SecGroup 2007 11 HCISEC Slides
-
Upload
ehsan-ghasisin -
Category
Documents
-
view
220 -
download
0
Transcript of SecGroup 2007 11 HCISEC Slides
-
8/8/2019 SecGroup 2007 11 HCISEC Slides
1/13
HCI-SECHCI Perspectives on Security
Luke ChurchSecurity Group Talk, Nov 07
-
8/8/2019 SecGroup 2007 11 HCISEC Slides
2/13
Agenda
Why?Mechanism Usability
End User Pro grammin gProfessional Pro grammin g
Attack and Defence
What wont we talk about?
-
8/8/2019 SecGroup 2007 11 HCISEC Slides
3/13
Why?Mechanism UsabilityEnd User Pro grammin gProfessional Pro grammin g
Attack and Defence
S hared facets
Usability limits adoptionProfessionalism
Adhoc approaches fail
S ecurity is determined by Usability
90% of issues are confi g (Bishop 96)Bot-nets, insecure behaviour, PGPUnusable security subverted
Difficult to manageTragedy of theCommons
Social context
PGPPKIsC AP
PhishingMechanisms are failin gUndoing risk dumpin g
See most current UIs
-
8/8/2019 SecGroup 2007 11 HCISEC Slides
4/13
-
8/8/2019 SecGroup 2007 11 HCISEC Slides
5/13
Why?M echanism UsabilityEnd User Pro grammin gProfessional Pro grammin g
Attack and Defence
Passwords andPrivacy
User C entric DesignGarfinkel
C ognitive Dimensions
Traditional focus of HCI-SEC
Why Johnny cant EncryptPKI UnusabilityC APTCH As~200 Publications
Extensive study~30%+ of HCI-SEC
Covers much of HCI-SECHeuristics
Seminal PhDDesign PatternsHeuristic like
Usability of Notations
Broad-brush usabilityDesign vocabularyCan model many of
Garfinkels patterns
-
8/8/2019 SecGroup 2007 11 HCISEC Slides
6/13
Cognitive Dimensions of Notations
Example dimension: Viscosity Resistance to chan ge Good for nuclear reactors, bad for text editorsUsability Environment, Activity, DimensionsDimensions: Viscosity, Hidden Dependencies, Error
proneness, Role Expressiveness, Abstraction,
-
8/8/2019 SecGroup 2007 11 HCISEC Slides
7/13
CDs Dia gram (In Pro gress)
-
8/8/2019 SecGroup 2007 11 HCISEC Slides
8/13
Development of profiles for
Secure Activities (In Pro gress)Consistent Meanin gful Vocabulary: Prevent confusionby usin g words consistently to convey the same ideaor concept in different pro grams and contexts. Likewise,prevent confusion by assi gning consistent meanings tothe same word
in different applications or contexts. Consistency, Closeness of Mappin gComplete Delete: Ensure that when the user deletes the
visible representation of somethin g , the hiddenrepresentations are deleted as well. Hidden Dependencies, Role Expressiveness, Visibility
Delayed Unrecoverable Action: Give users a chance tochange their minds after executin g an unrecoverableaction Premature Commitment
-
8/8/2019 SecGroup 2007 11 HCISEC Slides
9/13
Desi gn Manoeuvre: Virtualisation
Principle tradeoffs: Prema tu reC omm it men t and Visibility for Viscosity
-
8/8/2019 SecGroup 2007 11 HCISEC Slides
10/13
Why?Mechanism Usability
E nd User ProgrammingProfessional Pro grammin g
Attack and Defence
E nd User E ngineering
Risk DumpingS trategies
Abstraction Design
C onfiguration
90% of security issues? ACLs?Network Security?Backups?Privacy Policies?
Difficult domainGender HCI
End User Pro g rammin gis research HCI
In security its expected!Moral HazardsBeware Attack + Defence
at UI
Mental Models?Morality as surro gateDomain translation
Direct Manipulation
vs AbstractionCompScis move earlyEnd users move late
-
8/8/2019 SecGroup 2007 11 HCISEC Slides
11/13
Why?Mechanism UsabilityEnd User Pro grammin g
Professional ProgrammingAttack and Defence
S ample Issues
Deeper Issues
Psychology of Programming
New Paradigms
Why?
Where Security Usability started (!) ACLs are just hard1000+ pa ge books, Billions of $sVery little serious psycholo gy
Buffer OverflowInteger OverflowConcurrencyNull Pointers
No defence in depthFile formats are unusable
Avoidance strate g ies API Attacks
Why is it hard? API UsabilityIs our view of abstraction
ideal?Programmin g Lan gua ge usability
Can we handle
abstraction differently?How can we mana gethe gap betweenEnd Users and CompScis?
-
8/8/2019 SecGroup 2007 11 HCISEC Slides
12/13
Why?Mechanism UsabilityEnd User Pro grammin gProfessional Pro grammin g
Attack and Defence
AttackDefence
C urrent S tate
HCI-SEC is hard with MurphyPhishing is one of the first serious attacksI contend that this is the be g inningDefences are currently very weak
Attacks on mechanismsFirewalls, IDS, AntiVirus
Phish inside the FirewallReputation Attacks
Asymmetric UsabilityCognitive Channels
Usability manipulationattacks
Usability Threat Models?CDs Security Profile?Tainting Proper Social Protocols?Usability Litigation
-
8/8/2019 SecGroup 2007 11 HCISEC Slides
13/13
Summary
HCI is not just about mechanism evaluationsHCI-SEC is hard, were scratchin g the surfaceThe analytical techniques of HCI can have animpact on effective securityProgrammers (both types) are people too!
Thought: Security Protocol Notation has manyusability issues. How could we have donebetter?