An approach to usable security based on event monitoring and visualization

Proceedings New Security Paradigms Workshop

Volumn , Issue , 2002, Pages 75-81

  Dourish, Paul ^a   Redmiles, David ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Event monitoring; Mental models; Usability; Visualization

Indexed keywords

DATA PRIVACY; MATHEMATICAL MODELS; SECURITY SYSTEMS; USABILITY ENGINEERING; VISUALIZATION;

EVENT MONITORING; MENTAL MODELS;

SECURITY OF DATA;

EID: 0242696305     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/844115.844116     Document Type: Conference Paper

References (51)

1. Ackerman, M. and Cranor, L. 1999. Privacy Critics: UI Components to Safeguard Users' Privacy. Adjunct Proceedings of CHI'99 (Short Papers), 258-259.
2. Ackerman, M., Cranor, L., and Reagle, J. 1999. Privacy in E-Commerce: Examining User Scenarios and Privacy Preferences. ACM Conf. on Electronic Commerce, 1-8. ACM
3. Adams, A. and Sasse, M.A. 1999. Users Are Not The Enemy: Why users compromise security mechanisms and how to take remedial measures. Comm. ACM, 42(12), 40-46.
4. Adams, A., Sasse, M.A., and Lunt, P. 1997. Making Passwords Secure and Usable. In Thimbleby, H. O'Connaill, B., and Thomas, P. (eds), People and Computers XII: Proceedings of HCI'97, 1-19, Springer.
5. Ames, S., Gasser, M., and Schell, R. 1983. Security Kernel Design and Implementation: An Introduction. IEEE Computer, 16, 7, 14-22.
6. Anderson, R. 1993. Why Cryptosystems Fail. Proc. ACM Conf. Computer and Communication Security CCS'93, 215-227. ACM.
7. Bellotti, V. and Sellen, A. 1993. Design for Privacy in Ubiquitous Computing Environments. Proc. European Conf. Computer-Supported Cooperative Work ECSCW'93, 77-92. Kluwer.
8. Bernaschi, M., Gabrielli, E., and Mancini, L. 2000. Operating System Enhancements to Prevent the Misuse of System Calls. Proc. ACM Conf. Computer and Communication Security, 174-183. New York: ACM.
9. Blumenthal, M. and Clark, D. 2001. Rethinking the Design of the Internet: the end-to-end arguments vs. the brave new world. ACM Trans. Internet Technology, 1(1), 70-109.
10. Brostoff, S. and Sasse, M.A. 2000. Are Passfaces more usable than passwords? A field trial investigation. In S. McDonald, Y. Waern & G. Cockton (Eds.): People and Computers XIV - Usability or Else! Proceedings of HCI 2000, 405-424. Springer.
11. Carzaniga, A., Rosenblum, D., and Wolf, A. 2001. Design and Evaluation of a Wide-Area Notification Service. ACM Trans. Computer Systems, 19(3), 332-383.
12. Cohen, D., Feather, M., Narayanaswamy, K., Fickas, S. 1997. Automatic monitoring of software requirements. Proceedings of the 1997 International Conference on Software Engineering, ICSE 97 (Boston, MA), 602-603.
13. Denning, D. 1987. An Intrusion-Detection Model. IEEE Trans. Software Engineering, 13(2), 222-232.
14. Dewan, P. and Shen, H. 1998. Flexible Meta Access-Control for Collaborative Applications Primitives for Building Flexible Groupware Systems. Proceedings of ACM Conference on Computer-Supported Cooperative Work CSCW'98, 247-256. ACM.
15. Dhamija, R. and Perrig, A. 2000. Deja Vu: A User Study. Using Images for Authentication. In Proceedings of the 9th USENIX Security Symposium, Denver, Colorado.
16. Dourish, P. 1993. Culture and Control in a Media Space. Proc. European Conf. Computer-Supported Cooperative Work ECSCW'93, 125-137. Kluwer.
17. Dourish, P. and Bellotti, V. 1992. Awareness and Coordination in Shared Workspaces. Proc. ACM Conf. Computer-Supported Cooperative Work CSCW'92, 107-114. New York: ACM.
18. Dourish, P., Swinehart, D., and Theimer, M. 2000. The Doctor is In: Helping End-Users Understand the Health of Distributed Systems. Proc. 11th IEEE/IFIP Workshop on Distributed Systems Operation and Management DSOM 2000. IEEE.
19. Dourish, P. and Byttner, J. 20002. A Visual Virtual Machine for Java Programs: Exploration and Early Experiences. Proc. ICDMS Workshop on Visual Computing (San Francisco, CA.)
20. Finkel, R. 1997. Pulsar: An Extensible Tool for Monitoring Large UNIX Sites. Software Practice and Experience, 27(10). 1163-1176.
21. Fitzpatrick, G., T. Mansfield, et al. 1999. Augmenting the workaday world with Elvin, Proceedings of 6th European Conference on Computer Supported Cooperative Work ECSCW'99, 431-450. Kluwer.
22. Greenberg, S and Marwood, D. 1994. Real-Time Groupware as a Distributed System: Concurrency Control and its Effect on the Interface. Proc. ACM Conf. Computer-Supported Cooperative Work CSCW'94, 207-218. ACM.
23. Henning, R. 2000. Security Service Level Agreements: Quantifiable Security for the Enterprise? Proc. New Security Paradigm Workshop (Ontario, Canada), 54-60. ACM.
24. Hilbert, D. and Redmiles, D. 1998. An Approach to Large-Scale Collection of Application Usage Data Over the Internet, Proceedings of the Twentieth International Conference on Software Engineering (ICSE '98), Kyoto, Japan, IEEE Computer Society Press, 136-145.
25. Hilbert, D. and Redmiles, D. 2001. Large-Scale Collection of Usage Data to Inform Design. Eighth IFIP TC 13 Conference on Human-Computer Interaction INTERACT 2001 (Tokyo, Japan), 569-576.
26. Irvine, C. and Levin, T. 1999. Towards a Taxonomy and Costing Method for Security Services. Proc. 15th Annual Computer Security Applications Conference. IEEE.
27. Irvine, C. and Levin, T. 2001. Quality of Security Service. Proc. ACM New Security Paradigms Workshop, 91-99.
28. Kahn, D. 1967. The Codebreakers. Macmillan.
29. Kantor, M., Redmiles, D. 2001. Creating an Infrastructure for Ubiquitous Awareness, Eighth IFIP TC 13 Conference on Human-Computer Interaction INTERACT 2001 (Tokyo, Japan), 431-438.
30. Kelsey, J., Schneier, B., Wagner, D., and Hall, C. 1998. Cryptanalytic Attacks on Pseudorandom Number Generators. Proc. Intl. Workshop on Fast Software Encryption, 168-188. Springer-Verlag.
31. Kemmerer, R., Meadows, C., and Millen, J. 1994. Three Systems for Cryptographic Protocol Analysis. Journal of Cryptology, 7(2), 79-130.
32. Lakoff, G. 1992. The Contemporary Theory of Metaphor. In Ortony (ed), Metaphor and Thought (2nd Edition). Cambridge University Press.
33. Lunt, T. and Jagannathan. 1988. A Prototype Real-Time Intrusion-Detection Export System. Proc. IEEE Symposium on Security and Privacy, 59-66. New York: IEEE.
34. Luckham, D. 1998. Rapide: a language and toolset for causal event modeling of distributed system architectures. Proc. Second International Conference Proceedings Worldwide Computing and Its Applications - WWCA'98 (Tsukuba, Japan), 88-96.
35. Maglio, P. and Matlock, T. 1999. The Conceptual Structure of Information Space. Social Navigation of Information Space, 155-173. Springer.
36. Munzer, T., Hoffman, E., Claffy, K., and Fenner, B. 1996. Visualizing the Global Topology of the MBone. Proc. of the Symposium on Information Visualization (San Francisco, CA). New York: IEEE.
37. Rimmer, J., Wakeman, I., Sheeran, L., and Sasse, M.A. 1999. Examining Users' Repertaoir of Internet Applications. In Sasse and Johnson (eds), Human-Computer Interaction: Proceedings of Interact'99.
38. Saltzer, J. and Schroeder, M. 1975. The Protection of Information in Computer Systems. Proceedings of the IEEE, 63(9), 1278-1308.
39. Saltzer, J., Reed, D., and Clark, D. 1981. End-to-End Arguments in System Design. ACM Trans. Computer Systems, 2(4), 277-288.
40. Schneier, B. 2000. Secrets and Lies: Digital Security in a Networked World. Wiley
41. Schneier, B. and Mudge. 1998. Cryptanalysis of Microsoft's Point-to-Point Tunnelling Protocol (PPTP). Proc. ACM Conf. Computer and Communication Security, 132-141. New York: ACM.
42. di Sessa, A. 1983. Phenomenology and the Evolution of Intuition. In Gentner and Stevens (eds), Mental Models. Hillsdale, NJ: Laurence Erlbaum.
43. Shen, H. and Dewan, P. 1992. Access Control for Collaborative Environments. Proc. ACM Conf. Computer-Supported Cooperative Work CSCW'92, 51-58. ACM.
44. Smaha, S. 1988. Haystack: An Intrusion Detection System. Proc. Aerospace Computer Security Applications Conference, 37-44.
45. de Souza, C., Basaveswara, S., Redmiles, D. 2002. Lessons Learned Using with Notification Servers to Support Application Awareness, Department of Information and Computer Science, University of California, Irvine, Technical Report #02-11.
46. Spyropoulou, E., Levin, T., and Irvine, C. 2000. Calculating Costs for Quality of Security Service. Proc. 16th Computer Security Applications Conference. IEEE.
47. Thomsen, D. and Denz, M. 1997. Incremental Assurance for Multilevel Applications. Proc. 13th Annual Computer Security Applications Conference. IEEE.
48. Wagner, D., Foster, J., Brewer, E., and Aiken, A. 2000. A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. Proc. Networked and Distributed Systems Security Symposium. Internet Society.
49. Weirich, D. and Sasse, M.A. 2001. Pretty Good Persuasion: A first step towards effective password security for the Real World. Proceedings of the New Security Paradigms Workshop 2001 (Sept. 10-13, Cloudcroft, NM), 137-143. ACM Press.
50. Whitten, A. and Tygar, J.D. 1999. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Proc. Ninth USENIX Security Symposium.
51. Zurko, M.E. and Simon, R. 1996. User-Centered Security. Proc. New Security Paradigms Workshop. ACM.