Date of Award

2023

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Computer Science

Committee Chair

Feng Zhu

Committee Member

Haeyong Chung

Committee Member

Jacob Hauenstein

Committee Member

Chaity Banerjee

Committee Member

Jodi Price

Subject(s)

Eye tracking, Eye tracking--Analysis, Computer security, Computer programming

Abstract

Secure coders' experiences and their proficiency vary greatly, and any overlooked software security flaws in code can lead to costly repercussions in deployed software applications. The techniques that secure coders utilize to analyze source code and develop mitigation strategies for security flaws are not well understood. Gaining a proper understanding of how coders approach finding and mitigating security flaws can help us efficiently and accurately discover and resolve such issues. One potentially beneficial technique is to collect, analyze, and visualize eye gazes that capture their coding patterns and behaviors. Our systematic literature survey focused on published methods for multiple types of static and dynamic changing eye tracking stimuli, with a particular emphasis on techniques using multiple participant-editable types of stimuli presented simultaneously to simulate a realistic software coding experience. Our work proposes an eye tracking design and analysis framework that breaks down the various stages of software coding. Our decision matrix maps objectives for software programming to analyze techniques for comparing eye gazes among software developers. This involved investigating the limitations of current visualization methods, specifically for user-controlled dynamic stimuli. Our investigation involved using eye tracking technologies to capture how developers write code, use tools, and read natural language documents and instructions. The study encompassed a wide range of tasks, including simultaneously reading documentation, writing code, and using security source coding analysis tools. Software developer tasks and individual actions create complexity in designing eye tracking experiments and analyzing the collected eye gazes. Our approach allows us to explore behaviors across a range of tasks for a single secure coder and among different coders. New visualization techniques were developed to investigate behaviors during secure coding tasks including methods to present transitions among components within and between applications, as well as present coders' attention levels during secure coding. Our contributions include a literature survey, framework design, secure coding learning modules, scrollable and modifiable eye tracking stimuli analysis, pupil diameter changes analysis, and stimuli presented in different sequences based on individual participants' behavior. Our contributions focus on comparing and contrasting multiple visualization methods for eye tracking stimuli.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.