Awanthika Senarath

Awanthika Senarath, Marthie Grobler, Nalin Asanka Gamagedara Arachchilage

In this paper, we propose a model that could be used by system developers to measure the privacy risk perceived by users when they disclose data into software systems. We first derive a model to measure the perceived privacy risk based on existing knowledge and then we test our model through a survey with 151 participants. Our findings revealed that users' perceived privacy risk monotonically increases with data sensitivity and visibility, and monotonically decreases with data relevance to the application. Furthermore, how visible data is in an application by default when the user discloses data had the highest impact on the perceived privacy risk. This model would enable developers to measure the users' perceived privacy risk associated with data items, which would help them to understand how to treat different data within a system design.

Awanthika Senarath, Nalin Asanka Gamagedara Arachchilage

Data Minimization (DM) is a privacy practice that requires minimizing the use of user data in software systems. However, continuous privacy incidents that compromise user data suggest that the requirements of DM are not adequately implemented in software systems. Therefore, it is important that we understand the problems faced by software developers when they attempt to implement DM in software systems. In this study, we investigate how 24 software developers implement DM in a software system design when they are asked to. Our findings revealed that developers find it difficult to implement DM when they are not aware of the potential of data they could collect at the design phase of systems. Furthermore, developers were inconsistent in how they implemented DM in their software designs.

Awanthika Senarath, Nalin Asanka Gamagedara Arachchilage

Pervasive use of software applications continues to challenge user privacy when users interact with software systems. Even though privacy practices such as Privacy by Design (PbD), have clear in- structions for software developers to embed privacy into software designs, those practices are yet to become a common practice among software developers. The difficulty of developing privacy preserv- ing software systems highlights the importance of investigating software developers and the problems they face when they are asked to embed privacy into application designs. Software devel- opers are the community who can put practices such as PbD into action. Therefore, identifying problems they face when embed- ding privacy into software applications and providing solutions to those problems are important to enable the development of privacy preserving software systems. This study investigates 36 software developers in a software design task with instructions to embed privacy in order to identify the problems they face. We derive rec- ommendation guidelines to address the problems to enable the development of privacy preserving software systems.

Awanthika Senarath, Nalin A. G. Arachchilage, Jill Slay

Privacy directly concerns the user as the data owner (data- subject) and hence privacy in systems should be implemented in a manner which concerns the user (user-centered). There are many concepts and guidelines that support development of privacy and embedding privacy into systems. However, none of them approaches privacy in a user- centered manner. Through this research we propose a framework that would enable developers and designers to grasp privacy in a user-centered manner and implement it along with the software development life cycle.

Awanthika Senarath, Nalin Asanka Gamagedara Arachchilage, B. B. Gupta

In this paper, we describe ongoing work that focuses on improving the strength of the answers to security questions. The ultimate goal of the proposed research is to evaluate the possibility of nudging users towards strong answers for ubiquitous security questions. In this research we are proposing a user interface design for fallback authentication to encourage users to design stronger answers. The proposed design involves visual feedback to the user based on mnemonics which attempts to give visual feedback to the user on the strength of the answer provided and guide the user to creatively design a stronger answer.