SLIDE 1
Introduction Security-usability threat model Security and usability evaluation Summary
Introduction Security-usability threat model Security and usability evaluation Summary
Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan - - PowerPoint PPT Presentation
Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan - - PowerPoint PPT Presentation
Introduction Security-usability threat model Security and usability evaluation Summary Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe Oxford University Computing Laboratory Availability,
SLIDE 2
SLIDE 3
Introduction Security-usability threat model Security and usability evaluation Summary
Human-Computer Interaction (HCI)
Human-Computer Interaction (HCI) ...discipline concerned with the design, evaluation and implementation of interactive computing systems for human use and with the study of major phenomena surrounding them (Source: SIGCHI, 1992)
SLIDE 4
Introduction Security-usability threat model Security and usability evaluation Summary
Human-Computer Interaction (HCI)
Human-Computer Interaction (HCI) ...discipline concerned with the design, evaluation and implementation of interactive computing systems for human use and with the study of major phenomena surrounding them (Source: SIGCHI, 1992) Usability The extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use (ISO 9241-11)
SLIDE 5
Introduction Security-usability threat model Security and usability evaluation Summary
Human-Computer Interaction (HCI)
Effectiveness Efficiency Satisfaction Learnability Memorability HCI
SLIDE 6
Introduction Security-usability threat model Security and usability evaluation Summary
Human-Computer Interaction Security (HCISec)
Technical security Formal proofs Focus on malicious attacks Technical solutions typical
SLIDE 7
Introduction Security-usability threat model Security and usability evaluation Summary
Human-Computer Interaction Security (HCISec)
Technical security Formal proofs Focus on malicious attacks Technical solutions typical Effective security Secure systems are socio-technical (Sasse et al.) Humans forget, make mistakes Human failures are not covered by formal proofs
SLIDE 8
Introduction Security-usability threat model Security and usability evaluation Summary
Human-Computer Interaction Security (HCISec)
Technical security Formal proofs Focus on malicious attacks Technical solutions typical Effective security Secure systems are socio-technical (Sasse et al.) Humans forget, make mistakes Human failures are not covered by formal proofs Human-Computer Interaction Security (HCISec) Focusses on the design, evaluation, and implementation of interactive secure systems.
SLIDE 9
Introduction Security-usability threat model Security and usability evaluation Summary
Human-Computer Interaction Security (HCISec)
Security software properties (Whitten, ’99) Secondary goal property
SLIDE 10
Introduction Security-usability threat model Security and usability evaluation Summary
Human-Computer Interaction Security (HCISec)
Security software properties (Whitten, ’99) Secondary goal property Hidden failure property
SLIDE 11
Introduction Security-usability threat model Security and usability evaluation Summary
Human-Computer Interaction Security (HCISec)
Security software properties (Whitten, ’99) Secondary goal property Hidden failure property Barn door property
SLIDE 12
Introduction Security-usability threat model Security and usability evaluation Summary
Human-Computer Interaction Security (HCISec)
Security software properties (Whitten, ’99) Secondary goal property Hidden failure property Barn door property Weakest link property
SLIDE 13
Introduction Security-usability threat model Security and usability evaluation Summary
Human-Computer Interaction Security (HCISec)
Security software properties (Whitten, ’99) Secondary goal property Hidden failure property Barn door property Weakest link property Abstraction property
SLIDE 14
Introduction Security-usability threat model Security and usability evaluation Summary
Human Computer Interaction Security (HCISec)
Effectiveness Efficiency Satisfaction Learnability Memorability HCI Secondary goal Hidden failure Barn door Weakest link Abstraction Secure software Human Computer Interaction Security (HCISec)
SLIDE 15
Introduction Security-usability threat model Security and usability evaluation Summary
Analysis and evaluation of secure software
What factors are crucial to usability analysis? What factors are crucial to security analysis? How do we use these factors for evaluating security and usability of secure systems?
SLIDE 16
Introduction Security-usability threat model Security and usability evaluation Summary
Security-usability threat model
Memorability Knowledge/Skill Usability Security User Effectiveness Satisfaction Accuracy Efficiency Attention Vigilance Conditioning Motivation Social context
SLIDE 17
Introduction Security-usability threat model Security and usability evaluation Summary
Security measurable metrics
Factor Metrics Attention Failures Vigilance Failures Conditioning Failures Motivation Perceived benefits, susceptibility, barriers, severity Memorability Recall Knowledge/skill Failures, mental models Context Impact of context
SLIDE 18
Introduction Security-usability threat model Security and usability evaluation Summary
Process for security and usability evaluation
Identify threat scenarios Identify usage scenarios Assess ease-of-use Identify system motivators Identify external motivators Assess difficulty-of-use Identify system de-motivators Identify external de-motivators Make recommendations Security Usability
SLIDE 19
Introduction Security-usability threat model Security and usability evaluation Summary
Make recommendations
Usability factors Security factors Conflicting factors
SLIDE 20
Introduction Security-usability threat model Security and usability evaluation Summary
Make recommendations
Usability factors Security factors Conflicting factors NIST Risk-Level Matrix Impact Likelihood Low Medium High High Low Medium High Medium Low Medium Medium Low Low Low Low
SLIDE 21
Introduction Security-usability threat model Security and usability evaluation Summary
Summary and future work
Conclusion Secure systems have properties that differentiate them from
- ther systems
We propose a security-usability threat model A process for evaluating security and usability is also proposed
Threat scenarios Usage scenarios
Both internal and external factors may cause users to engage in insecure behaviours
SLIDE 22
Introduction Security-usability threat model Security and usability evaluation Summary
Summary and future work
Conclusion Secure systems have properties that differentiate them from
- ther systems
We propose a security-usability threat model A process for evaluating security and usability is also proposed
Threat scenarios Usage scenarios
Both internal and external factors may cause users to engage in insecure behaviours Future work Empirical validation Extend to malicious users Developing metrics for comparing different elements of a system
SLIDE 23
Introduction Security-usability threat model Security and usability evaluation Summary