Usable Security (Part 1 Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors ( Principles of Designing Secure Systems 1. 2. 3. 4. 5.

6. Least privilege Fail-safe defaults Economy of mechanism Complete mediation Open Design Separation of privilege 7. 8. 9.

10. Least common mechanism Psychological Acceptability Defense in depth Question assumptions Principles of Designing Secure Systems 1. 2.

3. 4. 5. 6. 7. 8. 9. 10. Least privilege Psychological Acceptability Fail-safe defaults Economy of mechanism Hide complexity introduced by

Complete mediation security mechanisms Open Design Ease of installation, configuration, use Separation of privilege Least common mechanism Human factors critical here Psychological Acceptability Defense in depth Question assumptions Usable Security "A computer is secure if you can depend on it and its software to behave as you

expect." Garfinkel & Spafford Humans are often the weak link in the security chain. POP! A Key Usable Security Problem Security is a secondary task Nobody buys a computer so they can spend

time securing it. Time we spend configuring security and privacy tools is time we are not spending doing what we really want to be doing with our computers Other Key Usability Problems Security systems and solutions are often complex If the user cannot understand it, costly errors

will occur Diverse users with diverse skills and diverse knowledge need to incorporate security in their daily lives Grand Challenge Give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future.

- Computing Research Association 2003 Approaches to usable security Make it just work Invisible security Make security/privacy understandable Make

it visible Make it intuitive Use metaphors that users can relate to Train the user Help Users Make Decisions Developers should

not expect users to make decisions they themselves cant make Present choices, not dilemmas Users Dont Check Certificates Making concepts understandable Making security and privacy visible

Users could better manage online privacy and security if cues were more visible Cues must be understandable Symbols & Metaphors Cookie flag Netscape SSL icons IE6 cookie flag

Firefox SSL icon Privacy Bird Icons Web site privacy policies Many posted, few read Privacy policy matches users privacy preferences Privacy policy does not match users privacy

preferences How do we know if a security or privacy cue is usable? Evaluate it Why is it there? Do users notice it? Do they know what it means? Do they know what they are supposed to do when they see it?

Will they actually do it? Will they keep doing it? Designing and Developing Usable and Secure Systems Requirements gathering Iterative design and development process Prototype evaluation Design walkthroughs Heuristic evaluation Usability tests Lab

or field studies Heuristic Evaluations Discount usability technique Experts adopt the role of target users Review the prototype and identify issues Complete core scenarios developed from requirements gathering Identify usability issues through the

application of design guidelines General Usability Heuristics Heuristics as guidelines Simple and natural dialogue Speak the users' language Minimize user memory load Be consistent Provide feedback Provide clearly marked exits

Provide shortcuts Deal with errors in positive and helpful manner Provide help and documentation Specialized Usability Heuristics Several specialized guidelines may apply Web: Principles for Secure Systems (2002)

Path of Least Resistance

Maintain accurate awareness of the user's own authority to access resources. Draw distinctions among objects and actions along boundaries relevant to the task. Identifiability Enable the user to express safe

security policies in terms that fit the user's task. Relevant Boundaries Protect the user's channels to agents that manipulate authority on the user's behalf. Expressiveness

Maintain accurate awareness of others' authority as relevant to user decisions. Self-Awareness Offer the user ways to reduce others' authority to access the user's resources.

Visibility Trusted Path Grant authority to others in accordance with user actions indicating consent. Revocability

Match the most comfortable way to do tasks with the least granting of authority. Active Authorization Present objects and actions using distinguishable, truthful appearances. Foresight

Indicate clearly the consequences of decisions that the user is expected to make. Guidelines for Security Interfaces (2007) Users should: Be reliably made aware of the security tasks they must perform

Be able to figure out how to successfully perform those tasks Not make dangerous errors Be sufficiently comfortable with the interface to continue using it Be able to tell when their task has been completed Have sufficient feedback to accurately determine the current state of the system

Recently Viewed Presentations

  • Functional Groups - La Salle University

    Functional Groups - La Salle University

    Functional Groups * Alkenes Ethene (ethylene) is a major industrial feedstock Used in the production of ethanol, ethylene oxide and the polymer polyethylene Propene (propylene) is also very important in industry Molecular formula C3H6 Used to make the polymer polypropylene...
  • IOW AA BO BC OK By: K Dan

    IOW AA BO BC OK By: K Dan

    The Council Bluffs Parks and Rec. Dept. has done a beautiful job renovating the monument! It extends to the edge of a bluff where you can see the river and the Omaha skyline in full view. There are modern bathrooms,...
  • ECERS-R - Early Change

    ECERS-R - Early Change

    Early Change Geography 118 Early Educators Greece 17 educators Portugal 21 educators Denmark 14 educators Finland 30 educators Romania 16 educators Cyprus 20 educators With the support of the Lifelong Learning Programme of the European Union ECERS-R Early Childhood Environment...
  • EB711 Lecture 10

    EB711 Lecture 10

    Selection Bias in a Case-Control Study. Recall: Cases from the hospital and controls come from the neighborhood around the hospital. Now for the bias: Only controls who were at home at the time the researchers came around to recruit for...


    Diversity & Social Cohesion: an Insight. Government of Canada recognizes the diversity of Canadians as regards race, national or ethnic origin, colour and religion as a fundamental characteristic of Canadian society and is committed to a policy of multiculturalism designed...
  • Lesson 04 Decision Making - College of Charleston

    Lesson 04 Decision Making - College of Charleston

    Decision Making The operations manager is a planner and a decision maker in environments of risk, uncertainty and certainty. Example 6: Determine the Expected Value of Perfect Information (EVPI) for the payoff table shown below using "expected" regret.
  • Canine Monocytic Ehrlichiosis Paul R EarlFacultad de Ciencias

    Canine Monocytic Ehrlichiosis Paul R EarlFacultad de Ciencias

    DIAGNOSIS The majority of CME cases occur in endemic areas during the spring and summer months when the tick population is most active. Diagnosis of CME is based on anamnesis, clinical presentation, clinical pathological findings and confirmed by laboratory tests....
  • Strategic Plan Development

    Strategic Plan Development

    Department of Social Protection (EURES) Department of Social Protection (INTREO) 47 44 34 29 22 10 1 HCAs Referrals from existing staff Advertising on career websites Recruitment agencies Social media Other Department of Social Protection (EURES) Department of Social Protection...