Safe and sound: A safety-critical approach to security

Proceedings New Security Paradigms Workshop

Volumn , Issue , 2001, Pages 41-50

  Brostoff, Sacha ^a   Sasse, M Angela ^a  

^a UNIVERSITY COLLEGE LONDON   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

HUMAN ENGINEERING; MATHEMATICAL MODELS; SECURITY SYSTEMS; SYSTEMS ANALYSIS;

SAFETY-CRITICAL SYSTEMS; SECURITY MODELS;

SECURITY OF DATA;

EID: 0242708756     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (24)

1. Adams, A. and Sasse, M.A. (1999), Users are not the enemy, Communications of the ACM, Vol. 42, No. 12. December, 1999.
2. Anderson, R. (2001) Security Engineering. John Wiley and Sons; UK.
3. Baker, D.B. (1996) Fortresses Built Upon Sand. in Proceedings of the 1996 New Security Paradigms Workshop. Arrowhead, CA.: ACM Press https://www.acm.org/pubs/articles/proceedings/commsec/304851/p148-baker/p14 8-baker.pdf
4. Bell, D., & LaPadula, L. (1973) Secure Computer Systems: Mathematical Foundations and Model, M74-244, MITRE Corp. Bedford, MA
5. Biba, K. (1977) Integrity Constraints for Secure Computer Systems. Tech. Rep. ESD-TR76-372, USAF Electronic Systems Division, Bedford, MA
6. Brostoff, S. & Sasse, M. A. (2000): Are Passfaces more usable than passwords? A field trial investigation. In S. McDonald, Y. Waern & G. Cockton [Eds.]: People and Computers XIV - Usability Or Else! Proceedings of HCI 2000 (September 5th - 8th, Sunderland, UK), pp. 405-424, Springer
7. Bunnell, J., Podd, J., Henderson, R., Napier, R., & Kennedy-Moffat, J. (1997). Cognitive, associative and conventional passwords: Recall and guessing rates. Computers and Security, 16(7), 629-641.
8. Clark, D. & Wilson, D. (1987) A Comparison of Commercial and Military Computer Security Policies. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA.
9. Dobson, J. (1993) new security paradigms: what other concepts do we need as well? Proceedings of the 1993 workshop on new security paradigms. August 225, 1993, Little Compton, RI. http://www.acm.org/pubs/contents/proceedings/commsec/283751/
10. FIPS (1985) Password Usage. Federal Information Processing Standards Publication. May 30.
11. Haskett, J. A. (1984). Pass-algorithms: a user validation scheme based on than knowledge of secret algorithms. Communications of the ACM, 27(8), 777-781.
12. Hudson, P.T.W. (1988) Personal communication, In Reason, J. (1990) Human Error. Cambridge University Press. Cambridge, UK
13. Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D. (1999) The Design and Analysis of Graphical Passwords. Proceedings of the 8th USENIX Security Symposium, August 23-26, 1999, Washington, D.C., USA
14. LaPadula, J., (1993) Prospect on security paradigms. Proceedings of the 1993 workshop on new security paradigms. August 25, 1993, Little Compton, RI. http://www.acm.org/pubs/contents/proceedings/commsec/283751/
15. Lemos, R (2000) Laptop thieves usually not after data. http://www.zdnet.com/zdnn/stories/news/0,4586,2629471,00.html
16. Lipson, D. A. and Fisher, H. F. (1999) Survivability-a new technical and business perspective on security. New security paradigms workshop. Proceedings of the 1999 workshop on new security paradigms, September 22 to 24, 1999, Caledonian hills Canada
17. Murrer, E. (1999). Fingerprint Authentication. Secure Computing (March) 26-30
18. Menkus, B. (1988). Understanding the use of passwords. Computers and Security, 7(2), 132-136.
19. Poulsen, K. (2000): Mitnick to lawmakers: People, phones and weakest links. http://www.politechbot.com/p-00969.html
20. Reason, J. (1990) Human Error. Cambridge University Press. Cambridge, UK
21. Sasse, M. A., Brostoff, S. & Weirich, D. (2001), Transforming the 'weakest link': a human-computer interaction approach to usable and effective security. BT Technical Journal, 19 (3), 122-131. (Also at http://www.bt.com/bttj/)
22. Schneier, B. (2000), Secrets and Lies, John Wiley & Sons, 2000.
23. Spector, Y., & Ginzberg, J. (1994). Pass sentence - a new approach to computer code. Computers and Security, 13(2), 145-160.
24. Whitten, A. & Tygar, J.D. (1999) Why Johnny can't encrypt: A usability evaluation of PGP 5.0, Proceedings of the 8th USENIX Security Symposium, August 1999, Washington.