Section 18.1. Introduction | Security and Usability: Designing Secure Systems That People Can Use

18.1. Introduction

Security administration takes place in an ever-changing landscape of new systems, new vulnerabilities, and new tools. As threats to computer security evolve, so too do the practices and tools of security administration. On one level, computers are being used in larger numbers and broader applications, forcing security administrators to deal with increasingly large volumes of information and placing correspondingly more demands on their tools. Many existing tools place much of the cognitive load for analysis onto the user, an unacceptable situation given the trends of ever more computers and network traffic to monitor. Administrators would clearly benefit from advances in analytics, automation, and visualization tools. On another level, computer systems are increasingly connected, providing access for an ever-wider variety of client systems including laptops, cell phones, PDAs, etc. The diversity of computing devices complicates security management and planning significantly. Increasingly complex software architectures create more opportunities for vulnerabilities to arise. With more components integrated and interacting in various ways in these architectures, there is a growing potential for unanticipated vulnerabilities. Sometimes, security breaches take advantage of multiple vulnerabilities in systems, making patterns of attack hard to predict. As a result, security administrators need to know how various devices and systems work and interact to analyze developing situations. In short, all of these changes to the information technology landscape make the job of the security administrator increasingly difficult.

So, how do security administrators secure our computing systems, defend them against attacks, limit damage proactively, and recover from attacks rapidly? In this chapter, we describe results from our ongoing field studies of system administration at various computing centers across the U.S. In these studies, we examined the work practices, tools, organization, and environments of security, database, web, storage, and operating system administrators. So far, we have conducted 10 such field studies, where we observed approximately 25 administrators over a total 40 days.^[1]^, ^[2] We collected about 250 hours of video, which we analyzed to varying degrees of detail. In these studies, our approach has been ethnography, which involved entering the system administrators' environments and observing their practices, tools, and interactions for extended periods of time. Our analysis is based on Grounded Theory,^[3]^, ^[4] in which we do not use ethnography to validate a previously formulated hypothesis, but instead draw all our conclusions from what we observed.

^[1] R. Barrett, E. Kandogan, P. P. Maglio, E. Haber, L. Takayama, and M. Prabaker, "Field Studies of Computer System Administrators: Analysis of System Management Tools and Practices," Proceedings of the ACM Conference on Computer Supported Cooperative Work (CSCW '04) (Chicago, Nov. 6-10, 2004); (ACM Press, 2004), 388395.

^[2] P. P. Maglio, E. Kandogan, and E. Haber, "Distributed Cognition and Joint Activity in Collaborative Problem Solving," Proceedings of the Twenty-fifth Annual Conference of the Cognitive Science Society (COGSCI '03) (Boston, July 31-Aug. 2, 2003), 758763.

^[3] Barney G. Glaser and Anselm L. Strauss, The Discovery of Grounded Theory: Strategies for Qualitative Research (Chicago: Aldine, 1967).

^[4] Barney G. Glaser, Basics of Grounded Theory Analysis: Emergence vs. Forcing (Mill Valley, CA: Sociology Press, 1992).

ETHNOGRAPHY

Ethnography, defined literally as writing about people, is a technique commonly used in anthropology where one immerses one's self in a culture for extended periods of time to better understand the people and their practices. Ethnography traditionally has been practiced for understanding foreign cultures, but more recently it has been applied and has been highly effective in understanding the work practices of computer users in context, informing the design of computer systems to better suit their needs.^[a]^, ^[b]^, ^[c]

Ethnography is almost always used to generate qualitative rather than quantitative data. Ethnographic techniques include observation, often as a full participant in daily activities, direct interviews, and collection of artifacts. Observers take notes and frequently record events using cameras, video, and audiotape. An ethnographer typically engages with a small number of subjects to study their daily lives in depth to get an understanding of the particular circumstances that drive behavior as opposed to drawing statistically significant conclusions about the whole culture. Ethnographic accounts aim to provide a rich description of events with as much detail as possible, not only expressing what happened but also interpreting the meaning and significance of events.

^[a] E. Hutchins, Cognition in the Wild (Cambridge, MA: MIT Press, 1995).

^[b] P. Luff, J. Hindmarsh, and C. Heath, Workplace Studies: Recovering Work Practice and Information System Design (Cambridge, MA: Cambridge University Press, 1999).

^[c] J. E. Orr, Talking About Machines: An Ethnography of a Modern Job (Ithaca, NY: Cornell University Press, 1996).

In this chapter we focus only on our findings in the area of security administration. We start with an overview of the attacks that security administrators work to prevent, and the tools that they use toward this end. We then give an overview of the current practices of security administration by profiling two representative security administrators, and detail five case studies to illustrate security work and the challenges faced by security administrators. We also discuss how current tools support or fail security administrators' practices. Lastly, based on these findings, we outline some of the opportunities that lie ahead to improve security administration tools.