Nicolás E. Díaz Ferreyra

selected publications

1. EuroUSEC ’22

   ENAGRAM: An App to Evaluate Preventative Nudges for Instagram

   Díaz Ferreyra, Nicolás E., Ostendorf, Sina,  Aïmeur, Esma and 2 more authors

   In 2022 European Symposium on Usable Security (EuroUSEC 2022) 2022

   Abs arXiv Bib

   Online self-disclosure is perhaps one of the last decade’s most studied communication processes, thanks to the introduction of Online Social Networks (OSNs) like Facebook. Self-disclosure research has contributed significantly to the design of preventative nudges seeking to support and guide users when revealing private information in OSNs. Still, assessing the effectiveness of these solutions is often challenging since changing or modifying the choice architecture of OSN platforms is practically unfeasible. In turn, the effectiveness of numerous nudging designs is supported primarily by self-reported data instead of actual behavioral information. OBJECTIVE: This work presents ENAGRAM, an app for evaluating preventative nudges, and reports the first results of an empirical study conducted with it. Such a study aims to showcase how the app (and the data collected with it) can be leveraged to assess the effectiveness of a particular nudging approach. METHOD: We used ENAGRAM as a vehicle to test a risk-based strategy for nudging the self-disclosure decisions of Instagram users. For this, we created two variations of the same nudge (i.e., with and without risk information) and tested it in a between-subjects experimental setting. Study participants (N=22) were recruited via Prolific and asked to use the app regularly for 7 days. An online survey was distributed at the end of the experiment to measure some privacy-related constructs. RESULTS: From the data collected with ENAGRAM, we observed lower (though non-significant) self-disclosure levels when applying risk-based interventions. The constructs measured with the survey were not significant either, except for participants’ External Information Privacy Concerns (EIPC). IMPLICATIONS: Our results suggest that (i) ENAGRAM is a suitable alternative for conducting longitudinal experiments in a privacy-friendly way, and (ii) it provides a flexible framework for the evaluation of a broad spectrum of nudging solutions.

   @inproceedings{diaz2022eusec,
     author = {D\'{i}az Ferreyra, Nicol\'{a}s E. and Ostendorf, Sina and A\"{i}meur, Esma and Heisel, Maritta and Brand, Matthias},
     year = {2022},
     doi = {https://doi.org/10.1145/3549015.3555674},
     title = {ENAGRAM: An App to Evaluate Preventative Nudges for Instagram},
     booktitle = {2022 European Symposium on Usable Security (EuroUSEC 2022)},
   }

2. OSNEM

   Community Detection for Access-Control Decisions: Analysing the Role of Homophily and Information Diffusion in Online Social Networks

   Díaz Ferreyra, Nicolás E., Hecking, Tobias,  Aïmeur, Esma and 2 more authors

   Online Social Networks and Media 2022

   Abs Bib HTML

   Access-Control Lists (ACLs) (a.k.a. “friend lists”) are one of the most important privacy features of Online Social Networks (OSNs) as they allow users to restrict the audience of their publications. Nevertheless, creating and maintaining custom ACLs can introduce a high cognitive burden on average OSNs users since it normally requires assessing the trustworthiness of a large number of contacts. In principle, community detection algorithms can be leveraged to support the generation of ACLs by mapping a set of examples (i.e. contacts labelled as “untrusted”) to the emerging communities inside the user’s ego-network. However, unlike users’ access-control preferences, traditional community-detection algorithms do not take the homophily characteristics of such communities into account (i.e. attributes shared among members). Consequently, this strategy may lead to inaccurate ACL configurations and privacy breaches under certain homophily scenarios. This work investigates the use of community-detection algorithms for the automatic generation of ACLs in OSNs. Particularly, it analyses the performance of the aforementioned approach under different homophily conditions through a simulation model. Furthermore, since private information may reach the scope of untrusted recipients through the re-sharing affordances of OSNs, information diffusion processes are also modelled and taken explicitly into account. Altogether, the removal of gatekeeper nodes is further explored as a strategy to counteract unwanted data dissemination.

   @article{diaz2022osnem,
     volume = {29},
     pages = {100203},
     year = {2022},
     issn = {2468-6964},
     doi = {https://doi.org/10.1016/j.osnem.2022.100203},
     title = {Community Detection for Access-Control Decisions: Analysing the Role of Homophily and Information Diffusion in Online Social Networks},
     journal = {Online Social Networks and Media},
     author = {Díaz Ferreyra, Nicolás E. and Hecking, Tobias and Aïmeur, Esma and Heisel, Maritta and Hoppe, H. Ulrich},
     keywords = {information diffusion, access control, online social networks, community detection, homophily}
   }

3. ARES ’22

   SoK: Security of Microservice Applications: A Practitioners’ Perspective on Challenges and Best Practices

   Billawa, Priyanka, Bambhore Tukaram, Anusha,  Díaz Ferreyra, Nicolás E. and 3 more authors

   In International Conference on Availability, Reliability and Security (ARES) 2022
4. MSR ’22

   Vul4J: A Dataset of Reproducible Java Vulnerabilities Geared Towards the Study of Program Repair Techniques

   Bui, Quang-Cuong, Scandariato, Riccardo,  and Díaz Ferreyra, Nicolás E.

   In International Conference on Mining Software Repositories (MSR) 2022
5. preprint

   Cybersecurity Discussions in Stack Overflow: A Developer-Centred Analysis of Engagement and Self-Disclosure Behaviour

   Díaz Ferreyra, Nicolás E., Vidoni, Melina,  Heisel, Maritta and 1 more author

   2022

   Abs arXiv Bib

   Stack Overflow (SO) is a popular platform among developers seeking advice on various software-related topics, including privacy and security. As for many knowledge-sharing websites, the value of SO depends largely on users’ engagement, namely their willingness to answer, comment or post technical questions. Still, many of these questions (including cybersecurity-related ones) remain unanswered, putting the site’s relevance and reputation into question. Hence, it is important to understand users’ participation in privacy and security discussions to promote engagement and foster the exchange of such expertise. Objective: Based on prior findings on online social networks, this work elaborates on the interplay between users’ engagement and their privacy practices in SO. Particularly, it analyses developers’ self-disclosure behaviour regarding profile visibility and their involvement in discussions related to privacy and security. Method: We followed a mixed-methods approach by (i) analysing SO data from 1239 cybersecurity-tagged questions along with 7048 user profiles, and (ii) conducting an anonymous online survey (N=64). Results: About 33% of the questions we retrieved had no answer, whereas more than 50% had no accepted answer. We observed that "proactive" users tend to disclose significantly less information in their profiles than “reactive” and “unengaged” ones. However, no correlations were found between these engagement categories and privacy-related constructs such as Perceived Control or General Privacy Concerns. Implications: These findings contribute to (i) a better understanding of developers’ engagement towards privacy and security topics, and (ii) to shape strategies promoting the exchange of cybersecurity expertise in SO.

   @article{diaz2022sodis,
     title = {{Cybersecurity Discussions in Stack Overflow: A Developer-Centred Analysis of Engagement and Self-Disclosure Behaviour}},
     year = {2022},
     author = {D\'{i}az Ferreyra, Nicol\'{a}s E. and Vidoni, Melina and Heisel, Maritta and Scandariato, Ricardo},
     note = {{Submitted for publication}},
   }

6. EASE ’22

   Conversational DevBots for Secure Programming: An Empirical Study on SKF Chatbot

   Tony, Catherine, Balasubramanian, Mohana,  Díaz Ferreyra, Nicolás E. and 1 more author

   In Evaluation and Assessment in Software Engineering (EASE) 2022

   Abs Bib HTML

   Conversational agents or chatbots are widely investigated and used across different fields including healthcare, education, and marketing. Still, the development of chatbots for assisting secure coding practices is in its infancy. In this paper, we present the results of an empirical study on SKF chatbot, a software-development bot (DevBot) designed to answer queries about software security. To the best of our knowledge, SKF chatbot is one of the very few of its kind, thus a representative instance of conversational DevBots aiding secure software development. In this study, we collect and analyse empirical evidence on the effectiveness of SKF chatbot, while assessing the needs and expectations of its users (i.e., software developers). Furthermore, we explore the factors that may hinder the elaboration of more sophisticated conversational security DevBots and identify features for improving the efficiency of state-of-the-art solutions. All in all, our findings provide valuable insights pointing towards the design of more context-aware and personalized conversational DevBots for security engineering.

   @inproceedings{tony2022ease,
     title = {{Conversational DevBots for Secure Programming: An Empirical Study on SKF Chatbot}},
     booktitle = {Evaluation and Assessment in Software Engineering (EASE)},
     publisher = {ACM},
     year = {2022},
     doi = {https://doi.org/10.1145/3530019.3535307},
     author = {Tony, Catherine and Balasubramanian, Mohana and D\'{i}az Ferreyra, Nicol\'{a}s E. and Scandariato, Riccardo},
   }