The aim of the project is to produce direct evidence that human behaviour related insecurity can be detected automatically by applying human cognitive models to model and simulate humans involved in security systems. A key outcome of the project will be a working software system that can be used for this purpose by researchers and practitioners. The project will focus on human user authentication systems as a representative use case and will produce new knowledge on the role of human behaviours in such systems and security systems in general. Both the software framework and new knowledge on human behaviours can also help address other challenges of the call (e.g., detection of intruders/extremists requires knowledge on how they behave; protection of user privacy require knowledge on how human users handle personal data; policy makers need to understand behaviours of their organisations' employees and human attackers targeting their organisations to make more informed decisions).
COMMANDO-HUMANS aims at providing full direct evidence that human behaviour related insecurity can be detected automatically by applying human cognitive models to model and simulate human cognitive processes (which determine human behaviours) involved in a security system. This project addresses mainly the Human Factors challenge of the 2015 Joint Singapore-UK Research in Cyber Security of EPSRC and Singapore's NRF, and it has an interdisciplinary team with expertise in cyber security, cognitive psychology, and human-computer interface (HCI). Click on links below to find more.
1 April 2016 — 30 April 2018
WP1: Human and HCI modelling
Led by UoS, this work package will focus on design descriptive languages for human and HCI modelling, create a human behaviour database and gather a collection of reusable behaviour templates.
WP2: Attacks modelling and software development
Led by UoS and SMU, this work package will deliver a complete software framework and toolset composed of modules for modelling and simlating humans, HCI, human behaviour related attacks, and calculating (in)security metrics.
WP3: Manual analysis on human behaviour related attacks
Led by SMU, this work package will address investigation of human behaviour related attacks and verifiying known attacks, the outcome of this work package will be reports of manual analysis results of different selected attacks.
WP4: Automated analysis of human behaviour related attacks
Led by UoS and SMU, this work package will report on automated analysis of timing attacks, automated analysis of human shoulder sufers, automated analysis of human behaviour enhanced emanation based attacks, and refinement of software framework
WP5.1: Extending the human models to cover macro behaviours
Led by UoS, this work package will look at how the human models developed in WP 1 can be extended to model macro human behaviours and analysing cyber security systems involving more macro behaviours in terms of novice vs expert users’ learning processes, adaptive behaviours, short-term memory effects and long-term memory processes through rehearsals, etc.
WP5.2: Applying the software framework to other human-involved cyber security systems
Led by SMU, this work package will look at how the software framework developed in WP 2 can be applied to other types of human-involved cyber security systems in addition to human user authentication systems, and other types of attacks.