User-centered security: Stepping up to the grand challenge

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn 2005, Issue , 2005, Pages 189-202

  Zurko, Mary Ellen ^a  

^a IBM   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EXPERT SYSTEMS; HUMAN COMPUTER INTERACTION; LIFE CYCLE; PRODUCT DEVELOPMENT; SOFTWARE ENGINEERING;

EXPERT EVALUATION; INTEGRATED SECURITY; STAGING; TRANSPARENT SECURITY;

SECURITY OF DATA;

EID: 33846277633     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2005.60     Document Type: Conference Paper

References (63)

1. Anne Adams and Martina Angela Sasse, "Users Are Not The Enemy", Communications of the AM, vol. 42, issue 12, December 1999, pp 40-46.
2. J. P. Anderson, Computer Security Technology Planning Study, ESD-TR-73-51, Bedford, MA, USAF Electronics Systems Division, October 1972.
3. Dirk Balfanz, Glenn Durfee, and D. K. Smetters, "Making the Impossible Easy: Usable PKI", Security and Usability: Designing Secure Systems that People Can Use, Lorrie Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.
4. H. Beyer and K. Holtzblatt, Contextual Design: Defining Customer Centered Systems, Morgan Kaufmann Publishers, 1998.
5. Jordy Berson, "ZoneAlarm: Creating Usable Security Products for Consumers", Security and Usability: Designing Secure Systems that People Can Use, Lorrie Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.
6. Bob Blakley, Ellen McDermott, and Dan Geer, "Information Security is Information Risk Management", New Security Paradigms Workshop, ACM Press, Cloudcroft, New Mexico, 2001, pp. 97-104.
7. Benjamin Brunk, "A User-Centric Privacy Space Framework", Security and Usability: Designing Secure Systems that People Can Use, Lome Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.
8. Bill Cheswick, "My Dad's Computer, Microsoft, and the Future of Internet Security", http://cups.cs.cmu.edu/soups/2005/program.html#ches
9. Common Criteria for Information Technology Security Evaluation, version 2.2, January 2004, http://www.commoncriteriaportal.org/public/expert/index.php? menu=2
10. CRA Confernence on Grand Research Challenges in Information Security & Assurance, http://www.cra.org/Activities/grand.challenges/security/home. html
11. Lorrie Faith Cranor, Privacy Policies and Privacy Preferences, Security and Usability: Designing Secure Systems that People Can Use, Lome Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.
12. Rogerio de Paula, Xianghua Ding, Paul Dourish, Kari Nies, Ben Pillet, David Redmiles, Jie Ren, Jennifer Rode, Roberta Silva Filho, Two Experiences Designing for Effective Security, Proceedings of the 2005 Symposium On Usable Privacy and Security, Pittsburgh, Pennsylvania, pp. 25-34.
13. Paul DiGioia, Paul Dourish, "Social Navigation as a Model for Usable Security", Proceedings of the 2005 Symposium On Usable Privacy and Security, Pittsburgh, Pennsylvania, pp. 101-108.
14. Paul Dourish and David Redmiles, "An Approach to Usable Security Based on Event Monitoring and Visualization", Proceedings of the 2002 workshop on New Security Paradigms, Virginia Beach, Virginia, pp. 75-81.
15. Scott Flinn and Steve Stoyles, "Omnivore: Risk Management Through Bidirectional Transparency", Proceedings of the 2004 Workshop on New Security Paradigms, pp 97-105.
16. Simson L. Garfinkel and Robert C. Miller, "Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express", Proceedings of the 2005 Symposium On Usable Privacy and Security, Pittsburgh, Pennsylvania, pp. 13-24.
17. Morrie Gasser, Building a Secure Computer System, Van Nostrand Reinhold, New York, NY, USA, 1988.
18. Virgil D. Gligor, Shyh-Wei Luan, and Joseph N. Pato, On Inter-Realm Authentication in Large Distributed Systems, Proceedings of the 1992 IEEE Symposium on Security and Privacy, page 2.
19. Jeremy Goecks and Elizabeth D. Mynatt, Social Approaches to End-User Privacy Management, Security and Usability: Designing Secure Systems that People Can Use, Lorrie Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.
20. Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, and Joseph Konstan, "Stopping Spyware at the Gate: a User Study of Privacy, Notice and Spyware", Proceedings of the 2005 Symposium On Usable Privacy and Security, Pittsburgh, Pennsylvania, pp 43-52.
21. [21 ] Steven J. Greenwald, personal communication.
22. Steven J. Greenwald and Richard E. Newman, The Distributed Compartment Model for Resource Management and Access Control, University of Florida Computer and Information Sciences Department technical report, October 1994.
23. O. Gruber, B. J. Hargrave, J. McAffer, P. Rapicault, and T. Watson, "The Eclipse 3.0 platform: Adopting OSGi technology", IBM Systems Journal, v. 44, # 2, page 289, 2005.
24. Clare-Marie Karat, Iterative Usability Testing of a Security Application Computer Systems: Approaches to User Interface Design, Proceedings of the Human Factors Society 33rd Annual Meeting, 1989, v. 1, pp. 273-277.
25. HCISec Bibliography, http://www.gaudior.net/alma/biblio.html.
26. Security and Usability: Designing Secure Systems that People Can Use, Lorrie Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.
27. hcisec - Computer Security and Usability, http://groups.yahoo.com/group/ hcisec/.
28. Giovanni Iachello, Ian Smith, Sunny Consolvo, Mike Chen, and Gregory D. Abowd, "Developing Privacy Guidelines for Social Location Disclosure Applications and Services", Proceedings of the 2005 Symposium On Usable Privacy and Security, Pittsburgh, Pennsylvania, pp. 65-76.
29. Information technology - Security techniques - Code of practice for information security management, http://www.iso.org/iso/en/CatalogueDetailPage. CatalogueDetail?CSNUMBER=39612&ICSl=35&ICS2=40&ICS3=
30. Nancy Leveson and Clark S. Turner, "An Investigation of the Therac-25 Accidents", IEEE Computer, Vol. 26, No. 7, July 1993, pp. 18-41.
31. th Annual Computer Security Applications Conference, Tucson, Arizona, December 2004.
32. Lock Box and Easy Savings Bank with Key Combination, http://www. babyscholars.com/loboxwikeyan.html
33. John McHugh, "Intrusion and Intrusion Detection", IJIS, 2001, v. 1, pp 14-35.
34. Robert Miller, Simson Garfinkel, Filippo Menczer, Robert Kraut, "When User Studies Attack: Evaluating Security By Intentionally Attacking Users", 2005 Symposium On Usable Privacy and Security, Pittsburgh, Pennsylvania.
35. Fabian Monrose and Michael K. Reiter, Graphical Passwords, Security and Usability: Designing Secure Systems that People Can Use, Lome Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.
36. Hilarie Orman and Richard Schroeppel, "Positive Feedback and the Madness of Crowds", Proceedings of the 1996 Workshop on New Security Paradigms, Lake Arrowhead, California, United Stages, pp. 134-138.
37. Susan Pancho, "Paradigm Shifts in Protocol Analysis", Proceedings of the 1999 Workshop on New Security Paradigms, pp 70-79.
38. Andrew S. Patrick, Pamela Briggs, and Stephen Marsh, "Designing Systems That People Will Trust", Security and Usability: Designing Secure Systems that People Can Use, Lorrie Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.
39. Dean Povey, "Optimistic Security: A New Access Control Paradigm", Proceedings of the 1999 Workshop on New Security Paradigms, Caledon Hills, Ontario, Canada, pp. 40-45.
40. J. Reason, Human Error, Cambridge, UK; Cambridge University Press, 1990.
41. Karen Renaud, "Evaluating Authentication Mechanisms", Security and Usability: Designing Secure Systems that People Can Use, Lorrie Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.
42. Blake Ross, "Firefox and the Worry-free Web", Security and Usability: Designing Secure Systems that People Can Use, Lorrie Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.
43. Anne Saita, "Password protection no match for Easter egg lovers", http://searchsecurity.techtarget.com/originalContent/0,289142, sid14_gci960468,00.html
44. Jerome H. Saltzer and Michael D. Schroeder, "The Protection of Information in Computer Systems", Fourth ACM Symposium on Operating System Principles, October 1973.
45. M. Angela Sasse and Ivan Flechais, "Usable Security ", Security and Usability: Designing Secure Systems that People Can Use, Lorrie Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.
46. Ben Schneiderman, "Designing the User Interface", Addison-Wesley Publishing Company, 1997.
47. Bruce Schneier, Crypto-Gram Newsletter, October 15, 2000, http://www.schneier.com/crypto-gram-0010.html.
48. Symposium On Usable Privacy and Security, http://cups.cs.cmu.edu/soups/
49. Jared M. Spool, Tara Scanlon, and Carolyn Snyder, "Product Usability: Survival Techniques", CHI Extended Abstracts 1997, pp 154-155.
50. Bruce Tognazzini, "Design for Usability", Security and Usability: Designing Secure Systems that People Can Use, Lorrie Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.
51. Win Trees, Peter Neumann, Mary Ellen Zurko, and Mark Ackerman, "Security and the User", Proceedings of the 1999 Network and Distributed System Security Symposium.
52. th USENIX Security Symposium", August 1999.
53. Alma Whitten and J. D. Tygar, "Safe Security Staging", CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida.
54. Dirk Weirich and Martina Angela Sasse, "Pretty Good Persuasion: A First Step Towards Effective Password Security in the Real World", Proceedings of the 2001 Workshop on New Security Paradigms, Cloudcroft, New Mexico, pp. 137-143.
55. Simon R. Wiseman, "Security Properties of the SWORD Secure DBMS design", Database Security, VII: Status and Prospects, Proceedings of the IFIP WG11.3 Working Conference on Database Security, Lake Guntersville, Alabama, USA, September 1993, pp 181-196.
56. th International World Wide Web Conference, ACM Press, Japan, 2005, pp. 489-498.
57. Jeff Yan, Alan Blackwell, Ross Anderson, and Alasdair Grant, "The Memorability and Security of Passwords", Security and Usability: Designing Secure Systems that People Can Use, Lorrie Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.
58. Ka-Ping Yee, "Aligning Security and Usability", IEEE Security and Privacy, vol. 02, no. 5, pp. 48-55, September - October 2004.
59. Mary Ellen Zurko and Richard T. Simon, "User-Centered Security", Proceedings of the 1996 Workshop on New Security Paradigms, Lake Arrowhead, California, United States, pp. 27-33.
60. Mary Ellen Zurko, Rich Simon, and Tom Sanfilippo, "A User-Centered, Modular Authorization Service Built on an RBA Foundation", IEEE Symposium on Security and Privacy, 1999, pp. 57-71.
61. th USENIX Security Symposium", Washington, DC, August 1999, pp. 185-200.
62. th Annual Computer Security Applications Conference, Las Vegas, Nevada, December 2002.
63. Mary Ellen Zurko, "IBM Lotus Notes/Domino: Embedding Seurity in Collaborative Applications", Security and Usability: Designing Secure Systems that People Can Use, Lorrie Faith Cranor and Simson Garfinkle, ed., O'Reilly, August 2005.