Security and Usability: Designing Secure Systems that People Can Use

Front Cover
"O'Reilly Media, Inc.", Aug 25, 2005 - Computers - 740 pages

Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.

But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users.

Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless.

There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computerinteraction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research.

Security & Usability groups 34 essays into six parts:

  • Realigning Usability and Security---with careful attention to user-centered design principles, security and usability can be synergistic.
  • Authentication Mechanisms-- techniques for identifying and authenticating computer users.
  • Secure Systems--how system software can deliver or destroy a secure user experience.
  • Privacy and Anonymity Systems--methods for allowing people to control the release of personal information.
  • Commercializing Usability: The Vendor Perspective--specific experiences of security and software vendors (e.g.,IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability.
  • The Classics--groundbreaking papers that sparked the field of security and usability.

This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.

 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Contents

Privacy Issues and HumanComputer Interaction
381
A UserCentric Privacy Space Framework
401
Five Pitfalls in the Design for Privacy
421
Privacy Policies and Privacy Preferences
447
Privacy Analysis for the Casual User with Bugnosis
473
Informed Consent by Design
495
Social Approaches to EndUser Privacy Management
523
Usability and the Network Effect
547

Designing Authentication Systems with Challenge Questions
143
Graphical Passwords
157
Usable Biometrics
175
Identifying Users from Their Typing Patterns
199
The Usability of Security Devices
221
Part Three
245
Guidelines and Strategies for Secure Interaction Design
247
Fighting Phishing at the User Interface
275
Sanitization and Usability
293
Usable PKI
319
Simple Desktop Security with Chameleon
335
Security Administration Tools and Practices
357
Part Four
379
Part Five
561
Creating Usable Security Products for Consumers
563
Firefox and the WorryFree Web
577
A Microsoft Case Study
589
Embedding Security in Collaborative Applications
607
Achieving Usable Security in Groove Virtual Office
623
Part Six
637
Users Are Not the Enemy
639
A Study of KaZaA P2P File Sharing
651
Why Johnny Cant Encrypt
669
Index
693
Copyright

Other editions - View all

Common terms and phrases

Popular passages

Page 3 - Psychological acceptability. It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly. Also, to the extent that the user's mental image of his protection goals matches the mechanisms he must use, mistakes will be minimized. If he must translate his image of his protection needs into a radically different specification language, he will make errors.

Bibliographic information