Hala Assal

Srivathsan G Morkonda, Mahmoud Selim, Hala Assal

The majority of software developers use or are planning to use Artificial Intelligence (AI) tools in their development processes. Their top reasons include improving productivity and faster learning. In fact, Large Language Model (LLM)-generated code is currently in production, including in major tech companies. However, concerns were raised about the risks associated with the use of AI tools to generate code. In this paper, we focus our attention on the risks to software security. We empirically evaluate the security of code generated by seven popular LLMs. We build upon previous work to mimic the behaviours of developers when using LLMs to generate code. Our results show that all seven LLMs that we have evaluated generate code that contains vulnerabilities, the majority of which are of critical or high severity.

Hala Assal, Ahsan Imran, Sonia Chiasson

In this paper, we explore graphical passwords as a child-friendly alternative for user authentication. We evaluate the usability of three variants of the PassTiles graphical password scheme for children, and explore the similarities and differences in performance and preferences between children and adults while using these schemes. Children were most successful at recalling passwords containing images of distinct objects. Both children and adults prefer graphical passwords to their existing schemes, but password memorization strategies differ considerably between the two groups. Based on our findings, we provide recommendations for designing more child-friendly authentication schemes.