Someone to watch over me

Traditional security mechanisms are part of a larger socio-technical system involving the people and organizations that use them. Yet, those security mechanisms rarely take this social context and social processes into account. In this paper we propose to make security more social, by integrating community oversight into security mechanisms. Like a neighborhood watch, community oversight can provide additional information as more people are able to detect anomalies and problems, as well as foster greater awareness and social norms of security-related behaviors. We describe this new paradigm, several scenarios of use, and the sets of issues involved in implementing this approach.

[1]  Wendy E. Mackay,et al.  Patterns of sharing customizable software , 1990, CSCW '90.

[2]  R. Kraut,et al.  Varieties of Social Influence: the Role of Utility and Norms in the Success of a New Communication Medium , 1998 .

[3]  T. Postmes,et al.  Social Influence in Computer-Mediated Communication: The Effects of Anonymity on Group Behavior , 2001 .

[4]  Audun Jsang,et al.  Analysing topologies of transitive trust , 2003 .

[5]  Melissa Guenther,et al.  Security/Privacy Compliance: Culture Change , 2004 .

[6]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[7]  Helen J. Wang,et al.  Friends Troubleshooting Network: Towards Privacy-Preserving, Automatic Troubleshooting , 2004, IPTPS.

[8]  Robert E. Kraut,et al.  Experiment 1 : Motivating Conversational Contributions Through Group Homogeneity and Individual Uniqueness , 2010 .

[9]  Rossouw von Solms,et al.  Towards information security behavioural compliance , 2004, Comput. Secur..

[10]  Eben M. Haber Security Administration Tools and Practices , 2005 .

[11]  Paul Dourish,et al.  Social navigation as a model for usable security , 2005, SOUPS '05.

[12]  Rob Miller,et al.  Facemail: showing faces of recipients to prevent misdirected email , 2007, SOUPS '07.

[13]  D. Mitschke,et al.  Capacity building for cancer awareness in Hawai'i's foreign-born Filipino communities. , 2007, Pacific health dialog.

[14]  Lorrie Faith Cranor,et al.  You've been warned: an empirical study of the effectiveness of web browser phishing warnings , 2008, CHI.

[15]  Adrian Perrig,et al.  Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.

[16]  M. Angela Sasse,et al.  The compliance budget: managing security behaviour in organisations , 2009, NSPW '08.

[17]  Lorrie Faith Cranor,et al.  Timing is everything?: the effects of timing and placement of online privacy indicators , 2009, CHI.

[18]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[19]  Elizabeth D. Mynatt,et al.  Challenges in supporting end-user privacy and security management with social navigation , 2009, SOUPS.

[20]  Luke Church,et al.  Privacy suites: shared privacy for social networks , 2009, SOUPS.

[21]  Heather Richter Lipford,et al.  The impact of social navigation on privacy policy configuration , 2010, SOUPS.

[22]  Rebecca E. Grinter,et al.  Why is my internet slow?: making network speeds visible , 2011, CHI.

[23]  Alfred Kobsa,et al.  With a little help from my friends: can social navigation inform interpersonal privacy preferences? , 2011, CSCW.

[24]  Yang Wang,et al.  "I regretted the minute I pressed share": a qualitative study of regrets on Facebook , 2011, SOUPS.

[25]  Rick Wash,et al.  Influencing mental models of security: a research agenda , 2011, NSPW '11.

[26]  Wolter Pieters,et al.  Reducing normative conflicts in information security , 2011, NSPW '11.

[27]  Gang Liu,et al.  Smartening the crowds: computational techniques for improving human verification to fight phishing scams , 2011, SOUPS.

[28]  Duncan J. Watts,et al.  Who says what to whom on twitter , 2011, WWW.

[29]  Pern Hui Chia,et al.  Community-based web security: complementary roles of the serious and casual contributors , 2012, CSCW '12.

[30]  Eriq Augustine,et al.  Outage detection via real-time social stream analysis: leveraging the power of online complaints , 2012, WWW.

[31]  L. Jean Camp,et al.  Pools, clubs and security: designing for a party not a person , 2012, NSPW '12.