May 27, 2020 in in Cybersecurity
This project will build and evaluate FIRMA, a user-transparent, continuous authentication software framework that collects usage data, targeted at corporate security contexts where such monitoring can be done. To the extent that people have unique but recurrent patterns of use — itself an interesting research question — FIRMA can estimate the likelihood that the current user is still an authorized, authenticated user based on how current use patterns compare to historical ones.
This research evaluates these newly developed tools in the context of a user study with developers, producing the following outcomes: (1) understanding of blind spots in application programming interfaces (APIs), and of developers’ attentional and decision processes when writing code using APIs, (2) understanding of how to notify, without habituation and annoyance, developers on-the-spot about blind spots so that relevant security information is used by developers while writing code, (3) creation of open-source, publicly available developer tools that notify developers about blind spots and facilitate detection of vulnerabilities caused by blind spots, and (4) development of guidelines for better API design to minimize blind spots by considering developers’ attentional and decision processes. This research addresses an important gap in secure software development by incorporating the human factor of the development process. This is particularly crucial given our society’s increasing dependence on software applications.