Cohort 2019 Projects

Improving User Privacy in Mobile and Ubiquitous Health Technologies

The current movement towards hyper-connectivity has meant that all the technology that used to be analog is now digital, connected, and sending data about its users out across the Internet. This is even true in the healthcare sector, despite the sensitive and personal nature of much of this data. Mobile and ubiquitous health technologies are of particular interest, as they are generally not developed by healthcare professionals but by private companies who aren't necessarily prioritising the privacy of their customers. Advances in computing now allow data processing to happen on a vast scale - both in terms of the number of people whose data is being processed, and the quantity of data that exists about each person. Processing of health data in this way can be used to infer information about individuals that they otherwise might not have shared, and some of these inferences can be particularly sensitive. This project aims to evaluate how much people know and understand about the inferences that can be made about them from the data they share whilst using these technologies, and how this awareness can be improved in order to help people make more informed choices when it comes to their data sharing decisions.

Dr David Ellis (Bath)

Professor Julie Barnett (Bath)

Priyanka Badva

Threat Hunting and Intrusion Explanation

My research objectives includes addressing pivotal research questions related to threat hunting, explaining current best practices for threat hunting and response, outlining the essential requirements of tools and methods during threat hunting, examining data collection and analysis practices, exploring challenges encountered by threat hunters, and suggesting strategies for best threat hunting practices. The overarching aim of this research is to contribute valuable insights that enhance cyber threat hunting practices and assist organisations against the continually evolving landscape of cyber threats.

Dr Marvin Ramokapane (Bristol)

Dr Eleonora Pantano (Bristol)

Robert Peace

Empowering users to navigate untrustworthy online information ecosystems to reach factual information

The challenge of disinformation in today's world is a major threat that can have serious consequences for individuals as well as societies. This threat is partly facilitated by the vast number of users that are turning to social media and other hyper-connected online information ecosystems for important information. However, the user is linked to a huge amount of both trustworthy and malicious information due to the inherently "veracity-neutral" nature of most online information ecosystems. Moreover, users' own psychological biases may further reduce their ability to correctly evaluate factual information, resulting in user evaluating the trustworthiness of information (and disinformation) without the support of the system itself or the requisite training or skills to make appropriate judgements.

The key objective of this research is to test if a holistic approach that considers both the technical system and psychological constraints of online information ecosystems can create a more effective intervention against disinformation.

Dr Laura G.E. Smith (Bath)

Professor Adam Joinson (Bath)

Tobias Weickert

Habits in Cybersecurity

A habit is a “memory-based propensit[y] to respond automatically to specific cues, which [is] acquired by the repetition of cue-specific behaviours in [a] stable context” (Verplanken 2018, p.4). Despite having been widely studied in the psychology, the implications of habit theory for the field of cybersecurity have thus far been insufficiently investigated; consequently, this thesis aims to address this gap.

Study I is a bibliographic analysis of the use of habit theory in the cybersecurity literature compared to the psychology literature, aiming to more clearly specify areas of cybersecurity where habit theory might be fruitfully applied. Study II involved gathering data on the degree to which common security behaviours are habitual for the average user. Study III then expands on these findings by comparing users’ and security practitioners’ perceptions of the effectiveness of these behaviours. Taken together, Study II and III serve to give an overview of the status quo of security habits with regard to current practices, addressing questions about the prevalence of effective versus ineffective security behaviors, the extent to which these practices are adopted, and the alignment between common habits and optimal security protocols. Study IV explores two important antecedents of security habit formation (perceived response cost and efficacy), providing valuable insights into potential points of leverage for modifying or reinforcing habitual security behaviours. Finally, Study V uses Markov chains to analyse the habits of users interacting with a phishing simulation, with the aim to better understand the sequences of actions and situational cues that lead to desirable and undesirable behavioural responses to phishing emails.

This thesis, through its systematic exploration of habit theory in the context of cybersecurity, bridges a critical gap in existing research and lays the groundwork for developing more robust and user-centric cybersecurity strategies. The findings from these studies collectively inform a deeper understanding of the role of habits in cybersecurity behaviour, supporting the creation of interventions and policies that are better aligned with natural user tendencies, ultimately contributing to a more secure digital environment.

Professor Adam Joinson (Bath)

Dr Barney Craggs (Bristol)