Visible to the public Deploying the Security Behavior Observatory: An Infrastructure for Long-term Monitoring of Client Machines

SoS Newsletter- Advanced Book Block

Deploying the Security Observatory

Carnegie-Mellon Lablet:
Alain Forget, Jeremy Thomas, Alessandor Acquisti, Nicolas Christin, Lorrie Faith Cranor, Rahul Telang

Serge Egelman, UC Berkeley; Stephen Strotmeyer, Jr., Rob Keene, Scott Beach, University of Pittsburgh

Dr. Alain Forget presented on the design architecture and deployment of Carnegie-Mellon University's Security Behavior Observatory (SBO), which aims to identify privacy and security challenges faced by users and how to solve them. The SBO studies the user at home, analyzes how malware infects in the wild, and observes changes in computers and their users over time. Participants of the study agree to install CMU software onto their home computers, which allows data to be continually collected. In order to provide usage data for multiple research areas and to answer broad questions, the implemented SBO is a scalable client-server infrastructure designed to collect user behavior data over a long period of time, in this case several years. The SBO infrastructure was designed to scale with the desired length, breadth, and depth of data collection; take extraordinary care to ensure the security and privacy of the collected data, which will inevitably include intimate details about participants' behavior; and serve research interests which will change over the course of the study, as collected data is analyzed, interpreted, and suggest further lines of inquiry.

Example research questions address computer infections, warning dialogs, security and privacy systems, and online social networks. Some research questions posed included:

  • How do computers in the wild actually get infected?
  • How long does it take for a clean machine to be infected?
  • What dialogs do users encounter most often in the wild?
  • How do users respond to the dialogs they encounter?
  • Which, how, and how often do people use these systems?
  • How up-to-date do users keep their software and OSes?
  • What are users' privacy settings?
  • Do they ever change and if so, why?

The pilot study was determined successful since all software functions correctly, all sensors collect the intended data; data is securely transferred and stored, and silent updates push fixes and improvements.

Reach Professor Alain Forget at:
See the Technical Report at:



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.