Security and usability: Analysis and evaluation

ARES 2010 - 5th International Conference on Availability, Reliability, and Security

Volumn , Issue , 2010, Pages 275-282

  Kainda, Ronald ^a   Flechais, Ivan ^a   Roscoe, A W ^a  

^a UNIVERSITY OF OXFORD   (United Kingdom)

Author keywords

Evaluation; HCISec; Security; Threat model; Usability

Indexed keywords

ANALYSIS AND EVALUATION; EASE OF USE; EVALUATION; HCI METHODS; POTENTIAL THREATS; SECURE SYSTEM; SECURITY THREATS;

COMPUTER CRIME; USABILITY ENGINEERING;

HUMAN COMPUTER INTERACTION;

EID: 77952351869     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2010.77     Document Type: Conference Paper

References (35)

1. K.-P. Yee, "Aligning Security and Usability," IEEE Security & Privacy, vol. 2, no. 5, pp. 48-55, 2004.
2. I. Flechais, "Designing secure and usable system," Ph.D. dissertation, University of London, 2005.
3. D. Balfanz, G. Durfee, D. Smetters, and R. Grinter, "In search of usable security: five lessons from the field," IEEE Security & Privacy, vol. 2, no. 5, pp. 19-24, 2004.
4. R. Anderson, "Why cryptosystems fail," CCS '93: Proceedings of the 1st ACM conference on Computer and communications security, pp. 215-227, 1993.
5. A. Whitten and J. Tygar, "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0," in Proceedings of the 8th USENIX Security Symposium, August 1999, Washington, 1999, pp. 169-183.
6. A. Adams and M. A. Sasse, "Users are not the enemy," Commun. ACM, vol. 42, no. 12, pp. 40-46, 1999.
7. A. Brostoff, "Improving password system effectiveness," Ph.D. dissertation, University of London, 2004. [Online]. Available: http://hornbeam.cs.ucl.ac.uk/hcs/publications/Brostoff- Improving%20Password%20System%20Effectiveness-Thesis%20final.pdf
8. S. Brostoff and M. A. Sasse, "Are Passfaces More Usable Than Passwords? A Field Trial Investigation," in Proceedings of HCI 2000, 2000. [Online]. Available: http://www.cs.ucl.ac.uk/staff/S.Brostoff/index\-files/ brostoff\-sasse\-hci2000.pdf
9. C. Kuo, S. Romanosky, and L. F. Cranor, "Human selection of mnemonic phrase-based passwords," in SOUPS '06: Proceedings of the second symposium on Usable privacy and security. New York, NY, USA: ACM, 2006, pp. 67-78.
10. S. Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon, "Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice," in SOUPS '05: Proceedings of the 2005 symposium on Usable privacy and security. New York, NY, USA: ACM, 2005, pp. 1-12.
11. S. L. Garfinkel and R. C. Miller, "Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express," in SOUPS '05: Proceedings of the 2005 symposium on Usable privacy and security. New York, NY, USA: ACM, 2005, pp. 13-24.
12. L. Cranor and S. Garfinkel, Security and Usability. O'Reilly Media, Inc., 2005.
13. U. Jendricke, U. Jendricke, and D. Gerd tom Markotten, "Usability meets security - the identity-manager as your personal security assistant for the internet," in Proc. 16th Annual Conference Computer Security Applications ACSAC '00, D. Gerd tom Markotten, Ed., 2000, pp. 344-353.
14. R. Kainda, I. Flechais, and A. Roscoe, "Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols," in SOUPS '09: Proceedings of the 5th symposium on Usable privacy and security, 2009.
15. A. Kobsa, R. Sonawalla, G. Tsudik, E. Uzun, and Y. Wang, "Serial Hook-ups: A Comparative Usability Study of Secure Device Pairing Methods," in SOUPS '09: Proceedings of the 5th symposium on Usable privacy and security, 2009.
16. E. Uzun, K. Karvonen, and N. Asokan, "Usability Analysis of Secure Pairing Methods," in Financial Cryptography and Data Security, 2007, pp. 307-324. [Online]. Available: http://dx.doi.org/10.1007/978-3-540-77366-5-29
17. A. Whitten, "Making Security Usable," Ph.D. dissertation, Carnegie Mellon University, 2004.
18. T. I. S. Organisation, "Ergonomic Requirements for Office Work with Visual Display Terminals, ISO 9241-11," 1998.
19. B. Shackel, "Usability - context, framework, definition, design and evaluation," pp. 21-37, 1991.
20. J. Nielsen, Usability Engineering. Boston; London: Academic Press, 1993.
21. M. A. Sasse, "Red-Eye Blink, Bendy Shuffle, and the Yuck Factor: A User Experience of Biometric Airport Systems," IEEE Security and Privacy, vol. 5, no. 3, pp. 78-81, 2007.
22. R. Kainda, "Human factors in hcbk protocols," Master's thesis, Oxford University, 2007.
23. S. Brostoff and M. A. Sasse, ""Ten strikes and you're out": Increasing the number of login attempts can improve password usability," in Proceedings of CHI 2003 Workshop on HCI and Security Systems. John Wiley, 2003.
24. N. S. Good and A. Krekelberg, "Usability and Privacy: A Study of Kazaa P2P File-sharing," in CHI '03: Proceedings of the SIGCHI conference on Human factors in computing systems. New York, NY, USA: ACM, 2003, pp. 137-144.
25. S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer, "The Emperor's New Security Indicators," in SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy. Washington, DC, USA: IEEE Computer Society, 2007, pp. 51-65.
26. M. A. Sasse, "Computer Security: Anatomy of a Usability Disaster, and a Plan for Recovery," in Proceedings of CHI2003 Workshop on Human-Computer Interaction and Security Systems, 2003. [Online]. Available: http://www.andrewpatrick.ca/CHI2003/HCISEC/hcisec-workshop-sasse.pdf
27. R. Dhamija, J. D. Tygar, and M. Hearst, "Why Phishing Works," in CHI '06: Proceedings of the SIGCHI conference on Human Factors in computing systems. New York, NY, USA: ACM, 2006, pp. 581-590.
28. B. Beckles, V. Welch, and J. Basney, "Mechanisms for increasing the usability of grid security," International Journal of Human-Computer Studies, vol. 63, no. 1-2, pp. 74-101, 2005, hCI research in privacy and security. [Online]. Available: http://www.sciencedirect.com/science/article/ B6WGR-4G94J0R-3/2/5091b0c39ca9b9e17034b62db0004969
29. M. A. Sasse, S. Brostoff, and D. Weirich, "Transforming the 'weakest link' - a human/computer interaction approach to usable and effective security," BT Technology Journal, vol. 19, no. 3, pp. 122-131, 2001.
30. K. D. Mitnick and W. L. Simon, The Art of Deception: Controlling the Human Element of Security. New York, NY, USA: John Wiley & Sons, Inc., 2003.
31. J. R. Lewis, "Psychometric evaluation of an after-scenario questionnaire for computer usability studies: the ASQ," SIGCHI Bull., vol. 23, no. 1, pp. 78-81, 1991.
32. B.-Y. Ng, A. Kankanhalli, and Y. C. Xu, "Studying Users' Computer Security Behavior: A Health Belief Perspective," Decision Support Systems, vol. 46, no. 4, pp. 815-825, 2009, iT Decisions in Organizations. [Online]. Available: http://www.sciencedirect.com/science/article/B6V8S-4TYYMNV-3/2/ 842f546339406093d3e1fb6c28e5ef71
33. I. Alexander and M. Neil, Scenarios, Stories and Use Cases. John Wiley, 2004.
34. R. Kazman, G. Abowd, L. Bass, and P. Clements, "Scenario-Based Analysis of Software Architecture," IEEE Softw., vol. 13, no. 6, pp. 47-55, 1996.
35. G. Stoneburner, A. Goguen, A. Feringa, N. I. of Standards, and T. (U.S.), Risk Management Guide for Information Technology Systems [Electronic Resource]: Recommendations of the National Institute of Standards and Technology / Gary Stoneburner, Alice Goguen, and Alexis Feringa. U.S. Dept. of Commerce, National Institute of Standards and Technology, Gaithersburg, Md.:, 2002.