMSec@CSF.

[108]  George S. Avrunin,et al.  Automatic Fault Tree Derivation from Little-JIL Process Definitions , 2006, SPW/ProSim.

[109]  U. Şireli,et al.  Traceability of food. , 2015 .

[110]  Lawrence W. Sherman,et al.  HOT SPOTS OF CRIME AND CRIMINAL CAREERS OF PLACES , 1995 .

[111]  Jon Oldevik,et al.  Scenarios of Traceability in Model to Text Transformations , 2007, ECMDA-FA.

[112]  Yoko Akama,et al.  What community?: facilitating awareness of 'community' through playful triggers , 2010, PDC '10.

[113]  Martin Wattenberg,et al.  Arc diagrams: visualizing structure in strings , 2002, IEEE Symposium on Information Visualization, 2002. INFOVIS 2002..

[114]  J. Omarzu A Disclosure Decision Model: Determining How and When Individuals Will Self-Disclose , 2000 .

[115]  Daniel F. Sterne,et al.  On the buzzword 'security policy' , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[116]  Christian W. Probst,et al.  An extensible analysable system model , 2008, Inf. Secur. Tech. Rep..

[117]  Roelf J. Wieringa,et al.  An Introduction to Requirements Traceability , 1995 .

[118]  Rossouw von Solms,et al.  From information security to cyber security , 2013, Comput. Secur..

[119]  Maik Moeller Managing Information Security Risks The Octave Approach , 2016 .

[120]  Boris Dragovic,et al.  CASPEr: containment-aware security for pervasive computing environments , 2006 .

[121]  Jaap Gordijn,et al.  On the Interaction Between Business Models and Software Architecture in Electronic Commerce , 1999 .

[122]  Peter Liggesmeyer,et al.  Improving system reliability with automatic fault tree generation , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[123]  John H. Holland,et al.  Studying Complex Adaptive Systems , 2006, J. Syst. Sci. Complex..

[124]  Toshio Wakabayashi,et al.  Component-based modeling of systems for automated fault tree generation , 2009, Reliab. Eng. Syst. Saf..

[125]  Kim G. Larsen,et al.  Time for Statistical Model Checking of Real-Time Systems , 2011, CAV.

[126]  Jaap Gordijn,et al.  Business Case Modelling for E-Services , 2005, Bled eConference.

[127]  Florian Kammüller,et al.  Transforming Graphical System Models to Graphical Attack Models , 2015, GraMSec@CSF.

[128]  K. Newton,et al.  How General Is Trust in “Most People”? Solving the Radius of Trust Problem , 2011 .

[129]  Rocco De Nicola,et al.  Pattern Matching over a Dynamic Network of Tuple Spaces , 2005, FMOODS.

[130]  Harris Chaiklin Ghost in the Wires. My Adventures as the World’s Most Wanted Hacker , 2012 .

[131]  Lorrie Faith Cranor,et al.  Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish , 2007, SOUPS '07.

[132]  Habib Chabchoub,et al.  Traceability management system: Literature review and proposal of a system integrating risk management for hazardous products transportation , 2015, 2015 4th International Conference on Advanced Logistics and Transport (ICALT).

[133]  Y. Chang,et al.  Traceability in a food supply chain: Safety and quality perspectives , 2014 .

[134]  Eunjin Kim,et al.  Design and implementation of the honeycomb structure visualization system for the effective security situational awareness of large-scale networks* , 2014, Inscrypt 2014.

[135]  Kori Inkpen Quinn,et al.  Family accounts: a new paradigm for user accounts within the home environment , 2008, CSCW.