SecGroup 2007 11 HCISEC Slides

8/8/2019 SecGroup 2007 11 HCISEC Slides

1/13

HCI-SECHCI Perspectives on Security

Luke ChurchSecurity Group Talk, Nov 07


2/13

Agenda

Why?Mechanism Usability

End User Pro grammin gProfessional Pro grammin g

Attack and Defence

What wont we talk about?


3/13

Why?Mechanism UsabilityEnd User Pro grammin gProfessional Pro grammin g

Attack and Defence

S hared facets

Usability limits adoptionProfessionalism

Adhoc approaches fail

S ecurity is determined by Usability

90% of issues are confi g (Bishop 96)Bot-nets, insecure behaviour, PGPUnusable security subverted

Difficult to manageTragedy of theCommons

Social context

PGPPKIsC AP

PhishingMechanisms are failin gUndoing risk dumpin g

See most current UIs


4/13


5/13

Why?M echanism UsabilityEnd User Pro grammin gProfessional Pro grammin g

Attack and Defence

Passwords andPrivacy

User C entric DesignGarfinkel

C ognitive Dimensions

Traditional focus of HCI-SEC

Why Johnny cant EncryptPKI UnusabilityC APTCH As~200 Publications

Extensive study~30%+ of HCI-SEC

Covers much of HCI-SECHeuristics

Seminal PhDDesign PatternsHeuristic like

Usability of Notations

Broad-brush usabilityDesign vocabularyCan model many of

Garfinkels patterns


6/13

Cognitive Dimensions of Notations

Example dimension: Viscosity Resistance to chan ge Good for nuclear reactors, bad for text editorsUsability Environment, Activity, DimensionsDimensions: Viscosity, Hidden Dependencies, Error

proneness, Role Expressiveness, Abstraction,


7/13

CDs Dia gram (In Pro gress)


8/13

Development of profiles for

Secure Activities (In Pro gress)Consistent Meanin gful Vocabulary: Prevent confusionby usin g words consistently to convey the same ideaor concept in different pro grams and contexts. Likewise,prevent confusion by assi gning consistent meanings tothe same word

in different applications or contexts. Consistency, Closeness of Mappin gComplete Delete: Ensure that when the user deletes the

visible representation of somethin g , the hiddenrepresentations are deleted as well. Hidden Dependencies, Role Expressiveness, Visibility

Delayed Unrecoverable Action: Give users a chance tochange their minds after executin g an unrecoverableaction Premature Commitment


9/13

Desi gn Manoeuvre: Virtualisation

Principle tradeoffs: Prema tu reC omm it men t and Visibility for Viscosity


10/13

Why?Mechanism Usability

E nd User ProgrammingProfessional Pro grammin g

Attack and Defence

E nd User E ngineering

Risk DumpingS trategies

Abstraction Design

C onfiguration

90% of security issues? ACLs?Network Security?Backups?Privacy Policies?

Difficult domainGender HCI

End User Pro g rammin gis research HCI

In security its expected!Moral HazardsBeware Attack + Defence

at UI

Mental Models?Morality as surro gateDomain translation

Direct Manipulation

vs AbstractionCompScis move earlyEnd users move late


11/13

Why?Mechanism UsabilityEnd User Pro grammin g

Professional ProgrammingAttack and Defence

S ample Issues

Deeper Issues

Psychology of Programming

New Paradigms

Why?

Where Security Usability started (!) ACLs are just hard1000+ pa ge books, Billions of $sVery little serious psycholo gy

Buffer OverflowInteger OverflowConcurrencyNull Pointers

No defence in depthFile formats are unusable

Avoidance strate g ies API Attacks

Why is it hard? API UsabilityIs our view of abstraction

ideal?Programmin g Lan gua ge usability

Can we handle

abstraction differently?How can we mana gethe gap betweenEnd Users and CompScis?


12/13

Why?Mechanism UsabilityEnd User Pro grammin gProfessional Pro grammin g

Attack and Defence

AttackDefence

C urrent S tate

HCI-SEC is hard with MurphyPhishing is one of the first serious attacksI contend that this is the be g inningDefences are currently very weak

Attacks on mechanismsFirewalls, IDS, AntiVirus

Phish inside the FirewallReputation Attacks

Asymmetric UsabilityCognitive Channels

Usability manipulationattacks

Usability Threat Models?CDs Security Profile?Tainting Proper Social Protocols?Usability Litigation


13/13

Summary

HCI is not just about mechanism evaluationsHCI-SEC is hard, were scratchin g the surfaceThe analytical techniques of HCI can have animpact on effective securityProgrammers (both types) are people too!

Thought: Security Protocol Notation has manyusability issues. How could we have donebetter?

Documents

SecGroup 2007 11 HCISEC Slides