Security and Usability: Designing Secure Systems That People Can Use
Security and Usability: Designing Secure Systems That People Can Use
ISBN: 0596008279
EAN: 2147483647
EAN: 2147483647
Year: 2004
Pages: 295
Pages: 295
Authors: Lorrie Faith Cranor, Simson Garfinkel
- Security and Usability
- Table of Contents
- Copyright
- Preface
- Goals of This Book
- Audience for This Book
- Structure of This Book
- Conventions Used in This Book
- Safari Enabled
- How to Contact Us
- Acknowledgments
- Part I: Realigning Usability and Security
- Chapter One. Psychological Acceptability Revisited
- Section 1.1. Passwords
- Section 1.2. Patching
- Section 1.3. Configuration
- Section 1.4. Conclusion
- Section 1.5. About the Author
- Chapter Two. Why Do We Need It? How Do We Get It?
- Section 2.1. Introduction
- Section 2.2. Product: Human Factors, Policies, and Security Mechanisms
- Section 2.3. Process: Applying Human Factors Knowledge and User-Centered Approaches to Security Design
- Section 2.4. Panorama: Understanding the Importance of the Environment
- Section 2.5. Conclusion
- Section 2.6. About the Authors
- Chapter Three. Design for Usability
- Section 3.1. Death by Security
- Section 3.2. Balance Security and Usability
- Section 3.3. Balance Privacy and Security
- Section 3.4. Build a Secure Internet
- Section 3.5. Conclusion
- Section 3.6. About the Author
- Chapter Four. Usability Design and Evaluation for Privacy and Security Solutions
- Section 4.1. Usability in the Software and Hardware Life Cycle
- Section 4.2. Case Study: Usability Involvement in a Security Application
- Section 4.3. Case Study: Usability Involvement in the Development of a Privacy Policy Management Tool
- Section 4.4. Conclusion
- Section 4.5. About the Authors
- Chapter Five. Designing Systems That People Will Trust
- Section 5.1. Introduction
- Section 5.2. The Trust-Risk Relationship
- Section 5.3. The Time-Course of Trust
- Section 5.4. Models of Trust
- Section 5.5. Trust Designs
- Section 5.6. Future Research Directions
- Section 5.7. About the Authors
- Part II: Authentication Mechanisms
- Chapter Six. Evaluating Authentication Mechanisms
- Section 6.1. Authentication
- Section 6.2. Authentication Mechanisms
- Section 6.3. Quality Criteria
- Section 6.4. Environmental Considerations
- Section 6.5. Choosing a Mechanism
- Section 6.6. Conclusion
- Section 6.7. About the Author
- Chapter Seven. The Memorability and Security of Passwords
- Section 7.1. Introduction
- Section 7.2. Existing Advice on Password Selection
- Section 7.3. Experimental Study
- Section 7.4. Method
- Section 7.5. Results
- Section 7.6. Discussion
- Section 7.7. Acknowledgments
- Section 7.8. About the Authors
- Chapter Eight. Designing Authentication Systems with Challenge Questions
- Section 8.1. Challenge Questions as a Form of Authentication
- Section 8.2. Criteria for Building and Evaluating a Challenge Question System
- Section 8.3. Types of Questions and Answers
- Section 8.4. Designing a Challenge Question Authentication System
- Section 8.5. Some Examples of Current Practice
- Chapter Nine. Graphical Passwords
- Section 9.1. Introduction
- Section 9.2. A Picture Is Worth a Thousand Words
- Section 9.3. Picture Perfect?
- Section 9.4. Let s Face It
- Section 9.5. About the Authors
- Chapter Ten. Usable Biometrics
- Section 10.1. Introduction
- Section 10.2. Where Are Biometrics Used?
- Section 10.3. Biometrics and Public Technology: The ATM Example
- Section 10.4. Evaluating Biometrics
- Section 10.5. Incorporating User Factors into Testing
- Section 10.6. Conclusion
- Section 10.7. About the Author
- Chapter Eleven. Identifying Users from Their Typing Patterns
- Section 11.1. Typing Pattern Biometrics
- Section 11.2. Applications
- Section 11.3. Overview of Previous Research
- Section 11.4. Evaluating Previous Research
- Section 11.5. Privacy and Security Issues
- Section 11.6. Conclusion
- Section 11.7. About the Authors
- Chapter Twelve. The Usability of Security Devices
- Section 12.1. Introduction
- Section 12.2. Overview of Security Devices
- Section 12.3. Usability Testing of Security Devices
- Section 12.4. A Usability Study of Cryptographic Smart Cards
- Section 12.5. Recommendations and Open Research Questions
- Section 12.6. Conclusion
- Section 12.7. Acknowledgments
- Section 12.8. About the Authors
- Part III: Secure Systems
- Chapter Thirteen. Guidelines and Strategies for Secure Interaction Design
- Section 13.1. Introduction
- Section 13.2. Design Guidelines
- Section 13.3. Design Strategies
- Section 13.4. Conclusion
- Section 13.5. Acknowledgments
- Section 13.6. About the Author
- Chapter Fourteen. Fighting Phishing at the User Interface
- Section 14.1. Introduction
- Section 14.2. Attack Techniques
- Section 14.3. Defenses
- Section 14.4. Looking Ahead
- Section 14.5. About the Authors
- Chapter Fifteen. Sanitization and Usability
- Section 15.1. Introduction
- Section 15.2. The Remembrance of Data Passed Study
- Section 15.3. Related Work: Sanitization Standards, Software, and Practices
- Section 15.4. Moving Forward: A Plan for Clean Computing
- Section 15.5. Acknowledgments
- Section 15.6. About the Author
- Chapter Sixteen. Making the Impossible Easy: Usable PKI
- Section 16.1. Public Key Infrastructures
- Section 16.2. Problems with Public Key Infrastructures
- Section 16.3. Making PKI Usable
- Section 16.4. About the Authors
- Chapter Seventeen. Simple Desktop Security with Chameleon
- Section 17.1. Introduction
- Section 17.2. Chameleon User Interface
- Section 17.3. Chameleon Interface Development
- Section 17.4. Chameleon Implementation
- Section 17.5. Conclusion
- Section 17.6. Acknowledgments
- Section 17.7. About the Authors
- Chapter Eighteen. Security Administration Tools and Practices
- Section 18.1. Introduction
- Section 18.2. Attacks, Detection, and Prevention
- Section 18.3. Security Administrators
- Section 18.4. Security Administration: Cases from the Field
- Section 18.5. Conclusion
- Section 18.6. Acknowledgments
- Section 18.7. About the Authors
- Part IV: Privacy and Anonymity Systems
- Chapter Ninteen. Privacy Issues and Human-Computer Interaction
- Section 19.1. Introduction
- Section 19.2. Privacy and HCI
- Section 19.3. Relevant HCI Research Streams
- Section 19.4. Conclusion
- Section 19.5. About the Authors
- Chapter Twenty. A User-Centric Privacy Space Framework
- Section 20.1. Introduction
- Section 20.2. Security and Privacy Frameworks
- Section 20.3. Researching the Privacy Space
- Section 20.4. Privacy as a Process
- Section 20.5. Conclusion
- Section 20.6. About the Author
- Chapter Twenty One. Five Pitfalls in the Design for Privacy
- Section 21.1. Introduction
- Section 21.2. Faces: (Mis)Managing Ubicomp Privacy
- Section 21.3. Five Pitfalls to Heed When Designing for Privacy
- Section 21.4. Discussion
- Section 21.5. Conclusion
- Section 21.6. Acknowledgments
- Section 21.7. About the Authors
- Chapter Twenty Two. Privacy Policies and Privacy Preferences
- Section 22.1. Introduction
- Section 22.2. The Platform for Privacy Preferences (P3P)
- Section 22.3. Privacy Bird Design
- Section 22.4. Privacy Bird Evaluation
- Section 22.5. Beyond the Browser
- Section 22.6. About the Author
- Chapter Twenty Three. Privacy Analysis for the Casual User with Bugnosis
- Section 23.1. Introduction
- Section 23.2. The Audience for Bugnosis
- Section 23.3. Cookies, Web Bugs, and User Tracking
- Section 23.4. The Graphic Identity
- Section 23.5. Making It Simple Is Complicated
- Section 23.6. Looking Ahead
- Section 23.7. Acknowledgments
- Section 23.8. About the Author
- Chapter Twenty Four. Informed Consent by Design
- Section 24.1. Introduction
- Section 24.2. A Model of Informed Consent for Information Systems
- Section 24.3. Possibilities and Limitations for Informed Consent: Redesigning Cookie Handling in a Web Browser
- Section 24.4. Informing Through Interaction Design: What Users Understand About Secure Connections Through Their Web Browsing
- Section 24.5. The Scope of Informed Consent: Questions Motivated by Gmail
- Section 24.6. Acknowledgments
- Section 24.7. About the Authors
- Chapter Twenty Five. Social Approaches to End-User Privacy Management
- Section 25.1. A Concrete Privacy Problem
- Section 25.2. Acumen: A Solution Using Social Processes
- Section 25.3. Supporting Privacy Management Activities with Social Processes
- Section 25.4. Deployment, Adoption, and Evaluation
- Section 25.5. Gaming and Anti-gaming
- Section 25.6. Generalizing Our Approach
- Section 25.7. Conclusion
- Section 25.8. About the Authors
- Chapter Twenty Six. Anonymity Loves Company: Usability and the Network Effect
- Section 26.1. Usability for Others Impacts Your Security
- Section 26.2. Usability Is Even More Important for Privacy
- Section 26.3. Bootstrapping, Confidence, and Reputability
- Section 26.4. Technical Challenges to Guessing the Number of Users in a Network
- Section 26.5. Conclusion
- Section 26.6. About the Authors
- Part V: Commercializing Usability: The Vendor Perspective
- Chapter Twenty Seven. ZoneAlarm: Creating Usable Security Products for Consumers
- Section 27.1. About ZoneAlarm
- Section 27.2. Design Principles
- Section 27.3. Efficient Production for a Fast Market
- Section 27.4. Conclusion
- Section 27.5. About the Author
- Chapter Twenty Eight. Firefox and the Worry-Free Web
- Section 28.1. Usability and Security: Bridging the Gap
- Section 28.2. The Five Golden Rules
- Section 28.3. Conclusion
- Section 28.4. About the Author
- Chapter Twenty Nine. Users and Trust: A Microsoft Case Study
- Section 29.1. Users and Trust
- Section 29.2. Consent Dialogs
- Section 29.3. Windows XP Service Pack 2A Case Study
- Section 29.4. Pop-Up Blocking
- Section 29.5. The Ideal
- Section 29.6. Conclusion
- Section 29.7. About the Author
- Chapter Thirty. IBM Lotus NotesDomino: Embedding Security in Collaborative Applications
- Section 30.1. Usable Secure Collaboration
- Section 30.2. Embedding and Simplifying Public Key Security
- Section 30.3. Designing Security Displays
- Section 30.4. User Control of Active Content Security
- Section 30.5. Conclusion
- Section 30.6. About the Author
- Chapter Thirty One. Achieving Usable Security in Groove Virtual Office
- Section 31.1. About Groove Virtual Office
- Section 31.2. Groove Virtual Office Design
- Section 31.3. Administrators Strengths and Weaknesses
- Section 31.4. Security and Usability
- Section 31.5. About the Authors
- Part VI: The Classics
- Chapter Thirty Two. Users Are Not the Enemy
- Section 32.1. The Study
- Section 32.2. Users Lack Security Knowledge
- Section 32.3. Security Needs User-Centered Design
- Section 32.4. Motivating Users
- Section 32.5. Users and Password Behavior
- Section 32.6. About the Authors
- Chapter Thirty Three. Usability and Privacy: A Study of KaZaA P2P File Sharing
- Section 33.1. Introduction
- Section 33.2. Usability Guidelines
- Section 33.3. Results of the Cognitive Walkthrough
- Section 33.4. A Two-Part User Study
- Section 33.5. Conclusion
- Section 33.6. Acknowledgments
- Section 33.7. About the Authors
- Chapter Thirty Four. Why Johnny Can t Encrypt
- Section 34.1. Introduction
- Section 34.2. Understanding the Problem
- Section 34.3. Evaluation Methods
- Section 34.4. Cognitive Walkthrough
- Section 34.5. User Test
- Section 34.6. Conclusion
- Section 34.7. Related Work
- Section 34.8. Acknowledgments
- Section 34.9. About the Authors
- Colophon
- About the Editors
- Colophon
- Index
- SYMBOL
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- R
- S
- T
- U
- V
- W
- X
- Y
- Z
Security and Usability: Designing Secure Systems That People Can Use
ISBN: 0596008279
EAN: 2147483647
EAN: 2147483647
Year: 2004
Pages: 295
Pages: 295
Authors: Lorrie Faith Cranor, Simson Garfinkel