Moving from the design of usable security technologies to the design of useful secure applications

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Moving from the design of usable security technologies to the design of useful secure applications

Full text

Pdf (795 KB)

Source

New Security Paradigms Workshop archive
Proceedings of the 2002 workshop on New security paradigms table of contents

Virginia Beach, Virginia

SESSION: Usability table of contents

Pages: 82 - 89

Year of Publication: 2002

ISBN:1-58113-598-X

Authors

D. K. Smetters	PARC, Palo Alto, CA
R. E. Grinter	PARC, Palo Alto, CA

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 11, Downloads (12 Months): 139, Citation Count: 17

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/844102.844117 What is a DOI?

ABSTRACT

Recent results from usability studies of security systems have shown that end-users find them difficult to adopt and use. In this paper we argue that improving the usability of security technology is only one part of the problem, and that what is missed is the need to design usable and useful systems that provide security to end-users in terms of the applications that they use and the tasks they want to achieve. We propose alternate ways of building and integrating security technologies into applications and usability methods for evaluating how successful our prototypes are. We believe that the end results of designing usable and useful (from the end-user perspective) systems will be secure applications which will reflect the needs of users who are increasingly using computers away from the office and in a wider variety of networked configurations.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Anne Adams , Martina Angela Sasse, Users are not the enemy, Communications of the ACM, v.42 n.12, p.40-46, Dec. 1999 [doi>10.1145/322796.322806]
	2	R. Anderson, Why Information Security is Hard-An Economic Perspective, Proceedings of the 17th Annual Computer Security Applications Conference, p.358, December 10-14, 2001
	3	Ross J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, John Wiley & Sons, Inc., New York, NY, 2001
	4	D. Balfanz, D. K. Smetters, P. Stewart, and H. C. Wong. Talking to strangers: Authentication in ad-hoc wireless networks. In Proceedings of Network and Distributed System Security Symposium 2002 (NDSS'02), San Diego, CA, February 2002.
	5	D. J. Barrett and R. E. Silverman. SSH The Secure Shell. O'Reilly, 2001.
	6	T. A. Berson. Cryptographic abundance. Technology Review, 105:90--93, 2002.
	7	Hugh Beyer, Contextual Design: Defining Customer-Centered Systems, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1997
	8	Bob Blakley, The Emperor's old armor, Proceedings of the 1996 workshop on New security paradigms, p.2-16, September 17-20, 1996, Lake Arrowhead, California, United States [doi>10.1145/304851.304855]
	9	R. Blakley. Security design patterns. http://www.opengroup.org/security/gsp.htm.
	10	Dan Boneh , Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.213-229, August 19-23, 2001
	11	R. Dhamija and A. Perrig. Dejà vu: A user study using images for authentication. In Proceedings of the 9th USENIX Security Symposium, 2000.
	12	T. Dierks and C. Allen. The TLS Protocol Version 1.0. IETF - Network Working Group, The Internet Society, January 1999. RFC 2246.
	13	W. Keith Edwards , Rebecca E. Grinter, At Home with Ubiquitous Computing: Seven Challenges, Proceedings of the 3rd international conference on Ubiquitous Computing, p.256-272, September 30-October 02, 2001, Atlanta, Georgia, USA
	14	W. Keith Edwards , Mark W. Newman , Jana Z. Sedivy , Trevor F. Smith , Dirk Balfanz , D. K. Smetters , H. Chi Wong , Shahram Izadi, Using speakeasy for ad hoc peer-to-peer collaboration, Proceedings of the 2002 ACM conference on Computer supported cooperative work, November 16-20, 2002, New Orleans, Louisiana, USA [doi>10.1145/587078.587114]
	15	C. M. Ellison. Establishing identity without certification authorities. In Proceedings of the 6th USENIX Security Symposium, San Jose, July 1996.
	16	Refactoring: improving the design of existing code, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1999
	17	Erich Gamma , Richard Helm , Ralph Johnson , John Vlissides, Design patterns: elements of reusable object-oriented software, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1995
	18	Rebecca E. Grinter, Supporting articulation work using software configuration management systems, Computer Supported Cooperative Work, v.5 n.4, p.447-465, 1996 [doi>10.1007/BF00136714]
	19	Jonathan Grudin, Why CSCW applications fail: problems in the design and evaluation of organization of organizational interfaces, Proceedings of the 1988 ACM conference on Computer-supported cooperative work, p.85-93, September 26-28, 1988, Portland, Oregon, United States [doi>10.1145/62266.62273]
	20	U. Holmström. User-centered design of security software. In Human Factors in Telecommunications, Copenhagen, Denmark, May 1999.
	21	U. Jendricke , D. Gerd tom Markotten, Usability meets security - the Identity-Manager as your personal security assistant for the Internet, Proceedings of the 16th Annual Computer Security Applications Conference, p.344, December 11-15, 2000
	22	I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin. The design and analysis of graphical passwords. In Proceedings of the 8th USENIX Security Symposium, Washington DC, 1999.
	23	Dean Povey, Optimistic security: a new access control paradigm, Proceedings of the 1999 workshop on New security paradigms, p.40-45, September 22-24, 1999, Caledon Hills, Ontario, Canada [doi>10.1145/335169.335188]
	24	M. A. Sasse , S. Brostoff , D. Weirich, Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security, BT Technology Journal, v.19 n.3, p.122-131, July 2001 [doi>10.1023/A:1011902718709]
	25	J. G. Steiner, C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In USENIX Association, editor, USENIX Conference Proceedings (Dallas, TX, USA), pages 191--202, Berkeley, CA, USA, Winter 1988. USENIX Association.
	26	Dirk Weirich , Martina Angela Sasse, Pretty good persuasion: a first step towards effective password security in the real world, Proceedings of the 2001 workshop on New security paradigms, September 10-13, 2001, Cloudcroft, New Mexico [doi>10.1145/508171.508195]
	27	A. Whitten and J. D. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium, Washington, DC, August 1999.
	28	M. E. Zurko, R. Simon, and T. Sanfilippo. A user-centered, modular authorization service built on an RBAC foundation. In IEEE Symposium on Security and Privacy, pages 57--71, 1999.
	29	Mary Ellen Zurko , Richard T. Simon, User-centered security, Proceedings of the 1996 workshop on New security paradigms, p.27-33, September 17-20, 1996, Lake Arrowhead, California, United States [doi>10.1145/304851.304859]

CITED BY 17

	W. Keith Edwards , Mark W. Newman , Jana Z. Sedivy , Trevor F. Smith , Dirk Balfanz , D. K. Smetters , H. Chi Wong , Shahram Izadi, Using speakeasy for ad hoc peer-to-peer collaboration, Proceedings of the 2002 ACM conference on Computer supported cooperative work, November 16-20, 2002, New Orleans, Louisiana, USA
	Dirk Balfanz , Glenn Durfee , Rebecca E. Grinter , D. K. Smetters, In Search of Usable Security: Five Lessons from the Field, IEEE Security and Privacy, v.2 n.5, p.19-24, September 2004
	Volker Roth , Kai Richter , Rene Freidinger, A PIN-entry method resilient against shoulder surfing, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
	Haidong Xia , José Carlos Brustoloni, Hardening Web browsers against man-in-the-middle and eavesdropping attacks, Proceedings of the 14th international conference on World Wide Web, May 10-14, 2005, Chiba, Japan
	Volker Roth , Tobias Straub , Kai Richter, Security and usability engineering with particular attention to electronic mail, International Journal of Human-Computer Studies, v.63 n.1-2, p.51-73, July 2005
	Shirley Gaw , Edward W. Felten , Patricia Fernandez-Kelly, Secrecy, flagging, and paranoia: adoption criteria in encrypted email, Proceedings of the SIGCHI conference on Human Factors in computing systems, April 22-27, 2006, Montréal, Québec, Canada
	Stephen Voida , W. Keith Edwards , Mark W. Newman , Rebecca E. Grinter , Nicolas Ducheneaut, Share and share alike: exploring the user interface affordances of file sharing, Proceedings of the SIGCHI conference on Human Factors in computing systems, April 22-27, 2006, Montréal, Québec, Canada
	Benjamin J. Halpert, Authentication interface evaluation and design for mobile devices, Proceedings of the 2nd annual conference on Information security curriculum development, September 23-24, 2005, Kennesaw, Georgia
	Ivan Flechais , Jens Riegelsberger , M. Angela Sasse, Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems, Proceedings of the 2005 workshop on New security paradigms, September 20-23, 2005, Lake Arrowhead, California
	Jennifer Stoll , Craig S. Tashman , W. Keith Edwards , Kyle Spafford, Sesame: informing user security decisions with system visualization, Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, April 05-10, 2008, Florence, Italy
	Wendy Moncur , Grégory Leplâtre, Pictures at the ATM: exploring the usability of multiple graphical passwords, Proceedings of the SIGCHI conference on Human factors in computing systems, April 28-May 03, 2007, San Jose, California, USA
	Les Nelson , Diana Smetters , Elizabeth F. Churchill, Keyholes: selective sharing in close collaboration, CHI '08 extended abstracts on Human factors in computing systems, April 05-10, 2008, Florence, Italy
	Ryan West, The psychology of security, Communications of the ACM, v.51 n.4, p.34-40, April 2008
	Paul Dourish , E. Grinter , Jessica Delgado de la Flor , Melissa Joseph, Security in the wild: user strategies for managing security as an everyday, practical problem, Personal and Ubiquitous Computing, v.8 n.6, p.391-401, November 2004
	Lars Grunske , David Joyce, Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles, Journal of Systems and Software, v.81 n.8, p.1327-1345, August, 2008
	Subhashini Ganapathy , Glen J. Anderson, Usability for IT: manageability of data security technologies for client devices, Proceedings of the 12th WSEAS international conference on Computers, p.718-723, July 23-25, 2008, Heraklion, Greece
	W. Keith Edwards , Mark W. Newman , Jana Z. Sedivy , Trevor F. Smith, Experiences with recombinant computing: Exploring ad hoc interoperability in evolving digital networks, ACM Transactions on Computer-Human Interaction (TOCHI), v.16 n.1, p.1-44, April 2009