Results 1 - 10
of
14
User Interaction Design for Secure Systems
- 4TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATIONS SECURITY (ICICS 2002)
, 2002
"... The security of any computer system that is configured
and operated by human beings critically depends on the
information conveyed by the user interface, the decisions
of the computer users, and the interpretation of their
actions. We establish some starting points for reasoning
about security from ..."
Abstract
-
Cited by 102 (4 self)
- Add to MetaCart
(Show Context)
The security of any computer system that is configured
and operated by human beings critically depends on the
information conveyed by the user interface, the decisions
of the computer users, and the interpretation of their
actions. We establish some starting points for reasoning
about security from a user-centred point of view, by
modelling a system in terms of actors and actions and
introducing the concept of the subjective actor-ability
state. We identify ten key principles for user interaction
design in secure systems and give case studies to
illustrate and justify each principle, describing real-world
problems and possible solutions. We anticipate that this
work will help guide the design and evaluation of secure
systems.
Pretty Good Persuasion: A first step towards effective password security for the Real World
- Proceedings of the New Security Paradigms Workshop, 10-13 September, Cloudcroft, NM
, 2001
"... A, Sasse @ cs. ucl.ac, uk In the past, research on password mechanisms has focussed almost entirely on technical issues. Only in recent years has the security research community acknowledged that user behavior plays a part in many security failures, and that policies alone may not be sufficient to e ..."
Abstract
-
Cited by 76 (7 self)
- Add to MetaCart
(Show Context)
A, Sasse @ cs. ucl.ac, uk In the past, research on password mechanisms has focussed almost entirely on technical issues. Only in recent years has the security research community acknowledged that user behavior plays a part in many security failures, and that policies alone may not be sufficient to ensure correct behavior. We argue that password mechanisms and their users form a socio-technical system, whose effectiveness relies strongly on users ' willingness to make the extra effort that security-censcious behavior requires. In most organizations, users cannot be forced to comply; rather, they have to be persuaded to do so. Ultimately, the mechanisms themselves, policies, tutorials, training and the general discourse have to be designed with their persuasive power in mind. We present the results of a first study that can guide such persuasive efforts, and describe methods that can be used to persuade users to employ proper password practice. KEYWORDS security, passwords, user-centered design, cognitive task analysis, user training ~ motivation mental models, 1.
Computer security impaired by legitimate users
- Computers & Security
, 2004
"... Abstract. Computer security has traditionally been assessed from a technical point of view. One other view is about the role played by legitimate users of systems in impairing the level of protection. In order to address this issue, we wish to adopt a multidisciplinary standpoint and investigate som ..."
Abstract
-
Cited by 45 (1 self)
- Add to MetaCart
(Show Context)
Abstract. Computer security has traditionally been assessed from a technical point of view. One other view is about the role played by legitimate users of systems in impairing the level of protection. In order to address this issue, we wish to adopt a multidisciplinary standpoint and investigate some of the human aspects involved in computer security. From research in psychology, it is known that people make biased decisions. They sometimes overlook rules in order to gain maximum benefits for the cost of a given action. This situation leads to insidious security lapses whereby the level of protection is traded-off against usability. In this paper, we highlight the cognitive processes underlying such security impairments. At the end of the paper, we propose a short usability-centered set of recommendations.
Making Security Usable
, 2004
"... or implied, of those organizations or of the United States government. ..."
Abstract
-
Cited by 27 (0 self)
- Add to MetaCart
or implied, of those organizations or of the United States government.
ABSTRACT Towards Understanding IT Security Professionals and Their Tools
"... We report preliminary results of our ongoing field study of IT professionals who are involved in security management. We interviewed a dozen practitioners from five organizations to understand their workplace and tools. We analyzed the interviews using a variation of Grounded Theory and predesigned ..."
Abstract
-
Cited by 26 (11 self)
- Add to MetaCart
We report preliminary results of our ongoing field study of IT professionals who are involved in security management. We interviewed a dozen practitioners from five organizations to understand their workplace and tools. We analyzed the interviews using a variation of Grounded Theory and predesigned themes. Our results suggest that the job of IT security management is distributed across multiple employees, often affiliated with different organizational units or groups within a unit and responsible for different aspects of it. The workplace of our participants can be characterized by their responsibilities, goals, tasks, and skills. Three skills stand out as significant in the IT security management workplace: inferential analysis, pattern recognition, and bricolage. Categories and Subject Descriptors K.6.5 [Management of Computing and Information
Cultures of Trust: A Cross-Cultural Study on the Formation of Trust in an Electronic Environment
- In Proceedings of the 3rd Nordic Workshop on Security (NordSec 2000) (Reykjavik
, 2000
"... In this paper we present a cross-cultural comparison on users' perception on computer security issues, with a special emphasis on the notion of trust. The study was conducted by bringing together two previous approaches on trust: the user studies conducted previously in Finland were repeated in ..."
Abstract
-
Cited by 7 (1 self)
- Add to MetaCart
In this paper we present a cross-cultural comparison on users' perception on computer security issues, with a special emphasis on the notion of trust. The study was conducted by bringing together two previous approaches on trust: the user studies conducted previously in Finland were repeated in Sweden, with only slight alterations to account for national features, such as language and choice of national examples, in order to track down cultural variation in how users perceive trust in the electronic world. The outcome is a to-the-point description of when, where, and how the designer or system builder should take cultural issues into account when trying to convince an online shopper of his trustworthiness. Also, the checklist for the designer, presented as the outcome of the Finnish user study, is further elaborated and refined based on these new results. KEYWORDS: trust, culture, cross-cultural, globalization, usability, user interviews, computer security, BATE model 1. INTRODUCTION...
Authentication for Remote Voting
"... Authentication is an important part of the voting process, both for the voting system authenticating the human as a legitimate voter without sacrificing secret balloting, and for the voter authenticating the vote recorder. Voters want the capability to vote remotely, but this makes both directions o ..."
Abstract
-
Cited by 5 (0 self)
- Add to MetaCart
(Show Context)
Authentication is an important part of the voting process, both for the voting system authenticating the human as a legitimate voter without sacrificing secret balloting, and for the voter authenticating the vote recorder. Voters want the capability to vote remotely, but this makes both directions of authentication more difficult. Human factors are a crucial part of the authentication process. In particular, the system for authenticating the vote recorder must be designed in a way that ensures the human cannot be easily tricked into trusting an illegitimate recorder and so that the voter has confidence in the integrity of the voting process. In this paper, we discuss some of the issues associated with Internet-based remote voting and argue that visual cryptography offers a promising way to provide both satisfactory authentication and secret ballot guarantees.
A Framework for Evaluating the Usability and the Utility of PKI-enabled Applications
- 1st European PKI Workshop Research and Applications 2004. (1st EuroPKI
, 2004
"... Besides the pure technical features, the usability of a PKIenabled application plays a crucial role since the best security application will fail in practice if its usability is insu#cient. ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
Besides the pure technical features, the usability of a PKIenabled application plays a crucial role since the best security application will fail in practice if its usability is insu#cient.
Pittsburgh, PA 15213Empowering Ordinary Consumers to Securely Configure their Mobile Devices and Wireless Networks
, 2005
"... Despite the best efforts of application designers, security configuration interfaces are hard to use. The conventional wisdom for designing consumer applications does not work for designing security applications. Using 802.11 networks as a case study, we present a set of principles for the design of ..."
Abstract
- Add to MetaCart
(Show Context)
Despite the best efforts of application designers, security configuration interfaces are hard to use. The conventional wisdom for designing consumer applications does not work for designing security applications. Using 802.11 networks as a case study, we present a set of principles for the design of configuration interfaces. The key insight is that users have a difficult time translating their goals for wireless network security into specific feature configurations. We design and implement a configuration interface that guides users through an 802.11 wireless network configuration. We overcome users ’ configuration difficulties by automating the translation from high-level goals to low-level feature configurations. The design empowers non-expert users to securely configure their networks as well as expert users. We also design and conduct a user study which demonstrates that users perform dramatically better using our prototype, as compared with the two most popular commercial access points. In general, our research addresses problems that are common across mobile system configurations. 1
