An approach to usable security based on event monitoring and visualization

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

An approach to usable security based on event monitoring and visualization

Full text

Pdf (726 KB)

Source

New Security Paradigms Workshop archive
Proceedings of the 2002 workshop on New security paradigms table of contents

Virginia Beach, Virginia

SESSION: Usability table of contents

Pages: 75 - 81

Year of Publication: 2002

ISBN:1-58113-598-X

Authors

Paul Dourish	University of California, Irvine, Irvine, CA
David Redmiles	University of California, Irvine, Irvine, CA

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 13, Downloads (12 Months): 107, Citation Count: 13

Additional Information:

abstract references cited by index terms review collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/844102.844116 What is a DOI?

ABSTRACT

The thorny problem of usability has been recognized in the security community for many years, but has, so far, eluded systematic solution. We characterize the problem as a gap between theoretical and effective levels of security, and consider the characteristics of the problem. The approach we are taking focuses on visibility -- how can we make relevant features of the security context apparent to users, in order to allow them to make informed decisions about their actions and the potential implications of those actions?

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Mark S. Ackerman , Lorrie Cranor, Privacy critics: UI components to safeguard users' privacy, CHI '99 extended abstracts on Human factors in computing systems, May 15-20, 1999, Pittsburgh, Pennsylvania [doi>10.1145/632716.632875]
	2	Mark S. Ackerman , Lorrie Faith Cranor , Joseph Reagle, Privacy in e-commerce: examining user scenarios and privacy preferences, Proceedings of the 1st ACM conference on Electronic commerce, p.1-8, November 03-05, 1999, Denver, Colorado, United States [doi>10.1145/336992.336995]
	3	Anne Adams , Martina Angela Sasse, Users are not the enemy, Communications of the ACM, v.42 n.12, p.40-46, Dec. 1999 [doi>10.1145/322796.322806]
	4	Anne Adams , Martina Angela Sasse , Peter Lunt, Making Passwords Secure and Usable, Proceedings of HCI on People and Computers XII, p.1-19, January 1997
	5	Ames, S., Gasser, M., and Schell, R. 1983. Security Kernel Design and Implementation: An Introduction. IEEE Computer, 16, 7, 14--22.
	6	Ross Anderson, Why cryptosystems fail, Proceedings of the 1st ACM conference on Computer and communications security, p.215-227, November 03-05, 1993, Fairfax, Virginia, United States [doi>10.1145/168588.168615]
	7	Bellotti, V. and Sellen, A. 1993. Design for Privacy in Ubiquitous Computing Environments. Proc. European Conf. Computer-Supported Cooperative Work ECSCW'93, 77--92. Kluwer.
	8	Massimo Bernaschi , Emanuele Gabrielli , Luigi V. Mancini, Operating system enhancements to prevent the misuse of system calls, Proceedings of the 7th ACM conference on Computer and communications security, p.174-183, November 01-04, 2000, Athens, Greece [doi>10.1145/352600.352624]
	9	Marjory S. Blumenthal , David D. Clark, Rethinking the design of the Internet: the end-to-end arguments vs. the brave new world, ACM Transactions on Internet Technology (TOIT), v.1 n.1, p.70-109, Aug. 2001 [doi>10.1145/383034.383037]
	10	Brostoff, S. and Sasse, M. A. 2000. Are Passfaces more usable than passwords? A field trial investigation. In S. McDonald, Y. Waern & G. Cockton (Eds.): People and Computers XIV - Usability or Else! Proceedings of HCI 2000, 405--424. Springer.
	11	Design and evaluation of a wide-area event notification service, ACM Transactions on Computer Systems (TOCS), v.19 n.3, p.332-383, Aug. 2001 [doi>10.1145/380749.380767]
	12	Don Cohen , Martin S. Feather , K. Narayanaswamy , Stephen S. Fickas, Automatic monitoring of software requirements, Proceedings of the 19th international conference on Software engineering, p.602-603, May 17-23, 1997, Boston, Massachusetts, United States [doi>10.1145/253228.253493]
	13	Dorothy E. Denning, An intrusion-detection model, IEEE Transactions on Software Engineering, v.13 n.2, p.222-232, Feb. 1987 [doi>10.1109/TSE.1987.232894]
	14	Prasun Dewan , HongHai Shen, Flexible meta access-control for collaborative applications, Proceedings of the 1998 ACM conference on Computer supported cooperative work, p.247-256, November 14-18, 1998, Seattle, Washington, United States [doi>10.1145/289444.289499]
	15	Dhamija, R. and Perrig, A. 2000. Deja Vu: A User Study. Using Images for Authentication. In Proceedings of the 9th USENIX Security Symposium, Denver, Colorado.
	16	Dourish, P. 1993. Culture and Control in a Media Space. Proc. European Conf. Computer-Supported Cooperative Work ECSCW'93, 125--137. Kluwer.
	17	Paul Dourish , Victoria Bellotti, Awareness and coordination in shared workspaces, Proceedings of the 1992 ACM conference on Computer-supported cooperative work, p.107-114, November 01-04, 1992, Toronto, Ontario, Canada [doi>10.1145/143457.143468]
	18	Paul Dourish , Daniel C. Swinehart , Marvin Theimer, The Doctor Is In: Helping End Users Understand the Health of Distributed Systems, Proceedings of the 11th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Services Management in Intelligent Networks, p.157-168, December 04-06, 2000
	19	Dourish, P. and Byttner, J. 2002. A Visual Virtual Machine for Java Programs: Exploration and Early Experiences. Proc. ICDMS Workshop on Visual Computing (San Francisco, CA.)
	20	Raphael A. Finkel, Pulsar: an extensible tool for monitoring large Unix sites, Software—Practice & Experience, v.27 n.10, p.1163-1176, Oct. 1997 [doi>10.1002/(SICI)1097-024X(199710)27:10<1163::AID-SPE124>3.0.CO;2-N]
	21	Geraldine Fitzpatrick , Tim Mansfield , Simon Kaplan , David Arnold , Ted Phelps , Bill Segall, Augmenting the workaday world with Elvin, Proceedings of the Sixth European conference on Computer supported cooperative work, p.431-450, August 1999, Copenghagen, Denmark
	22	Saul Greenberg , David Marwood, Real time groupware as a distributed system: concurrency control and its effect on the interface, Proceedings of the 1994 ACM conference on Computer supported cooperative work, p.207-217, October 22-26, 1994, Chapel Hill, North Carolina, United States [doi>10.1145/192844.193011]
	23	Ronda R. Henning, Security service level agreements: quantifiable security for the enterprise?, Proceedings of the 1999 workshop on New security paradigms, p.54-60, September 22-24, 1999, Caledon Hills, Ontario, Canada [doi>10.1145/335169.335194]
	24	David M. Hilbert , David F. Redmiles, An approach to large-scale collection of application usage data over the Internet, Proceedings of the 20th international conference on Software engineering, p.136-145, April 19-25, 1998, Kyoto, Japan
	25	Hilbert, D. and Redmiles, D. 2001. Large-Scale Collection of Usage Data to Inform Design, Eighth IFIP TC 13 Conference on Human-Computer Interaction INTERACT 2001 (Tokyo, Japan), 569--576.
	26	Cynthia Irvine , Tim Levin, Toward a Taxonomy and Costing Method for Security Services, Proceedings of the 15th Annual Computer Security Applications Conference, p.183, December 06-10, 1999
	27	Cynthia Irvine , Timothy Levin, Quality of security service, Proceedings of the 2000 workshop on New security paradigms, p.91-99, September 18-21, 2000, Ballycotton, County Cork, Ireland [doi>10.1145/366173.366195]
	28	Kahn, D. 1967. The Codebreakers. Macmillan.
	29	Kantor, M., Redmiles, D. 2001. Creating an Infrastructure for Ubiquitous Awareness, Eighth IFIP TC 13 Conference on Human-Computer Interaction INTERACT 2001 (Tokyo, Japan), 431--438.
	30	John Kelsey , Bruce Schneier , David Wagner , Chris Hall, Cryptanalytic Attacks on Pseudorandom Number Generators, Proceedings of the 5th International Workshop on Fast Software Encryption, p.168-188, March 23-25, 1998
	31	Kemmerer, R., Meadows, C., and Millen, J. 1994. Three Systems for Cryptographic Protocol Analysis. Journal of Cryptology, 7(2), 79--130.
	32	Lakoff, G. 1992. The Contemporary Theory of Metaphor. In Ortony (ed), Metaphor and Thought (2nd Edition). Cambridge University Press.
	33	Lunt, T. and Jagannathan. 1988. A Prototype Real-Time Intrusion-Detection Export System. Proc. IEEE Symposium on Security and Privacy, 59--66. New York: IEEE.
	34	David C. Luckham, Rapide: A Language and Toolset for Causal Event Modeling of Distributed System Architectures, Proceedings of the Second International Conference on Worldwide Computing and Its Applications, p.88-96, March 04-05, 1998
	35	Maglio, P. and Matlock, T. 1999. The Conceptual Structure of Information Space. In Mundo, Benyon, and Hook (eds), Social Nagivation of Information Space, 155--173. Springer.
	36	T. Munzner , E. Hoffman , K. Claffy , B. Fenner, Visualizing the global topology of the MBone, Proceedings of the 1996 IEEE Symposium on Information Visualization (INFOVIS '96), p.85, October 28-29, 1996
	37	Rimmer, J., Wakeman, I., Sheeran, L., and Sasse, M. A. 1999. Examining Users' Repertaoir of Internet Applications. In Sasse and Johnson (eds), Human-Computer Interaction: Proceedings of Interact'99.
	38	Saltzer, J. and Schroeder, M. 1975. The Protection of Information in Computer Systems. Proceedings of the IEEE, 63(9), 1278--1308.
	39	J. H. Saltzer , D. P. Reed , D. D. Clark, End-to-end arguments in system design, ACM Transactions on Computer Systems (TOCS), v.2 n.4, p.277-288, Nov. 1984 [doi>10.1145/357401.357402]
	40	Bruce Schneier, Secrets & Lies: Digital Security in a Networked World, John Wiley & Sons, Inc., New York, NY, 2000
	41	Bruce Schneier , Mudge, Cryptanalysis of Microsoft's point-to-point tunneling protocol (PPTP), Proceedings of the 5th ACM conference on Computer and communications security, p.132-141, November 02-05, 1998, San Francisco, California, United States [doi>10.1145/288090.288119]
	42	di Sessa, A. 1983. Phenomenology and the Evolution of Intuition. In Gentner and Stevens (eds), Mental Models. Hillsdale, NJ: Laurence Erlbaum.
	43	HongHai Shen , Prasun Dewan, Access control for collaborative environments, Proceedings of the 1992 ACM conference on Computer-supported cooperative work, p.51-58, November 01-04, 1992, Toronto, Ontario, Canada [doi>10.1145/143457.143461]
	44	Smaha, S. 1988. Haystack: An Intrusion Detection System. Proc. Aerospace Computer Security Applications Conference, 37--44.
	45	de Souza, C., Basaveswara, S., Redmiles, D. 2002. Lessons Learned Using with Notification Servers to Support Application Awareness, Department of Information and Computer Science, University of California, Irvine, Technical Report #02-11.
	46	E. Spyropoulou , T. Levin , C. Irvine, Calculating costs for quality of security service, Proceedings of the 16th Annual Computer Security Applications Conference, p.334, December 11-15, 2000
	47	D. Thomsen , M. Denz, Incremental assurance for multilevel applications, Proceedings of the 13th Annual Computer Security Applications Conference, p.81, December 08-12, 1997
	48	Wagner, D., Foster, J., Brewer, E., and Aiken, A. 2000. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. Proc. Networked and Distributed Systems Security Symposium. Internet Society.
	49	Dirk Weirich , Martina Angela Sasse, Pretty good persuasion: a first step towards effective password security in the real world, Proceedings of the 2001 workshop on New security paradigms, September 10-13, 2001, Cloudcroft, New Mexico [doi>10.1145/508171.508195]
	50	Whitten, A. and Tygar, J. D. 1999. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Proc. Ninth USENIX Security Symposium.
	51	Mary Ellen Zurko , Richard T. Simon, User-centered security, Proceedings of the 1996 workshop on New security paradigms, p.27-33, September 17-20, 1996, Lake Arrowhead, California, United States [doi>10.1145/304851.304859]

CITED BY 13

	Leysia Palen , Paul Dourish, Unpacking "privacy" for a networked world, Proceedings of the SIGCHI conference on Human factors in computing systems, April 05-10, 2003, Ft. Lauderdale, Florida, USA
	Paul DiGioia , Paul Dourish, Social navigation as a model for usable security, Proceedings of the 2005 symposium on Usable privacy and security, p.101-108, July 06-08, 2005, Pittsburgh, Pennsylvania
	Volker Roth , Kai Richter , Rene Freidinger, A PIN-entry method resilient against shoulder surfing, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
	Nathaniel Good , Rachna Dhamija , Jens Grossklags , David Thaw , Steven Aronowitz , Deirdre Mulligan , Joseph Konstan, Stopping spyware at the gate: a user study of privacy, notice and spyware, Proceedings of the 2005 symposium on Usable privacy and security, p.43-52, July 06-08, 2005, Pittsburgh, Pennsylvania
	Rogério de Paula , Xianghua Ding , Paul Dourish , Kari Nies , Ben Pillet , David Redmiles , Jie Ren , Jennifer Rode , Roberto Silva Filho, Two experiences designing for effective security, Proceedings of the 2005 symposium on Usable privacy and security, p.25-34, July 06-08, 2005, Pittsburgh, Pennsylvania
	Volker Roth , Tobias Straub , Kai Richter, Security and usability engineering with particular attention to electronic mail, International Journal of Human-Computer Studies, v.63 n.1-2, p.51-73, July 2005
	Rogério de Paula , Xianghua Ding , Paul Dourish , Kari Nies , Ben Pillet , David F. Redmiles , Jie Ren , Jennifer A. Rode , Roberto Silva Filho, In the eye of the beholder: a visualization-based approach to information system security, International Journal of Human-Computer Studies, v.63 n.1-2, p.5-24, July 2005
	Ivan Flechais , Jens Riegelsberger , M. Angela Sasse, Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems, Proceedings of the 2005 workshop on New security paradigms, September 20-23, 2005, Lake Arrowhead, California
	Alexander J. DeWitt , Jasna Kuljis, Aligning usability and security: a usability study of Polaris, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania
	Alexander J. DeWitt , Jasna Kuljis, Is usable security an oxymoron?, interactions, v.13 n.3, May + June 2006
	Paul Dourish , E. Grinter , Jessica Delgado de la Flor , Melissa Joseph, Security in the wild: user strategies for managing security as an everyday, practical problem, Personal and Ubiquitous Computing, v.8 n.6, p.391-401, November 2004
	Paul Dourish, What we talk about when we talk about context, Personal and Ubiquitous Computing, v.8 n.1, p.19-30, February 2004
	Kandha Sankarpandian , Travis Little , W. Keith Edwards, Talc: using desktop graffiti to fight software vulnerability, Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, April 05-10, 2008, Florence, Italy

INDEX TERMS

Primary Classification:
K. Computing Milieux
K.4 COMPUTERS AND SOCIETY
K.4.4 Electronic Commerce
Subjects: Security

Additional Classification:
D. Software
D.4 OPERATING SYSTEMS
D.4.6 Security and Protection
Subjects: Invasive software (e.g., viruses, worms, Trojan horses)

K. Computing Milieux
K.4 COMPUTERS AND SOCIETY
K.4.1 Public Policy Issues
Subjects: Privacy
K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
K.6.5 Security and Protection (D.4.6, K.4.2)
Subjects: Unauthorized access (e.g., hacking, phreaking)

General Terms:
Performance, Security

Keywords:
event monitoring, mental models, usability, visualization

REVIEW

"Gordon B. Davis : Reviewer"

This is essentially a progress report on a project investigating a different approach to usable security in networked systems. The report focuses on the underlying concepts of the approach being developed and tested.

The approach separates e more...

Collaborative Colleagues:

Paul Dourish: colleagues

David Redmiles: colleagues

Adobe Acrobat

QuickTime

Windows Media Player

Real Player