In the eye of the beholder: A visualization-based approach to information system security

International Journal of Human Computer Studies

Volumn 63, Issue 1-2, 2005, Pages 5-24

  De Paula, Rogério ^a   Ding, Xianghua ^a   Dourish, Paul ^a   Nies, Kari ^a   Pillet, Ben ^a   Redmiles, David F ^a   Ren, Jie ^a   Rode, Jennifer A ^a   Silva Filho, Roberto ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Event based system; Impromptu; Information practices; Privacy; Security; Swirl project; Usability; Visualization; YANCEES

Indexed keywords

ALGORITHMS; COMPUTATIONAL METHODS; COMPUTER SYSTEMS; DATA PRIVACY; MANAGEMENT INFORMATION SYSTEMS; MANAGERS; VISUALIZATION;

EVENT BASED SYSTEMS; IMPROMPTU; INFORMATION PRACTICES; PRIVACY; SECURITY; SWIRL PROJECT; USABILITY; YANCEES;

SECURITY SYSTEMS;

EID: 19944365607     PISSN: 10715819     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijhcs.2005.04.021     Document Type: Article

References (53)

1. M.S. Ackerman, and L. Cranor Privacy Critics: UI Components to Safeguard Users' Privacy. CHI '99 Extended Abstracts on Human Factors in Computing Systems 1999 ACM Press Pittsburgh, PA pp. 258-259
2. M.S. Ackerman, L.F. Cranor, and J. Reagle Privacy in e-commerce: examining user scenarios and privacy preferences. Proceedings of the First ACM Conference on Electronic Commerce 1999 ACM Press Denver, CO pp. 1-8
3. A. Adams, and M.A. Sasse Users are not the enemy: why users compromise security mechanisms and how to take remedial measures Communications of the ACM 42 12 1999 40 46
4. A. Adams, M.A. Sasse, and P. Lunt Making passwords secure and usable. Proceedings of HCI on People and Computers XII 1997 Springer Berlin pp. 1-19
5. S. Ames, M. Gasser, and R. Schell Security Kernel Design and Implementation: An Introduction 1983 IEEE Computer Silver Spring, MD pp. 14-22
6. R. Anderson Why cryptosystems fail. Proceedings of the First ACM Conference on COMPUTER and Communications Security 1993 ACM Press Fairfax, VA pp. 215-227
7. V. Bellotti, and A. Sellen Design for privacy in ubiquitous environments G. de Michelis C. Simone K. Schmidt Proceedings of the Third European Conference on Computer-Supported Cooperative Work ECSCW'93 1993 Kluwer Milan, Italy 77 92
8. M. Bernaschi, E. Gabrielli, and L.V. Mancini Operating system enhancements to prevent the misuse of system calls. Proceedings of the Seventh ACM Conference on Computer and Communications Security 2000 ACM Press Athens, Greece pp. 174-183
9. M.S. Blumenthal, and D.D. Clark Rethinking the design of the Internet: the end-to-end arguments vs. the brave new world ACM Transactions on Internet Technology 1 1 2001 70 109
10. S. Brostoff, and M.A. Sasse Are passfaces more usable than passwords? A field trial investigation S. McDonald Y. Waern G. Cockton People and Computers XIV - Usability or Else! Proceedings of HCI 2000 2000 Springer Berlin 405 424
11. A. Carzaniga, D.S. Rosenblum, and A.L. Wolf Design and evaluation of a wide-area event notification service ACM Transactions Computer Systems 19 3 2001 332 383
12. de Paula, R., Ding, X., Dourish, P., Nies, K., Pillet, B., Redmiles, D.F., Ren, J., Rode, J.A., Silva Filho, R., 2005. Two Experiences Designing for Effective Security. Symposium on Usable Privacy and Security SOUPS 2005, Pittsburgh, PA.
13. D.E. Denning An intrusion-detection model IEEE Transactions on Software Engineering 13 2 1987 222 232
14. P. Dewan, and H. Shen Flexible meta access-control for collaborative applications. Proceedings of the 1998 ACM Conference on Computer Supported Cooperative Work 1998 ACM Press Seattle, WA, USA pp. 247-256
15. Dhamija, R., Perrig, A., 2000. Deja Vu: A user study. using images for authentication. Proceedings of the Ninth USENIX Security Symposium, Denver, CO.
16. P. Dourish Culture and control in a media space. Proceedings of the European Conference on Computer-Supported Cooperative Work ECSCW'93 1993 Kluwer Dordrecht pp. 125-137
17. Dourish, P., Anderson, K., 2005. Privacy, security...and risk and danger and secrecy and trust and identity and morality and power: understanding collective information practices. Technical Report UCI-ISR-05-1, Institute for Software Research, Irvine, CA.
18. P. Dourish, and D. Redmiles An approach to usable security based on event monitoring and visualization. Proceedings of the 2002 Workshop on New Security Paradigms 2002 ACM Press Virginia Beach, VA pp. 75-81
19. P. Dourish, D.C. Swinehart, and M. Theimer The doctor is in: helping end users understand the health of distributed systems A. Ambler S.B. Calo G. Kar Proceedings of the 11th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Services Management in Intelligent Networks 2000 Springer Berlin 157 168
20. P. Dourish, E. Grinter, J.D. de la Flor, and M. Joseph Security in the wild: user strategies for managing security as an everyday, practical problem Personal Ubiquitous Computing 8 6 2004 391 401
21. R.A. Finkel Pulsar: an extensible tool for monitoring large Unix sites Software-Practice & Experience 27 10 1997 1163 1176
22. Goland, Y., Whitehead, E., Faizi, A., Carter, S., Jensen, D., 1999. HTTP extensions for distributed authoring - WEBDAV. Internet Engineering Task Force, Internet Proposed Standard Request for Comments 2518, February.
23. N.S. Good, and A. Krekelberg Usability and privacy: a study of Kazaa P2P file-sharing. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems 2003 ACM Press Ft. Lauderdale, FL, USA pp. 137-144
24. S. Greenberg, and D. Marwood Real time groupware as a distributed system: concurrency control and its effect on the interface. Proceedings of the 1994 ACM Conference on Computer Supported Cooperative Work 1994 ACM Press Chapel Hill, NC, USA pp. 207-217
25. R.R. Henning Security service level agreements: quantifiable security for the enterprise? Proceedings of the 1999 Workshop on New Security Paradigms 2000 ACM Press Caledon Hills, Ont., Canada pp. 54-60
26. C. Irvine, and T. Levin Toward a taxonomy and costing method for security services. Proceedings of the 15th Annual Computer Security Applications Conference 1999 IEEE Computer Society Silver Spring, MD p. 183
27. C. Irvine, and T. Levin Quality of security service. Proceedings of the 2000 Workshop on New Security Paradigms 2000 ACM Press Ballycotton, County Cork, Ireland pp. 91-99
28. D. Kahn The Codebreakers, The Story of Secret Writing 1967 Macmillan New York, NY
29. Kantor, M., Redmiles, D., 2001. Creating an infrastructure for ubiquitous awareness. Eighth IFIP TC 13 Conference on Human-Computer Interaction INTERACT 2001, Tokyo, Japan, pp. 431-438.
30. J. Kelsey, B. Schneier, D. Wagner, and C. Hall Cryptanalytic attacks on pseudorandom number generators. Proceedings of the Fifth International Workshop on Fast Software Encryption 1998 Springer Berlin pp. 168-188
31. R. Kemmerer, C. Meadows, and J. Millen Three systems for cryptographic protocol analysis Journal of Cryptology 7 2 1994 79 130
32. B. Latour Where are the missing masses? the sociology of a few mundane artifacts W.E. Bijker J. Law Shaping Technology/Building Society 1992 MIT Press Cambridge, MA
33. T.F. Lunt, and R. Jagannathan A prototype real-time intrusion-detection export system. Proceedings of the IEEE Symposium on Security and Privacy 1988 IEEE New York pp. 59-66
34. T. Munzner, E. Hoffman, K. Claffy, and B. Fenner Visualizing the global topology of the MBone. Proceedings of the 1996 IEEE Symposium on Information Visualization (INFOVIS '96) 1996 IEEE Computer Society Silver Spring, MD p. 85
35. L. Palen, and P. Dourish Unpacking "privacy" for a networked world. Proceedings of the SIGCHI conference on Human factors in computing systems 2003 ACM Press Ft. Lauderdale, FL, USA pp. 129-136
36. J.H. Saltzer, and M.D. Schroeder The protection of information in computer systems Proceedings of the IEEE 63 9 1975 1278 1308
37. J.H. Saltzer, D.P. Reed, and D.D. Clark End-to-end arguments in system design ACM Transactions on Computer Systems 2 4 1984 277 288
38. B. Schneier Secrets & Lies: Digital Security in a Networked World 2000 Wiley New York p. 304
39. B. Schneier, and Mudge Cryptanalysis of Microsoft's point-to-point tunneling protocol (PPTP). Proceedings of the Fifth ACM Conference on Computer and Communications Security 1998 ACM Press San Francisco, CA, USA pp. 132-141
40. Segall, B., Arnold, D., 1997. Elvin has left the building: a publish/subscribe notification service with quenching. Proceedings of the AUUG'97, Brisbane, Australia.
41. Shankar, U., Talwar, K., Foster, J.S., Wagner, D., 2002. Detecting format string vulnerabilities with type qualifiers. Proceedings of the 10th USENIX Security Symposium (USENIX'02), Washington, DC, pp. 201-220.
42. H. Shen, and P. Dewan Access control for collaborative environments. Proceedings of the 1992 ACM Conference on Computer-Supported Cooperative Work 1992 ACM Press Toronto, Ont., Canada pp. 51-58
43. Silva Filho, R., de Souza, C.R.B., Redmiles, D., 2003. The design of a configurable extensible and dynamic notification service. Proceedings of the Second International Workshop on Distributed Event-Based Systems (DEBS'03).
44. S. Spiekermann, J. Grossklags, and B. Berendt E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior. Proceedings of the Third ACM Conference on Electronic Commerce 2001 ACM Press Tampa, FL, USA pp. 38-47
45. E. Spyropoulou, T. Levin, and C. Irvine Calculating costs for quality of security service. Proceedings of the 16th Annual Computer Security Applications Conference 2000 IEEE Computer Society Silver Spring, MD p. 334
46. D.G. Tatar, G. Foster, and D.G. Bobrow Design for conversation: lessons from Cognoter International Journal of Man-Machine Studies 34 2 1991 185 209
47. D. Thomsen, and M. Denz Incremental assurance for multilevel applications. Proceedings of the 13th Annual Computer Security Applications Conference 1997 IEEE Computer Society Silver Spring. MD p. 81
48. A. Voida, R. Grinter, N. Ducheneaut, K. Edwards, and M. Newman Listening in: practices surrounding iTunes music sharing G. van der Veer C. Gale Proceedings of the ACM Conference on Human Factors in Computing Systems CHI 2005 2005 ACM Portland, OR
49. Wagner, D., Foster, J.S., Brewer, E.A., Aiken, A., 2000. A first step towards automated detection of buffer overrun vulnerabilities. Network and Distributed Systems Security Symposium.
50. D. Weirich, and M.A. Sasse Pretty good persuasion: a first step towards effective password security in the real world. Proceedings of the 2001 Workshop on New Security Paradigms 2001 ACM Press Cloudcroft, New Mexico pp. 137-143
51. A.F. Westin Privacy and Freedom 1967 Atheneum New York, NY
52. Whitten, A., Tygar, J.D., 1999. Why Johnny can't encrypt: a usability evaluation of PGP 5.0. Proceedings of the Ninth USENIX Security Symposium.
53. M.E. Zurko, and R.T. Simon User-centered security. Proceedings of the 1996 Workshop on New Security Paradigms 1996 ACM Press Lake Arrowhead, CA, USA pp. 27-33