My name is Nalin Asanka Gamagedara Arachchilage (too long, isn't it? I admit that this can be confusing sometime). I am a Lecturer in Cyber Security in the Australian Centre for Cyber Security (ACCS) at the University of New South Wales (UNSW Canberra at the Australian Defence Force Academy). I hold a PhD in Usable Security entitled “Security Awareness of Computer Users: A Game Based Learning Approach” from Brunel University London, UK...view more
My name is Nalin Asanka Gamagedara Arachchilage (too long, isn't it? I admit that this can be confusing sometime). I am a Lecturer in Cyber Security in the Australian Centre for Cyber Security (ACCS) at the University of New South Wales (UNSW Canberra at the Australian Defence Force Academy). I hold a PhD in Usable Security entitled “Security Awareness of Computer Users: A Game Based Learning Approach” from Brunel University London, UK (External examiner: Professor David Benyon). My research focused on developing a game design framework to protect computer users against "phishing attacks". I obtained a BSc (MIS) Hons from University College Dublin, National University of Ireland and have completed a master's degree, MSc in Information Management and Security at the University of Bedfordshire, UK. I'm a Sun Certified Java Programmer (SCJP) at Sun Microsystems (now Oracle), USA. I am also a professional member of Association for Computing Machinery (ACM).
My main research interests are Usable Security and Privacy, Cyber Security, Economics of Security & Privacy, Trust, Cybercrime, HCI, Mobile HCI, Serious Games for Cyber Security Education and e-Learning Security. My research is inter-disciplinary in nature and has published numerous articles at reputed international conferences and journals.
Prior to undertaking my current position at the University of New South Wales (UNSW Canberra at ADFA), I worked as Research Fellow in Usable Security and Privacy in the Laboratory of Education and Research in Software Security Engineering (LERSSE) at the University of British Columbia (UBC), Canada. Before moving to Vancouver, I was a Postdoctoral Researcher in Systems Security Engineering in the Cyber Security Center, Department of Computer Science at Oxford University.
I worked on a number of lecturing positions in Computer Science at Brunel University, University of Bedfordshire, Westminster University and Central Bedfordshire College in the UK. Before moving to UNSW Canberra, I briefly worked as Sessional Lecturer in Computer Science at Deakin University, Victoria University and Central Queensland University (CQUniversity) in Melbourne, Australia. Apart from my academic career, I also worked on a number of software engineering roles ranging from Programmer, Software Engineer to IT Manager where I gained hands-on experience and skills on various technologies such as Java, Java EE, Java ME, Php, HTML, XML, R-DBMS, Oracle, MySQL, UML, Linux (Ubuntu), Android SDK, Netbeans and Eclipse. I have also gone through a Linux Network Administration training program.
My primary research interests are at the intersection of computer security, human computer interaction (HCI), and on-line privacy, in an area known as usable security and privacy. Many aspects of computer security synthesize technical and human factors. If a highly secure system is unusable, users will try to by pass the system or move entirely to less secure but more usable systems. Problems with usability contribute to many high-prole security failures today in the technology-filled world. Nevertheless, usable security is not well-aligned with traditional usability for some reasons. First, security is not very often the primary task of the user. In most cases, security is not the primary purpose of using a computer. People use computers to shop, socialize, communicate, and be educated and entertained. Many applications handle security issues through security alerts that interrupt users primary task. Therefore, users represent security as a secondary task. Whenever security is secondary, it opposes the usability of the primary task: users find it is distracting and therefore they would rather ignore, circumvent, or even defeat. Second, securing information is about understanding risk and threats. Unlike traditional research in HCI, (usable) security and privacy focuses on the context of an adversary whose goals are to manipulate the user rather than breaking into the system straightaway. Therefore, this poses a great challenge for researchers, who need to model and reason about how the adversaries (i.e. bad guys) will make their attacks successful. Of course, it is rather important to understand how the user behaviours can be leveraged to protect themselves from cyber attacks. Such communication is most often unwelcome in the HCI community. Increasing unwelcome interaction is not a goal of usable security and privacy design. Third, discrete technical problems are all well-understood under the umbrella of on-line security and privacy (e.g., attacks such as phishing, malware, spyware, social engineering, Distributed Denial-of-Service or DDoS attack). A broader concept of both security and usability is therefore required for usable security. My goals are to investigate how users manage their security and privacy in existing systems in order to design new systems that achieve better privacy and security solutions by taking end users into account.
In future work, I plan to apply my research expertise and skills to applications that are likely to have high social value and impact. In particular, my expertise is in user requirements analysis, data collection, data analysis functional interface design and development, experimental design, and information visualization. I will continue to apply this expertise to the many real world research problems on the human aspects of computer security and privacy. My immediate research goal is to continue my work on studying: improving security APIs, serious games for cyber security education (e.g. designing games to thward phishing attaks, usable access control games), personal cyber risk management planning, security and privacy in wearable embedded systems, privacy-preserving e-healthcare system and fall-back authentication mechanism.
***I'm always looking for good PhD students and Postdoctoral Researchers to work on "usable security and privacy" research, especially "designing secure systems that people can use"***
When emailing, I use and encourage the use of GPG, so called GnuPG (equivalent to PGP). I prefer to receive encrypted email messages. Please use the key (Expires: 30 August 2020) below if you wish to send me encrypted email messages.
Improving usability of security APIs: Software companies are placing more burden on the API (Application Programming Interface) developers to create usable security mechanisms as a result of continuing research into encouraging secure user behavior. Let's assume that API developers create an API which is read-only. Therefore, the application developer can only view information but cannot alter the information in the API's data under any circumstances. For example, API for stock market allows developers to request data (i.e. the value) on the current stock. However, what if…