COMMANDO-HUMANS: COMputational Modelling and Automatic Non-intrusive Detection Of HUMan behAviour based iNSecurity

Lead Research Organisation: University of Surrey
Department Name: Computing Science

Abstract

This project addresses mainly the Human Factors challenge of the joint Singapore-UK call, and it has an interdisciplinary team with expertise in cyber security, cognitive psychology, and human-computer interface (HCI). It aims at producing direct evidence that human behaviour related insecurity can be detected automatically by applying human cognitive models to model and simulate humans involved in security systems. A key outcome of the project will be a working software system that can be used for this purpose by researchers and practitioners. The project will focus on human user authentication systems as a representative use case and will produce new knowledge on the role of human behaviours in such systems and security systems in general. Both the software framework and new knowledge on human behaviours can also help address other challenges of the call (e.g., detection of intruders/extremists requires knowledge on how they behave; protection of user privacy require knowledge on how human users handle personal data; policy makers need to understand behaviours of their organisations' employees and human attackers targeting their organisations to make more informed decisions).

It has been well known that human factors are a very important aspect of cyber security, as recognised by governments all over the world e.g., in the UK Cyber Security Strategy (2011), in Singapore's National Cyber Security Masterplan 2018 (2013), and in the US Federal Cybersecurity Research and Development Strategic Plan (2011). Human related insecurity is often related to intended or unintentional (maybe subconscious) insecure human behaviours. To conduct research on human behaviours (in cyber security, HCI, psychology and other related fields), researchers normally depend on involvement of real human users via surveys, interviews, simulated scenarios, observations of real cases, interactive games, or other specially designed user studies. Such approaches are often time-consuming and costly, and suffer from other issues like limited and/or biased samples, questionable ecological validity, difficulties in reproducing results, and impossibility of running some studies due to ethical/privacy/legal concerns.

This project aims at developing the first (to the best our knowledge) general-purpose computational framework and supporting software tools that will enable automatic detection of human behaviour related insecurity at the HCI level without the need to involve real human users. The framework will be built on computational models of human cognitive processes, HCIs, human behaviour related attacks and (in)security measures. The framework will be non-intrusive: instead of evaluating the running system itself, the framework will evaluate an abstract executable model of the system and humans involved. Removing real human users from the process allows faster and more objective inspection of potential insecurity of a given security system. The automated process can still be combined with traditional user studies to make better use of limited resources in automatically detecting potential insecurity problems deserving further manual analysis.

The framework and software tools developed will be of great value for cyber security researchers, security system designers/developers and security industry to deliver securer systems to end users. As a natural byproduct, they will also allow easier evaluation of usability of security and non-security related computer systems with an HCI. As we mentioned above in this summary, people having concerns on other challenges of the call can benefit from the project's outcomes as well.

In this project we will focus mainly on HCI-level ("micro") human behaviours, but possible extensions to higher-level ("macro") behaviours (e.g., how human users adapt their behaviours over time via rehearsals and learning) will be looked at as well to pave the way for our future research.

Planned Impact

The "Academic Beneficiaries" field of the Je-S form explains the expected academic impact in detail, so here we focus on economic and societal impact.

While the project is targeting mainly researchers, we will make the software framework accessible to non-researchers as well so it can help security system designers and developers, and security industry in general to check human behaviour related insecurity problems at the HCI level in the design stage of their security products and services. Even when user studies are still needed to evaluate their products and services' performance, the software framework can help identify key areas they need to pay more attention to and thus making a better use of the limited resources. This, on one hand, can help enhance the research capacity, knowledge and skills and efficiency of security industry to deliver securer security products and services, and on the other hand can improve the overall experience and quality of life of end users by reducing security incidents that can be avoided before such products and services are introduced into the real world. If it is possible to collect more realistic (and anonymous) information about human users using a deployed security product or service, the vendor/provider can also identify more potential insecurity problems that exist for a particular group of users only and find ways to serve them better.

We also expect that the software framework developed will help organisations' policy makers and IT managers to get more information about behaviours of their employee's and human attackers targeting their organisations, and the usability-security trade-off of their security systems (deployed and those under consideration for purchase), which will allow them to make more informed decisions on things like what security systems to use, how to use them, what security policies should be enforced, and if any training or educational programmes are needed for their staff and customers. We understand policy makers and IT managers will have more interests in macro human behaviours and more systems beyond human user authentication, so they can be potential users of the planned extensions of our research in future.

Like most IT systems, there are two types of end users of security products and services: 1) non-security service providers using such products and services developed by other companies to serve their customers (e.g., banks); 2) end human users who are actually using the products and services. In addition to indirectly benefiting from the software framework we will develop, both groups of end users can actually use the software framework to conduct independent evaluation of security products and services they use, which can help increase transparency of the security industry and eventually benefit security industry by giving more credits to better products and services. This may also foster a new service on independent security and usability evaluation of IT systems (e.g., like what Virus Bulletin Ltd is currently doing on anti-malware products). We will exploit the possible commercialisation of the software framework developed towards this direction.

As can be expected, our proposed research on human behaviours at the HCI level will create new knowledge on how human users and attackers behave and interact with computer systems. Such knowledge is not only useful for researchers, but equally so for practitioners and end users. This is particularly important for security education and training purposes, e.g., in designing and implementing cyber security awareness campaigns for the general public. The focused cyber security systems, human user authentication systems, are also a very good use case here as passwords are widely used in security education and training.

It deserves mentioning that the human and HCI modelling parts of our software framework are independent of security, so can be used for evaluating usability of any IT systems.

Publications

10 25 50
 
Description We studied existing software tools for cognitive modelling and found out one particular tool (CogTool) is the best in terms of supporting the further development of the software framework we proposed for the project. We also discovered many parameters that we did not previously know that should be incorporated in our software framework.

We found out that descriptions of user interfaces of some user authentication systems (and wider cyber security systems) require algorithmic parts rather than just static descriptions, which led to a new way of describing the user interface by having both static descriptions and interpreted computer programs.

We discovered eye-tracking is a useful technology to identify better ways to model human behaviours at the human-computer interface level, and has proved this through a use case on Undercover, which also led to a research paper published at HAS 2017 (5th International Conference on Human Aspects of Information Security, Privacy and Trust) and won the Best Paper Award. The eye-tracking element was added to the software framework as a new component previously we did not include.

Based on the original plan and the above new discoveries, we designed a more complicated software framework for modelling and simulating human behaviours in user authentication systems at the human-computer interface level. The first prototype of the framework has been completed, but we have not released yet because our main paper describing the framework and the tool is still under review. The prototype was tested using example user authentication systems.

In addition to the design and development of the software framework, we also clarified human behaviour data we need to support the modeling tasks. Particularly, we identified a major gap in existing cognitive modelling tools: visual search. We conducted some user studies to get raw data we need to gain a better understanding of how human users respond to the use of different types of images in typical user authentication tasks, which can help produce behavioural templates used in the developed software tool.

Finally, the PI was also supported to work on another password related research which led to a conference paper published at HAS 2017 as well.
Exploitation Route The software framework we developed will help both researchers and practitioners who are using cognitive modelling tools such as CogTool to do more automated analysis with less efforts. While our software framework will be tested more on user authentication systems, most components we are developing will be universal for general modelling of user interfaces on computers. We expect our software tools (named CogTool+) will be able to attract all users of CogTool and other similar software tools. Since our tools will allow automated detection of some human behaviour related security problems, designers of user authentication systems and wider cyber security systems will find them useful. Our study on visual search in cognitive modelling will help psychologists and computer scientists to understand how human users behave to visual tasks on graphical user interface, thus gaining more insights on how to design such interfaces better. Our work can also clearly benefit cyber security education since it will provide new insights on complicated attacks caused by insecure human behaviours. We envisage our work will benefit many different sectors since user authentication and cyber security systems are used everywhere nowadays.

The research on human cognitive modelling in cyber security has inspired the PI to improve other research work and start new research activities, which include an accepted paper on password visualisation and several new research projects on passwords and human-assisted data loss prevention.
Sectors Aerospace

Defence and Marine

Communities and Social Services/Policy

Digital/Communication/Information Technologies (including Software)

Education

Electronics

Financial Services

and Management Consultancy

Healthcare

Leisure Activities

including Sports

Recreation and Tourism

Government

Democracy and Justice

Manufacturing

including Industrial Biotechology

Culture

Heritage

Museums and Collections

Retail

Transport

Other

URL http://www.commando-humans.net/
 
Description This research has helped inspire the PI to co-develop a new user authentication technology with his PhD student (who was not funded by the project). The new technology has been named Pass8 (PassInfinity) and a patent application was filed by the University of Surrey (using its own tech transfer funding). We later decided to hold the patent application and switch to an open-source development route. The patent application can be found at https://patentscope.wipo.int/search/en/detail.jsf?docId=WO2018130852. After the PI moved to the University of Kent, the IP was transferred to the new university. Two prototypes of Pass8 (one web-based and one mobile app) were produced and some external funding was secured from DCMS and Innovate UK through the SETsquared Partnership's Cyber Security ICURe (Innovation to Commercialisation of University Research) Programme for market research. Pass8 can bring new angles to the planned research in the project (as user authentication systems can now be designed in a very different and much more complicated way), but itself has the potential to create very high potential non-academic impacts as it can be used very widely by organisations and users to save costs and increase security of user devices and organisational networks. Pass8 can help policy makers as well because it supports much more flexible and agile policies on user authentication. Pass8 has been publicised by the University of Surrey and generated interests from a range of media outlets including BBC World Service. The web-based prototype is being further developed with some collaborators to have more functional modules, and it has been used to support a number of UG and MSc projects in the UK and China. The web-based prototype was also evaluated informally for its usability and security, supported by funding from Surrey IAA. As of March 2023, a new version of the web-based prototype has been produced with collaboration with Shanghai Jiao Tong University in China, and a more formal usability study is being planned. After the formal usability study, we will prepare a research paper, and then make the web-based system open source and resume our discontinued commercialisation efforts. In addition to Pass8, the project has a major outcome CogTool++, which is a software prototype of a more powerful cognitive modelling software tool based on another successful tool called CogTool. It has been made open source on GitHub at https://github.com/hyyuan/cogtool_plus. The prototype is more a research prototype and we are exploring opportunities to develop it further into a ready-to-use tool, which should be able to attract not just researchers but also practitioners as end users. The project and the follow-up activities engaged with and benefited a number of UG and master's students who studied or are studying in the UK and China, and Pass8 has been used as part of the teaching material at the University of Kent for many years now, helping educate MSc students about the new generation of user authentication framework.
First Year Of Impact 2017
Sector Digital/Communication/Information Technologies (including Software),Education
Impact Types Societal

Economic

 
Description ACCEPT: Addressing Cybersecurity and Cybercrime via a co-Evolutionary aPproach to reducing human-relaTed risks
Amount £880,980 (GBP)
Funding ID EP/P011896/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 03/2017 
End 03/2019
 
Description Eyes Can Tell: Applications of Eye-tracking Devices in Cyber Security Research
Amount £19,392 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 09/2016 
End 03/2017
 
Description H-DLP: Human-assisted machine learning for bootstrapping DLP (data loss prevention) systems
Amount £192,003 (GBP)
Funding ID KTP010417 
Organisation Innovate UK 
Sector Public
Country United Kingdom
Start 01/2017 
End 12/2020
 
Description Human-machine teaming for supporting human decision making to enhance security of cyber-physical systems
Amount £87,000 (GBP)
Organisation Defence Science & Technology Laboratory (DSTL) 
Sector Public
Country United Kingdom
Start 01/2019 
End 12/2021
 
Description PRIvacy-aware personal data management and Value Enhancement for Leisure Travellers (PriVELT)
Amount £429,069 (GBP)
Funding ID EP/R033749/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 09/2018 
End 09/2023
 
Description Pass8 (PassInfinity)
Amount £34,000 (GBP)
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 01/2017 
End 03/2017
 
Description PassInfinity: An "All in One" user authentication framework
Amount £28,968 (GBP)
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 03/2017 
End 09/2017
 
Description Collaboration with Clearswift Ltd 
Organisation Clearswift Ltd
Country United Kingdom 
Sector Private 
PI Contribution The University of Surrey's Dr Shujun Li initialised the conversation with Clearswift Ltd in 2014 which led to an Innovate UK KTP application. The KTP application was successful in 2016 and the project officially started in 2017. Dr Shujun Li provided a potential technology to solve a problem facing Clearswift and other DLP (data loss prevention) vendors. Dr Shujun Li and Dr Ben Shenoy of University of Surrey play the roles of academic supervisors in the KTP project. The University of Surrey is in charge of managing HR matters around a KTP associate, and provided needed training.
Collaborator Contribution Clearswift Ltd provided the problem for the KTP project to attack, participated in the project proposal writing, provided match funding per KTP rules, and is hosting the KTP associate to work full-time at its main office in Theale, Reading.
Impact The project was terminated earlier in 2018 after the key academic Shujun Li left the University of Surrey to join the University of Kent. A major outcome of the collaboration is that the Associate of the project developed himself into the next stage of his career and joined a Chinese university as an Associate Professor.
Start Year 2014
 
Description Collaboration with Crossword Cybersecurity plc 
Organisation Crossword Cybersecurity
Country United Kingdom 
Sector Private 
PI Contribution The University of Surrey resercher Dr Shujun Li initialised collaboration with Crossword Cybersecurity plc on tech transfer of two new inventions from his research project.
Collaborator Contribution Crossword Cybersecurity plc has been a partner of an ongoing project on Pass8 (PassInfinity) and will be the partner of another forthcoming project. They provided and will provide in-kind support for both project. The figure reported above is for the forthcoming project only.
Impact The collaboration allowed a commercialisation idea being exploited, but did not materialise. It is currently being developed further before a new commercialisation effort will be re-started.
Start Year 2014
 
Description Collaboration with Data61, CISRO, Australia 
Organisation Commonwealth Scientific and Industrial Research Organisation
Country Australia 
Sector Public 
PI Contribution This was continuation of our previous collaboration with NICTA, Australia after its merger into CISRO's Data61 department. CISRO supported this project proposal as an unfunded partner and participated in all WPs.
Collaborator Contribution Two researchers and some interns from CISRO have contributed to this project by conrtributing to all WPs, attending meetings to discuss research plan and to provide data on a new user authentication system for timing attack analysis. A joint user study on eye-tracking for the user authentication system CISRO developed is being designed and to be conducted.
Impact The collaboration ended in 2018 when the project COMMANDO-HUMANS ended. A number of joint research publications were produced.
Start Year 2016
 
Description Collaboration with NCC Group on PassInfinity 
Organisation NCC Group
Country United Kingdom 
Sector Private 
PI Contribution We developed a new user authentication system called PassInfinity since late 2016 and got an EPSRC IAA grant to develop a prototype and conduct a usability and security test.
Collaborator Contribution The company has been providing in-kind support on software development and will provide paid services on security evaluation.
Impact The work led to an initial security testing report of the PassInfinity prototype.
Start Year 2017
 
Description Collaboration with Singapore Management University 
Organisation Singapore Management University (SMU)
Country Singapore 
Sector Academic/University 
PI Contribution The project allowed researchers at the University of Surrey to collaborate with five researchers at the Singapore Management University. The work proposed in the project is split between the two research teams and both sides helped each other.
Collaborator Contribution The Singapore Management University is in charged of WP3 and contributed to WP2. They contributed to management of the project as well.
Impact The collaboration ended in 2018 when the project COMMANDO-HUMANS ended. A joint publication on timing attack against PIN entries was prodcued. A joint software CogTool+ was co-developed.
Start Year 2016
 
Description Collaboration with University of Split, Croatia 
Organisation University of Split
Country Croatia 
Sector Academic/University 
PI Contribution This is a continuation of collaboration between Dr Shujun Li and two researchers of the University of Split since 2010. The collaboration was broadened to cover all memebrs of of the COMMANDO-HUMANS project.
Collaborator Contribution Two researchrs from the University of Split contributed to all WPs and attended all quarterly meetings of the COMMANDO-HUMANS project. They have been working with other partners espcially CISRO in an enhanced timing attack.
Impact This collaboration ended after the project COMMANDO-HUMANS ended. During the collaboration phase, a number of joint research publications were produced.
Start Year 2011
 
Description Consortium for project ACCEPT 
Organisation Neighbourhood and Home Watch Network
Country United Kingdom 
Sector Charity/Non Profit 
PI Contribution The University of Surrey led the formation of the consortium and won a research bid for EPSRC's Human Dimensions of Cyber Security call, which led to the project ACCEPT to start in April 2017.
Collaborator Contribution Other partners helped form the consortium by bringing their expertise into the project proposal.
Impact The project ended in 12/2020. The collaboration allowed a new major research area for the PI Shujun Li, which led to more other projects. The collaboration is multi-disciplinary, and involved computer science, crime science and criminology, psychology, engineering, and business.
Start Year 2016
 
Description Consortium for project ACCEPT 
Organisation Transport Research Laboratory Ltd (TRL)
Country United Kingdom 
Sector Private 
PI Contribution The University of Surrey led the formation of the consortium and won a research bid for EPSRC's Human Dimensions of Cyber Security call, which led to the project ACCEPT to start in April 2017.
Collaborator Contribution Other partners helped form the consortium by bringing their expertise into the project proposal.
Impact The project ended in 12/2020. The collaboration allowed a new major research area for the PI Shujun Li, which led to more other projects. The collaboration is multi-disciplinary, and involved computer science, crime science and criminology, psychology, engineering, and business.
Start Year 2016
 
Description Consortium for project ACCEPT 
Organisation University College London
Department Genetics Institute
Country United Kingdom 
Sector Academic/University 
PI Contribution The University of Surrey led the formation of the consortium and won a research bid for EPSRC's Human Dimensions of Cyber Security call, which led to the project ACCEPT to start in April 2017.
Collaborator Contribution Other partners helped form the consortium by bringing their expertise into the project proposal.
Impact The project ended in 12/2020. The collaboration allowed a new major research area for the PI Shujun Li, which led to more other projects. The collaboration is multi-disciplinary, and involved computer science, crime science and criminology, psychology, engineering, and business.
Start Year 2016
 
Description Consortium for project ACCEPT 
Organisation University of Warwick
Department WMG
Country United Kingdom 
Sector Academic/University 
PI Contribution The University of Surrey led the formation of the consortium and won a research bid for EPSRC's Human Dimensions of Cyber Security call, which led to the project ACCEPT to start in April 2017.
Collaborator Contribution Other partners helped form the consortium by bringing their expertise into the project proposal.
Impact The project ended in 12/2020. The collaboration allowed a new major research area for the PI Shujun Li, which led to more other projects. The collaboration is multi-disciplinary, and involved computer science, crime science and criminology, psychology, engineering, and business.
Start Year 2016
 
Title Improved Authentication 
Description This is a patent applicaiton filed by the University of Surrey to protect Pass8 (PassInfinity), a new user authentication technology developed in the context of the COMMANDO-HUMANS project as a byproduct. It was filed in January 2017 and is currently evaluated by UK IPO. It was also the result of the broader work funded by the EPSRC funded ACE-CSR at the University of Surrey. 
IP Reference GB1700649.5 
Protection Patent application published
Year Protection Granted 2017
Licensed No
Impact Not yet.
 
Title CogTool+ 
Description It is an extended tool based on CogTool (https://github.com/cogtool) supporting meta-modelling and automated simulation of a large number of models of the same meta-model. It is still being developed and the first beta version is expected to be released in summer 2017. 
Type Of Technology Software 
Year Produced 2019 
Open Source License? Yes  
Impact The development of the tool started from the beginning of the project and the first complete prototype was done in 2018. It has not been released publicly because we are waiting for a related paper to be published. 
 
Title PassInfinity: A software prototype system 
Description This is a web-based prototype of a new-generation password generation system supporting multiple factors and multiple different password systems. 
Type Of Technology Software 
Year Produced 2018 
Impact The software is still being further developed and a patent application has been filed. Further testing and commercialisation are ongoing. 
URL https://kar.kent.ac.uk/80287/
 
Description A number of invited talk on "Observer-Resistant Password Systems: How hard to make them both usable and secure?" in Singapore 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact 3 invited talks at different research institutions in Singapore.
Year(s) Of Engagement Activity 2017
 
Description A tutorial on "Human Factors in Cyber Security: User authentication as a use case" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact An invited 3-hour tutorial as an invited guest speaker at the 2017 Summer School on "Human Factor in Systems Safety and Security", organized by the Department of Computing and Informatics, Bournemouth University, UK and sponsored by the IEEE Systems, Man and Cybernetics (SMC) Society.
Year(s) Of Engagement Activity 2017
URL https://www.eventbrite.co.uk/e/human-factors-in-systems-safety-and-security-tickets-33332437217
 
Description ACM CHI Conference on Human Factors in Computing Systems 2022 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Haiyue Yuan did an oral presentation to present 'CogTool+ Modeling Human Performance at Large Scale' at CHI2022
Year(s) Of Engagement Activity 2022
URL https://programs.sigchi.org/chi/2022/index/content/70491
 
Description An invited keynot speech at CCNS 2020 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Invited keynote talk "When will passwords die? Research challenges and opportunities in user authentication", 2020 International Conference on Computer Communication and Network Security (CCNS 2020), held virtually online.
Year(s) Of Engagement Activity 2020
 
Description An invited talk on "Human Factors in Cyber Security: User authentication as a use case" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact An invited talk at ISWRACS (International Symposium and Workshop on Research Advances in Cyber Security) 2018, organized by the Hindustan Institute of Technology & Science (Hindustan University), India
Year(s) Of Engagement Activity 2018
 
Description An invited talk on "Human/User-Centric Security" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact Invited talk at Digital: Definition Unknown, the Fast Stream Conference 2017, organised by UK Government's Civil Service Fast Stream.
Year(s) Of Engagement Activity 2017
 
Description An invited talk on "Research Institute in Science of Cyber Security (RISCS) and Project ACCEPT (Addressing Cybersecurity and Cybercrime via a co-Evolutionary aPproach to reducing human-relaTed risks)" and a panel discussion on Cyber Security 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact An invited talk and a panel discussion at the 21st LAPFF (Local Authority Pension Fund Forum) Conference 2017, Bournemouth, UK.
Year(s) Of Engagement Activity 2017
 
Description Dr Haiyue Yuan gave a talk at Seminar of the Cyber Security research group, University of Kent 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Haiyue Yuan gave a talk on 'CogTool+: Modeling human performance at large scale' at the seminar of the Cyber Security research group, at University of Kent
Year(s) Of Engagement Activity 2021
URL https://www.kent.ac.uk/events/event/48282/cogtool-modeling-human-performance-at-large-scale
 
Description Dr Haiyue Yuan presented a poster at Kent Cyber Security Forum 2021 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Haiyue Yuan presented a poster 'CogTool+: a Framework for Large scale Human Performance Modelling - Applications for Cyber Security Systems' at Kent Cyber Security Forum 2021
Year(s) Of Engagement Activity 2021
URL https://research.kent.ac.uk/cyber/kcsf2021/
 
Description HHMC 2017 (Workshop on Hybrid Human-Machine Computing) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact A workshop co-sponsored by the COMMANDO-HUMANS project and chaired by the project's PI. It covers two related work from the COMMANDO-HUMANS project.
Year(s) Of Engagement Activity 2017
URL http://hhmc2017.commando-humans.net/
 
Description Human Assisted Cognitive Modelling 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other audiences
Results and Impact This presentation was given to a mixed audience including researchers, academics, and industry professionals featured in session of HHMC and Beyond (2) at 2017 Workshop on Hybrid Human-Machine Computing.
Year(s) Of Engagement Activity 2017
URL http://hhmc2017.commando-humans.net/program.php
 
Description Human Factors in Cyber Security: User authentication as a use case 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact This is an invited keynote speech given to participants of ISWRACS (International Symposium and Workshop on Research Advances in Cyber Security) 2018, organized by the Hindustan Institute of Technology & Science (Hindustan University), India. A significant portion of participants were students from the hosting institution. The speech was delivered remotely via video.
Year(s) Of Engagement Activity 2018
 
Description Human/User-Centric Security 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact It was an invited talk given at the Fast Stream Conference 2017 (Digital: Definition Unknown), organised by UK Government's Civil Service Fast Stream. The audience was mainly members of the UK Government's Civil Service Fast Stream. The talk was also advertised to general public through LinkedIn and Slideshare.net.
Year(s) Of Engagement Activity 2017
URL http://www.slideshare.net/hooklee/humanusercentric-security
 
Description Hybrid Human-Machine Computing: a new paradigm of computing? 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact This was a talk given as an invited OpenTech talk at a cyber security company Clearswift Ltd, which is the cyber arm of the Swiss Defence and Security company RUG.
Year(s) Of Engagement Activity 2018
 
Description Invited talk at FIC 2020 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact An invited panel discussion at the national cyber security forum FIC 2020, which was also attended by participants from other countries including some from the UK. A YouTube video was produced by FIC 2020 on the discussion.
Year(s) Of Engagement Activity 2020
URL https://www.youtube.com/watch?v=dge187PVVO0
 
Description Invited talk at Global Academic Week 2020 of DGUT in China 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Undergraduate students
Results and Impact An invited talk "When will passwords die? Research challenges and opportunities in user authentication", Global Academic Week 2020, organised by the Dongguan University of Technology (DGUT) in China, held virtually online. This talk should have increased students' general interests in cyber security research.
Year(s) Of Engagement Activity 2020
URL https://gjxy.dgut.edu.cn/info/1011/1332.htm
 
Description Invited talk at Middlesex University on HHMC in 02/2021 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact This was a departmental seminar organised by the Department of Computer Science of the Middlesex University. Work in a number of research projects was included as part of the slides.
Year(s) Of Engagement Activity 2021
URL https://www.cs.mdx.ac.uk/colloquium-when-humans-and-computers-come-together-a-new-or-resurged-old-re...
 
Description Invited talk on "Pass8 (PassInfinity): A new 'all in one' multi-factor user authentication framework" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact An invited talk at a quarterly meeting of HESCA (Higher Education Smart Campus Association) in June 2017.
Year(s) Of Engagement Activity 2017
 
Description Keynote speech "Observer-Resistant Password Systems: How hard to make them both usable and secure?" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Postgraduate students
Results and Impact Invited talk at the 2nd Annual Bath PGR Conference on Computer Science (BCCS 2017), University of Bath, UK
Year(s) Of Engagement Activity 2017
URL http://people.bath.ac.uk/drs32/Conference/conference.htm
 
Description Observer-Resistant Password Systems: How hard to make them both usable and secure? 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Undergraduate students
Results and Impact This was a talk given to a mixed audience of students, researchers and industry, as part of a half-day workshop on Human Factors in Cyber Security, Surrey Centre for Cyber Security and Department of Computer Science, University of Surrey, UK. It was also publicised through a blog article to the general public.
Year(s) Of Engagement Activity 2016
URL http://blogs.surrey.ac.uk/sccs/2016/03/31/from-shoulder-surfers-and-keyloggers-to-mitm-and-malware-c...
 
Description PRACTICE 2017 (Workshop on PRactical Applications of CogniTIve Computing in Emerging topics 2017) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact A workshop organised at the IEEE CYBCONF 2017 (3rd IEEE International Conference on Cybernetics), co-sponsored by the COMMANDO-HUMANS project.
Year(s) Of Engagement Activity 2017
URL http://practice2017.commando-humans.net/
 
Description Pass8 (PassInfinity) 
Form Of Engagement Activity A broadcast e.g. TV/radio/film/podcast (other than news/press)
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact This was an interview broadcast via BBC World Service's Tech Tent programme. Dr Shujun Li was interviewed for his new technology Pass8 (PassInfinity). This interview was triggered by a press release of the University of Surrey and itself generated further media reports on the techonology.
Year(s) Of Engagement Activity 2017
URL http://mms.tveyes.com/Transcript.asp?StationID=7195&DateTime=2%2F17%2F2017+3%3A24%3A02+PM&Term=Unive...
 
Description SPCPS 2017 (Workshop on Security and Privacy in Cyber-Physical Systems 2017) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact A workshop organised at IEEE CYBCONF 2017 (3rd IEEE International Conference on Cybernetics)
Year(s) Of Engagement Activity 2017
 
Description The 24th International Conference on Information and Communications Security (ICICS 2022) 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Postgraduate students
Results and Impact Haiyue Yuan presented a poster 'Cognitive Modeling for Human Performance Evaluation of Cyber Security Systems at Scale' at ICICS 2022
Year(s) Of Engagement Activity 2022
URL https://icics2022.cyber.kent.ac.uk/program.php
 
Description When Cognitive Psychology meets Cyber Security 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Postgraduate students
Results and Impact This was a presentation given to a mixed audience of undergraduate students, postgraduates students, researchers and academics as part of a competition at Festival of FEPS Research held at University of Surrey.
Year(s) Of Engagement Activity 2017
URL https://www.surrey.ac.uk/events/20170621-feps-festival-research
 
Description When Eye-tracking Meets Cognitive Modeling: Applications to Cyber Security Systems 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other audiences
Results and Impact This presentation was given at the 5th International Conference on Human Aspects of Information Security, Privacy and Trust to be held in 9-14 July 2017 in Vancouver, Canada
Year(s) Of Engagement Activity 2017
URL http://2017.hci.international/thursday