A Prototype User Interface for Coarse-Grained Desktop Access Control (CMU-CS-03-200)

Viruses, trojan horses, and other malware are a growing problem for computer users, but current tools and research do not adequately aid users in fighting these threats. One approach to increasing security is to partition all applications and data based on general task types, or “roles,” such as “Personal,” “Work,” and “Communications.” This can limit the effects of malware to a single role rather than allowing it to affect the entire computer. We are developing a prototype to investigate the usability of this security model. Our initial investigation uses cognitive walkthrough and think-aloud user studies of paper prototypes to look at this model in the context of realistic tasks, and to compare different user interface mechanisms for managing data and applications in a role-based system. For most participants, our interface was simple to understand and use. In addition to a security model that is intrinsically useful, we believe development of this system will inform issues in the design and implementation of usable security interfaces, such as refinement of design guidelines. This work was supported by grants from the Center for Computer and Communications Security (C3S) at Carnegie Mellon University and from the Critical Infrastructure Protection Information Assurance Fellowship at the Department of Defense. We thank the members and companies of the PDL Consortium (including EMC, Hewlett-Packard, Hitachi, IBM, Intel, Microsoft, Network Appliance, Oracle, Panasas, Seagate, Sun, and Veritas) for their interest, insights, feedback, and support. We also thank the participants in the studies.

[1]  Sang-goo Lee,et al.  A semi-supervised document clustering technique for information organization , 2000, CIKM '00.

[2]  Bonnie A. Nardi,et al.  Finding and reminding: file organization from the desktop , 1995, SGCH.

[3]  Nathaniel Good,et al.  Usability and privacy: a study of Kazaa P2P file-sharing , 2003, CHI '03.

[4]  Daniel R. Simon,et al.  WindowBox: a simple security model for the connected desktop , 2000 .

[5]  STEVE WHITTAKER,et al.  The character, value, and management of personal paper archives , 2001, TCHI.

[6]  J. D. Tygar,et al.  Usability of Security: A Case Study, , 1998 .

[7]  David A. Wagner,et al.  A Security Analysis of the Combex DarpaBrowser Architecture , 2002 .

[8]  Sean W. Smith,et al.  Trusted paths for browsers , 2002, TSEC.

[9]  F. T. Grampp,et al.  The UNIX system UNIX operating system security , 1984, AT&T Bell Laboratories Technical Journal.

[10]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[11]  Thomas W. Malone,et al.  How do people organize their desks?: Implications for the design of office information systems , 1983, TOIS.

[12]  Cathleen Wharton,et al.  Cognitive Walkthroughs: A Method for Theory-Based Evaluation of User Interfaces , 1992, Int. J. Man Mach. Stud..

[13]  David A. Wagner,et al.  A Secure Environment for Untrusted Helper Applications , 1996, USENIX Security Symposium.

[14]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[15]  Allen Newell,et al.  The psychology of human-computer interaction , 1983 .

[16]  Ka-Ping Yee,et al.  User Interaction Design for Secure Systems , 2002, ICICS.

[17]  王立丰 Windows NT Server基础知识 , 1998 .

[18]  Karanjit S. Siyan Windows Nt Server 4 Professional Reference , 1995 .