rethinking connection security indicators
play

Rethinking Connection Security Indicators Adrienne Porter Felt, - PowerPoint PPT Presentation

Oct 23, 2022 •8 likes •238 views

Rethinking Connection Security Indicators Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Emre Acer, Elisabeth Morant, Sunny Consolvo Connection Security Indicators Connection

  1. Rethinking Connection Security Indicators Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Emre Acer, Elisabeth Morant, Sunny Consolvo

  2. Connection Security Indicators

  3. Connection Security Indicators CHROME: FIREFOX: EDGE:

  4. TLS and HTTPS What guarantees do you get?

  5. TLS and HTTPS What guarantees do you get? What assumptions do you make?

  6. TLS and HTTPS What guarantees do you get? What assumptions do you make? What guarantees do you not get?

  7. Summarize all that in 100x100 pixels... CHROME: FIREFOX: EDGE:

  8. Miscommunication CHROME: FIREFOX: EDGE: https://www.freepik.com/free-ve https://www.indiamart.com/proddetail ctor/empty-shopping-bag-mocku /non-woven-shopping-bag-14414682 https://www.charmingcharlie.com/handbag p_1177172.htm 991.html s

  9. How To Convey the Guarantees of TLS in UI Grab paper and pen Draw a full-page connection security indicator

  10. What was missing in our design process? Measurement of current state Actual user input to identify helpful changes Measurement of success after change is made

  11. Research Question How can we improve connection security indicators?

  12. Research Question What were their goals? How do we know when connection security indicators are ‘improved’?

  13. Research Question Was it the right question?

  14. Problems to Be Solved How to measure current security indicator effectiveness How to improve connection security indicators Measure effectiveness after deployment

  15. Historical Indicators

  16. Measuring Current Indicators Most people understand at least partially the green lock More people are confused what the HTTP indicators are telling them

  17. Icon/Color Selection

  18. Icon/Color Selection

  19. Text Selection “secure” “https” “not secure”

  21. Why Does Chrome Not Use These Indicators Today? What changed?

  22. Why Does Chrome Not Use These Indicators? https://blog.chromium .org/2018/05/evolving -chromes-security-ind icators.html

  23. What Will Future Work Look Like?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SECURITY This resource was developed in association with the Rethinking Security Group

SECURITY This resource was developed in association with the Rethinking Security Group

SECURITY This resource was developed in association with the Rethinking Security Group TODAYS BIG QUESTION: What is security? BASIC IDEA: Security means freedom from harm and fear. When there is a lot of harm and fear, there is

691 views • 23 slides
Social security data and indicators y Social security Social security covers all measures

Social security data and indicators y Social security Social security covers all measures

Social security data and indicators y Social security Social security covers all measures providing benefits, whether in p g f , cash or in kind, to secure protection, inter alia, from (a) lack of work-related income (or insufficient

608 views • 19 slides
Security Skins: Embedded, Unspoofable Security Indicators Rachna Dhamija Center for Research on

Security Skins: Embedded, Unspoofable Security Indicators Rachna Dhamija Center for Research on

Security Skins: Embedded, Unspoofable Security Indicators Rachna Dhamija Center for Research on Computation and Society Harvard University Talk Outline Why Phishing Works Dynamic Security Skins Embedded Security Indicators Talk

731 views • 57 slides
Reputational Security and other new priorities: Rethinking #SoftPower for 2030. Nick Cull

Reputational Security and other new priorities: Rethinking #SoftPower for 2030. Nick Cull

Reputational Security and other new priorities: Rethinking #SoftPower for 2030. Nick Cull @NickCull Cull@usc.edu University of Southern California Overview: Big Dangers of 2030 Issues w/in Public Diplomacy Reputational Security

907 views • 45 slides
Rethinking File Security Then, Now & Future Presenters: Moderator: Sharon Teo Gunes

Rethinking File Security Then, Now & Future Presenters: Moderator: Sharon Teo Gunes

Rethinking File Security Then, Now & Future Presenters: Moderator: Sharon Teo Gunes Altungunes Ting Teck Wei CEO Product Manager Marketing Manager Development Center About Us America South Asia Middle East International HQ

617 views • 39 slides
More Unequal, More Insecure Community Indicators of Financial Security, Opportunity and

More Unequal, More Insecure Community Indicators of Financial Security, Opportunity and

Well-being Across America: More Unequal, More Insecure Community Indicators of Financial Security, Opportunity and Resiliency Kausar Hamdani, SVP and Sr. Advisor December 17, 2019 The views expressed are those of the authors and do not

145 views • 13 slides
TCP/IP: TCP Network Security Lecture 6 TCP Based on IP Provides connection-oriented ,

TCP/IP: TCP Network Security Lecture 6 TCP Based on IP Provides connection-oriented ,

TCP/IP: TCP Network Security Lecture 6 TCP Based on IP Provides connection-oriented , reliable stream delivery service (handles loss, duplication, transmission errors, reordering) Provides port abstraction (like UDP) Establishes

559 views • 30 slides
Rethinking of the Rethinking of the debian/watch debian/watch With thought experiments about

Rethinking of the Rethinking of the debian/watch debian/watch With thought experiments about

Rethinking of the Rethinking of the debian/watch debian/watch With thought experiments about uscan Kentaro Hayashi DebConf18 in T aiwan 2018-08-03 ClearCode Inc. Digest of this talk Current d/watch fi le is sometimes complicated Update

800 views • 77 slides
Rethinking Kernel Isolation Vasileios P. Kemerlis Network Security Lab Department of Computer

Rethinking Kernel Isolation Vasileios P. Kemerlis Network Security Lab Department of Computer

Rethinking Kernel Isolation Vasileios P. Kemerlis Network Security Lab Department of Computer Science Columbia University New York, NY, USA Georgia Institute of Technology, 09/12/2014 vpk@cs.columbia.edu (Columbia University) ret2dir GT

1.09k views • 69 slides
Rethinking W aste Rethinking Waste W aste w hat is it? Websters 1913 Dictionary

Rethinking W aste Rethinking Waste W aste w hat is it? Websters 1913 Dictionary

Rethinking W aste Rethinking Waste W aste w hat is it? Websters 1913 Dictionary definition: lying unused; unproductive; w orthless; valueless; refuse; rejected Oxford 2017 English Dictionary definition: elim inated or

582 views • 28 slides
GGI-Mexico Experiences and findings Novem ber, 2 0 1 2 Mexicos Indicators 33 indicators

GGI-Mexico Experiences and findings Novem ber, 2 0 1 2 Mexicos Indicators 33 indicators

GGI-Mexico Experiences and findings Novem ber, 2 0 1 2 Mexicos Indicators 33 indicators have been developed Economic context Natural 8 indicators of socioeconomic Resources context and growth. 6 original indicators Policy

540 views • 27 slides
OECD Headquarters, Paris June 27th 2019 Why change? How to change? What indicators?

OECD Headquarters, Paris June 27th 2019 Why change? How to change? What indicators?

RETHINKING INTERNATIONAL CO-OPERATION: PUTTING VULNERABILITY MEASURES AT THE HEART OF SUSTAINABLE DEVELOPMENT OECD Development Centre DEV TALKS OECD Headquarters, Paris June 27th 2019 Why change? How to change? What indicators?

617 views • 37 slides
Key Performance Indicators for International Financial Institutions A project between the EIB

Key Performance Indicators for International Financial Institutions A project between the EIB

Key Performance Indicators for International Financial Institutions A project between the EIB and Sciences Po Presentation Outline Background Themes Indicators Internal indicators Operational indicators Survey questions

701 views • 30 slides
Session 4. understandi ng indicators What is an indicator ? Indicators are things which we

Session 4. understandi ng indicators What is an indicator ? Indicators are things which we

Session 4. understandi ng indicators What is an indicator ? Indicators are things which we measure during a project Group exercise : Identify one existing project which you know well, and then list, on flip chart, the indicators which

499 views • 13 slides
A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke

A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke

A Formal Connection between Security Properties and JML Annotations Work in progress with Marieke Huisman Alejandro Tamalet Radboud University Nijmegen, The Netherlands Introduction: The Goal Trusted devices (smart phones, PDA, smart

787 views • 42 slides
A Geopolitical Review of Definitions, Dimensions and Indicators of Energy Security J. A.

A Geopolitical Review of Definitions, Dimensions and Indicators of Energy Security J. A.

A Geopolitical Review of Definitions, Dimensions and Indicators of Energy Security J. A. Paravantis , Associate Professor Department of International and European Studies, University of Piraeus A. Ballis , Associate Professor Department of

635 views • 39 slides
The SOX experiment Jonathan Gaffiot on behalf of the SOX collaboration CNRS / APC September 12,

The SOX experiment Jonathan Gaffiot on behalf of the SOX collaboration CNRS / APC September 12,

SOX: Short (distance neutrino) Oscillations with BoreXino The cerium experiment: CeSOX Outlook The chromium experiment: CrSOX Perspectives and conclusions The SOX experiment Jonathan Gaffiot on behalf of the SOX collaboration CNRS / APC

443 views • 28 slides
Department of Toxic Substances Control (DTSC) August 28, 2017 August 31, 2017 2:00 4:00 PM

Department of Toxic Substances Control (DTSC) August 28, 2017 August 31, 2017 2:00 4:00 PM

Department of Toxic Substances Control (DTSC) August 28, 2017 August 31, 2017 2:00 4:00 PM 2:00 4:00 PM Cal Center, Eureka Room Cypress, All-Staff Room Sacramento, California Cypress, California Webcast Link:

428 views • 15 slides
Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate Emily Stark , Ryan

Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate Emily Stark , Ryan

Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate Emily Stark , Ryan Sleevi, Rijad Muminovic, Devon OBrien, Eran Messeri, Adrienne Porter Felt, Brendan McMillion, Parisa Tabriz estark@chromium.org How

484 views • 31 slides
Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma , Kyu

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma , Kyu

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows Shiqing Ma , Kyu Hyung Lee, Chung Hwan Kim, Junghwan Rhee, Xiangyu Zhang, Dongyan Xu Advanced Cyber Attacks (e.g. APTs): What can we do? Defense! Firewall

257 views • 21 slides
The Linux Audit System WAJIH 04/30/2018 $whoami Third year Ph.D. student in CS Dept.

The Linux Audit System WAJIH 04/30/2018 $whoami Third year Ph.D. student in CS Dept.

The Linux Audit System WAJIH 04/30/2018 $whoami Third year Ph.D. student in CS Dept. Working with Prof. Adam Bates Research Interests: System Security Data provenance Recent Cyber AFacks Equifax 145 million

517 views • 24 slides
1 FIP/1-4Rb Research, Development and Production of ITER Toroidal Field Conductors and Poloidal

1 FIP/1-4Rb Research, Development and Production of ITER Toroidal Field Conductors and Poloidal

1 FIP/1-4Rb Research, Development and Production of ITER Toroidal Field Conductors and Poloidal Field Cables in Russia V.S. Vysotsky, K.A. Shutov, A.V. Taran, I.F. Chensky, L. V. Potanina, D.S. Kaverin, and G.G. Svalov Russian Scientific

473 views • 8 slides
Isolating Programs in Modern Browser Architectures Charles Reis , Steven D. Gribble University of

Isolating Programs in Modern Browser Architectures Charles Reis , Steven D. Gribble University of

Isolating Programs in Modern Browser Architectures Charles Reis , Steven D. Gribble University of Washington / Google, Inc. 1 Web is Evolving Pages Programs More complex, active content Browser now in role of OS, but not designed for it

392 views • 26 slides
Oxidation of Chromium Oxidation of chromium is very simple as it usually forms a single oxide Cr 2

Oxidation of Chromium Oxidation of chromium is very simple as it usually forms a single oxide Cr 2

Oxidation of Chromium Oxidation of chromium is very simple as it usually forms a single oxide Cr 2 O 3 , It is a p-type of oxide with Cr 3+ ions diffusing outward. Since the defect concentration is so low that even at high temperatures, the

613 views • 14 slides

More recommend