Search for: All records

An electronic voting (e-voting) based interactive cybersecurity education curriculum has been proposed recently. It is well-known that assignments and projects are coherent parts of and important for any curriculum. This paper proposes a set of course projects, assignment design, and a coherent online plug-and-play (PnP) platform implementation. The PnP platform and the proposed exemplary assignments and projects, are systematic (derived from the same system), adaptive (smoothly increasing difficulty), flexible (bound to protocols instead of implementations), and interactive (teacher-student and student-student interactions). They allow students to implement parts of the components of this e-voting system, which they can then plug into the PnP system, to run, test and modify their implementations, and to enhance their knowledge and skills on cryptography, cybersecurity, and software engineering. 

A huge amount of personal and sensitive data is shared on Facebook, which makes it a prime target for attackers. Adversaries can exploit third-party applications connected to a user’s Facebook profile (i.e., Facebook apps) to gain access to this personal information. Users’ lack of knowledge and the varying privacy policies of these apps make them further vulnerable to information leakage. However, little has been done to identify mismatches between users’ perceptions and the privacy policies of Facebook apps. We address this challenge in our work. We conducted a lab study with 31 participants, where we received data on how they share information in Facebook, their Facebook-related security and privacy practices, and their perceptions on the privacy aspects of 65 frequently-used Facebook apps in terms of data collection, sharing, and deletion. We then compared participants’ perceptions with the privacy policy of each reported app. Participants also reported their expectations about the types of information that should not be collected or shared by any Facebook app. Our analysis reveals significant mismatches between users’ privacy perceptions and reality (i.e., privacy policies of Facebook apps), where we identified over-optimism not only in users’ perceptions of information collection, but also on their self-efficacy in protecting their information in Facebook despite experiencing negative incidents in the past. To the best of our knowledge, this is the first study on the gap between users’ privacy perceptions around Facebook apps and the reality. The findings from this study offer directions for future research to address that gap through designing usable, effective, and personalized privacy notices to help users to make informed decisions about using Facebook apps.