Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
public:research:main [2025-10-04 09:58] Václav Matyášpublic:research:main [2025-10-12 19:13] (current) – [Usable security] Petr Švenda
Line 422: Line 422:
 ===== Side-channel analysis ===== ===== Side-channel analysis =====
  
-{{ :public:research:sca_chat_gpt_v2.png?direct&200|}}+{{ :public:research:sca_chat_gpt_v2.png?direct&180|}}
  
  
Line 457: Line 457:
  
 ---- ----
- 
----- 
- 
----- 
- 
----- 
- 
-====== Archived research projects in CRoCS laboratory ====== 
-<callout type="info" icon="true">Click <button  icon="fa fa-caret-down" collapse="archived">Find out more</button> to see older projects, which are not currently actively pursued further, but may be activated again later (as happened for multiple projects already).   
-</callout> 
- 
-<collapse id="archived" collapsed="true"> 
  
  
 ===== Usable security ===== ===== Usable security =====
 +
 +{{ :public:research:social.png?direct&300|}}
  
 Our usable security projects focus on computer security and interactions of systems with end-users (true end-users as well as IT professionals using a particular system for their job). We are currently investigating factors influencing usability of reports from penetration testing, figuring out what those that use these reports can and cannot really find out from pentesting reports - and how to improve that. We also examine usability of AI-assisted pentesting report writing. Our usable security projects focus on computer security and interactions of systems with end-users (true end-users as well as IT professionals using a particular system for their job). We are currently investigating factors influencing usability of reports from penetration testing, figuring out what those that use these reports can and cannot really find out from pentesting reports - and how to improve that. We also examine usability of AI-assisted pentesting report writing.
  
-We started our first significant project in the area of usable security in 2014, in cooperation with three industrial partners, Faculty of social studies, and Faculty of law. The project aimed to identify influences that make users change their risky behavior to more secure one. Four sets of experiments ran in cooperation with commercial companies (ESET, Netsuite and SodatSW). Every experiment targeted a different target group and used a different technique (warning, security dialogue, e-learning, user-friendly password recovery, etc.). This project was unique for the cooperation of three different faculties of MU and three commercial companies, who wanted to understand their users better and increase their products' overall security by improving interfaces and processes used by their end-users. We also finished a project in cooperation with the Faculty of social studies and AHEAD Itec/Monet+ company. It aimed at user testing of selected authentication methods (NFC token, smart card with card reader, fingerprint and PIN code). Results from this project are available here: https://crocs.fi.muni.cz/public/papers/2020-tacr-report+We started our first significant project in the area of usable security in 2014, in cooperation with three industrial partners, Faculty of social studies, and Faculty of law. The project aimed to identify influences that make users change their risky behavior to more secure one. Four sets of experiments ran in cooperation with commercial companies (ESET, Netsuite and SodatSW). Every experiment targeted a different target group and used a different technique (warning, security dialogue, e-learning, user-friendly password recovery, etc.). This project was unique for the cooperation of three different faculties of MU and three commercial companies, who wanted to understand their users better and increase their products' overall security by improving interfaces and processes used by their end-users. We also finished a project in cooperation with the Faculty of social studies and AHEAD Itec/Monet+ company. It aimed at user testing of selected authentication methods (NFC token, smart card with card reader, fingerprint and PIN code) with results available [[https://crocs.fi.muni.cz/public/papers/2020-tacr-report | here]] 
  
  
Line 481: Line 472:
 <button  icon="fa fa-file-text-o">[[:publications:keywords:usablesec|Publications]]</button> <button  icon="fa fa-file-text-o">[[:publications:keywords:usablesec|Publications]]</button>
 <button icon="fa fa-lightbulb-o">[[:research:usable-sec:main| Internal wiki]]</button> <button icon="fa fa-lightbulb-o">[[:research:usable-sec:main| Internal wiki]]</button>
 +<collapse id="social" collapsed="true">
  
  
Line 488: Line 480:
  
 **Involved people:**   **Involved people:**  
-{{:public:crocs:matyas.jpg?50|}}  {{:public:crocs:stavova.jpg?50|}} {{:public:crocs:ukrop.jpg?50|}}  {{:public:crocs:malinka.jpg?50|}} 
- 
   * [[https://www.muni.cz/en/people/422705|Katarína Galanská]] 2021-now   * [[https://www.muni.cz/en/people/422705|Katarína Galanská]] 2021-now
   * [[https://is.muni.cz/auth/osoba/409872|Agáta Kružíková]] 2016-now   * [[https://is.muni.cz/auth/osoba/409872|Agáta Kružíková]] 2016-now
Line 508: Line 498:
   * [2016] Stavova, V., Matyas, V. and Just M.: On the impact of warning interfaces for enabling the detection of Potentially Unwanted Applications, EuroUSEC 2016.   * [2016] Stavova, V., Matyas, V. and Just M.: On the impact of warning interfaces for enabling the detection of Potentially Unwanted Applications, EuroUSEC 2016.
   * [2015] {{public:papers:stavova_memics2016.pdf|Stavova, V., Matyas, V. and Malinka K.: The challenge of increasing safe response of antivirus software users, MEMICS 2015.}}   * [2015] {{public:papers:stavova_memics2016.pdf|Stavova, V., Matyas, V. and Malinka K.: The challenge of increasing safe response of antivirus software users, MEMICS 2015.}}
 +
 +</collapse>
 +----
 +
  
  
 ---- ----
 +
 +----
 +
 +----
 +
 +====== Archived research projects in CRoCS laboratory ======
 +<callout type="info" icon="true">Click <button  icon="fa fa-caret-down" collapse="archived">Find out more</button> to see older projects, which are not currently actively pursued further, but may be activated again later (as happened for multiple projects already).  
 +</callout>
 +
 +<collapse id="archived" collapsed="true">
 +
 ===== Disk encryption ===== ===== Disk encryption =====
 {{ :public:research:fde.png?direct&200|}} {{ :public:research:fde.png?direct&200|}}