Proceedings Article10.1145/304851.304859
User-centered security
Mary Ellen Zurko,Richard T. Simon +1 more
- 17 Sep 1996
- pp 27-33
TL;DR: In this article, the authors introduce the term user-centered security to refer to security models, mechanisms, systems, and software that have usability as a primary motivation or goal, and discuss the history of usable secure systems, citing both past problems and present studies.
read more
Abstract: We introduce the term user-centered security to refer to security models, mechanisms, systems, and software that have usability as a primary motivation or goal. We discuss the history of usable secure systems, citing both past problems and present studies. We develop three categories for work in user-friendly security: applying usability testing and techniques to secure systems, developing security models and mechanisms for user-friendly systems, and considering user needs as a primary design goal at the start of secure system development. We discuss our work on user-centered authorization, which started with a rules-based authorization engine (MAP) and will continue with Adage. We outline the lessons we have learned to date and how they apply to our future work. We evaluate the pros and cons of this effort, as a precursor to further work in this area, and include a brief description of our current work in user-centered authorization. As our conclusion points out, we hope to see more work in user-centered security in the future; work that enables users to choose and use the protection they want, that matches their intuitions about security and privacy, and that supports the policies that teams and organizations need and use to get their work done. II. USABILITY IN SECURE SOFTWARE Keywordsuser-centered, security, authorization
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
•Proceedings Article
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
Alma Whitten,J. D. Tygar +1 more
- 23 Aug 1999
TL;DR: It is concluded that PGP 5.0 is not usable enough to provide effective security for most computer users, despite its attractive graphical user interface, supporting the hypothesis that user interface design for effective security remains an open problem.
So long, and no thanks for the externalities: the rational rejection of security advice by users
Cormac Herley
- 08 Sep 2009
TL;DR: It is argued that users' rejection of the security advice they receive is entirely rational from an economic perspective, and most security advice simply offers a poor cost-benefit tradeoff to users and is rejected.
614
Separation of duty in role-based environments
Richard T. Simon,Mary Ellen Zurko +1 more
- 10 Jun 1997
TL;DR: The mechanisms to support separation of duty and roles in Adage, a general-purpose authorization language and toolkit are discussed and the notion of history-based separation ofduty is added.
395
Security in the wild: user strategies for managing security as an everyday, practical problem
Paul Dourish,E. Grinter,Jessica Delgado de la Flor,Melissa Joseph +3 more
- 01 Nov 2004
TL;DR: A number of findings concerning the scope of security, attitudes towards security, and the social and organizational contexts within which security concerns arise are presented, and point towards emerging technical solutions.
Patent
System and method for authenticating users in a computer network
Timothy J. Brown,Gregory C. Jensen,Rodney Rivers,Dan Nelson +3 more
- 07 Jul 2003
TL;DR: A rule based biometric user authentication method and system in a computer network environment is provided in this article, where multiple authentication rules can exist in the computer network and an order of precedence among the rules is then established which is used to authenticate the user.
367
References
•Book
The Design of Everyday Things
Donald A. Norman
- 01 Jan 1988
TL;DR: Revealing how smart design is the new competitive frontier, this innovative book is a powerful primer on how--and why--some products satisfy customers while others only frustrate them.
The protection of information in computer systems
Jerome H. Saltzer,Michael D. Schroeder +1 more
- 01 Sep 1975
TL;DR: In this article, the authors explore the mechanics of protecting computer-stored information from unauthorized use or modification, focusing on those architectural structures-whether hardware or software-that are necessary to support information protection.
Secure Computer System: Unified Exposition and Multics Interpretation
D. Elliott Bell,Leonard J. La Padula +1 more
- 01 Mar 1976
TL;DR: A suggestive interpretation of the model in the context of Multics and a discussion of several other important topics (such as communications paths, sabotage and integrity) conclude the report.
Protection of information in computer systems
Jerome H. Saltier,Michael D. Schroeder +1 more
- 01 Dec 1975
TL;DR: An excellant technical survey of the mechanics of protecting computer-stored information from unauthorised use or modifications, with a focus on the conceptual framework necessary to enforce data security.
1.4K
A Comparison of Commercial and Military Computer Security Policies
David D. Clark,David R. Wilson +1 more
- 27 Apr 1987
TL;DR: It is argued that a lattice model is not sufficient to characterize integrity policies, and that distinct mechanisms are needed to Control disclosure and to provide integrity.
Related Papers (5)
Alma Whitten,J. D. Tygar +1 more
- 23 Aug 1999
Anne Adams,Martina Angela Sasse +1 more
Jerome H. Saltzer,Michael D. Schroeder +1 more
- 01 Sep 1975