Lessons Learned from Using an Online Platform to Conduct {Large-Scale}, Online Controlled Security Experiments with Software Developers

Christian Stransky; Yasemin Acar; Duc Cuong Nguyen; Dominik Wermke; Doowon Kim; Elissa M. Redmiles; Michael Backes; Simson Garfinkel; Michelle L. Mazurek; Sascha Fahl

Authors:

Christian Stransky, CISPA, Saarland University; Yasemin Acar, Leibniz University Hannover; Duc Cuong Nguyen, CISPA, Saarland University; Dominik Wermke, Leibniz University Hannover; Doowon Kim and Elissa M. Redmiles, University of Maryland, College Park; Michael Backes, CISPA, Saarland University & MPI-SWS; Simson Garfinkel, U.S. Census Bureau & U.S. National Institute of Standards and Technology; Michelle L. Mazurek, University of Maryland, College Park; Sascha Fahl, Leibniz University Hannover

Abstract:

Security and privacy researchers are increasingly conducting controlled experiments focusing on IT professionals, such as software developers and system administrators. These professionals are typically more difficult to recruit than general end-users. In order to allow for distributed recruitment of IT professionals for security user studies, we designed Developer Observatory, a browser-based virtual laboratory platform that enables controlled programming experiments while retaining most of the observational power of lab studies. The Developer Observatory can be used to conduct large-scale, reliable online programming studies with reasonable external validity. We report on our experiences and lessons learned from two controlled programming experiments (n>200) conducted using Developer Observatory.

Christian Stransky, CISPA, Saarland University

Yasemin Acar, Leibniz University Hannover

Duc Cuong Nguyen, CISPA, Saarland University

Dominik Wermke, Leibniz University Hannover

Doowon Kim, University of Maryland, College Park

Elissa M. Redmiles, University of Maryland, College Park

Michael Backes, CISPA, Saarland University & MPI-SWS

Simson Garfinkel, U.S. Census Bureau & U.S. National Institute of Standards and Technology

Michelle L. Mazurek, University of Maryland, College Park

Sascha Fahl, Leibniz University Hannover

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX

@inproceedings {205863,
author = {Christian Stransky and Yasemin Acar and Duc Cuong Nguyen and Dominik Wermke and Doowon Kim and Elissa M. Redmiles and Michael Backes and Simson Garfinkel and Michelle L. Mazurek and Sascha Fahl},
title = {Lessons Learned from Using an Online Platform to Conduct {Large-Scale}, Online Controlled Security Experiments with Software Developers},
booktitle = {10th USENIX Workshop on Cyber Security Experimentation and Test (CSET 17)},
year = {2017},
address = {Vancouver, BC},
url = {https://www.usenix.org/conference/cset17/workshop-program/presentation/stransky},
publisher = {USENIX Association},
month = aug
}

Download

Stransky (PDF)

Log in or Register to post comments

Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers

Open Access Media