security and usability analysis and evaluation
play

Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan - PowerPoint PPT Presentation

Jul 07, 2023 •583 likes •829 views

Introduction Security-usability threat model Security and usability evaluation Summary Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe Oxford University Computing Laboratory Availability,

  1. Introduction Security-usability threat model Security and usability evaluation Summary Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe Oxford University Computing Laboratory Availability, Reliability and Security (ARES) Conference Krakow, Poland 18 February, 2010

  2. Introduction Security-usability threat model Security and usability evaluation Summary Outline Introduction 1 Security-usability threat model 2 Security and usability evaluation 3 Summary 4

  3. Introduction Security-usability threat model Security and usability evaluation Summary Human-Computer Interaction (HCI) Human-Computer Interaction (HCI) ...discipline concerned with the design, evaluation and implementation of interactive computing systems for human use and with the study of major phenomena surrounding them (Source: SIGCHI, 1992)

  4. Introduction Security-usability threat model Security and usability evaluation Summary Human-Computer Interaction (HCI) Human-Computer Interaction (HCI) ...discipline concerned with the design, evaluation and implementation of interactive computing systems for human use and with the study of major phenomena surrounding them (Source: SIGCHI, 1992) Usability The extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use (ISO 9241-11)

  5. Introduction Security-usability threat model Security and usability evaluation Summary Human-Computer Interaction (HCI) HCI Effectiveness Learnability Efficiency Memorability Satisfaction

  6. Introduction Security-usability threat model Security and usability evaluation Summary Human-Computer Interaction Security (HCISec) Technical security Formal proofs Focus on malicious attacks Technical solutions typical

  7. Introduction Security-usability threat model Security and usability evaluation Summary Human-Computer Interaction Security (HCISec) Technical security Formal proofs Focus on malicious attacks Technical solutions typical Effective security Secure systems are socio-technical (Sasse et al.) Humans forget, make mistakes Human failures are not covered by formal proofs

  8. Introduction Security-usability threat model Security and usability evaluation Summary Human-Computer Interaction Security (HCISec) Technical security Formal proofs Focus on malicious attacks Technical solutions typical Effective security Secure systems are socio-technical (Sasse et al.) Humans forget, make mistakes Human failures are not covered by formal proofs Human-Computer Interaction Security (HCISec) Focusses on the design, evaluation, and implementation of interactive secure systems.

  9. Introduction Security-usability threat model Security and usability evaluation Summary Human-Computer Interaction Security (HCISec) Security software properties (Whitten, ’99) Secondary goal property

  10. Introduction Security-usability threat model Security and usability evaluation Summary Human-Computer Interaction Security (HCISec) Security software properties (Whitten, ’99) Secondary goal property Hidden failure property

  11. Introduction Security-usability threat model Security and usability evaluation Summary Human-Computer Interaction Security (HCISec) Security software properties (Whitten, ’99) Secondary goal property Hidden failure property Barn door property

  12. Introduction Security-usability threat model Security and usability evaluation Summary Human-Computer Interaction Security (HCISec) Security software properties (Whitten, ’99) Secondary goal property Hidden failure property Barn door property Weakest link property

  13. Introduction Security-usability threat model Security and usability evaluation Summary Human-Computer Interaction Security (HCISec) Security software properties (Whitten, ’99) Secondary goal property Hidden failure property Barn door property Weakest link property Abstraction property

  14. Introduction Security-usability threat model Security and usability evaluation Summary Human Computer Interaction Security (HCISec) HCI Secure software Effectiveness Secondary goal Learnability Hidden failure Efficiency Barn door Memorability Weakest link Satisfaction Abstraction Human Computer Interaction Security (HCISec)

  15. Introduction Security-usability threat model Security and usability evaluation Summary Analysis and evaluation of secure software What factors are crucial to usability analysis? What factors are crucial to security analysis? How do we use these factors for evaluating security and usability of secure systems?

  16. Introduction Security-usability threat model Security and usability evaluation Summary Security-usability threat model User Usability Security Attention Effectiveness Vigilance Memorability Satisfaction Conditioning Accuracy Knowledge/Skill Motivation Efficiency Social context

  17. Introduction Security-usability threat model Security and usability evaluation Summary Security measurable metrics Factor Metrics Attention Failures Vigilance Failures Conditioning Failures Motivation Perceived benefits, susceptibility, barriers, severity Memorability Recall Knowledge/skill Failures, mental models Context Impact of context

  18. Introduction Security-usability threat model Security and usability evaluation Summary Process for security and usability evaluation Security Usability Identify Identify threat usage scenarios scenarios Assess ease-of-use Assess difficulty-of-use Identify system Identify system motivators de-motivators Identify external Identify external motivators de-motivators Make recommendations

  19. Introduction Security-usability threat model Security and usability evaluation Summary Make recommendations Usability factors Security factors Conflicting factors

  20. Introduction Security-usability threat model Security and usability evaluation Summary Make recommendations Usability factors Security factors Conflicting factors NIST Risk-Level Matrix Impact Likelihood Low Medium High High Low Medium High Medium Low Medium Medium Low Low Low Low

  21. Introduction Security-usability threat model Security and usability evaluation Summary Summary and future work Conclusion Secure systems have properties that differentiate them from other systems We propose a security-usability threat model A process for evaluating security and usability is also proposed Threat scenarios Usage scenarios Both internal and external factors may cause users to engage in insecure behaviours

  22. Introduction Security-usability threat model Security and usability evaluation Summary Summary and future work Conclusion Secure systems have properties that differentiate them from other systems We propose a security-usability threat model A process for evaluating security and usability is also proposed Threat scenarios Usage scenarios Both internal and external factors may cause users to engage in insecure behaviours Future work Empirical validation Extend to malicious users Developing metrics for comparing different elements of a system

  23. Introduction Security-usability threat model Security and usability evaluation Summary THANK YOU ANY QUESTIONS?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security Evaluation with Comparative Analysis Robbie MacGregor 5 th Who Are You?! Adventures in Authentication (WAY), Santa Clara, CA, USA, 2019. I did a thing so

132 views • 10 slides
Why Cant Johnny Fix Vulnerabilities: A Usability Evaluation of Static Analysis Tools for

Why Cant Johnny Fix Vulnerabilities: A Usability Evaluation of Static Analysis Tools for

Why Cant Johnny Fix Vulnerabilities: A Usability Evaluation of Static Analysis Tools for Security Justin Smith (Lafayette College) smithjus@lafayette.edu Lisa Nguyen Quang Do (Google) lisanqd@google.com Emerson Murphy-Hill (Google)

605 views • 15 slides
Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone

Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone

Phd course on Formal modelling and analysis of interactive systems Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone United Nations University International Institute for Software Technology

1.76k views • 109 slides
Human-Computer Interaction Termin 8: Statistical analysis Model-based usability evaluation 1

Human-Computer Interaction Termin 8: Statistical analysis Model-based usability evaluation 1

Human-Computer Interaction Termin 8: Statistical analysis Model-based usability evaluation 1 MMI/SS06 Evaluation W hy ? Need Usability and Efficiency What ? Usability c riteri a W here ? F i eld stud y or lab experiment W ho ?

683 views • 32 slides
Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability

Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability

Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability Testing by J. Dumas, J. Redish Results from Usability Tests Quantitative data: Performance data - times, error rates, etc. Subjective

392 views • 26 slides
Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security Browser SSL Password Encryption warnings schemes usability IT Security 40M consumer 153M end user Thousands of credit cards credentials

785 views • 39 slides
Rigorous Evaluation Usability Testing To Review - What is Usability? A measure of the quality

Rigorous Evaluation Usability Testing To Review - What is Usability? A measure of the quality

Rigorous Evaluation Usability Testing To Review - What is Usability? A measure of the quality of the users experience when interacting with a product or system How usable is the interface? Usability Measures Ease of learning

912 views • 24 slides
Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability

Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability

Rigorous Evaluation Analysis and Reporting Structure is from A Practical Guide to Usability Testing by J. Dumas, J. Redish R.I.T S. Ludi/R. Kuehl p. 1 R I T Software Engineering Summarize and Analyze Test Data Qualitative data -

598 views • 31 slides
Human-Computer Interaction Termin 7: Usability Evaluation MMI/SS06 1 Process to develop User

Human-Computer Interaction Termin 7: Usability Evaluation MMI/SS06 1 Process to develop User

Human-Computer Interaction Termin 7: Usability Evaluation MMI/SS06 1 Process to develop User centered design interactive systems such that usability will be maximized. scenario, user what is task analysis guidelines wanted principles

585 views • 21 slides
Rigorous Evaluation Usability Testing What is Usability Testing? Formal and rigorous testing

Rigorous Evaluation Usability Testing What is Usability Testing? Formal and rigorous testing

Rigorous Evaluation Usability Testing What is Usability Testing? Formal and rigorous testing using a structured process Validate adherence to interaction requirements Actual users who perform realistic and representative tasks

490 views • 38 slides
Use Case Evaluation (UCE): A Method for Early Usability Evaluation in Software Development Kasper

Use Case Evaluation (UCE): A Method for Early Usability Evaluation in Software Development Kasper

The USE Project: Usability Evaluation and Software Design: Bridging the Gap University of Copenhagen Aalborg University Use Case Evaluation (UCE): A Method for Early Usability Evaluation in Software Development Kasper Hornbk Department of

359 views • 14 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science & Engineering

219 views • 5 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 25: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science & Engineering

419 views • 4 slides
Outline Tor experiences and challenges (contd) Usability and security CSci 5271

Outline Tor experiences and challenges (contd) Usability and security CSci 5271

Outline Tor experiences and challenges (contd) Usability and security CSci 5271 Announcements intermission Introduction to Computer Security Usability and Voting combined slides Usable security example areas Stephen McCamant Elections

305 views • 8 slides
ISD Development and Evaluation Semester 2, 2009 Notes This topic is about the development and

ISD Development and Evaluation Semester 2, 2009 Notes This topic is about the development and

ISD Development and Evaluation Semester 2, 2009 Notes This topic is about the development and evaluation of interactive systems, looking first mainly at the evaluation side. 1 Usability Analysis Analysing Peformance GOMS analysis methods

369 views • 20 slides
Rigorous Evaluation Usability Testing R.I.T S. Ludi/R. Kuehl p. 1 R I T Software Engineering

Rigorous Evaluation Usability Testing R.I.T S. Ludi/R. Kuehl p. 1 R I T Software Engineering

Rigorous Evaluation Usability Testing R.I.T S. Ludi/R. Kuehl p. 1 R I T Software Engineering To Review - What is Usability? A measure of the quality of the users experience when interacting with a product or system How usable is

417 views • 24 slides
07 Introduction to MiLE+ : a systematic method for usability evaluation Prof. Garzotto In a

07 Introduction to MiLE+ : a systematic method for usability evaluation Prof. Garzotto In a

HCI - Lesson 6 07 Introduction to MiLE+ : a systematic method for usability evaluation Prof. Garzotto In a nutshell... MiLE+ (Milano-Lugano Evaluation) Developed in cooperation between HOC-Lab (Politecnico di Milano) and TEC-Lab

838 views • 44 slides
UX It is useful to identify such needs in personal informatics, but how do we design, create,

UX It is useful to identify such needs in personal informatics, but how do we design, create,

Design Principles UX It is useful to identify such needs in personal informatics, but how do we design, create, test, then implement systems to ensure success? This is the domain of... H.C.I. user-experience design principles cogs 105,

476 views • 8 slides
A Bisimulation-Based Approach to the Analysis of Human-Computer Interaction S ebastien Comb

A Bisimulation-Based Approach to the Analysis of Human-Computer Interaction S ebastien Comb

A Bisimulation-Based Approach to the Analysis of Human-Computer Interaction S ebastien Comb efis Charles Pecheur Universit e catholique de Louvain (UCLouvain) Belgium July 16, 2009 [EICS09, Pittsburgh, PA, USA] Complex Systems

660 views • 40 slides
framing the issues of cloud computing & sustainability: a design perspective Special Session

framing the issues of cloud computing & sustainability: a design perspective Special Session

1 framing the issues of cloud computing & sustainability: a design perspective Special Session : Cloud Computer, HCI & Design: Sustainability and Social Impacts Second IEEE International Conference on Cloud Computer Technology and

780 views • 28 slides
Com paring W eb Applications w ith Desktop Applications: An Em pirical Study Paul Pop

Com paring W eb Applications w ith Desktop Applications: An Em pirical Study Paul Pop

Com paring W eb Applications w ith Desktop Applications: An Em pirical Study Paul Pop paupo@ida.liu.se Department of Computer and Information Science Linkping University Sweden 1 of 13 May 26, 20 0 0 Motivation and Objective Draw

519 views • 13 slides
The VIGRA Image Analysis Library Ullrich Kthe June 2012 Multidimensional Image Processing

The VIGRA Image Analysis Library Ullrich Kthe June 2012 Multidimensional Image Processing

M ULTIDIMENSIONAL I MAGE P ROCESSING H EIDELBERG C OLLABORATORY FOR I MAGE P ROCESSING (HCI) The VIGRA Image Analysis Library Ullrich Kthe June 2012 Multidimensional Image Processing Heidelberg Collaboratory for Image Processing

341 views • 19 slides
Yours is better! Participant Response Bias in HCI Nicola Dell 1 Vidya Vaidyanathan 2 Indrani

Yours is better! Participant Response Bias in HCI Nicola Dell 1 Vidya Vaidyanathan 2 Indrani

Yours is better! Participant Response Bias in HCI Nicola Dell 1 Vidya Vaidyanathan 2 Indrani Medhi 3 Edward Cutrell 3 William Thies 3 1 University of Washington 2 San Jose State University 3 Microsoft Research India HCI is expanding and

966 views • 48 slides
4/15/2014 HCI Webinar: Developing Annual Plans and Benchmarks Using SMART Objectives March 12,

4/15/2014 HCI Webinar: Developing Annual Plans and Benchmarks Using SMART Objectives March 12,

4/15/2014 HCI Webinar: Developing Annual Plans and Benchmarks Using SMART Objectives March 12, 2014 Presenters Jeff Usher, Kansas Health Foundation Scott Wituk, Center for Community Support and Research, Wichita State University Claudia

476 views • 11 slides

More recommend