Security automation considered harmful?

Proceedings New Security Paradigms Workshop

Volumn , Issue , 2007, Pages 33-42

  Edwards, W Keith ^a   Poole, Erika Shehan ^a   Stoll, Jennifer ^a  

^a Georgia Institute of Technology   (United States)

Author keywords

Automation; Design guidelines; Security policy; Usable security

Indexed keywords

AUTOMATED APPROACH; AUTOMATION DESIGN; DESIGN GUIDELINES; END USERS; INFORMATION SECURITY; INHERENT LIMITATIONS; REMOTE SERVICES; RESEARCH DIRECTIONS; SECURITY POLICY; SECURITY SOLUTIONS; SOCIAL FACTOR; USABLE SECURITY;

AUTOMATION; SECURITY SYSTEMS;

NETWORK SECURITY;

EID: 70450242707     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1600176.1600182     Document Type: Conference Paper

References (53)

1. Ackerman, M. 2000. The Intellectual Challenge of CSCW: The Gap Between Social Requirements and Technical Feasibility. Human-Computer Interaction Journal, vol. 15, pp. 179-203.
2. th ACM Conference on Computer and Communications Security, November 1-4, 1999. Singapore, pp. 1-7.
3. Bainbridge, L. 1987 Ironies of automation. In New Technology and Human Error (ed. J. Rasmussen, K. Duncan, & J. Leplat). New York: Wiley.
4. Bellotti, V., and Edwards, W.K., "Intelligibility and Accountability: Human Considerations in Context Aware Systems," Journal of Human-Computer Interaction, 16:2-4, 2001. Thomas Moran, ed., Lawrence Erlbaum Associates, NJ. pp. 193-212.
5. Benkler, Y. Wealth of Nations. Yale University Press, 2006, pp. 133-175.
6. Berinato, S. How to Save the Internet, March 15, 2005, CIO Magazine.
7. Bishop, M., "Psychological Acceptability Revisited". In L. Cranor & S. Garfinkel (Eds.), Security and Usability: Designing Secure Systems That People Can Use, O'Reilly & Associates, 2005.
8. Blaze, M., Feigenbaum, J., and Lacy, J. "Decentralized Trust Management." In Proceedings of the IEEE Symposium on Security and Privacy. Oakland, CA. May, 1996. pp. 164-173.
9. Brodie, C. A., Karat, C., and Karat, J. An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench. In Proceedings of the Second Symposium on Usable Privacy and Security, PA, 2006.
10. Chalmers, M. Dieberger, A., Höök, K., Rudström, A. "Social Navigation and Seamful Design." Cognitive Studies: Bulletin of the Japanese Cognitive Science Society 11(3), pp. 171-181, 2004.
11. Consul: http://www.consul.com/Content.asp?id=58
12. Denning, D.E., and Branstad, D.K. "A Taxonomy for Key Escrow Encryption Systems," Communications of the ACM, 39:3, March 1996.
13. DiGioia, P., Dourish P. Social Navigation as a Model for Usable Security. Proceedings of the Symposium On Usable Privacy and Security (SOUPS), Pittsburgh, PA, 2005.
14. Dourish, P. and Bellotti, V. 1992. Awareness and Coordination in Shared Workspaces. Proceedings of the Conference on Computer-Supported Cooperative Work (CSCW'92). Toronto, Ontario. pp. 107-114. New York: ACM.
15. Dourish, P. and Button, G. On "Technomethodology": Foundational Relationships between Ethno-methodology and System Design. Human-Computer Interaction, 13(4), 1998, pp. 395-432
16. Dourish, P. Grinter, R.E., Delgado de la Flor, J., and Joseph, M. "Security in the Wild: User Strategies for Managing Security as an Everyday, Practical Problem." Personal and Ubiquitous Computing 8, pp. 391-401. Springer Verlag, 2004.
17. Edwards, W. K. "Policies and Roles in Collaborative Applications." Proceedings of the Conference on Computer-Supported Cooperative Work (CSCW), Boston, MA, 1996.
18. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R. and Chandramouli, R. "Proposed NIST Standard for Role-Based Access Control," ACM Transactions on Information and System Security, vol. 4, no. 3, pp. 222-274, August 2001.
19. Fisher, K. "Internet about to collapse says Finnish scientist". ars technica, Oct. 18, 2004. Also: www.arstechnica.com/news.ars/post/ 20041018-4318.html
20. Ford, R. and Allen, W. H. 2007. How Not to Be Seen. IEEE Security and Privacy 5, 1 (Jan. 2007), 67-69.
21. Friedman, B., Kahn, P. H., Jr., & Borning, A. (2006). Value Sensitive Design and information systems. In P. Zhang & D. Galletta (eds.), Human-computer interaction in management information systems: Foundations (pp. 348-372). Armonk, New York; London, England: M.E. Sharpe.
22. Friedman, B., and Kahn, P.H. Human Values, Ethics, and Design. The Human-Computer Interaction Handbook: Fundamentals, Evolving Technologies, and Emerging Applications. Lawrence Erlbaum Associates, Mahwah, NJ. pp. 1177-1201.
23. Garigue, R. Between Chaos and Order: Managing the Risk in Organizations, BMO Financial Group, https://www.expotiperformance.com/Sites/expoIT/Multimedias/ garigue.pdf
24. Gaw, S., Felten, E. W., Fernandez-Kelly, P. Secrecy, Flagging, and Paranoia: Adoption Criteria in Encrypted EMail. Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI), 2006.
25. Goecks, J., Mynatt, B. Social Approaches to End-User Privacy Management. In L. Cranor & S. Garfinkel (Eds.), Security and Usability: Designing Secure Systems That People Can Use, O'Reilly & Assoc 2005.
26. IBM: http://www.iss.net/products/Proventia-Management-SiteProtector/ product-main-page.html
27. Isbell, C., Pierce, J. Using an IP Continuum for Adaptive Interface Design. Proceedings of the 11th International Conference on Human-Computer Interaction, 2005.
28. Kanawati, R., and Riveill, M. "Access Control Model for Groupware Applications." In Proceedings of Human-Computer Interaction. Huddersfield University, UK. August, 1995. pp. 66-71.
29. Marimba: www.bmc.com/products/attachments/ MarimbaClientManagementSecurity.pdf
30. NetworkWorld. Executive Guide: Security Evolves. (2004). Also at: www.enterasys.com/corporate/pr/2006/060123-networkworld.pdf
31. Neuwirth, C., Kaufer, D.S., Chandhok, R., and Morris, J. 1990. "Issues in the desigin of computer support for co-authoring and commenting," in Proceedings of the ACM Conference on Computer Supported Cooperative Work (CSCW). CA, pp. 183-195
32. Nielsen, Jakob. User Education is not the Answer to Security Problems. http://www.useit.com/alertbox/20041025.html (2004).
33. Norman, D. A. The Design of Everyday Things. Basic Books, NY, 2002.
34. Norman, D. A. (1990). The "problem" of automation: Inappropriate feedback and interaction, not "over-automation". In D. E. Broadbent, A. Baddeley & J. T. Reason (Eds.), Human factors in hazardous situations (pp. 585-593). Oxford: Oxford University Press.
35. Palen and Dourish "Unpacking Privacy for a Networked World", Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI), Ft. Lauderdale, FL, 2003.
36. Patrick, A.S., Briggs, P. & Marsh, S. Designing systems that people will trust. In L. Cranor & S. Garfinkel (Eds.), Security and Usability: Designing Secure Systems That People Can Use, O'Reilly & Associates, 2005.
37. Rainie, Lee. The CAN-SPAM Act Has Not Helped Most Users So Far. Pew Internet Life Foundation Report, 2004.
38. Sasse, M. A., Has Johnny Learnt to Encrypt by Now? Examining the Troubled Relationship Between a Security Solution and Its Users. 5th Annual PKI R&D Workshop (2006). middleware. Internet2.edu/pki06/proceedings/ sassejohnny-usability.ppt
39. Sasse, M. A., Brostoff, S., Weirich, D. Transforming the 'weakest link' - a human/computer interaction approach to usable and effective security. BT Technol J Vol. 19 No. 3, July 2001.
40. Sasse, M.A., Flechais, I., Usable Security: Why do we need it? How do we get it? In L. Cranor & S. Garfinkel (Eds.), Security and Usability: Designing Secure Systems That People Can Use, O'Reilly & Assoc 2005.
41. Schneier B: Secrets and Lies, John Wiley and Sons, 2000.
42. Schuler, D., Namioka, A., Participatory Design: Principles and Practices, Lawrence Erlbaum Associates, Inc., Mahwah, NJ, 1993
43. Sehami, M., Dumais, S., Heckerman, D., Horvitz, E. "A Bayesian Approach to Filtering Junk Email." AAAI Workshop on Learning for Text Categorization, 1998.
44. Smetters, D., Grinter, R. Moving from the Design of Usable Security Technologies to the Design of Useful Secure Applications. Proceedings of the New Security Paradigms Workshop (NSPW), 2002.
45. Spiekermann, S., Pallas, F., "Technology Paternalism-Wider Implications of Ubiquitous Computing." Poiesis & Praxis: International Journal of Ethics of Science and Technology Assessment, Vol. 4, 2005
46. Star, S.L., The Ethnography of Infrastructure. American Behavioral Scientist 43:3, pp. 377-391, 1999.
47. th USENIX Security Symposium (1999).
48. Winner, L. "Do Artifacts Have Politics?" The Whale and the Reactor: A Search for Limits in an Age of High Technology. Chicago: The University of Chicago Press, 1986. pp. 19-39.
49. th International Conference on Data Engineering (ICDE). Birmingham, UK, April 1997. IEEE Computer Society, pp. 402-411.
50. Woo, T., and Lam, S. "Designing a Distributed Authorization Service." In IEEE Computer and Communications Societies (INFOCOM), CA. 1998.
51. Wu, M., Huang, Y., Wang, Y., and Kuo, S. 2006. A Stateful Approach to Spyware Detection and Removal. In Proceedings of the 12th Pacific Rim international Symposium on Dependable Computing (December 18-20, 2006). PRDC. IEEE Computer Society, Washington, DC, 173-182.
52. Yee, K. Guidelines and Strategies for Secure Interaction Design. In L. Cranor & S. Garfinkel (Eds.), Security and Usability: Designing Secure Systems That People Can Use, O'Reilly & Associates, 2005.
53. Zurko, M. User-Centered Security: Stepping Up to the Grand Challenge. 21st Annual Computer Society Security Applications Conference, 2005.