usable security quo vadis
play

Usable Security: Quo Vadis? Konstantin (Kosta) Beznosov Laboratory - PowerPoint PPT Presentation

May 29, 2023 •242 likes •348 views

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Usable Security: Quo Vadis? Konstantin (Kosta) Beznosov Laboratory for Education and Research in Secure Systems Engineering lersse.ece.ubc.ca Electrical and Computer

  1. T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Usable Security: Quo Vadis? Konstantin (Kosta) Beznosov Laboratory for Education and Research in Secure Systems Engineering lersse.ece.ubc.ca Electrical and Computer Engineering

  2. I ’ m a security engineering guy who also works in HSISec research projects P 1 P n S C http://konstantin.beznosov.net http://lersse.ece.ubc.ca Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  3. Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  4. HCISec today is up … for a low hanging fruit ≈ 160 publications 80% in last 7 years Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  5. passwords, phishing, messaging important … but what about windows? Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  6. if the rest is not secure & usable locks won ’ t help Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  7. “the rest” is … policies & mechanisms how to device  authentication  select  cell phones  access control  acquire  PDAs  audit  install  pods  detection  integrate  laptops  confidentiality  configure  desktops  integrity  figure it out  servers  “privacy”  keep up-to-date  grids  recovery  use  monitor scale expertise level  notify  individuals  novice  react  groups  competent  replace  departments  power  organizations  admins Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  8. challenges HCISec folks 1. make the previous list green 2. better understand end users 3. standardized methodologies, benchmarks, and tools for usability evaluation security folks 1. make usability evaluation on par with • security analysis • performance evaluation Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

  9. Konstantin (Kosta) Beznosov http://konstantin.beznosov.net Laboratory for Education and Research in Secure Systems Engineering (LERSSE) http://lersse.ece.ubc.ca Kosta Beznosov (lersse.ece.ubc.ca) Usability & Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist junho.huh@honeywell.com Honeywell.com What is usable security? Building security solutions that are intuitive and easy to use Many security

350 views • 9 slides
Usable Security [finish] & Physical Security Spring 2016 Franziska (Franzi) Roesner

Usable Security [finish] & Physical Security Spring 2016 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Usable Security [finish] & Physical Security Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

395 views • 12 slides
Multivariate estimation of genetic parameters Quo vadis? Karin Meyer Animal Genetics and

Multivariate estimation of genetic parameters Quo vadis? Karin Meyer Animal Genetics and

Multivariate estimation of genetic parameters Quo vadis? Karin Meyer Animal Genetics and Breeding Unit, University of New England, Armidale AAABG 2011 REML - quo vadis? Quo vadis? Is a Latin phrase meaning: "Where are you

715 views • 37 slides
ECONOMIC DEVELOPMENT ASSOCIATION SCOTLAND PRESENTATION QUO VADIS DOMINI QUO VADIS DOMINI ! 2nd

ECONOMIC DEVELOPMENT ASSOCIATION SCOTLAND PRESENTATION QUO VADIS DOMINI QUO VADIS DOMINI ! 2nd

ECONOMIC DEVELOPMENT ASSOCIATION SCOTLAND PRESENTATION QUO VADIS DOMINI QUO VADIS DOMINI ! 2nd Century Landing point for Roman incursions into Scotland ! 7th Century Lothians absorbed into Kingdom of Northumbria ! origin of grand

346 views • 21 slides
DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research

DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research

DNSCurve: Usable security for DNS D. J. Bernstein Research Professor Center for RITES: Research and Instruction in Technologies for Electronic Security Department of Computer Science University of Illinois at Chicago The Domain Name

598 views • 48 slides
Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim Kobeissi 1.5a Usable Security: Then and Now 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Humans are

1.24k views • 67 slides
Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

CSE 484 / CSE M 584: Computer Security and Privacy Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John Mitchell,

715 views • 34 slides
What Does the Brain Tell Us about Usable Security? Anthony Vance Brigham Young University Given

What Does the Brain Tell Us about Usable Security? Anthony Vance Brigham Young University Given

What Does the Brain Tell Us about Usable Security? Anthony Vance Brigham Young University Given a choice between dancing pigs and security, users will pick dancing pigs every time. Felton and McGraw (1999) clicky lusers BYU LAB

1.12k views • 84 slides
Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of

Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of

Usable Security of Named Data Networking Yingdi Yu 1 Traditional communication model of Internet Speaking to a host end-to-end channel Communication security container-based authenticity: X.509, Certificate

678 views • 57 slides
Towards Usable Privacy in Cross-System Personalization Yang Wang CMU Usable Privacy and Security

Towards Usable Privacy in Cross-System Personalization Yang Wang CMU Usable Privacy and Security

Towards Usable Privacy in Cross-System Personalization Yang Wang CMU Usable Privacy and Security (CUPS) Lab Carnegie Mellon University 2 Personalization 3 Cross-System Personalization 4 Cross-System Personalization 5 Cross-System

310 views • 18 slides
Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two

Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two

Previous a researcher in the usable security group at ICSI/UCB Now a lead research engineer at Two Six Labs working on DARPA Brandeis This talk goes over work from UCB 1 Install-time permissions A ccept all or dont use the app at all. No

944 views • 77 slides
Usable Security Spring 2015 Franziska (Franzi) Roesner

Usable Security Spring 2015 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Usable Security Spring 2015 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

1.11k views • 55 slides
The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas

The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas

The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas Reynolds University at Albany a Lightning Talk Symposium On Usable Privacy & Security Carnegie Mellon University, July 2011 Usable

371 views • 5 slides
Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer,

Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer,

Usable security and the human in the loop Michelle Mazurek Some slides adapted from Lujo Bauer, Lorrie Cranor, Rob Reeder, Blase Ur, and Yinqian Zhang 1 Todays class Introducing me Introducing you Human Factors for Security and

985 views • 82 slides
Introducing Precautionary Behavior by Temporal Diversion of Voter Attention from Casting to

Introducing Precautionary Behavior by Temporal Diversion of Voter Attention from Casting to

Introducing Precautionary Behavior by Temporal Diversion of Voter Attention from Casting to Verifying their Vote Workshop on Usable Security 2/23/2014 Usable Security Lab Jurlind Budurushi, Marcel Woide and Melanie Volkamer Crypto Lab Current

217 views • 19 slides
USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we

USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we

USABLE SECURITY GRAD SEC SEP 28 2017 USER AUTHENTICATION What we know (passwords) What we have (tokens) What we are (iris, fingerprint) [Accuracy vs. cost trade-off] Other USER AUTHENTICATION INKBLOT AUTHENTICATION Come up with

671 views • 20 slides
How I Treat High Risk CLL Francesc Bosch MD, PhD Vall dHebron University Hospital (HUVH)

How I Treat High Risk CLL Francesc Bosch MD, PhD Vall dHebron University Hospital (HUVH)

How I Treat High Risk CLL Francesc Bosch MD, PhD Vall dHebron University Hospital (HUVH) Experimental Hematology (VHIO), Barcelona fbosch@vhio.net Disclosures Roche: Honoraria, research grants Celgene: Honoraria, research grants

691 views • 39 slides
(Joint) Astrometry LSST in Lyon (June 2017) Pierre Astier LPNHE / IN2P3 / CNRS , Universits

(Joint) Astrometry LSST in Lyon (June 2017) Pierre Astier LPNHE / IN2P3 / CNRS , Universits

(Joint) Astrometry LSST in Lyon (June 2017) Pierre Astier LPNHE / IN2P3 / CNRS , Universits Paris 6&7. P. Astier, LSST in Lyon (2017) 1 What is astrometry ? In principle, anything that has to do with measuring positions of

410 views • 29 slides
Mobile Robotics Lab Workshop on Grasp Planning and Task Learning by Imitation IROS 2010

Mobile Robotics Lab Workshop on Grasp Planning and Task Learning by Imitation IROS 2010

Mobile Robotics Lab Workshop on Grasp Planning and Task Learning by Imitation IROS 2010 Taipei, Taiwan Institute of Systems and Robotics Institute of Systems and Robitcs http://paloma.isr.uc.pt University of Coimbra Symbolic level

664 views • 27 slides
A testing facility for AO on-sky demonstrations at the Copernicos Telescope within the

A testing facility for AO on-sky demonstrations at the Copernicos Telescope within the

A testing facility for AO on-sky demonstrations at the Copernicos Telescope within the framework Simonetta Chinellato On behalf of R. Ragazzoni, J. Farinato, S. Benetti, M. Bergomi, F. Biondi, E. Cappellaro, E. Carolo, V.

433 views • 15 slides
Testing Floating-Point Applications Connie R. Masters & Alan A. Jorgensen PNSQC 2020

Testing Floating-Point Applications Connie R. Masters & Alan A. Jorgensen PNSQC 2020

Testing Floating-Point Applications Connie R. Masters & Alan A. Jorgensen PNSQC 2020 #PNSQC2020 #BoundedFloatingPoint #TrueNorthFloatingPoint Error in IEEE standard floating point Error detection Bounded

454 views • 28 slides
A flood forecasting model on river Oise with the plugin Mascaret Reach Origny-Sainte-Benoite to

A flood forecasting model on river Oise with the plugin Mascaret Reach Origny-Sainte-Benoite to

A flood forecasting model on river Oise with the plugin Mascaret Reach Origny-Sainte-Benoite to Sempigny Authors : Patrick Chass Contributors : Cdric Chabridier, Delphine Duval, Murile Etangsale et Charles Sourdiaux (Flood forecasting

386 views • 19 slides
Community and Rural Affairs Disaster Recovery and Mitigation Planning Ft. Worth, Texas February

Community and Rural Affairs Disaster Recovery and Mitigation Planning Ft. Worth, Texas February

Indiana Office of Community and Rural Affairs Disaster Recovery and Mitigation Planning Ft. Worth, Texas February 15, 2012 Floods Indianas costliest hazard State ranks 5 th in annual median flood damages 2008 was particularly

493 views • 23 slides
NASA Applied Sciences Disasters Program Support Timeline for Historic Louisiana Floods August

NASA Applied Sciences Disasters Program Support Timeline for Historic Louisiana Floods August

NASA Applied Sciences Disasters Program Support Timeline for Historic Louisiana Floods August 8 -15 South central LA receives > 20 inches of rain. Friday 8/12 FEMA requests assistance from NASA and joins initial rapid assessment call

236 views • 12 slides

More recommend