SlideShare una empresa de Scribd logo

Lorrie Cranor - Usable Privacy & Security

Descargar como PPTX, PDF
Amy Lenzo
Amy Lenzo
1 de 6
Usable Privacy and Security Engineering & Public Policy Lorrie Faith Cranor 1
Usable privacy and security research bridges privacy/security and usability/HCI Usable Privacy& Security/Privacy Usability/HCI Security Humans are a secondary Humans are the primary Human factors and constraint to constraint, security are both primary security/privacy security/privacy rarely constraints constraints considered Humans considered Concerned about human Concerned about both primarily in their role as error but not human normal users and adversaries/attackers attackers adversaries Involves threat models Involves task models, Involves threat models mental models, cognitive AND task models, models mental models, etc. Focus on security Focus on usability Considers usability and metrics metrics security metrics together User studies rarely done User studies common User studies common, often involve deception + 2 active adversary
User-selected graphical passwords Usable Privacy& Security/Privacy Usability/HCI Security What is the space of Howdifficult is it for a All the security/privacy possible passwords? user to create, and usability HCI remember, and enter a questions How can we make the graphical password? password space larger to How long does it take? How do usersselect make the password graphical passwords? harder to guess? How hard is it for users How can we help them to learn the system? choose passwords How are the stored harder for attackers to passwords secured? Are users motivated to predict? put in effort to create Can an attacker gain good passwords? As the password space knowledge by observing increases, what are the a user entering her Is the system accessible impacts on usability password? using a variety of factors and predictability devices, for users with of human selection?
How can we make secure systems more usable? • Make it “just work” – Invisible security – Automation • Make security/privacy understandable – Make it visible – Make it intuitive – Use metaphors that users can relate to – Human-centered design • Train the user 4
Better together • Examining security/privacy and usability together is often critical for achieving either • Examples – Passwords • Users cope with some measures to increase password security by behaving in predictable ways • Some efforts to make passwords easier also make it much easier for an attacker to guess a password – Access control • The way access control settings are visualized in a user interface and the underlying semantics of how rule conflicts are resolved both contribute to users’ ability to configure the system to accurately enforce the desired policy – Privacy tools • Users who misunderstand how to use privacy tools don’t configure them properly • Some simple privacy tools don’t provide much protection 5
References • S. Komanduri, R. Shay, P.G. Kelley, M.L. Mazurek, L. Bauer, N. Christin, L.F. Cranor, and S. Egelman.Ofpasswords and people: Measuring the effect of password-composition policies.CHI 2011. • R.W. Reeder, L. Bauer, L.F. Cranor, M.K. Reiter, and K. Vaniea. More than skin deep: Measuring effects of the underlying model on access-control system usability. CHI 2011. • P.G. Leon, B. Ur, R. Balebako, L.F. Cranor, R. Shay, and Y. Wang. Why Johnny Can't Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising. CHI 2012. See also related papers listed at http://cups.cs.cmu.edu/ 6

Recomendados

Peter Muhlberger - SaTC Cyber Cafe
Peter Muhlberger - SaTC Cyber CafePeter Muhlberger - SaTC Cyber Cafe
Peter Muhlberger - SaTC Cyber CafeAmy Lenzo
 
VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1tgbrunet
 
Introduction to ethics
Introduction to ethicsIntroduction to ethics
Introduction to ethicsSaqib Raza
 
Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Dr Robert D. Childs
 
Lab 1
Lab 1Lab 1
Lab 1novelinbabate2
 
Computer ethics
Computer ethicsComputer ethics
Computer ethicsshashi kiran
 
An ABC of cyberethics
An ABC of cyberethicsAn ABC of cyberethics
An ABC of cyberethicsYamith José Fandiño Parra
 
Social & professional issues in IT
Social & professional issues in ITSocial & professional issues in IT
Social & professional issues in ITRohana K Amarakoon
 

Recomendados

Peter Muhlberger - SaTC Cyber Cafe
Peter Muhlberger - SaTC Cyber CafePeter Muhlberger - SaTC Cyber Cafe
Peter Muhlberger - SaTC Cyber CafeAmy Lenzo
 
VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1tgbrunet
 
Introduction to ethics
Introduction to ethicsIntroduction to ethics
Introduction to ethicsSaqib Raza
 
Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Dr Robert D. Childs
 
Lab 1
Lab 1Lab 1
Lab 1novelinbabate2
 
Computer ethics
Computer ethicsComputer ethics
Computer ethicsshashi kiran
 
An ABC of cyberethics
An ABC of cyberethicsAn ABC of cyberethics
An ABC of cyberethicsYamith José Fandiño Parra
 
Social & professional issues in IT
Social & professional issues in ITSocial & professional issues in IT
Social & professional issues in ITRohana K Amarakoon
 
Chap2 lab1
Chap2 lab1Chap2 lab1
Chap2 lab1Elma Valdehueza
 
Cyber Security for Teenagers/Students
Cyber Security for Teenagers/StudentsCyber Security for Teenagers/Students
Cyber Security for Teenagers/Studentsrainrjcahili
 
Alloy Cybersecurity
Alloy CybersecurityAlloy Cybersecurity
Alloy CybersecurityMark Stockman
 
IT Ethics
IT EthicsIT Ethics
IT EthicsKeith Putnam
 
Computer Forensics Specialist Lab 1 From Word Chapter 2
Computer Forensics Specialist Lab 1 From Word Chapter 2Computer Forensics Specialist Lab 1 From Word Chapter 2
Computer Forensics Specialist Lab 1 From Word Chapter 2guest4ea1460
 
Computer ethics
Computer ethicsComputer ethics
Computer ethicsBenjamin Sangalang
 
Cybercrime: Understanding the Offender, Victim and Managers
Cybercrime: Understanding the Offender, Victim and ManagersCybercrime: Understanding the Offender, Victim and Managers
Cybercrime: Understanding the Offender, Victim and ManagersMichigan State University Research
 
Computer ethics & copyright
Computer ethics & copyrightComputer ethics & copyright
Computer ethics & copyrightVehitaltinci
 
Computer ethics
Computer ethicsComputer ethics
Computer ethicsSKS
 
Social and Professional Issues in Computing - Ethics
Social and Professional Issues in Computing - EthicsSocial and Professional Issues in Computing - Ethics
Social and Professional Issues in Computing - EthicsDyuti Islam
 
Comparative review dele
Comparative review deleComparative review dele
Comparative review deleyoboy7
 
Maranan chap.2 lab 1
Maranan chap.2 lab 1Maranan chap.2 lab 1
Maranan chap.2 lab 1maranan_zyra
 
Ethical and legal issues
Ethical and legal issuesEthical and legal issues
Ethical and legal issuesNickardo Salmon
 
Mary hankins fernando br ua
Mary hankins fernando br uaMary hankins fernando br ua
Mary hankins fernando br uaJennifer Cataluña
 
Cataluña mary hapkins
Cataluña mary hapkinsCataluña mary hapkins
Cataluña mary hapkinsJennifer Cataluña
 
Brua computer forensics specialist
Brua computer forensics specialistBrua computer forensics specialist
Brua computer forensics specialistfernando_bruaj
 
Ethics in IT and System Usage
Ethics in IT and System UsageEthics in IT and System Usage
Ethics in IT and System Usagetushki92
 
3.0 computer ethic
3.0 computer ethic3.0 computer ethic
3.0 computer ethicfauzihayob
 
Computer Ethics
Computer EthicsComputer Ethics
Computer EthicsKodok Ngorex
 
Hacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig ClarkHacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig ClarkService Desk Institute
 
Stefan Savage Cyber Cafe
Stefan Savage Cyber CafeStefan Savage Cyber Cafe
Stefan Savage Cyber CafeAmy Lenzo
 
Dan Boneh - SaTC Cyber Cafe
Dan Boneh - SaTC Cyber CafeDan Boneh - SaTC Cyber Cafe
Dan Boneh - SaTC Cyber CafeAmy Lenzo
 

Más contenido relacionado

La actualidad más candente

Cyber Security for Teenagers/Students
Cyber Security for Teenagers/StudentsCyber Security for Teenagers/Students
Cyber Security for Teenagers/Studentsrainrjcahili
 
Computer Forensics Specialist Lab 1 From Word Chapter 2
Computer Forensics Specialist Lab 1 From Word Chapter 2Computer Forensics Specialist Lab 1 From Word Chapter 2
Computer Forensics Specialist Lab 1 From Word Chapter 2guest4ea1460
 
Computer ethics & copyright
Computer ethics & copyrightComputer ethics & copyright
Computer ethics & copyrightVehitaltinci
 
Computer ethics
Computer ethicsComputer ethics
Computer ethicsSKS
 
Social and Professional Issues in Computing - Ethics
Social and Professional Issues in Computing - EthicsSocial and Professional Issues in Computing - Ethics
Social and Professional Issues in Computing - EthicsDyuti Islam
 
Comparative review dele
Comparative review deleComparative review dele
Comparative review deleyoboy7
 
Maranan chap.2 lab 1
Maranan chap.2 lab 1Maranan chap.2 lab 1
Maranan chap.2 lab 1maranan_zyra
 
Ethical and legal issues
Ethical and legal issuesEthical and legal issues
Ethical and legal issuesNickardo Salmon
 
Brua computer forensics specialist
Brua computer forensics specialistBrua computer forensics specialist
Brua computer forensics specialistfernando_bruaj
 
Ethics in IT and System Usage
Ethics in IT and System UsageEthics in IT and System Usage
Ethics in IT and System Usagetushki92
 
3.0 computer ethic
3.0 computer ethic3.0 computer ethic
3.0 computer ethicfauzihayob
 

La actualidad más candente (20)

Chap2 lab1
Chap2 lab1Chap2 lab1
Chap2 lab1
 
Cyber Security for Teenagers/Students
Cyber Security for Teenagers/StudentsCyber Security for Teenagers/Students
Cyber Security for Teenagers/Students
 
Alloy Cybersecurity
Alloy CybersecurityAlloy Cybersecurity
Alloy Cybersecurity
 
IT Ethics
IT EthicsIT Ethics
IT Ethics
 
Computer Forensics Specialist Lab 1 From Word Chapter 2
Computer Forensics Specialist Lab 1 From Word Chapter 2Computer Forensics Specialist Lab 1 From Word Chapter 2
Computer Forensics Specialist Lab 1 From Word Chapter 2
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
 
Cybercrime: Understanding the Offender, Victim and Managers
Cybercrime: Understanding the Offender, Victim and ManagersCybercrime: Understanding the Offender, Victim and Managers
Cybercrime: Understanding the Offender, Victim and Managers
 
Computer ethics & copyright
Computer ethics & copyrightComputer ethics & copyright
Computer ethics & copyright
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
 
Social and Professional Issues in Computing - Ethics
Social and Professional Issues in Computing - EthicsSocial and Professional Issues in Computing - Ethics
Social and Professional Issues in Computing - Ethics
 
Comparative review dele
Comparative review deleComparative review dele
Comparative review dele
 
Maranan chap.2 lab 1
Maranan chap.2 lab 1Maranan chap.2 lab 1
Maranan chap.2 lab 1
 
Ethical and legal issues
Ethical and legal issuesEthical and legal issues
Ethical and legal issues
 
Mary hankins fernando br ua
Mary hankins fernando br uaMary hankins fernando br ua
Mary hankins fernando br ua
 
Cataluña mary hapkins
Cataluña mary hapkinsCataluña mary hapkins
Cataluña mary hapkins
 
Brua computer forensics specialist
Brua computer forensics specialistBrua computer forensics specialist
Brua computer forensics specialist
 
Ethics in IT and System Usage
Ethics in IT and System UsageEthics in IT and System Usage
Ethics in IT and System Usage
 
3.0 computer ethic
3.0 computer ethic3.0 computer ethic
3.0 computer ethic
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethics
 
Hacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig ClarkHacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig Clark
 

Destacado

Stefan Savage Cyber Cafe
Stefan Savage Cyber CafeStefan Savage Cyber Cafe
Stefan Savage Cyber CafeAmy Lenzo
 
Dan Boneh - SaTC Cyber Cafe
Dan Boneh - SaTC Cyber CafeDan Boneh - SaTC Cyber Cafe
Dan Boneh - SaTC Cyber CafeAmy Lenzo
 
SaTC Cyber Cafe Jeremy Epstein
SaTC Cyber Cafe Jeremy EpsteinSaTC Cyber Cafe Jeremy Epstein
SaTC Cyber Cafe Jeremy EpsteinAmy Lenzo
 
Asal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber CafeAsal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber CafeAmy Lenzo
 
Workshop: Gathering User Insight
Workshop: Gathering User InsightWorkshop: Gathering User Insight
Workshop: Gathering User InsightDarren Kall
 
Usable security it isn't secure if people can't use it mwux 2 jun2012
Usable security it isn't secure if people can't use it mwux 2 jun2012Usable security it isn't secure if people can't use it mwux 2 jun2012
Usable security it isn't secure if people can't use it mwux 2 jun2012Darren Kall
 
(Un)usable Security
(Un)usable Security(Un)usable Security
(Un)usable SecurityStefan
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hackingchakrekevin
 
Cloud Security & Real World Threats
Cloud Security & Real World ThreatsCloud Security & Real World Threats
Cloud Security & Real World ThreatsRob Witoff
 

Destacado (10)

Stefan Savage Cyber Cafe
Stefan Savage Cyber CafeStefan Savage Cyber Cafe
Stefan Savage Cyber Cafe
 
Dan Boneh - SaTC Cyber Cafe
Dan Boneh - SaTC Cyber CafeDan Boneh - SaTC Cyber Cafe
Dan Boneh - SaTC Cyber Cafe
 
SaTC Cyber Cafe Jeremy Epstein
SaTC Cyber Cafe Jeremy EpsteinSaTC Cyber Cafe Jeremy Epstein
SaTC Cyber Cafe Jeremy Epstein
 
Asal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber CafeAsal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber Cafe
 
Workshop: Gathering User Insight
Workshop: Gathering User InsightWorkshop: Gathering User Insight
Workshop: Gathering User Insight
 
Usable security it isn't secure if people can't use it mwux 2 jun2012
Usable security it isn't secure if people can't use it mwux 2 jun2012Usable security it isn't secure if people can't use it mwux 2 jun2012
Usable security it isn't secure if people can't use it mwux 2 jun2012
 
(Un)usable Security
(Un)usable Security(Un)usable Security
(Un)usable Security
 
Usable security
Usable securityUsable security
Usable security
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Cloud Security & Real World Threats
Cloud Security & Real World ThreatsCloud Security & Real World Threats
Cloud Security & Real World Threats
 

Similar a Lorrie Cranor - Usable Privacy & Security

Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...IOSR Journals
 
google-experts-VS-regular-users
google-experts-VS-regular-usersgoogle-experts-VS-regular-users
google-experts-VS-regular-usersThomas Hughes
 
Simone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trustSimone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trustnois3
 
Human_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptxHuman_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptxMuddasarahmed5
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
Creating Secure Social Applications
Creating Secure Social ApplicationsCreating Secure Social Applications
Creating Secure Social ApplicationsTyler Browning
 
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Darren Kall
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Introduction_Software Security.pptx
Introduction_Software Security.pptxIntroduction_Software Security.pptx
Introduction_Software Security.pptxssuser6e5862
 
Human Factors in Cyber Security: User authentication as a use case
Human Factors in Cyber Security: User authentication as a use caseHuman Factors in Cyber Security: User authentication as a use case
Human Factors in Cyber Security: User authentication as a use caseShujun Li
 
A novel multifactor authentication system ensuring usability and security
A novel multifactor authentication system ensuring usability and securityA novel multifactor authentication system ensuring usability and security
A novel multifactor authentication system ensuring usability and securityijsptm
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?Jose L. Quiñones-Borrero
 
Physician Office Presentation
Physician Office PresentationPhysician Office Presentation
Physician Office Presentationfranbodh
 
Social computing tools for collaboration: perceptions of opportunity and risk
Social computing tools for collaboration: perceptions of opportunity and riskSocial computing tools for collaboration: perceptions of opportunity and risk
Social computing tools for collaboration: perceptions of opportunity and riskHazel Hall
 
1. While watching the video I observed Merideth’s automatic though.docx
1. While watching the video I observed Merideth’s automatic though.docx1. While watching the video I observed Merideth’s automatic though.docx
1. While watching the video I observed Merideth’s automatic though.docxcroysierkathey
 
1. While watching the video I observed Merideth’s automatic though.docx
1. While watching the video I observed Merideth’s automatic though.docx1. While watching the video I observed Merideth’s automatic though.docx
1. While watching the video I observed Merideth’s automatic though.docxjeremylockett77
 

Similar a Lorrie Cranor - Usable Privacy & Security (20)

Ce36484489
Ce36484489Ce36484489
Ce36484489
 
Secure software design
Secure software designSecure software design
Secure software design
 
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
 
google-experts-VS-regular-users
google-experts-VS-regular-usersgoogle-experts-VS-regular-users
google-experts-VS-regular-users
 
Simone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trustSimone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trust
 
Unit-I PPT.pptx
Unit-I PPT.pptxUnit-I PPT.pptx
Unit-I PPT.pptx
 
Human_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptxHuman_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptx
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness
 
Creating Secure Social Applications
Creating Secure Social ApplicationsCreating Secure Social Applications
Creating Secure Social Applications
 
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Introduction_Software Security.pptx
Introduction_Software Security.pptxIntroduction_Software Security.pptx
Introduction_Software Security.pptx
 
Human Factors in Cyber Security: User authentication as a use case
Human Factors in Cyber Security: User authentication as a use caseHuman Factors in Cyber Security: User authentication as a use case
Human Factors in Cyber Security: User authentication as a use case
 
A novel multifactor authentication system ensuring usability and security
A novel multifactor authentication system ensuring usability and securityA novel multifactor authentication system ensuring usability and security
A novel multifactor authentication system ensuring usability and security
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
 
Social engineering
Social engineering Social engineering
Social engineering
 
Physician Office Presentation
Physician Office PresentationPhysician Office Presentation
Physician Office Presentation
 
Social computing tools for collaboration: perceptions of opportunity and risk
Social computing tools for collaboration: perceptions of opportunity and riskSocial computing tools for collaboration: perceptions of opportunity and risk
Social computing tools for collaboration: perceptions of opportunity and risk
 
1. While watching the video I observed Merideth’s automatic though.docx
1. While watching the video I observed Merideth’s automatic though.docx1. While watching the video I observed Merideth’s automatic though.docx
1. While watching the video I observed Merideth’s automatic though.docx
 
1. While watching the video I observed Merideth’s automatic though.docx
1. While watching the video I observed Merideth’s automatic though.docx1. While watching the video I observed Merideth’s automatic though.docx
1. While watching the video I observed Merideth’s automatic though.docx
 

Más de Amy Lenzo

Graphics session 6
Graphics session 6Graphics session 6
Graphics session 6Amy Lenzo
 
Visual Capture: Reflecting Collective Intelligence
Visual Capture: Reflecting Collective IntelligenceVisual Capture: Reflecting Collective Intelligence
Visual Capture: Reflecting Collective IntelligenceAmy Lenzo
 
Transforming Social Fields
Transforming Social FieldsTransforming Social Fields
Transforming Social FieldsAmy Lenzo
 
Wisdom emerging
Wisdom emergingWisdom emerging
Wisdom emergingAmy Lenzo
 
Level 1 Learnign Program- SlideShow2
Level 1 Learnign Program- SlideShow2Level 1 Learnign Program- SlideShow2
Level 1 Learnign Program- SlideShow2Amy Lenzo
 
Participant list
Participant listParticipant list
Participant listAmy Lenzo
 
Level One Online - SlideShow1
Level One Online - SlideShow1Level One Online - SlideShow1
Level One Online - SlideShow1Amy Lenzo
 
The World Café Conversation
The World Café ConversationThe World Café Conversation
The World Café ConversationAmy Lenzo
 

Más de Amy Lenzo (9)

Graphics session 6
Graphics session 6Graphics session 6
Graphics session 6
 
Visual Capture: Reflecting Collective Intelligence
Visual Capture: Reflecting Collective IntelligenceVisual Capture: Reflecting Collective Intelligence
Visual Capture: Reflecting Collective Intelligence
 
Transforming Social Fields
Transforming Social FieldsTransforming Social Fields
Transforming Social Fields
 
Wisdom emerging
Wisdom emergingWisdom emerging
Wisdom emerging
 
Level 1 Learnign Program- SlideShow2
Level 1 Learnign Program- SlideShow2Level 1 Learnign Program- SlideShow2
Level 1 Learnign Program- SlideShow2
 
Participant list
Participant listParticipant list
Participant list
 
Level One Online - SlideShow1
Level One Online - SlideShow1Level One Online - SlideShow1
Level One Online - SlideShow1
 
Just Water
Just WaterJust Water
Just Water
 
The World Café Conversation
The World Café ConversationThe World Café Conversation
The World Café Conversation
 

Lorrie Cranor - Usable Privacy & Security

  • 1. Usable Privacy and Security Engineering & Public Policy Lorrie Faith Cranor 1
  • 2. Usable privacy and security research bridges privacy/security and usability/HCI Usable Privacy& Security/Privacy Usability/HCI Security Humans are a secondary Humans are the primary Human factors and constraint to constraint, security are both primary security/privacy security/privacy rarely constraints constraints considered Humans considered Concerned about human Concerned about both primarily in their role as error but not human normal users and adversaries/attackers attackers adversaries Involves threat models Involves task models, Involves threat models mental models, cognitive AND task models, models mental models, etc. Focus on security Focus on usability Considers usability and metrics metrics security metrics together User studies rarely done User studies common User studies common, often involve deception + 2 active adversary
  • 3. User-selected graphical passwords Usable Privacy& Security/Privacy Usability/HCI Security What is the space of Howdifficult is it for a All the security/privacy possible passwords? user to create, and usability HCI remember, and enter a questions How can we make the graphical password? password space larger to How long does it take? How do usersselect make the password graphical passwords? harder to guess? How hard is it for users How can we help them to learn the system? choose passwords How are the stored harder for attackers to passwords secured? Are users motivated to predict? put in effort to create Can an attacker gain good passwords? As the password space knowledge by observing increases, what are the a user entering her Is the system accessible impacts on usability password? using a variety of factors and predictability devices, for users with of human selection?
  • 4. How can we make secure systems more usable? • Make it “just work” – Invisible security – Automation • Make security/privacy understandable – Make it visible – Make it intuitive – Use metaphors that users can relate to – Human-centered design • Train the user 4
  • 5. Better together • Examining security/privacy and usability together is often critical for achieving either • Examples – Passwords • Users cope with some measures to increase password security by behaving in predictable ways • Some efforts to make passwords easier also make it much easier for an attacker to guess a password – Access control • The way access control settings are visualized in a user interface and the underlying semantics of how rule conflicts are resolved both contribute to users’ ability to configure the system to accurately enforce the desired policy – Privacy tools • Users who misunderstand how to use privacy tools don’t configure them properly • Some simple privacy tools don’t provide much protection 5
  • 6. References • S. Komanduri, R. Shay, P.G. Kelley, M.L. Mazurek, L. Bauer, N. Christin, L.F. Cranor, and S. Egelman.Ofpasswords and people: Measuring the effect of password-composition policies.CHI 2011. • R.W. Reeder, L. Bauer, L.F. Cranor, M.K. Reiter, and K. Vaniea. More than skin deep: Measuring effects of the underlying model on access-control system usability. CHI 2011. • P.G. Leon, B. Ur, R. Balebako, L.F. Cranor, R. Shay, and Y. Wang. Why Johnny Can't Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising. CHI 2012. See also related papers listed at http://cups.cs.cmu.edu/ 6